NordVPN shares ways TikTok violates users’ privacy

About a month from now, TikTok CEO Shou Zi Chew is due to testify about the infamous app’s security and privacy practices before the US Congress. He will be the sole representative and witness at the hearing, scheduled for March 23. He is expected to also testify on TikTok’s impact on young users and its “relationship to the Chinese Communist Party,” according to a hearing announcement on the committee’s website.

The hearing next month is not the first for TikTok. During a Senate hearing last year, members of Congress grilled TikTok COO Vanessa Pappas, arguably the public face of the company in the US. The outcome of that hearing was an assurance from Pappas that the video-sharing app “will satisfy all national security concerns.”

Pappas also affirmed in that hearing that the company has said, on record, that its Chinese employees do not have access to US user data. She also reiterated that TikTok has said it would “under no circumstances … give that data to China” and denied that TikTok is in any way influenced by China. She avoided saying whether the platform’s owner, ByteDance, would keep US user data from the Chinese government, or whether China may influence ByteDance.

What happened to TikTok in the US?

The concern over TikTok started in earnest during the Trump administration in 2020, when a sweeping executive order prohibited US companies from doing business with ByteDance. Three years on from that, the company has sought to assure Washington that the personal data of US citizens cannot be accessed and its content cannot be manipulated by China’s Communist Party – or anyone else under Beijing’s influence.

Although the Biden administration eventually revoked the Trump administration’s ban in June 2021, the reversal was made with the stipulation that the US Committee on Foreign Investment (CFIUS) conducted a security review of the platform and suggested a path forward to avoid a permanent ban.

That review has been ongoing and the CFIUS and TikTok have been in talks for more than two years, aiming to reach a national security agreement to protect the data of US TikTok users. TikTok even shared the information that it had moved its US user data to cloud servers managed by Oracle, from servers that TikTok controlled in Virginia and Singapore, and that it would eventually delete backups of US user data from those proprietary servers.

For context, TikTok has recently been banned on government devices and school campuses in several states, as well as on federal devices after a ban was passed in Congress in December. On top of that, next month, the House Foreign Affairs Committee plans to hold a vote on a bill aimed at blocking the use of TikTok entirely in the US.

NordVPN points out ways the app violates privacy

Although bans on TikTok have come into force only since December last year, the app has been on the radar of American authorities for a long time because of its numerous privacy problems. 

“Currently, around 95 million Americans use TikTok, and its popularity is growing daily. These numbers show that very few understand the risks this social media network brings to its users’ data, including intrusive tracking and a possible connection to the Chinese government,” said Adrianus Warmenhoven, a cybersecurity advisor at NordVPN.

In explaining how TikTok compromises its users’ privacy, Warmenhoven first highlighted the app’s data-driven algorithm and intrusive tracking. “One reason for the app’s success is that it can provide users with highly individualized content. Every user has a unique feed based on their interests and preferences. But behind that individual approach is gathering vast amounts of user data within and outside the app,” he noted.

As soon as a user starts using TikTok, the company begins building a profile about them, including their interests, political leanings, sexuality, and every other variable that could impact the selection of videos they see. TikTok even collects information about users’ keystroke patterns, location information, browser history, and biometric information.

Secondly, Warmenhoven discussed TikTok’s in-app browser, whereby when users try to navigate off TikTok through an ad or a bio link, they stay on the app. “Instead of switching to Chrome or Safari, users view pages through TikTok’s browser. The internal browser allows the company to monitor behavior on websites and pages that a user might assume are not within TikTok’s purview. This type of monitoring is another area where users might end up exposing more personal information than they intend to,” he added.

He also highlighted ByteDance’s relationship with the Chinese Communist Party and noted that it is required to share user data with the authorities if requested under Chinese law. “While it’s hard to verify TikTok’s stance on these issues, the fact that ByteDance operates under the authority of the CCP should raise concerns about user privacy,” he concluded.