How Tiktok monitors its users
Jokes, dance steps, funny movies: The video platform Tiktok is currently a hit, especially among young people. According to an internal document, around 800 million users are registered worldwide.
Tiktok is the first social network in a long time that could seriously compete with Facebook (1.9 billion active users worldwide) and Instagram (one billion). But at the same time, a public debate about the service has flared up. Because Tiktok belongs to the Chinese company Bytedance, when it comes to freedom of expression, it sets limits to users.
Initially, the platform had meanwhile deleted the video of a user viewed millions of times, who denounced the persecution of Muslim Uighurs in China. Tiktok then apologized for the step and said that the clip had been temporarily removed due to a “human error” and was quickly available again.
Netzpolitik.org portal disclosed that, according to internal documents, Tiktok had previously hidden videos of users with disabilities as well as fat or queer people, meaning that they had limited range. In the platform’s moderation rules, this is declared as a protective measure: one has to assume that these are people who, based on their physical or mental state, have to think that they will become the target of bullying. Also, the U.S. government is currently reviewing the Chinese government’s impact on user data.
So how trustworthy is Tiktok?
To investigate the question, S.Z. It is recorded and evaluated the data traffic from Tiktok’s app and website. The app does not require registration. However, you are not anonymous there: Almost every smartphone has identification numbers that are read by the apps. Mostly it is the advertising I.D.s from Google or Apple. This turns the unregistered user into a number, Tiktok also contains the software of other companies that specialize in the analysis of user behaviour on the Internet: Facebook and Appsflyer.
These companies continuously receive data from the app: about the start and end of use, each video viewed, the subscribed channels. Even search terms entered in Tiktok land on Facebook with the advertising I.D. and can be assigned to a Facebook user. From this centrally enriched data of all apps used, statistical forecasts can be made over time: prosperity, favourite shoe brand, political outlook.
But where does the data end up?
Appsflyer names more than 4,500 possible partner companies with whom data for campaigns can be shared. That is questionable – but familiar. Many platforms, online shops and networks that make money from advertising do this. In the case of Tiktok, there is still the matter with China. As reported by netzpolitik.org, Tiktok can also use its moderation system to suppress and direct content. According to the report, videos of protests and demos are also throttled.
Is Tiktok’s use of the data of its mostly young users lawful? Malte Engeler, a lawyer and specialist in data protection law, doubts this: on the one hand, the necessary transparency to identify who the data will be sent to Appsflyer after has been missing. Bytedance told the S.Z. That the data transfer was explained in the data protection regulations, but no information about contractual details could be given. However, the transfer of user data abroad is even more difficult for Engeler. The location of the servers on which the data is stored (Japan and the USA) is of secondary importance; he says the decisive factor in where the company is based, which determines the data. Appsflyer is located near Tel Aviv, byte dance in Beijing: ” In China, one has to count on the authorities’ unlimited and eventless access to the data. This violates the essence of the fundamental right to respect for private life. “
So is the Tagesschau responsible as the operator of the channel? It’s not an easy question, says Engeler. In the case of Tiktok, the decisive factor is how much the Tagesschau participates in the collection and dissemination of the data there or benefits from it. The responsible data protection officer of the NDR, Heiko Neuhoff, told the S.Z.
That he had not been informed beforehand about the activities of the Tagesschau on Tiktok, he is now checking your offer.
Tiktok is primarily used as an app, but if the videos are shared via messenger or social networks, the shared short addresses hide the user I.D. This means that Tiktok always knows who originally distributed a video. And users who then watch the shared video are also tracked: with a “fingerprinting script”. Tiktok uses this to read numerous data from the visitor’s browser and hardware, such as installed fonts or special features of the graphics and audio output. In combination, the data are highly likely to be unique. Even if the visitor deletes the cookies in his browser, the small files that websites store on his computer, the website can recognize him the next time he visits the fingerprint.
In legal terms, the controversial method is comparable to cookies, Malte Engeler says: If Tiktok uses it to create profiles or to display personalized advertising, the user has to consent beforehand. Bytedance informs the S.Z. that fingerprinting is a security measure against “harmful browser behaviour” and: “This procedure is common in our sector.” However, because of unpopularity among users, fingerprinting is rarely used; a U.S. study found it in just five per cent of the top 1000 websites examined.
The analysis of the data streams shows that Tiktok’s logic is not a surveillance network from the Communist Politburo, but follows a very western, capitalist concept. Critics call the business model “People Farming”: People are kept on a platform for as long as possible with psychological tricks and look at content that they ideally created themselves. Then they will be shown advertisements, the data about them will be marketed. It fits that Tiktok has founded its marketing platform.
How Tiktok users can protect their data
Can you use Tiktok at all despite privacy concerns? It is generally advisable to check each app for built-in trackers before installing it. The French data protection organization Exodus Privacy regularly creates reports that can be found on their website exodus-privacy.eu.org under “Browse Reports”. There are also so-called firewalls for smartphones, as you know them from P.C.s. With these programs, the data traffic of the cell phone can be checked in detail, and third-party connections such as those on Facebook or Appsflyer can be blocked. For Android, for example, the Net guard firewall, for the iPhone, there is the Lockdown app. It is even safer to have a tracking-free smartphone configured by a specialist.
To do this, the Android operating system must be installed in its pure form – i.e. free of advertising I.D. and Google apps. The most comprehensive method is Lineage O.S. The device then uses only tracking-free open source apps from the free F-Droid store. The disadvantage: Most classic apps are not available there. There is currently no adequate protection against fingerprinting – reading out identifying information about browsers and hardware – without disrupting the essential functions of the browser.