You must log in or register to comment.
They are both security risks. The difference is the SA oligarch has already successfully infiltrated our national security and installed himself in a position of power so we can’t do anything about it anymore.
Honestly the way he did it was pretty perfect. Create technology and weapons and R&D for the country you want to infiltrate, ingratiate yourself to it’s people, government, and military. Then start throwing money into politics to buy yourself a spot on the cabinet.
This is a game any bad state actor with a huge wad of cash can play thanks to Citizen’s United.
Create
I think you mean buy. Fund is probably the most generous word you could use, but that’s a fat stretch.
They are all problematic. My disagreement with the removal of TikTok is that it should not stop with TikTok. Meta’s apps are an absolute nightmare. Google, Xitter, Amazon, etc., they all need to be curbed when it comes to data collection.
Data brokering needs to be made illegal or VERY tightly regulated.
they all need to be curbed when it comes to data collection.
The problem with TikTok isn’t data collection, though. The stated concern of the US government is that TikTok may be used to inflict foreign influence (ie, Woke Mind Virus Communism).
That is, incidentally, why the flood of users to RedNote has been so funny. TikTok’s got a bunch of edgy western Zoomers doing “Did You Know Capitalism Is Bad Sometimes?” infographics in between dances. RedNote is just straight up “China Is The Best Country In The World” nature channel style hagiography.
The US pushed millions of Americans out of the frying pan and directly into the fire.
Yes, the ban of TikTok has been more about lip service than actual protections for Americans.
The real solution is passing a comprehensive law that fines/bans any app/platform that is opaque about its influence from governments and its data sharing with governments. But who in Congress today has any appetite for real solutions!
I had written about this to my reps and their response was a non response - TikTok bad.
I mean, if that’s the question you want answered…
X uses a native browser controller when you open a link, so the app can’t see what you do in there.
Whereas TikTok uses a managed webview… which they have been caught injecting keyloggers into.
Back in the olden days, we called this a cross-site scripting attack.
Seems like meta were trying something similar with thier replacing all links in Facebook messenger with thier fbrpc://facebook/nativethirdparty?app_id Links, but seems like they gave up on it because it was all broken.
Yup. They’re all dangerous monsters.
IMO, it doesn’t even matter who’s worse, cuz they’re all bad enough they should all be subject to aggressive regulation with the goal of establishing safe interop off-ramps for people to stop using the services or at least use more trustworthy clients.
In my estimation, TikTok is worse, but that’s not even what the ban is about. It’s because China is spying instead of the US. That’s not a reason to defend TikTok though, or to oppose the government’s decision — cuz they were accidentally right, for the wrong reason.
That’s where I’m at. If in an alternate universe Congress did something like banning the distribution of harvested data, even just to foreign entities, and TikTok then refused to comply, then I’d be fully in support with them getting banned for it.
Here in the real world though, Congress apparently doesn’t have the balls to pass blanket privacy rights like that, because you see, that’d catch some of the wrong fish. I think it says a lot about the state of modern social media that all they were willing to go after TikTok for was something as nebulous as “national security risk”.
Because tiktok data goes to China, and China is a competitor/geopolitical adversary to the USA. If tiktok was russian, it would be the same story. Besides, tiktok has been proven to be by far the worst data miner you can download from an app store.
Not just a data miner, it has some crazy capabilities that are malicious even by the standards of social media phone apps, which were already explicitly malicious. If I remember right, it can download custom code to augment its capabilities per-target, and has encryption to attempt to thwart any attempt to analyze it, which are both pretty unusual amounts of effort to spend from the POV of “we just want to gather your advertising data and listen to your microphone all the time” which are pretty standard things.
Yep, the thing is actual malware which for some reason gets a pass from Google/Apple.
That kinda makes Apple and Google malware too IMO, I should really switch to Graphene…
That’s just AB testing, downloading over https, and having DRM. Every app on your phone does this, but it sure sounds scary when framed that way.
Every video game you have does the same thing too.
You’re doing the same thing Republicans do when they go into great detail about food ingredients to make salt sound scarier than it is.
Edit: You better also remove this foreign controlled app, targetted at children, that can download new code outside of the app store updates
https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/
“There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary.”
Obviously, the app creator can write whatever code they want into the app. If they want to update it, including to run an AB test, they can do a new version.
The only reason for unzipping and executing random binaries on-demand, outside of the normal app update process, is if you want to specifically target one individual or a group of individuals and enable functionality specifically for them that is custom to those particular people. Maybe you just have specific needs for them that aren’t served by the overall process, or maybe what you want to install is secret enough that you don’t want security researchers getting their hands on it. That second one would be consistent with the obfuscation around even the stock behavior of the app.
I am obviously not talking about HTTPS when I say “encryption to thwart any attempt to analyze it.”
If you can find me a large app that doesn’t have that capability then I’d be shocked. This is extremely common behavior for apps, and every piece of software I have ever been employed for has done this. That code is also still sandboxed by iOS and Android and has to go through the same APIs to interact with the OS, unless Pegasus found a way to infiltrate via app payloads.
This is one of those things that sounds really scary if you go into extreme detail and the other party doesn’t have enough experience to realize that it’s normal; like the way republicans talk about “hyper processed foods” and seed oils.
I know you’re not talking about https, which is why I mentioned DRM too. Nintendo encrypts all of their software, which is why they were able to DMCA Switch emulators.
Show me where in the Chrome or Firefox app there is code to download an executable – not a versioned update to the app through the Play Store, but a random chunk of code – and run it.
In iOS, sure, just give me the app source code and… oh wait, the compiled apps from the store are also obfuscated, guess I can’t search the code for you.
On Windows though you can look at what process runs when you click “update and restart” in Firefox or Chrome. Both have an updater service that is just there to run an update exe with admin permissions. Both could be used for the same attack vector you’re afraid of. Every
{softwarename}_helper.exeis the same thing.Chrome on iOS can execute javascript and has a history of vulnerabilities using that code execution, so much so that I even had to use the browser to jailbreak once, so I am not sure what point you’re trying to make other than fear mongering. You also still haven’t addressed the fact that the code execution is still sandboxed. Any app that uses electron can download a zipped bundle of code and run it as well. Also any app with a built-in web browser is allowed to do this
But you can also just look at Bloons TD 6 and their “downloading new content” windows when the game starts.
Let’s also look at the comment from the reddit thread you originally linked.
Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
Yeah that’s pretty normal, even javascript can get that just to render a page. I don’t like that it’s normal, but none-the-less
Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload - maybe using as cached value?)
Yeah this is normal too, and imo a huge issue. On windows there’s even an unprotected API for it. Again, I don’t like it, but it is normal.
Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
Sketchy as hell, I agree, but every app you give local network access to does the same, so we should ban Messenger too.
Whether or not you’re rooted/jailbroken
Every banking app and Pokemon Go do this. This one can be very dangerous if you’re jailbroken.
Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
Normal for social media. Shitty, but normal. We should just ban this feature
They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication
As does Adobe Premier Pro and Final Cut. Sketchy again, but maybe we should just ban proxying without notifying the user.
Edit: The source your reddit source gave is agreeing with me. https://www.zimperium.com/blog/zimperium-analyzes-tiktoks-security-and-privacy-risks/
Over the last few months, we’ve analyzed top banking apps and top travel apps, related to security and privacy issues. Much like TikTok, some of the results are alarming
Their other source appears to not do anything and gets “suspected phising” warnings on firefox https://penetrum.com/research/
This is a pretty impressive amount of deflection.
“All apps on iOS are obfuscated, so it’s not important that TikTok on Android takes extra trouble to obfuscate itself in a very weird way which other Android apps generally don’t do.”
“All Windows apps work by downloading new binaries for themselves, because there’s no package management, so it’s not important that TikTok on Android takes extra trouble to bypass the package management and enable downloading custom per-user executables and running them.”
“Some apps have vulnerabilities by accident, so it’s not important that TikTok has a remote code execution vulnerability built in on purpose.”
“Apps have a security model, which by the way can be jailbroken, so it’s not important if something malicious happens within the app. Actually, forget what I said about jailbreaking.”
You haven’t actually addressed anything I said, just threw a whole bunch of words about related topics to make it sound like what I described about this particular topic is, within the scope of this topic, a normal thing. It’s not.
There is a difference in the data gathered and where it goes. But just like the cheap
Source?
losers sealioning to invert the how-do-you-know question hoping people forget the pedigree of the information isn’t the same, it’s easy for people to both-sides data gathering too.
And I say that’s fine. HAVE it so gathered data must go through a Clearinghouse or two (a gov entity eg SeaLandia or an org like fsf) so it’s provably anonymous and then we carry on. To me, this is the result of the discussion we need to have around who gets to spy on you and how we choose that to get benefits at reduced exposure to risk.
Just, it’s not the same.
Is this a bot response? Where did I mention the US Government buying through a clearing house?
I am not arguing we shouldn’t ban tiktok, I am arguing that they’re not unique and if we’re going to ban them then we should ban Meta too because they are worse. Meta and Twitter have already done the things people are afraid of tiktok maybe doing in the future.
Messenger is worse by far. This is a verifiable fact just from the permissions requested. The Dunning Kruger in this thread is comical.
Redditors just turn their brain off when TikTok is the topic
Tiktok aren’t giving Trump loads of money
A fatal mistake for companies who want to do business in the US
That’s not relevant to the argument about how they could be dangerous for national security.
It’s the Democrats pushing the TikTok ban, Trump loves TikTok.
Edit: Trump originally was the big driver for banning TikTok yes, but since his election win saw a big swing in the younger vote that’s being attributed to TikTok his stance has switched and I’ll put money on the ban being dropped the instant he gets in.
Except when he wanted it banned during his first term and up until very, very recently when he flip flopped to loving it.
So you’re saying that he now currently loves it? That’s what I said!
He wanted to ban it until he thought it helped him with the youth. So no. You are incorrect.
So he hated it, and now he loves it, but that means he must still hate it? Make your mind up
If I recall correctly, it’s a lie being pushed that he won amongst the younger generation when he actually did not. I believe the last thing I read is that he lost the young vote by 11 points. So that’s a lie that he’s pushing for some reason or other.
It’s not, there’s no evidence that it is, and even if the Chinese were trying to get all of our data they could buy it for far less trouble and expense from any of the American data brokers happy to sell it. They don’t need an app to obtain our data, they just need money.
The influence argument is similarly baseless. Cambridge Analytica demonstrated that existing American social media capabilities already permit foreign interference in American public opinion. TikTok is remarkably expensive to run, and the influence campaigns that they could run on Facebook would be much less expensive.
TikTok is competing with American social media companies. It’s no better or worse than any other social media company, but because it’s not based in the US it’s labeled a national security risk. We’re happy to let any company collect and sell personal information, so long as they’re based in America.
Look, the problem isn’t China getting your data.
The problem is they’re not paying a US oligarch for it.
Just something to think about when it comes to the influence social media has on society
TikTok has already transformed how Americans communicate, influencing language and behavior in ways that may have broader implications. The Chinese government, known for using censorship and language control to maintain social order and suppress dissent, leverages euphemistic language as a tool for manipulating public opinion and silencing critical discourse.
Phrases like “unalive” for suicide or “grape” for rape dilute the meaning and impact of language, making it easier for powerful entities to control narratives and obscure uncomfortable truths. This process, known as “language laundering” or “semantic bleaching,” strips words of their emotional weight and original meaning, making it harder to address sensitive or urgent issues effectively.
This trend has extended beyond language to visuals, with people obscuring letters or censoring words in pictures and posts—using terms like “s**cide” or “r*pe.” While this may help users navigate algorithms designed to suppress certain keywords, it completely erodes the clarity and impact of critical conversations.
The normalization of this behavior on TikTok has permeated Facebook, Reddit, Instagram, and other social media platforms, spreading a culture of diluted language and indirect communication. These practices hinder meaningful discourse, desensitize users to serious issues, and ultimately make it more challenging to engage with sensitive topics in a direct and effective manner. Recognizing and resisting this shift is essential to preserving the integrity of public discussions and fostering authentic engagement.
It’s mainly because words/phrases such as: murder, suicide, rape, human trafficking, forced prostitution, child sexual abuse, etc can get you banned on those platforms. Don’t blame the people who work around, to discuss important but heavy subjects, blame the algorithms and report -happy users who for some weird reason, are opposed to these topics being discussed. Probably perpetrators or enablers imo not who knows?
$5 says Elon or Meta buy TT and turn it into yet another GOP echo chamber.
You seem to think that it is for sale, Byte Dance has repeatedly said they will not sell. I also belive the PRC passed a law that would outlaw exporting the algorithom to the new owner
No need to buy anything when they already live rent-free on Lemmy.
The cynical answer is that the people who run the government like the South African because he helped them win elections.
Money.
Hey now. China’s not short on money. This is the other big problem with America.
If Elon Musk was a black South African with a social media company interfering in our elections and sabotaging our national interests here and abroad, I assure you that it would also be in the crosshairs of a ban.
Because Musky has conned America into thinking he’s a smart good American.
China is an authoritarian government that is able to take direct control of any Chinese company. Like, explicitly. More or less all Chinese companies should be treated with suspicion.
Musk is a shithead but not, to our knowledge, an agent of a foreign hostile government. Turning twitter into a place that promotes hate speech is legally protected free speech, although specific statements that provoke violence may not be protected. Contrary to popular belief, there are many exceptions to free speech.
Musk is a shithead but not, to our knowledge, an agent of a foreign hostile government.
Correct. On Monday, he’s going to be an agent to a domestic hostile government.
Almost all Lemmy users who happen to be in the US have been blessed so far with a government that generally is okay-ish, has some justice built in, and leaves them alone as long as they’re not doing anything wrong. I think that might be about to change, and they’re about to experience a China-style “you really have to be careful not to cross the powerful people” system instead.
Yeah, Musk seems much more interested in enriching himself than working for any government. It’s in our biology to want more more more. His thing is wealth. He wants more more more wealth. Probably all he cares about is becoming the world’s first trillionaire.
What do you think the American government does if/when they nationalize a business?
Come on, this is easy. He’s white, that’s obviously why.
Facebook has been abusing our data to undermine elections and stoke genocide for longer than tiktok has existed. No US government officials are calling for a FB ban either.
It’s supposed to be rich white guys undermining our democracy and national security.
Comparing the two isn’t useful. They are both bad and should be either shutdown or regulated.
