deadacc

2y

mfs concerned about gyna collecting info on what type of ass you like when elon is giving alt right figureheads access to twitter dms as we speak

hot pancakes

2y

Sure, the algorithm works great and you can find cool tips/recommendations on there (a lot of which are fake or false info or paid advertisements disguised as tips/recommendations) but that’s because it’s super aggressive. Literally damaging the brains of teens and early 20 year olds everywhere.

Facebook, IG, Twitter definitely collect our data, but the amount of data they collect is like a cup of water

TikToks is like the ocean

Not to mention, it’s owned by a country we have a rivalry with, and it would be naive to not think that they aren’t doing anything with our data

If you want to read more, here’s a summary from someone who reversed engineered the app:

TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.

• ⁠Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
• ⁠Other apps you have installed (I've even seen some I've deleted show up in their a***ytics payload - maybe using as cached value?)
• ⁠Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
• ⁠Whether or not you're rooted/jailbroken
• ⁠Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
• ⁠They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function.

They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing. There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.

On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don't forget about users' real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM'd the application.

Here's the thing though.. they don't want you to know how much information they're collecting on you, and the security implications of all of that data in one place, en masse, are f***ing huge. They encrypt all of the a***ytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can't see what they're doing. They also made it so you cannot use the app at all if you block communication to their a***ytics host off at the DNS-level.

https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/

News article talking about this from a little while ago:

…a recent BuzzFeed News report that examined leaked audio from 80 internal TikTok meetings. Based on those leaked audio recordings, China-based employees of TikTok parent company ByteDance had repeatedly accessed private information on users in the US.

One member of TikTok's Trust and Safety department reportedly said during a meeting in September 2021 that "everything is seen in China." A director said in another meeting that a Beijing-based engineer referred to as "Master Admin" has "access to everything." Just hours before BuzzFeed News published its report, TikTok announced that it migrated 100 percent of US user traffic to a new Oracle Cloud Infrastructure. It's part of the company's efforts to address concerns by US authorities about how it handles information from users in the country.

https://www.engadget.com/fcc-commissioner-google-facebook-ban-tik-tok-064559992.html

hot pancakes

2y

Sure, the algorithm works great and you can find cool tips/recommendations on there (a lot of which are fake or false info or paid advertisements disguised as tips/recommendations) but that’s because it’s super aggressive. Literally damaging the brains of teens and early 20 year olds everywhere.

Facebook, IG, Twitter definitely collect our data, but the amount of data they collect is like a cup of water

TikToks is like the ocean

Not to mention, it’s owned by a country we have a rivalry with, and it would be naive to not think that they aren’t doing anything with our data

If you want to read more, here’s a summary from someone who reversed engineered the app:

TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.

• ⁠Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
• ⁠Other apps you have installed (I've even seen some I've deleted show up in their a***ytics payload - maybe using as cached value?)
• ⁠Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
• ⁠Whether or not you're rooted/jailbroken
• ⁠Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
• ⁠They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function.

They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing. There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.

On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don't forget about users' real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM'd the application.

Here's the thing though.. they don't want you to know how much information they're collecting on you, and the security implications of all of that data in one place, en masse, are f***ing huge. They encrypt all of the a***ytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can't see what they're doing. They also made it so you cannot use the app at all if you block communication to their a***ytics host off at the DNS-level.

https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/

News article talking about this from a little while ago:

…a recent BuzzFeed News report that examined leaked audio from 80 internal TikTok meetings. Based on those leaked audio recordings, China-based employees of TikTok parent company ByteDance had repeatedly accessed private information on users in the US.

One member of TikTok's Trust and Safety department reportedly said during a meeting in September 2021 that "everything is seen in China." A director said in another meeting that a Beijing-based engineer referred to as "Master Admin" has "access to everything." Just hours before BuzzFeed News published its report, TikTok announced that it migrated 100 percent of US user traffic to a new Oracle Cloud Infrastructure. It's part of the company's efforts to address concerns by US authorities about how it handles information from users in the country.

https://www.engadget.com/fcc-commissioner-google-facebook-ban-tik-tok-064559992.html

oat milk

2y

u think i gaf

Love Life Utopia

2y

Dudes with millions of followers average like $20-$30 a day. That’s s***

hot pancakes

2y

Sure, the algorithm works great and you can find cool tips/recommendations on there (a lot of which are fake or false info or paid advertisements disguised as tips/recommendations) but that’s because it’s super aggressive. Literally damaging the brains of teens and early 20 year olds everywhere.

Facebook, IG, Twitter definitely collect our data, but the amount of data they collect is like a cup of water

TikToks is like the ocean

Not to mention, it’s owned by a country we have a rivalry with, and it would be naive to not think that they aren’t doing anything with our data

If you want to read more, here’s a summary from someone who reversed engineered the app:

TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.

• ⁠Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
• ⁠Other apps you have installed (I've even seen some I've deleted show up in their a***ytics payload - maybe using as cached value?)
• ⁠Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
• ⁠Whether or not you're rooted/jailbroken
• ⁠Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
• ⁠They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

The scariest part of all of this is that much of the logging they're doing is remotely configurable, and unless you reverse every single one of their native libraries (have fun reading all of that assembly, assuming you can get past their customized fork of OLLVM!!!) and manually inspect every single obfuscated function.

They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you're trying to figure out what they're doing. There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.

On top of all of the above, they weren't even using HTTPS for the longest time. They leaked users' email addresses in their HTTP REST API, as well as their secondary emails used for password resets. Don't forget about users' real names and birthdays, too. It was allllll publicly viewable a few months ago if you MITM'd the application.

Here's the thing though.. they don't want you to know how much information they're collecting on you, and the security implications of all of that data in one place, en masse, are f***ing huge. They encrypt all of the a***ytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can't see what they're doing. They also made it so you cannot use the app at all if you block communication to their a***ytics host off at the DNS-level.

https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/

News article talking about this from a little while ago:

…a recent BuzzFeed News report that examined leaked audio from 80 internal TikTok meetings. Based on those leaked audio recordings, China-based employees of TikTok parent company ByteDance had repeatedly accessed private information on users in the US.

One member of TikTok's Trust and Safety department reportedly said during a meeting in September 2021 that "everything is seen in China." A director said in another meeting that a Beijing-based engineer referred to as "Master Admin" has "access to everything." Just hours before BuzzFeed News published its report, TikTok announced that it migrated 100 percent of US user traffic to a new Oracle Cloud Infrastructure. It's part of the company's efforts to address concerns by US authorities about how it handles information from users in the country.

https://www.engadget.com/fcc-commissioner-google-facebook-ban-tik-tok-064559992.html

Juliaxb

2y

i’m not reading all that

deadacc

2y

mfs concerned about gyna collecting info on what type of ass you like when elon is giving alt right figureheads access to twitter dms as we speak

Young D

2y

Love it

Can we just ban all forms of social media so we can stop being a degenerate society while we’re at it plz

Young D

2y

Love it

Can we just ban all forms of social media so we can stop being a degenerate society while we’re at it plz

SteveJobsAndAustin

2y

I really wonder if we can get to a future where social media doesn’t exist. Have it be like 2008 again or something

Love Life Utopia

2y

Dudes with millions of followers average like $20-$30 a day. That’s s***