Oh look, TikTok is in the news again...

Like most of you, I start my day off with a cup of coffee. Sometimes it's a cup of tea (Earl Grey) but for someone who spends way too much of their day engaged with too many obligations, I end up staying up way too late so coffee it is. I rock an Aeropress cause it's simple, exciting, and makes me feel like I'm a coffee engineer. I go all out too. I buy organic specialty beans and use a hand grinder set to an exact measurement. I even weigh the grounds and check the temperature of the water to make sure I achieve that perfect cup. My partner is a coffee fanatic so by association, I am too. I can definitely drink a cup of name brand coffee too, I'm not a die hard here. But I do appreciate the taste and aroma of a well tailored, perfectly crafted cup of hot speedy bean juice. As I take my first sip of pure brown gold, I take this time to review my RSS feeds and subscriptions to see what is going on in the world of tech and cyber security. Suddenly, I see the words TikTok and just like that, my coffee has now lost all its flavor.

I don't normally partake in the social media world, in fact for the most part I avoid it if I can. I'll save my opinion of social media for a later post. Just know, social media and I don't jive so there will likely be a bit of bias here due to my distaste for these services.

If you've been paying attention to the news in the last several months, you have likely seen at least someone talking about TikTok. Maybe you've seen something about major US companies asking their employees to delete the service:

CNN

NBCnews

Or perhaps you've seen some news about how it's malicious spyware from China out to get us?

USA Today

Bloomberg

Or maybe you aren't worried about how this new piece of technology could institute some sort of political and international crisis?!

NYTimes

Economic Times

In whatever the case, I'm not here to try and sway you into believe my opinion. Despite what the intro make it sound like, that's not what this post is about. I'm not here to tell you to delete the app and I'm not here to tell you it's bad. I'm just going to give you the ability to make up your mind by showing you some hard evidence. Then at the end if you want my opinion, I'll offer it.

I realize facts are kind of difficult with how conspiracies work and with different governments weighing in, we are just muddying the water and blurring that line between fact and opinion. So what I'm going to do is cut out the middleman and go straight to the source for the information we need to make a justified opinion. Where you may ask? TikTok's "Terms of Service" and their "Privacy Policy" is where! And yes, I actually read them in their entirety. There is so much here and would take days to explain it for you so I'm just going to highlight one key part for you. If you want to read them for yourself, and I encourage you to do so, go ahead and click here!

I do want to point out that there is A LOT I could write about with what I found. I'm not going to sugarcoat it...it's pretty bad. The section I do want to highlight though is listed under the section title: "Information we collect automatically." Essentially what this talks about is data they collect from you when you use the app. Keep in mind, I'm only writing this to give you some perspective; you get to chose what you want to do with it. Listed below is the exact wording from their site:

"Information we collect automatically

We automatically collect certain information from you when you use the Platform, including internet or other network activity information such as your IP address, geolocation-related data (as described below), unique device identifiers, browsing and search history (including content you have viewed in the Platform), and Cookies (as defined below)."

Okay there is a lot of tech here so what are they actually saying here?

IP address: This is basically your phones location on the internet. It's the equivalent of your house number and town you live in.

Geolocation-related data: This is your GPS location. Physically where you are in the world.

Unique Device Identifiers: This is what kind of phone are you using.

Browsing and Search History: They are stating here that they can see what you look at on your phone and the sites you visit.

Cookies: No not the ones with chocolate chips. These are basically little bits of stored information about you that websites hold. Their purpose was initially to make your life easier on the internet by getting you back to where you were in your surfing. Unfortunately they can also be used to learn stuff about you like what was in your shopping cart at some online store. They can be very handy, yet their not always used for the purposes you'd love.

I don't know about you but to me, that's a lot of information collected for an app that people use to record and share funny videos. One might argue that this information is used to make the services better, and I'm sure it does in some way. Marketing and analytics are tools used by companies to understand the data so they can make their platforms better! That part makes sense. What doesn't make sense is how MUCH data they are taking and what they are ACTUALLY doing with it. Unfortunately if you use their service, they have every right to take the data they tell you they are going to take. I mean, you did offer it to them after all.

There is a concept used in the security field called "Least Privilege" where you only allow access to those who absolutely need it to do their job. We can definitely apply this concept to an app like TikTok. If TikTok was a person and they were doing a task for you, lets say gardening, would you give them access into your bedroom? Probably not! So then let's apply that to the app. If the apps job is to just take little videos and share with others on the app, why give them permission to your search history? They asked for it though, and in the end you said yes.

Okay now for the opinion side of things. If you don't want to read this part, I get it.

I believe TikTok is bad, but I don't think it's a unique case. I just think it's the current one under fire for the obviously sketchy things they are supposedly doing. Plenty of other apps ask for more information than they need for all sorts of reasons ranging from metrics, marketing, advertising, or possibly something more nefarious. If that last one is the case, do you think they would tell you that they are doing something naughty with your data? No way, that would ruin their business. I truly think services like this will always exist and asking them to stop is just going to be one of those things that likely won't happen. That's like asking a car sales person to not use scummy tactics to sell you something you don't need, it's just not going to happen. They use these tactics cause they work and people fall for them all the time, or they just don't care which is probably the more likely reason. They know you are going to give them too much data and they know you aren't going to read the fine print. This is why I can't tell you what to do... you need to make the choices for yourself and for those around you. It's your data and your life, and in the end it's really your choice.

So when it really comes down to it are you going to let the gardener have free reign in your home? Are you going to blindly say yes to all those added features at the dealership? Are you going to say yes to all those permissions that fun social app is asking for? Honestly it's up to you, I'm just here to tell you what's happening when you do. To me when I read about a social media taking too much data my first thought is, "well duh..." We need to be more accountable of our data and understand that the internet has some bad places and bad people on it. Learn to defend your data by educating yourself on what these applications and services are really asking for before start agreeing left and right. That way I can finally enjoy a full cup of coffee in peace.