5 Reasons Why You Should Worry About TikTok and Privacy

More than 1.5 billion people use TikTok worldwide. Nearly one-third of the world’s internet users are on the ultra-popular short-form video hosting app. In 2022, TikTok was the most downloaded app on earth—but we have some major privacy concerns. Here are 5 of them:

1. What is TikTok doing with all of its user data? 

The real story of TikTok is its powerful algorithm—an algorithm so good it can learn in as little as one hour what you like to watch. In part 1 of our recent two-part Privacy Files podcast series on TikTok and privacy, we asked whether TikTok is really just a harmless app for watching silly dancing videos or is there more to the story.

TikTok is accused of ‘aggressive’ data harvesting, including in-app messages and precise device locations. An industry expose reveals TikTok tracks you across the web even if you don’t use the app. In fact, TikTok collects and shares more of your data than any social media app. A recent Forbes expose says, “Significant reports indicate that the data collection practice outpaces anything that Facebook, Instagram, or Twitter have ever imagined.” 

A report in The Guardian adds, “TikTok’s data collection methods include the ability to collect user contact lists, access calendars, scan hard drives including external ones and geolocate devices on an hourly basis. The application can and will run successfully without any of this data being gathered. This leads us to believe that the only reason this information has been gathered is for data harvesting,” citing a report by Australian–US cybersecurity firm Internet 2.0.

Data harvesting is the gathering of data from multiple, usually online sources and storing it in a structured database where it can be analyzed to gain insights for various purposes. Other terms for it are “web scraping,” “data extraction” or “web crawling.” Read 9 Reasons Why Data Privacy Matters.

Here’s a sample of TikTok’s vast data collection: 

  • name, age, username, email, password, phone number, and location
  • the content of messages, when you sent them, and whether they were received and read and by whom
  • purchase information, including payment card numbers, billing and shipping addresses
  • a user’s activities on other web sites and apps or in stores, including the products or services purchased online or in person
  • the time and date on which you view a web page and a description of that page
  • your IP address
  • mobile carrier
  • time zone settings
  • model of your device and operating system
  • objects and scenery that appear in your videos, including tourist attractions, shops or other points of interest
  • biometric identifiers such as faceprints and voiceprints 
  • cookies that collect, measure and analyze which web pages you view most often and how you interact with content
  • file names and types
  • keystroke patterns and rhythms
  • text, images and videos on your clipboard, and information about videos, images and audio
  • network type
  • device ID
  • screen resolution
  • app file names and types
  • keystroke patterns and rhythms
  • battery state
  • whether you’re linked to audio, and connected to devices that you log in from.

TikTok’s format makes it easier to collect great swathes of data: short videos give the app more data per hour compared with YouTube and other apps. When you consider the average user spends 547.5 hours a year on the app, and over 1 billion videos are watched every day, the scale of data collection is almost unimaginable.

Read: 14 Real-Life Examples of Personal Data You Definitely Want To Keep Private (Plus, How to Do It)

2. Is the app really a surveillance tool for the Chinese government? 

One of the great fears around TikTok’s unprecedented data collection is the app’s links to China. Chinese company ByteDance, headquartered in Bejing, owns TikTok. 

The Forbes article we quoted earlier says, “It is quite plausible that the Chinese government has access to and leverage to collect all of this accumulated data. Meanwhile, TikTok is profusely collecting data at such a large scale that it’s raised alarms across the world that resulted in:

The article goes on to say: “These concerns aren’t just some sudden developments. A while back, research uncovered how the app installs browser trackers on subject devices. While that might seem common and perhaps insignificant, the tracker can reveal all of a user’s internet activities without authorization or notification. The app is also reportedly using fingerprinting technique which serves to identify specific users and their activity. That means the internet activities of any TikTok user wind up in the hands of Chinese entities and they know who you are with near absolute certainty, along with all your browsing history.”

In the U.S., the Biden administration is demanding ByteDance either sell the app or face a ban. Congressional hearings in March 2023 didn’t seem to ease national security concerns that the Chinese Communist Party can use the app and the data it collects to surveil Americans and government institutions. India has already banned the app, though reports say ByteDance can still mine past users’ data.

The Guardian reports ByteDance is “consistent in saying their app doesn’t connect to China, isn’t accessible to Chinese authorities and wouldn’t cooperate with Chinese authorities,” but Internet 2.0’s research found “Chinese authorities can actually access device data.” By sending tracked bots to the app, Internet 2.0 “consistently saw … data geolocating back to China.” It wasn’t clear what data was being sent, just that the app was connecting to Chinese servers. 

Under China’s national security laws, upon request from the government, Chinese companies are required to share access to data they collect.

3. Are children safe from harm on TikTok? 

Although TikTok’s minimum age restriction is 13 years old, TikTok doesn’t ask for age and it has no verification system, so it’s likely many children under 13 are on the app. TikTok has been sued multiple times for collecting personal data on children without parental consent. 

The app has also had problems with child predators, and moderators review hundreds of messages a day from predators. Predators use private messages, which are meant to be restricted to 16 year-olds but are known to be used by younger children. And the algorithm increases the risk by showing a user more of what they pause on. If a child pauses on an inappropriate video, the algorithm will feed them more inappropriate content, making it easier for predators to engage with kids quickly.

Even with a private account, a child’s profile information – including profile photo, username, and bio – will still be visible to all users, warn parenting sites.

4. Is the TikTok algorithm also leading to app addiction so the app can harvest even more data?

Users frequently confess to losing track of time as they spend hours in the app every day. And the longer you interact with the app, the more data the app collects and the more TikTok knows about you.TikTok functions on the same principles that make gambling addictive. The psychological term is “random reinforcement” where sometimes you win, sometimes you lose, just like a slot machine. It’s digital crack cocaine in that it puts users into a pleasurable dopamine state that’s almost hypnotic. When a user’s video gets likes, shares or comments etc., it’s euphoric. Check this out:

Understand the signs and symptoms of social media addiction.

5. Where to next for ByteDance and our personal data?

The “world’s most valuable startup” has actually produced many other wildly successful products beyond TikTok, including Toutiao, the most popular news app in China, which today has 320 million monthly active users, and Douyin, a short-video app that preceded TikTok. 

These days, ByteDance has much bigger plans than TikTok, such as building product fulfillment centers in the U.S. to create an e-commerce supply chain system that could directly challenge Amazon; getting into long form video and music; licensing deals with TV; mobile gaming; publishing companies: kids’ education apps; cloud hosting; financial technology; email, chat, and video calls; calendar; and document storage etc. It’s clear their goal is take over the entire supply chain and expand into more industries.

Axios says, “TikTok’s meteoric growth, which has already taken its toll on Meta’s Facebook and Instagram, has also begun to pose a threat to companies like Amazon and Google that rely on intent-based search advertising to drive business on their shopping platforms.” And we all know how bad Google and Amazon are for privacy.

If you want to make up your own mind about TikTok and privacy, listen to our two-part series on our Privacy Files podcast:

Listen to part 1 – ep. 17 

Listen to part 2. – ep. 18 

The podcast episodes review The Insane Truth About TikTok documentary – 8 “chapters” of information about TikTok, which turned our discussion into a deep dive on the app and risks. 

And those risks extend beyond privacy to include:

1. TikTok is seriously bad for mental health.

In part 2 of our two-part Privacy Files podcast series on TikTok and privacy, co-hosts Rich and Sarah look at the mental health effects of being on the short-form video app. From feeding users a constant stream of harmful contentto fat-shaming people, TikTok has come under tremendous heat from critics around the world.

2. TikTok is infamous for dangerous viral challenges. 

From the blackout and Benadryl challenges to the Tide Pods and burning pile challenges, the app has led to many users’ physical harm—all for some fleeting attention.

3. Critics say TikTok is discriminatory.

Many critics have accused TikTok of restricting or shadow banning people who are less attractive, overweight, have a disability or living in poor locations. The assertion is that the app wants to promote more “desirable” content. TikTok defends itself by claiming it is attempting to protect users from being the target of bullying but it’s really about trying to get more desirable content on the platform.

How to stay safe on TikTok

The Guardian article we quote in this blog suggests to:

  • Be specific and granular about the level of permissions you share with the app. 
  • Set permissions manually via in-app settings and in the device’s settings. 
  • Monitor your permissions regularly because it’s not set and forget. 
  • Ignore requests for sharing information, and avoid using TikTok for general messaging.
  • Be very careful using Tik Tok if you’re a young person just starting your career. Think beyond the short term.
  • If you delete TikTok, remember the data already collected will not disappear from TikTok’s database, it will only stop data collection into the future. 

How MySudo can protect you

If you’re using TikTok, you have another great reason to use MySudo, the world’s only all-in-one privacy app. 

You could use MySudo in one of two ways to protect yourself from TikTok and other social media’s data harvesting:

  1. You could use a Sudo email and phone number to sign up to your TikTok account. This unlinks your personal information from your TikTok account, breaking the data trail that can be traced back to you personally. Just make sure you keep that Sudo exclusively for TikTok or social media, and don’t use it for anything you value or want to keep private.
  2. If you really must use TikTok, do everything you care about and want to keep private through your Sudo digital identities and treat the rest of your phone as dirty or compromised.

New to MySudo? Start Here

Check out our subscription plans to get a Sudo phone number 

Listen to our two-part Privacy Files podcast series on TikTok and privacy.

Suggested articles:

The Top 10 Ways Bad Actors Use Your Stolen Personal Information

A bad actor isn’t only a poorly skilled thespian (ha ha). It’s also a person (or group) who intentionally acts to cause harm to a…

Can an Existing Digital Identity Wallet Leverage a Hardware Security Module to Meet New EU Standards?

Anonyome Labs will co-present a paper with Australia’s Queensland University of Technology (QUT) at the 8th Symposium on Distributed Ledger Technology in Brisbane, Australia from…

Aries VCX: Another Proof Point for Anonyome’s Commitment to Decentralized Identity 

For nearly two years, Anonyome Labs has co-maintained an open source project from Hyperledger called Aries-VCX. VCX is an important decentralized identity (DI) community project,…