Agreed, the underlying was more interested than the summary. And also seems to be a case of measuring what's conveniently measurable.
The fact that {product} has only 1 connection to {product first party domain} doesn't say a lot about anything, given they could be internally proxying to and from who knows how many partners?
It'd be more helpful to at least see total traffic per domain.
It made me curious that the highest "first-party ratio" companies tended to be tech companies capable of realizing their own architectures (Amazon/Google/Apple).
Yes, third-party direct connections from apps is useful information in some ways and I'd prefer to keep it down rather than spread things around widely.
But what people are really worried about with Facebook or TikTok or whoever building and aggregating information about them, doesn't require talking to a third party at all, and if you clamp down on these direct connections everything could just pass through the "first party" and through to whoever they wish on the server side where you can't see the connections anyway.
These network contacts provide $$$ to those companies. They're low effort, easy revenue for them. Privacy for customers be d*mned.
I once met a senior-level dev who worked for a company, they wouldn't have their own app on his phone, due to those invasive practices tracking his behaviour.
I thought the most curious was the ratio of third:first party domains for magazines and news.
It suggests they control very little of their technical, revenue-generating infrastructure.
Which is interesting when the narrative is "The internet is destroying journalism." But another way to phrase it might be "All of these companies drastically underinvested in web/mobile, and continue to do so." (Although the NYT seems to have a higher ratio than most, but I believe they divorced themselves from Google and brought a lot back in-house?)
One thing that I found very interesting when I looked into what TikTok does: it's scary good at aggregating data about you. I live in a foreign country, my phone's network is behind a VPN to a different foreign country and I gave the app no extra permissions, yet somehow I still got recommended content from the country where I was born. Since it's a small country there's no way that's a coincidence. I'm both intrigued and spooked as to how they figured that connection out.
I think they use the SIM card country ID and also the ad audience categories to suggest content.
For example swapping the SIM card with a fresh installation of TikTok shows different "local" videos. Even if the public IP address is unchanged like when using WiFi instead of Data.
I've also think they use ad categories to suggest videos. Using a fresh TikTok installation and then spending some time navigating a subreddit of a topic, would likely show videos of that topic the next time you open TikTok.
How could they tell you were on that subreddit? Presumably you were doing it from a separate browser on the phone -- can they really snoop on behavior in completely separate apps?
I had the exact opposite experience. I also live in a foreign country (The Netherlands) and even after explicitly watching content from my native country I still only got videos in Dutch (should mention that I don't even speak Dutch).
Totally off topic but how are you received being a resident in a country and not being able to speak the language? Not that I'm looking to emigrate but damn if your country isn't appealing to the cargo-bike riding cyclist in me.
It's pretty easy to derive longitude with some accuracy simply from active hours. Combine that with population densities and your guesses might get closer, combine that with how long you dwell on some videos or what videos you like and you get closer. Your Opsec isn't as good as you think, it's just nobody has been watching. If you combine statistical guesswork across hundreds of vectors its very easy to narrow your target to a creepy extent. Eliminating some easy leaks is the first step to good opsec but so is reducing your interaction and adding a little chaos.
This argument doesn't really hold up to any scrutiny, by the longitude and active hours logic, the app should've figured out the country that I'm in, not where I was born. This was also on first startup, not after extended use.
Does your native country use a different language and you have something set to it on your phone? I had a Korean friend get freaked out by similar, but we figured out that he had something fingerprintable set to use Korean even though his interface was set to English.
I would guess it zeroed in on common interests. Videos you like, comment on, or even just watch for more than one time can all give clues into what interests you.
Sorry for not being clear enough, this was straight after I installed the app. I didn't search for any content or anything, I was simply recommended things that were clearly from my home country.
I would guess that your device has been fingerprinted through other app usage you have used, and that fingerprint has an association with the country of your birth.
It's possible that such a service is provided by a state actor, or part of a marketing/advertising service.
What kind of data? TikTok knows what content I interact to... on tiktok. That's it. Unless they have an android 0-day or something. It has no access to my mic, camera, browsing history, contacts list, or anything useful. Guess who has access to all that, if they want it, though? Google and Facebook (through whatsapp). What is the privacy concern here, exactly?
If you've logged in it can potentially match your login information or email address to other activity on the web. TikTok's servers could also place you geographically somewhat roughly based on ip address.
Outside of that I agree. It's unclear what data TikTok is supposedly gathering that other apps aren't already and why that's a cause for alarm.
It’s a bit ignorant for you think that data is limited to “mic, camera, browsing history, contact list” etc. TikTok can harvest data on the type of content posted and what users interact with. Although it feels harmless, I’m sure there are troves of insights to be derived just from that.
When you sign up for an account, they also can find the friends in your Contact that also have a TikTok account. But you can bypass this of course. Other than that, I'm also a bit confused as to what data they have access to
The conversation here on HN is quite funny. I can imagine the same conversation taking place in China: the data on US apps goes straight to the US government.
It's pretty common for everyone to assume such things... particularly if you're doing it.
I recall when Trump ran into issues with contacts made with some Russian agents he publicly stated that he thought everyone else did it (to be specific he meant sending someone to meet with agents who said they had information he would want). When in fact almost every recent presidential candidate had reported attempted contacts by Russian agents (the lone exceptions were Trump, and George Bush Sr... but Bush had been head of the CIA so it seems likely the Russians might not try).
It seems it makes it easy to imagine these things by default if you're up to it.
The title and article smells of China-bad-clickbait.
There's no uncertainty here. Like in every other case, it goes to any company that is willing to purchase it. Overwhelmingly it will be American companies using it for direct marketing.
I feel like TikTok is significantly underdiscussed, almost like the tech and business press are assuming it's a flash-in-the-pan more similar to Snapchat than Facebook. It is almost certainly having a major impact on the business of some of the most prominent publicly traded companies in the US, yet there are just a handful of articles discussing their impact on Facebook's disastrous quarterly results.
The aspect that worries me the most is the recommendation: Facebook and Twitter discovered a little late that they had the ability to to influence opinion with simple tweaks. That raised internal questions and that model is under close surveillance by people who have talked about those questions in public and who I know have and would raise, at least internally, their concerns. People can explore the updates from their friends and can identity ommissions. Snap is more secretive, but their employees are loud Californians who can about justice, they have access to journalists if they feel the need to push back. Users can also see updates from their friends and people their follow without just having to trust the flow.
I don’t believe that TikTok has a similar internal culture of debate. I haven’t seen anything published by their academic team. I don’t believe that you can check on your friend’s page to see what they posted lately. They are examples of topics that they have favoured or censored that was worrisome and they didn’t adress the controversy. The pool of possible content is much larger so there’s more opportunity to fill strategically.
I know people who work for one but not the other, so I understand that this influence my judgement but I believe that their are objective difference in company values and product design that make TikTok more able to manipulate.
I haven’t seen anyone discuss that, and I have plenty of people who discuss those questions profesionally in my feed.
>but their employees are loud Californians who can about justice
In my experience, Californians care about justice the same way they care about anything, fashion. Only the injustices that are fashionable to be against ever get any attention.
If you need proof they don't care about justice look no further than they fact the keep electing Peloci.
The users of TikTok are mostly teenagers and young adults, that's why. Nearly everybody in journalism is late 20s or 30+. They just don't get it, though to be fair vine had a similar type of content and that failed.
I'm in my mid-40s: there's nothing deep or mysterious to "get" about TikTok. It's short-form video snips/vignettes, mainly of people showing off for their friends, trying to cash in on short-lived audio trends and meme pipelines, and sometimes both. It reminds me of the kind of bravado/showing off my peers in middle- and high-school did: because that's essentially what it is. Edit for more context: I happen to be dating someone who is a young adult (early/mid-20s), so I have even more context/insight into what makes this app interesting to them: I stand by what I wrote.
Those late 20s and up journalists get it, but they recognize (correctly) that like all social networks of this sort the early adopters (kids/young adults) are going to turn into adults with spending power and either change the nature of the platform or move on to something else. In either case, what TikTok is now is largely irrelevant (not to mention trite and shallow).
There is absolutely a strong 20s-30s and even 40s userbase on TikTok. “The Algorithm”, though, is very very good at only showing people what they want to see, so much so that two people can have wildly different experiences.
For example, my TikTok is full of LGBTQ+, PNW housing complaints, DnD and religion.
Edit: and a good percentage of them are around 30.
I wonder if the accessibility as far as the media goes to Facebook staff and willingness to engage with the press exposes Facebook a bit more than TikTok.
Nobody cares because (it is perceived that) there is no political discourse on TikTok yet.
It was the same for Twitter and Facebook. Then Trump happened and People With Important Jobs started paying attention to them. There has not been such a catalyst event for TikTok yet. Like with Zoom, there is a vague feeling among the security-paranoid that the Chinese are leveraging it for data-gathering, but as long as they get bazillion videos of teenagers pulling faces, who cares?
In my country (Philippines), TikTok has been one of the main sources of political misinformation besides Facebook and YouTube (for a lesser degree). It's gotten so bad that it's impacting the coming national election wherein the platform of the currently leading candidate is focused on the glorification of the past dictator Ferdinand Marcos.
I don't understand what useful information could be harvested, as unlike Google/Facebook there is no massive tracking pixel product that follows you across the web. I'm a massive critic of the CCP, but I don't see what useful information they would get from this.
I think a bigger "conspiracy theory" I'd buy into would be the algrorithm exploiting political extremes and pushing insane voices to the top...but every social media/media company does that in some way (though not always intentionally.)
1. Having Data
2. Using it to Predict
3. Using it to Manipulate
There are major, major leaps from collection to then even having effective prediction models. Prediction is hard, especially when it comes to longer term behaviors.
Manipulation is extremely hard especially when the content space is so crowded.
My fear of TikTok is far more mundane. It just dulls us into the most passive form of entertainment the world has ever known making us a basically disengaged, lifeless people. Its the modal opposite in life to 'touching grass'.
A state actor always desires insight into an adversary. The survival of nations depends on being able to either cooperate with others or subdue those who will not. The result of a state's strategy in these arenas is predominantly determined by their ability to predict the counterpart's behaviors, both at a citizen and leadership level.
Why TikTok is not seen as the ultimate embodiment of these incentives and immediately banned from the US is beyond me.
Readit News
https://app.urlgeni.us/blog/new-research-across-200-ios-apps...
Just a few of the highlights:
Magazine apps had the highest number of total network contacts (28), and the highest percentage of third party domain contacts (93%)
Social apps, followed by Games apps, made the fewest number of network contacts, 6 and 7 respectively.
Apps making the most number network contacts included iHeartRadio (56), Wall Street Journal (48), ESPN (42), Popeyes (42), and WattPad (36)
The fact that {product} has only 1 connection to {product first party domain} doesn't say a lot about anything, given they could be internally proxying to and from who knows how many partners?
It'd be more helpful to at least see total traffic per domain.
It made me curious that the highest "first-party ratio" companies tended to be tech companies capable of realizing their own architectures (Amazon/Google/Apple).
But what people are really worried about with Facebook or TikTok or whoever building and aggregating information about them, doesn't require talking to a third party at all, and if you clamp down on these direct connections everything could just pass through the "first party" and through to whoever they wish on the server side where you can't see the connections anyway.
These network contacts provide $$$ to those companies. They're low effort, easy revenue for them. Privacy for customers be d*mned.
I once met a senior-level dev who worked for a company, they wouldn't have their own app on his phone, due to those invasive practices tracking his behaviour.
It suggests they control very little of their technical, revenue-generating infrastructure.
Which is interesting when the narrative is "The internet is destroying journalism." But another way to phrase it might be "All of these companies drastically underinvested in web/mobile, and continue to do so." (Although the NYT seems to have a higher ratio than most, but I believe they divorced themselves from Google and brought a lot back in-house?)
For example swapping the SIM card with a fresh installation of TikTok shows different "local" videos. Even if the public IP address is unchanged like when using WiFi instead of Data.
I've also think they use ad categories to suggest videos. Using a fresh TikTok installation and then spending some time navigating a subreddit of a topic, would likely show videos of that topic the next time you open TikTok.
Carrier, iso country code, mobile country code, mobile network code, and more are all easily accessible data attributes.
I would guess that your device has been fingerprinted through other app usage you have used, and that fingerprint has an association with the country of your birth.
It's possible that such a service is provided by a state actor, or part of a marketing/advertising service.
Outside of that I agree. It's unclear what data TikTok is supposedly gathering that other apps aren't already and why that's a cause for alarm.
Phase 2: ???
Phase 3: The world is now controlled by China and we are doing full communism
A bit rude but ok
> TikTok can harvest data on the type of content posted and what users interact with
That's exactly what I said, and I think this is expected by the users and does not worry me.
"all" is so general that I think it's kinda hard to really address that.
I recall when Trump ran into issues with contacts made with some Russian agents he publicly stated that he thought everyone else did it (to be specific he meant sending someone to meet with agents who said they had information he would want). When in fact almost every recent presidential candidate had reported attempted contacts by Russian agents (the lone exceptions were Trump, and George Bush Sr... but Bush had been head of the CIA so it seems likely the Russians might not try).
It seems it makes it easy to imagine these things by default if you're up to it.
There's no uncertainty here. Like in every other case, it goes to any company that is willing to purchase it. Overwhelmingly it will be American companies using it for direct marketing.
I don’t believe that TikTok has a similar internal culture of debate. I haven’t seen anything published by their academic team. I don’t believe that you can check on your friend’s page to see what they posted lately. They are examples of topics that they have favoured or censored that was worrisome and they didn’t adress the controversy. The pool of possible content is much larger so there’s more opportunity to fill strategically.
I know people who work for one but not the other, so I understand that this influence my judgement but I believe that their are objective difference in company values and product design that make TikTok more able to manipulate.
I haven’t seen anyone discuss that, and I have plenty of people who discuss those questions profesionally in my feed.
In my experience, Californians care about justice the same way they care about anything, fashion. Only the injustices that are fashionable to be against ever get any attention.
If you need proof they don't care about justice look no further than they fact the keep electing Peloci.
Those late 20s and up journalists get it, but they recognize (correctly) that like all social networks of this sort the early adopters (kids/young adults) are going to turn into adults with spending power and either change the nature of the platform or move on to something else. In either case, what TikTok is now is largely irrelevant (not to mention trite and shallow).
For example, my TikTok is full of LGBTQ+, PNW housing complaints, DnD and religion.
Edit: and a good percentage of them are around 30.
That's kinda a scary situation...
It was the same for Twitter and Facebook. Then Trump happened and People With Important Jobs started paying attention to them. There has not been such a catalyst event for TikTok yet. Like with Zoom, there is a vague feeling among the security-paranoid that the Chinese are leveraging it for data-gathering, but as long as they get bazillion videos of teenagers pulling faces, who cares?
TikTok's recommendation algorithm is really second to none.
I think a bigger "conspiracy theory" I'd buy into would be the algrorithm exploiting political extremes and pushing insane voices to the top...but every social media/media company does that in some way (though not always intentionally.)
See: https://www.tiktokforbusinesseurope.com/resources/install-ti...
There are major, major leaps from collection to then even having effective prediction models. Prediction is hard, especially when it comes to longer term behaviors.
Manipulation is extremely hard especially when the content space is so crowded.
My fear of TikTok is far more mundane. It just dulls us into the most passive form of entertainment the world has ever known making us a basically disengaged, lifeless people. Its the modal opposite in life to 'touching grass'.
A state actor always desires insight into an adversary. The survival of nations depends on being able to either cooperate with others or subdue those who will not. The result of a state's strategy in these arenas is predominantly determined by their ability to predict the counterpart's behaviors, both at a citizen and leadership level.
Why TikTok is not seen as the ultimate embodiment of these incentives and immediately banned from the US is beyond me.
The company for more money? Similar to the incentives behind Google and Facebook.