TikTok Whistleblower Tells Congress Data Protections Don't Stop Chinese Access

An anonymous reader quotes a report from Gizmodo: A former TikTok employee turned whistleblower has reportedly met with multiple U.S. senators expressing concerns TikTok's plan to secure U.S. user data won't go far enough to stop possible Chinese espionage. The whistleblower told The Washington Post in an interview that the company's policy plan, dubbed Project Texas, doesn't go far enough and that properly ensuring U.S. data is secured from Chinese employees requires nothing short of a "complete re-engineering" of the way the app works. Those allegations come just days after another whistleblower raised concerns regarding TikTok's U.S. user controls. Combined, the comments could fan the flames for what looks like growing bipartisan support for a full-on nationwide TikTok ban.

The former TikTok employee turned whistleblower told the Post he worked at the company for around six months ending in early 2022 as a risk manager and head of a unit in TikTok's Safety Operations team. Part of that job, he claims, put him in charge of knowing which employees had access to certain tools and user data. He claims he was fired after speaking up about his data privacy concerns. Though he left TikTok prior to its finalization of the so-called Project Texas policy, he maintains he saw enough evidence to suggest the guardrails put in place to placate U.S. regulators fearful of Chinese employees viewing U.S. user data were insufficient. The whistleblower has reportedly already met with staffers from Iowa Sen. Chuck Grassley and Virginia Sen. Mark Warner's offices.

Specifically, the whistleblower shared a snippet of code with the Post which they say shows TikTok's code connecting with Toutiao, a Chinese news app also run by TikTok's parent company, ByteDance. The whistleblower alleges that connection could let Chinese employees intercept and potentially view U.S. user data. Gizmodo could not independently confirm those claims. The whistleblower, meanwhile reportedly did not advocate for an outright nationwide ban. Instead, he said the problems could be solved but would require further steps than what is included in the Project Texas proposal. Another alleged whistleblower came forward just days before the Post interview, alleging TikTok's access controls on U.S. data were "superficial" at best. "TikTok and ByteDance employees, he alleged, possess the ability to 'switch between Chinese and U.S. data with nothing more than the click of a button,'" reports Gizmodo.

The whistleblower alleged in a letter sent to ByteDance by Republican Missouri Rep. Josh Hawley: "I have seen first-hand China-based engineers flipping over to non-China datasets and creating scheduled tasks to backup, aggregate, and analyze data. TikTok and ByteDance are functionally the same company."

Re: Yellow Cake

[immanentize]

You don't think Bytedance and TikTok are related?

Re:

[gweihir]

Yes. Misdirection, fakes, direct lies. Always the same crap. And always the same idiots that fall for it. This is protectionism and a hidden trade-war because the US is falling further and further behind. Instead of fixing their act, they try to keep the current broken system active a bit longer, which makes some people even richer, but multiplies the damage.

Yes, TikTok is collecting data. So are many others. But the Chinese Government probably does not even care as there are tons of other data sources out

Re:

[Anonymous Coward]

Spying on the normal population would allow manipulation of that population. Also the financial insights offer unprecedented market manipulation capabilities (the various investment firms, hedges funds, banks and such already do this). China is very good at long-term subtle stuff like this. Look at what they have already accomplished. The US is nearly completely unable to manufacturer anything at all on their own.

Imagine if you could capture the daily lives of all major CEO's? Even without knowing specific

Definitely sounds like Yellow Cake!

[Somervillain]

Spying on the normal population would allow manipulation of that population. Also the financial insights offer unprecedented market manipulation capabilities (the various investment firms, hedges funds, banks and such already do this). China is very good at long-term subtle stuff like this. Look at what they have already accomplished.

Why does China need ByteDance to do this? Russia did it in several US elections for far cheaper (and sorry, even if you don't believe Russia tipped the election in Trump's favor, you can't deny they certainly tried to meddle in many US and European elections). I personally think Russia being busy with Ukraine and not funding troll farms was a small factor in why the red wave was a pink puddle in 2022. Anyone can buy facebook ads from any country with no oversight and post any lie they want...with extreme

Re: Definitely sounds like Yellow Cake!

[Plugh]

The move here is to remove the spyware app from *government* devices and public officials who already give up some rights in order to serve. There is nothing here to stop you a private citizen from giving your privacy away for upvotes.

Re:

[gweihir]

The comment is about the whole thing, not the limited perspective in the story.

The RESTRICT ACT is proposing a TikTok ban

[Somervillain]

The move here is to remove the spyware app from *government* devices and public officials who already give up some rights in order to serve. There is nothing here to stop you a private citizen from giving your privacy away for upvotes.

There is a bipartisan proposal to completely ban TikTok https://www.politico.com/news/2023/03/07/senate-white-house-tiktok-ban-00085998 [politico.com]

Again, if the gov wants to ban it from devices they own and force their employees not to use it, that is fully in their rights. I support it and honestly, it probably is a good idea. If my employer wants to ban it from our office and any device with work data, I am fine with that. That's in their right. Per above, if you're going to tell me I cannot have an app on my

Re:Definitely sounds like Yellow Cake!

[gweihir]

Indeed. That whole meme about China spying specifically via TikTok is a badly constructed fantasy scenario that does not hold up under scrutiny. The clueless and the stupid (far the majority in any population) will still eat it up, as the moron you answered to just nicely demonstrated. The fact of the matter is that for targeted spying on high-value targets, TikTok is unsuitable. And for mass-surveillance it is unsuitable as well, as you get bad coverage and low-quality data.

The whole thing is just protectionism and that comes from a growing panic in the US administration that the US cannot compete long-term with China. Protectionism delays that a bit, but typically at a huge cost. The history of utter failure of protectionism is legendary. My personal favorite: Back when German knives and tableware were sold in the UK and quality was much better. The domestic industry could not compete. So the UK government mandated a "Made in Germany" (i.e. "Foreign crap!") on it. Turns out people are not completely stupid and saw that as a sign of quality. And it has remained so to this day. And _that_ is what protectionism really does long-term. Although it surely will take a while for "Made in China" to become a sign of quality, some things are made pretty well there and they become more. If the US tries to continue to "compete" by sabotaging the market instead of fixing its domestic problems, China may eventually get there. And that is the really dark side of any form of protectionism: It delays and sabotages any efforts to actually fix the problem.

Re:

[Tolidon]

While you raise valid concerns about the questionable efficacy of banning TikTok due to concerns over targeted spying and mass surveillance, we cannot overlook the potential for China to have access and control over one of the largest propaganda machines in history. This is a significant concern, as TikTok has the ability to shape opinions and spread disinformation to millions of people worldwide.

Additionally, it's important to recognize that China has long restricted access to international social media pl

Re:

[gweihir]

TikTik? Seriously? Sounds much more like you are describing Meta there...

You should stop eating the propaganda raw (the US propaganda that is), it is not good for you.

Re:

[Tolidon]

While I agree with you that while US social media platforms like Meta and Twitter definitely have their own challenges, the Chinese government has a history of exerting control over media and shaping narratives to advance their agenda. It's also worth noting that the US government does not own Meta, whereas the CCP can certainly exert control over tech companies operating in China.

I agree that blindly consuming propaganda, whether it be from the US or China, is not healthy. However, it seems like your reply

Who Wouldn't?

[rmdingler]

I don't doubt for an instant the Chinese government would use information available to them to their advantage.

Should we limit the number of folks who have access to the contents of our underwear drawer? Absolutely. Is the tiktok scare a little overreaction and a lot overblown, like a political football meant to catch your attention and assure you that our worthless representatives are still protecting us? Absofuckinlutely.

Re:

[sound+vision]

Congress and Joe Blow are hard at work on Cold War 2. Every balloon and frisbee in sight is getting blown up with a Sidewinder. The new Iron Curtain is going up with the TikTok ban.

For the record, neither the missiles nor the ban particularly bother me.

I guess when your government is giving you exactly what you want, the rage has to get directed somewhere, so he explodes on "CCP shills" who haven't even shown up yet as I write this.

well played China!

[oumuamua]

Everything China does is negative. Peace between Iran and Saudi Arabia and resumption of diplomatic ties. Ooops no way to spin that negative, so the press (except for the NY Times) doesn't cover it or pushes it way way down the page, .

Re:

[MightyMartian]

That's odd. It's the top story on the New York Times website right now (Mar 11 7:19 PST)

Re:

[jacks smirking reven]

It's also on the front pages of MSNBC, WaPo, NBC News, The Guardian...

You've created a scenario where you can never be wrong. Either "nobodies covering it" or "theyre not covering it as much as i think they should"

Re:

[jacks smirking reven]

Sorry not you, the OP you replied to

Re:

[jacks smirking reven]

you are absolutely just making my point for me thanks

Re: well played China!

[reanjr]

Funny how I've already seen this news story pushed to my feed and displayed on (non-NYT) news sites I frequent. If "they" are trying to hide the story from us, they're doing a shit job.

Re:

[John Smith 2294]

Funny how I've already seen what a complete subhuman piece of shit you are, if you are trying to hide it, you are doing a shit job.

What data does TikTok collect?

[peppepz]

I'm reading about this TikTok panic everywhere and would like to understand what it is all about.

Americans are used to giving, say, Google every bit of personal information they have: their contacs, their emails, their phone calls, their purchases, their exact position (and its lifetime history!) and that of their cars. They even have always-on cameras and microphones inside of their houses, streaming the most intimate aspects of their lives towards their Big Tech overlords. And they're supposed to be OK

Re:What data does TikTok collect?

[drinkypoo]

https://www.google.com/search?... [google.com]

Re:

[peppepz]

I couldn't click any of the links in the results of that search without giving those websites wishing to warn me against the dangers of TikTok the consent to collect more data about me than TikTok does.

In case anyone is interested, this is what they collect [tiktok.com]. In short, they store your account data (of course) and collect automatically what they can estimate from your IP address (that's what every thing that you interact with over the Internet could do) and phone number.
Any other thing they collect, you hav

Re:

[drinkypoo]

I couldn't click any of the links in the results of that search without giving those websites wishing to warn me against the dangers of TikTok the consent to collect more data about me than TikTok does.

How much did you get paid to say that? TikTok has been caught capturing people's clipboards repeatedly, for example. You are like ChatGPT, you confidently gave a bullshit answer.

Re:

[peppepz]

And if it were so, why didn't you tell me before instead of playing the smart ass?

Anyway, go back to your world where the Communist Party of China conspires to steal drinkypoo's clipboard through a meme app, and then pays peppepz to cover his tracks on slashdot.

In the real world, privacy policies are legally binding documents and if an app is caught violating them, it can be sued out of existence by privacy watchdogs.

Re:

[drinkypoo]

And if it were so, why didn't you tell me before instead of playing the smart ass?

Why didn't you look it up instead of playing dumb ass? Just not playing?

Re:

[Iamthecheese]

I posit a group of very wealthy and influential people who generally agree with each-other about how the world should work. These people own the majority of major media outlets and also control big players in politics through bribery, lobbying, assassinations and the threat thereof, blackmail both small and of Epsteinian proportions, and so on. These people want even more power. Note that I do not claim they work in concert or meet to discuss this goal. It's only necessary that they generally agree this is

Re:

[bunyip]

And then we have National Security Letters, the US government just gets a a judge to sign a letter requiring you to give them whatever data they want. Can't even tell anybody you received the letter, that's illegal and you go to jail. I don't see much difference between the Chinese government's access to Chinese company's data and the US government's access to US company's data.

For TikTok, I strongly suspect that lobbyists from Facebook and Twitter are sowing the seeds of controversy as they're trying to

Meanwhile ...

[JamesTRexx]

A counterpoint.

Just about every website and mobile has a connection with one or more Google servers. Facebook/Twitter/your favourite social network share links are everywhere, Cloudfront caches a whole lot of traffic.

But there's no problem that they know even vastly more about people than the Chinese do.

Re: Meanwhile ...

[Plugh]

⦠and that is why some of us install a pihole and use Tor whenever possible

Only China has an unrestricted warfare policy.

[waspleg]

Literally written and published by 2 CCP Colonels. [wikipedia.org] As well as attempting to develop race-based bioweapons. [defenseone.com]

First post is pro-CCP whataboutism defense. I thought the wumaos had mostly left, guess not.

They don't stop Facebook & Twitter & the F

[rsilvergun]

why would they stop the Chinese?

Re:

[sound+vision]

To add "tough on China" as a bullet point on their list.

The US investors who have poured heavy cash into ByteDance won't like it though. Sounds like they have already been working on Project Texas with our present situation in mind.

I could see ByteDance pretending to keep all the data in Texas, and the politicians pretending to believe them. That seems like the path of least resistance. Investors are able to keep making money off the thing, no voters will lose access to their cat videos.

I totally believed it.

[byronivs]

Didn't all you? Seriously, I'm pretty jaded, but does anyone even "trust but verify" anymore? (And I couldn't stand the guy behind that principle. What an ass.) But we're just falling for the same thing over and over again. righto China. Do we really all have some kind of shades on in our institutions that it's always a "whistleblower" and otherwise everything is always goody-goodness? At this point we should be kinda-sorta wondering if China is hiding some things maybe. For the record: I not legally sure

What is usally unsaid

[ukoda]

Common in much of such reporting is talk about what the company in question says and claims. Such reporting is meaningless as the companies have to do what the Chinese government request and lie about it. Think about it. Some armed government suits turn up in your office and tell you that all the incoming data you receive is now to be passed through their servers and here is the features your software must add to give backdoor access to targets of interest. Who are more scared of? The suits than promis

Not mentioned anywhere...

[Archangel_Azazel]

The literal 10's of 1,000's of apps that use TikToks sdks or other underlying code. Same code, different wrapper but hey...it's probably mostly American companies making the money off the utterly insecure and unnecessarily vacuumed up data so that's okay and not a threat at all.

Pay no attention to the code behind the curtain, for this is the Great and Powerful TikTok!

Luckily they've mostly removed America's ability to think or reason critically, lest the little rubes get upset.
Now to get back to today's 3 minutes hate. Boo TikTok, yay FreeDumb!

Block it already

[WindBourne]

Seriously, we know this app is for spying and obtaining personal info. Kill it's use already.