A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

TIKTOK

March 2, 2023: TikTok spies on people much like Facebook does. We Found 28,000 Apps Sending TikTok Data. Banning the App Won't Help. by Thomas Germain for Gizmodo
--"Joe Biden gave federal agencies 30 days to remove TikTok from government devices earlier this week. Until now, most politicians intent on punishing TikTok have focused solely on banning the app itself, but ... federal agencies must also 'prohibit internet traffic from reaching the company.' That’s a lot more complicated than it sounds."
-- The article is wrong about this, for a competent techie this is not difficult at all. DNS makes it fairly easy, more on this below.
--"Gizmodo has learned that tens of thousands of apps ... use code that sends data to TikTok. Some 28,251 apps use TikTok’s software development kits, (SDKs), tools which integrates apps with TikTok’s systems - and send TikTok user data" Many websites also send data to TikTok.

USE THE WEBSITE, NOT THE MOBILE APP
The safest first step is to use the tiktok.com website without having an account.

  1. TikTok Browser Can Track Users' Keystrokes, According to New Research by Paul Mozur, Ryan Mac and Chang Che for the New York Times (August 2022). Quoting: "The web browser used within the TikTok app can track every keystroke made by its users, according to new research ..."
  2. More on this from Felix Krause: iOS Privacy: Announcing InAppBrowser.com - see what JavaScript commands get injected through an in-app browser (August 2022).
  3. FBI director says he's 'extremely concerned' about China's ability to weaponize TikTok by Suzanne Smalley for Cyberscoop (November 2022). Quoting: "Chinese companies are forced to 'basically do whatever the Chinese government wants to do in terms of sharing information or serving as a tool of the Chinese government ... APIs in TikTok could be harnessed by China to control software on millions of devices, meaning the Chinese government could conceivably technically compromise Americans' personal devices ... China could 'control data collection of millions of users or control the recommendation algorithm, which can be used for influence operations.' "
  4. If you do use the website, do it in private browsing mode. Better still, use a Chromebook in Guest Mode.

CREATE AN ACCOUNT WITH MAXIMUM PRIVACY

  1. Instead of your regular/main email account, use one that is auto-forwarded and not used anywhere else. For more on this see, the page on multiple email addresses.
  2. Do not give TikTok your phone number, it is not needed to create an account.
  3. Do not put your real name in your profile
  4. Give you account a nickname that is not used anywhere else

SETTINGS FOR MAXIMUM PRIVACY

  1. Make your account Private so that you can approve who follows you: Settings and Privacy -> Privacy -> turn on Private Account
  2. Make it hard for people to find you: Settings and Privacy -> Privacy -> Suggest Your Account to Others -> Turn off the four toggles
  3. Hide the people that you follow: Settings and Privacy -> Privacy -> Safety section -> Following List -> Only Me
  4. Hide the videos you like: Settings and Privacy -> Privacy -> Safety section -> Liked Videos -> Only Me
  5. Ad Personalization: Settings and Privacy -> Privacy -> Ads Personalization -> Use of Off-TikTok Activity for Ad Targeting -> turn off
  6. Do not share your contacts/friends: Settings and Privacy -> Privacy -> Sync Contacts and Facebook Friends. In addition, both Android and iOS should let you block the app from being able to access your contacts.

BLOCKING TIKTOK DOMAINS

  1. If you can control DNS, then block not only tiktok.com and www.tiktok.com, but also block ads.tiktok.com and analytics.tiktok.com.
  2. If you can control DNS generically, then block these domains, as per Steve Gibson in his Security Now podcast from March 7, 2023
    *.tiktok.com
    *.tiktok.org
    *.tiktokv.com
    *.tiktokcdn.com
    *.musical.ly
    *.p16-tiktokcdn-com.akamaized.net
    *.TikTokcdn-com.akamaized.net

CORPORATE PERSONALITY

May 5, 2023: TikTok Tracked Users Who Watched Gay Content, Prompting Employee Complaints by Georgia Wells and Byron Tau for the Wall Street Journal. Quoting: "TikTok workers in the U.S., U.K. and Australia in 2020 and 2021 raised concerns about this practice to higher-level executives, saying they feared employees might share the data with outside parties, or that it could be used to blackmail users... " The company claims to have ended this dashboard in 2022.
Another article on the subject: TikTok had a 'list' of users who viewed LGBTQ posts - raising alarm as the company faces scrutiny over ties to China by Sindhu Sundar for Business Insider.

December 22, 2022. TikTok Spied On Forbes Journalists by Emily Baker-White for Forbes. The author covers TikTok. She was leaked information about the company from someone who works there. TikTok did not like what she wrote, so they set out to find her source. They spied on her location, and then, after another leak, they lied about doing this. One way they tracked the reporter's location was by her public IP address, so use a VPN when using TikTok. And, as the section below says, use their website rather than their app to limit the amount of spying they can do. Make sure that either the browser or the Operating System has no access to your location. That means, using a VPN from an Ethernet-connected device. If the device supports WiFi or GPS, turn them both off.

LINKS

 

 This page: 4 views per day (over 307 days)   Total views: 1,259   Created: November 21, 2022
This Page
Last Updated

June 10, 2023
Site Page
Views TOTAL

 684,296
Site Page
Views TODAY

  213
Previous
Website View

6 seconds ago
Website by
Michael Horowitz
@defensivecomput
top
Website Average Daily Page Views: August 2023: 558   See the website change log
Copyright 2019 - 2023