Lots of folks here arguing that the focus on TikTok is unfair, given the data collection practices of domestic corps like Facebook. From a privacy point of view, this argument is well-founded, but I think it's tangential to the argument TFA is making, which is: this data collection done by a foreign government and exploited for surveillance or espionage is a national security risk.
I get it. We want corps to stop hoovering up our data because they can use it to manipulate us with advertising, and they can mishandle it such that other bad actors can exploit it. I'm with you, this is a valid concern that we should address. But I think TikTok's specific case warrants additional concern because it's all that, plus it puts a geopolitical adversary in control of the data, countless devices, and a media channel central to the current cultural zeitgeist.
I don't think it's reasonable to wait for general regulation of social media corps while TikTok continues to do its thing, particularly if targeted action against TikTok is politically viable.
> this data collection done by a foreign government and exploited for surveillance or espionage is a national security risk.
How were Snowden revelations of USG<>Bigtech relationship materially different from what's happening here? Maybe it was less transparent?
Any "woke" person can see the cognitive dissonance here. It's all fine that you use the geopolitical rivalry argument but not if you try to paint one side of the argument as "free" and "liberal" and "subject to rule of law" when it's clearly not the case
'National security risk' is all the FCC is arguing; they're not arguing that these data collection practices are bad in themselves, only that they're bad if it happens in a way that strengthens a foreign government.
The difference is that when we hear about that being done extrajudicially, it's a scandal.
We have a system where due process is required. Sometimes authorities break those laws. But the system and culture is nonetheless there and for a reason.
The US isn't rounding thousands (millions actually?) of civil, political, religious, and other kinds of dissenters and imprisoning, reeducating, or killing them.
That's kind of a big difference here.
The CCP has mandatory seats on the bytedance board and wants a copy of all the data so they can target people.
Spying is bad, murder is next-level bad.
Stop it all, but start with the bigger issues first.
The notion which myself and others have problem with is that the US Federal Govt and the CCP are entities which we should be treating with a similar level of trust and care. The CCP has proven time and time again, be it from their refusal to cooperate with studying the source of COVID, or their continued systematic genocide of the Uighur population, that they are not a political institution which can be trusted or respected on the world stage.
This isn't to say that the USG should be admired or emulated, far from it, but as someone who's neither Chinese nor American, I think it's an objective truth that most people in the world fared better under 20th century American-hegemony than the worldwide Sinicization which the CCP has made clear is its aim.
Americans pick and choose which media to listen to. And the media across the spectrum is aligned on one thing: China Bad, US Good. However, if you listen to NPR, it _does_ matter that we're locking up immigrants in the South. But did you hear that NPR story about Uyghur genocide? Then you look for other non-American affiliated publications on the matter and they are slim pickings. Why does the United States focus so much on China? And yeah, it's mostly to manufacture consent.
I actually think it's naive. Sure if military personnel or state department use TikTok that can create security risks, but the same is true with any other social media network.
The additional data that TikTok tries to gather from the mobile OSs is insignificant compared to what you can get from videos that people take willingly.
Russian soldiers use VK, that doesn't stop OSINT researchers tracking them down on there.
Military personnel is not what this is about, it's about the data of all the citizens in the US. It's about manipulating public opinion, sowing divide or a thousand other options.
Ok. Put a stop to TikTok and allow US companies to vacuum up our data. China then hacks those companies servers or installs agents within the companies and gets the data anyway. Security threat not avoided.
None of these companies should be allowed to store and abuse the sensitive information people divulge when using many of these services.
Again, I agree, "We want corps to stop hoovering up our data because they can use it to manipulate us with advertising, and they can mishandle it such that _other bad actors can exploit it_."
My point is, if finding the political will required to stop TikTok is easier than it is to regulate data collection more generally, we shouldn't let perfect be the enemy of good.
It is folly to think that "Install Chinese government spyware on a phone" is the same level of effort as "Force the Chinese government to work on advanced persistent threats and install massive exfiltration malware on some of the most secure networks on the planet".
Or even just buy the data from data brokers. What you're highlighting is what makes TikTok different: there is a foreign adversary that is a major player in the attention economy. Observing is one thing, influencing is completely unacceptable. Especially in a post-truth society.
Is the data the issue? Or is it ongoing interference with the algorithm that pushes content to users that's the real issue? Tweaking what the users see affects those users far more than just selling their data to make money.
this isn't just about data collection. china should not be allowed to become a tech power. producing a popular social media app with advanced machine learning counts as that. china should be allowed to produce our widgets and mind its place, we can't allow a communist country and a potential global competitor to America to advance past that.
Agreed, these complaints about hypocrisy are nonsensical. If a serial killer locks his door at night for fear of being murdered, he’s not a hypocrite. On the contrary, his evil deeds have made him wise to the dangers of the night.
> Why do Americans think they represent the world?
I don't claim to.
The context is: US regulators arguing for operational restrictions of a foreign-to-the-US company on the basis of being controlled by an adversary of the US.
If you have any insight from a place with friendly relations with China, you're welcome to share it.
Does America represent the national security strategy of essentially all of Europe, most non-Chinese nations in Asia, and much of South America?
Absolutely, and to pretend otherwise is to be dreaming.
If you’re not in one of those areas then you are correct that your adversary is not our adversary. But it’s pretty statistically likely you are, and in that case the two are linked.
You’re welcome to return the trillions spent on your defense, of course, and set up your own naval strategy and naval supply chains to defend your trade routes.
This is almost certainly Facebook just lobbying to get mindshare back from TikTok. It's great for the US government too, who probably already has unfettered access to everything Facebook collects on its users. If US users go to TikTok, Facebook loses money, and the US gov't loses easy access to all that sweet sweet data. So probably Facebook doesn't even have to lobby too hard for a statement like this to come out from the FCC. Whether or not it's true doesn't even really matter. Do you want your personal data flowing to the CCP or the US gov't & Facebook/Instagram? Both seem like really bad choices to me. The only good choice is not to use any of these services at all.
Honestly, if some government needs to have my data, and I can't reasonably prevent it, I would be more than happy if that's some government on the other side of the planet without practical means to put me in jail, torture, and influence to do things that can harm me and my friends and family.
Being spied by Russia, no problem. Being spied by China, no big deal either. But being spied by the USA or EU controlled entities can pose a life thread to any EU citizen.
US citizens have it only a bit better, since they are at least protected from the EU, and only their own government has power upon them.
>plus it puts a geopolitical adversary in control of the data, countless devices, and a media channel central to the current cultural zeitgeist.
You should interrogate your assumption that the government inside the state lines is less "adversarial" to everyone's interests than the one outside state lines, even at a level of geopolitics.
The government is the one deciding what adversarial means here. Of course they’re not going to label themselves or domestic companies they regulate national security adversaries.
- Our phone hardware and operating systems are intrinsically insecure.
- There is no practical/effective data gathering regulation (and I'm not sure
it's possible to craft any without destroying innovation)
- All social media companies are doing it, leading to jeers of "hypocrisy!"
- All governments play the same games, reducing the arguments to
"Whose side are you on?" That's effectively meaningless in a
globalised world. The consequence is more nationalism and an ever
more fragmented splinternet.
- The only proposed solutions amount to more authoritarian,
controlling and regulatory responses.
What can we do?
There is a solution. Stop protecting these companies. Burn down
WIPO. Tear up practically all "intellectual property" laws. Revoke
millions of patents. Repeal all DCMA type laws regarding reverse
engineering. Kick trademark and brand protection law to the curb.
The real problem is gargantuan monolithic, captive audiences that
exist because incumbent monopolies enjoy protectionist measures that
amount to a giant international trade racket.
Creating a real market that forces radical interoperability would
solve many of the problems we see today. Who would care about TiKToK
or Facebook if they were one of 500,000 small "Social Apps" that
connected to a standardised international network.
Hell, we could even give it a catchy name, like "The Internet".
I agree with your argument, but not your conclusion. It is important
for people to know who made the stuff they're getting. Signing code is
a perfect example. Unfortunately I think "trademarks" are a 20th
century idea. There are many ways of supporting authenticity of
provenance that aren't easily corrupted and weaponised as a way to
stymie competition.
> There is no practical/effective data gathering regulation (and I'm not sure it's possible to craft any without destroying innovation)
Yes there is: Don't
Anything that is not fully and obviously intentionally completely public is e2ee and inaccessible outside of the user's device. Information that is provably necessary for providing a paid service can be collected and kept until the second it is no longer necessary so long as the process is publicly documented. Any weights, faux anonymized data or similar derived from the pii must also be deleted.
I think that's far to vague to be workable and sounds incredibly expensive (unless everyone uses those loopholes).
Storing data on user's devices isn't great, it takes up storage space (adding cost) and relies on the user to manage the backups (which lots of folks don't do). Users also switch between devices, so you'd need some sort of cross-device syncing or something.
e2ee implies that the data can only be decrypted by the user's key. If the user loses their key, they lose data access. Since keys are user managed you need to deal with user support/education and build interfaces to support key management. e2ee isn't something you can bolt on an existing system. This sounds quite expensive to implement, so you'll shift significant funds away from other development (destroying innovation).
If today I'm running a Django site that allows users to message each other, do I need to change from my server-side template rendered system to a client-side rendered system?
For loop holes, I'd expect people to claim that they can't rely on device storage, need to support multiple devices, need to support customers who can't manage keys, perform heavy-weight rendering that would consume too much device battery and run slowly, etc.
These ideas are very 2020s focused. As the software industry evolves, would we need to convince politicians to allow us to use better technology that challenges assumptions we have today?
Sadly none of this is doable in the current version of capitalism (and in pretty much every country that is drinking from it). Corporation interests, especially those of large corporations, override pretty much everything else.
Not the FCC, this is one FCC commissioner's statement. He's not the chair, nor is he part of the majority party, so you can probably read this as a political statement.
Republicans had a chance to ban TikTok during the last administration. They did not do it.
It annoys me that these headlines keep falsely attributing his statements to the FCC as a whole. I hate TikTok and I tend to agree that it’s a security risk (so, too, is Facebook, IMO). But this guy has it out for TikTok solely for political reasons and in order to please Trump.
To be fair, and I'm not fan of Trump, but if Trump hypothetically supported something good... like let's say universal healthcare, a lot of Democrats would oppose it just because Trump supported it.
My concern seems to be different than that of most expressed here. Companies collecting too much information is a problem, sure, but that's not what deeply worries me when it comes to social media generating/consuming platforms like Facebook, TikTok and YouTube. Especially those that algorithmically decide what to show users.
Foreign countries controlling what information a coming generation is exposed to is IMO much more concerning than collecting and profiling (of course also troubling, but a slightly different league). There is little oversight into what bubbles are formed, who is fed what, etc.
Want to create division in a foreign country? What better place to start than on social media and malleable kids.
This applies equally to TikTok as Facebook, for different reasons. I don't trust TikTok because of CCP, and Facebook because everything is for sale.
I wouldn't really say that the nationality is all that important. Just what my prejudices say. CCP tend to stifle opinions they dislike. Russia tends to fund divisiveness in the west. Facebook and US companies in general do whatever makes them money entirely devoid of any moral compass. Google sometimes can be gamed due to either carelessness or ineptitude. In any case, and as mentioned, mostly prejudice, is the answer to your question.
Lawyer that opposed net neutrality and now voicing his disapproval of apps built by the China.
Sounds like he's making a play to become a career politician using his version of what 'ok authoritarianism' is.
I'd like to see someone actually prove a security risk rather than hypothetically posing it. I.e. show me 1000 tiktok downloaded videos run through a program with their metadata something of strategic importance to a nation state (like the location of nuclear missiles haha).
I'm not asking for tik tok data specifically. I'm saying given a subset of X videos with metadata, show me how you can exfiltrate something of interest to a nation state.
Military bases have controls in place that ban things like tik tok + filming on site and even phones manufactured in China aren't allowed on site (they need to be checked in or whatever when you arrive at the entrypoint).
Prove this claim and then we can talk about the risk of apps like TikTok. Right now it's a false as saying Wifi signals cause brain cancer coz electromagnetism === bad for humans.
> I'd like to see someone actually prove a security risk rather than hypothetically posing it.
A security risk is by nature hypothetical. If the risk comes to fruition, it's no longer a risk, it's an event or an incident or whatever.
I think it's right to say such data harvesting posses a security risk. I don't necessarily think the nationality of the corporation collecting it makes a huge difference though. If the concern is state level abuse of the harvested data, sure, it's much easier for any given state to access data when the data is stored by an entity that has strong state influence, but given the patterns of hiring at large scale data collectors, it can't be too hard to get state operatives into positions where they have large scale discrectionary access to data.
Also, I'm not really convinced that the FCC is expected to consider national security concerns, or if they have significant regulatory oversight of the app store market either?
> A security risk is by nature hypothetical. If the risk comes to fruition, it's no longer a risk, it's an event or an incident or whatever.
Not true. CPU exploits come out all the time with proof of how to exploit / exfiltrate data. This claim of a 'risk' is unproven as it's based on a poor hypothesis of 'country has our data === bad'
> I'd like to see someone actually prove a security risk
Even if we could access all the data, the proof would come too late, by definition.
Of course seeing the proof would be interesting, but that's not the point. Rules are created to protect interests, weighing advantages and disadvantages. That's why allies get more leeway than enemies.
I don't know what your position is, but there are various people in this thread calling such a measure "dangerous" and comparing tiktok to facebook. First: there's more than one dangerous thing in the world, and calling outlawing tiktok dangerous probably says more about their addiction than it does about liberties. Second, facebook is also "social media" that collects data, but that's where the similarity ends. You can't expect two entities to be treated identically just because they share some features. I cannot believe people make such arguments seriously and in good faith.
"TikTok is said to collect “everything”, from search and browsing histories; keystroke patterns; biometric identifiers—including faceprints"
How can they even collect browsing history or biometric identifiers on Android? Isn't browser history stored in the browser's private storage space, or am I being naive here?
Very unlikely to be accurate. If it was, TikTok wouldn't be on the app stores.
* Browsing history: If a user uses a WebView in your app, you can obtain the history of* that WebView instance.
Xiaomi phones let applications have access to the first (100?) bytes of each pcap line. [note: this is probably unintended, but their bug bounty programme didn't care].
* Keystroke patterns: You can track user keystrokes within your app. If you're a keyboard or accessibility provider, you can access keystrokes globally. I haven't used TikTok, but it's very unlikely that they do either of these, the UX to enable them is not pleasant because they're dangerous actions to take.
* Biometric identifiers: If a user takes a selfie, you have their iris/fingerprint/faceprint
Browsing history: many apps (like reddit, Instagram) have their own browser in the app so they can track it, and they nag you to use their app when you open their website.
Biometric identifiers, I'm guessing mostly facial features: if you take a selfie/self-video with TikTok (which millions of people do) they can just take the data from there.
The thing people are missing when they say "naturally foreign government collecting data is a security risk" - is that by US openly admitting this - they are signaling to all other countries allowing US tech companies to operate there that they should be firewalling because it is a security risk.
World is > US and China, Europe, SA, Africa, the rest of Asia - this is a clear cut message "you need to have your social networking in-country to prevent others from compromising you".
I honestly think that should be done anyway. For example, if Britain blocked Facebook for not being consumer friendly what would we really lose? Facebook would be recreated over night. The profits would be kept in country. And in addition, we might have a slightly better barrier against the American culture seeping into the country.
Sure, we could lose some app integrations but if the internet was more segregated API standards would be developed to mitigate this.
Ofcom are slowly getting their teeth back with upcoming regulation (3 decades late IMO), but in answer to "what would we really lose?", we'd likely suffer immediate tit-for-tat responses from the US if we attempted to meaningfully regulate or partition our media from theirs again.
I don't think anyone who has spent much time thinking about it sees the Russia/China/Iran firewalls as a bad thing, but we aren't them and we can't regulate our media in the same way.
That's ridiculous - for a lot of people I know number one use case for Facebook is keeping in touch with people that move away - very often out of country.
Rebuilding social network would take a long time, having it country specific would be pointlessly limiting.
Chunking up internet between countries would be going down further into isolationism for GB since they aren't even a part of EU anymore.
Readit News
I get it. We want corps to stop hoovering up our data because they can use it to manipulate us with advertising, and they can mishandle it such that other bad actors can exploit it. I'm with you, this is a valid concern that we should address. But I think TikTok's specific case warrants additional concern because it's all that, plus it puts a geopolitical adversary in control of the data, countless devices, and a media channel central to the current cultural zeitgeist.
I don't think it's reasonable to wait for general regulation of social media corps while TikTok continues to do its thing, particularly if targeted action against TikTok is politically viable.
Edit: typo
How were Snowden revelations of USG<>Bigtech relationship materially different from what's happening here? Maybe it was less transparent?
Any "woke" person can see the cognitive dissonance here. It's all fine that you use the geopolitical rivalry argument but not if you try to paint one side of the argument as "free" and "liberal" and "subject to rule of law" when it's clearly not the case
China's kompromat and industrial espionage policies differ from those of the US.
It is off base to compare while ignoring intentions and impact, because they're Very different countries.
We have a system where due process is required. Sometimes authorities break those laws. But the system and culture is nonetheless there and for a reason.
That's kind of a big difference here.
The CCP has mandatory seats on the bytedance board and wants a copy of all the data so they can target people.
Spying is bad, murder is next-level bad.
Stop it all, but start with the bigger issues first.
This isn't to say that the USG should be admired or emulated, far from it, but as someone who's neither Chinese nor American, I think it's an objective truth that most people in the world fared better under 20th century American-hegemony than the worldwide Sinicization which the CCP has made clear is its aim.
The additional data that TikTok tries to gather from the mobile OSs is insignificant compared to what you can get from videos that people take willingly.
Russian soldiers use VK, that doesn't stop OSINT researchers tracking them down on there.
None of these companies should be allowed to store and abuse the sensitive information people divulge when using many of these services.
My point is, if finding the political will required to stop TikTok is easier than it is to regulate data collection more generally, we shouldn't let perfect be the enemy of good.
It is folly to think that "Install Chinese government spyware on a phone" is the same level of effort as "Force the Chinese government to work on advanced persistent threats and install massive exfiltration malware on some of the most secure networks on the planet".
I don't claim to.
The context is: US regulators arguing for operational restrictions of a foreign-to-the-US company on the basis of being controlled by an adversary of the US.
If you have any insight from a place with friendly relations with China, you're welcome to share it.
Does America represent the national security strategy of essentially all of Europe, most non-Chinese nations in Asia, and much of South America?
Absolutely, and to pretend otherwise is to be dreaming.
If you’re not in one of those areas then you are correct that your adversary is not our adversary. But it’s pretty statistically likely you are, and in that case the two are linked.
You’re welcome to return the trillions spent on your defense, of course, and set up your own naval strategy and naval supply chains to defend your trade routes.
Being spied by Russia, no problem. Being spied by China, no big deal either. But being spied by the USA or EU controlled entities can pose a life thread to any EU citizen.
US citizens have it only a bit better, since they are at least protected from the EU, and only their own government has power upon them.
You should interrogate your assumption that the government inside the state lines is less "adversarial" to everyone's interests than the one outside state lines, even at a level of geopolitics.
Dead Comment
- Our phone hardware and operating systems are intrinsically insecure.
- There is no practical/effective data gathering regulation (and I'm not sure it's possible to craft any without destroying innovation)
- All social media companies are doing it, leading to jeers of "hypocrisy!"
- All governments play the same games, reducing the arguments to "Whose side are you on?" That's effectively meaningless in a globalised world. The consequence is more nationalism and an ever more fragmented splinternet.
- The only proposed solutions amount to more authoritarian, controlling and regulatory responses.
What can we do?
There is a solution. Stop protecting these companies. Burn down WIPO. Tear up practically all "intellectual property" laws. Revoke millions of patents. Repeal all DCMA type laws regarding reverse engineering. Kick trademark and brand protection law to the curb.
The real problem is gargantuan monolithic, captive audiences that exist because incumbent monopolies enjoy protectionist measures that amount to a giant international trade racket.
Creating a real market that forces radical interoperability would solve many of the problems we see today. Who would care about TiKToK or Facebook if they were one of 500,000 small "Social Apps" that connected to a standardised international network.
Hell, we could even give it a catchy name, like "The Internet".
Yes there is: Don't
Anything that is not fully and obviously intentionally completely public is e2ee and inaccessible outside of the user's device. Information that is provably necessary for providing a paid service can be collected and kept until the second it is no longer necessary so long as the process is publicly documented. Any weights, faux anonymized data or similar derived from the pii must also be deleted.
Storing data on user's devices isn't great, it takes up storage space (adding cost) and relies on the user to manage the backups (which lots of folks don't do). Users also switch between devices, so you'd need some sort of cross-device syncing or something.
e2ee implies that the data can only be decrypted by the user's key. If the user loses their key, they lose data access. Since keys are user managed you need to deal with user support/education and build interfaces to support key management. e2ee isn't something you can bolt on an existing system. This sounds quite expensive to implement, so you'll shift significant funds away from other development (destroying innovation).
If today I'm running a Django site that allows users to message each other, do I need to change from my server-side template rendered system to a client-side rendered system?
For loop holes, I'd expect people to claim that they can't rely on device storage, need to support multiple devices, need to support customers who can't manage keys, perform heavy-weight rendering that would consume too much device battery and run slowly, etc.
These ideas are very 2020s focused. As the software industry evolves, would we need to convince politicians to allow us to use better technology that challenges assumptions we have today?
Will be interesting to see which loadout is more functional long term, China’s or the USA’s.
Hope we are not advocating that everything be owned by the state, as if that would allow more competition.
Republicans had a chance to ban TikTok during the last administration. They did not do it.
Deleted Comment
Foreign countries controlling what information a coming generation is exposed to is IMO much more concerning than collecting and profiling (of course also troubling, but a slightly different league). There is little oversight into what bubbles are formed, who is fed what, etc.
Want to create division in a foreign country? What better place to start than on social media and malleable kids.
This applies equally to TikTok as Facebook, for different reasons. I don't trust TikTok because of CCP, and Facebook because everything is for sale.
Lawyer that opposed net neutrality and now voicing his disapproval of apps built by the China.
Sounds like he's making a play to become a career politician using his version of what 'ok authoritarianism' is.
I'd like to see someone actually prove a security risk rather than hypothetically posing it. I.e. show me 1000 tiktok downloaded videos run through a program with their metadata something of strategic importance to a nation state (like the location of nuclear missiles haha).
We as individuals don't have access to that data, only tiktok does.. so we as individuals can't prove this to you.
Edit: Removed ask to share all personal data, because its bad form.
I know that this is one of the reasons why TikTok has highly invested in Ireland.
Military bases have controls in place that ban things like tik tok + filming on site and even phones manufactured in China aren't allowed on site (they need to be checked in or whatever when you arrive at the entrypoint).
Prove this claim and then we can talk about the risk of apps like TikTok. Right now it's a false as saying Wifi signals cause brain cancer coz electromagnetism === bad for humans.
A security risk is by nature hypothetical. If the risk comes to fruition, it's no longer a risk, it's an event or an incident or whatever.
I think it's right to say such data harvesting posses a security risk. I don't necessarily think the nationality of the corporation collecting it makes a huge difference though. If the concern is state level abuse of the harvested data, sure, it's much easier for any given state to access data when the data is stored by an entity that has strong state influence, but given the patterns of hiring at large scale data collectors, it can't be too hard to get state operatives into positions where they have large scale discrectionary access to data.
Also, I'm not really convinced that the FCC is expected to consider national security concerns, or if they have significant regulatory oversight of the app store market either?
Not true. CPU exploits come out all the time with proof of how to exploit / exfiltrate data. This claim of a 'risk' is unproven as it's based on a poor hypothesis of 'country has our data === bad'
Even if we could access all the data, the proof would come too late, by definition.
Of course seeing the proof would be interesting, but that's not the point. Rules are created to protect interests, weighing advantages and disadvantages. That's why allies get more leeway than enemies.
I don't know what your position is, but there are various people in this thread calling such a measure "dangerous" and comparing tiktok to facebook. First: there's more than one dangerous thing in the world, and calling outlawing tiktok dangerous probably says more about their addiction than it does about liberties. Second, facebook is also "social media" that collects data, but that's where the similarity ends. You can't expect two entities to be treated identically just because they share some features. I cannot believe people make such arguments seriously and in good faith.
How can they even collect browsing history or biometric identifiers on Android? Isn't browser history stored in the browser's private storage space, or am I being naive here?
* Browsing history: If a user uses a WebView in your app, you can obtain the history of* that WebView instance.
Xiaomi phones let applications have access to the first (100?) bytes of each pcap line. [note: this is probably unintended, but their bug bounty programme didn't care].
* Keystroke patterns: You can track user keystrokes within your app. If you're a keyboard or accessibility provider, you can access keystrokes globally. I haven't used TikTok, but it's very unlikely that they do either of these, the UX to enable them is not pleasant because they're dangerous actions to take.
* Biometric identifiers: If a user takes a selfie, you have their iris/fingerprint/faceprint
What is pcap line?
0. https://en.wikipedia.org/wiki/Timing_attack
Biometric identifiers, I'm guessing mostly facial features: if you take a selfie/self-video with TikTok (which millions of people do) they can just take the data from there.
Deleted Comment
World is > US and China, Europe, SA, Africa, the rest of Asia - this is a clear cut message "you need to have your social networking in-country to prevent others from compromising you".
Sure, we could lose some app integrations but if the internet was more segregated API standards would be developed to mitigate this.
I don't think anyone who has spent much time thinking about it sees the Russia/China/Iran firewalls as a bad thing, but we aren't them and we can't regulate our media in the same way.
Rebuilding social network would take a long time, having it country specific would be pointlessly limiting.
Chunking up internet between countries would be going down further into isolationism for GB since they aren't even a part of EU anymore.