**UPDATE: Please note this post has nothing to do with the Trump administration’s policies or views of Tiktok. I wrote this post in March (2020) after watching our network activity while TikTok was running in the background of student devices. If you’re still interested, please read on. My hopes are that wherever TikTok lands on this issue, it will be more secure and less invasive on users’ devices.
A couple of days ago, I retweeted a TechCrunch article about the CEO of Reddit and TikTok.
(I know there are a lot of issues with Reddit, but that’s not the focus of this post. )
I am and have been for the last 15 or more years an early adopter of many social media platforms, as well as technology in general. In other words, I’m one of the last people you’d call a technophobe. I do NOT balk at the latest popular fad with kids… in fact, I generally try to learn as much as I can about them.
All of that to say… this is not a #getoffmylawn post trying to spoil fun, light-hearted videos that are all the rage. I loved Vine when it first came out and could easily find myself down a Vine rabbit hole where time disappeared. There were some seriously funny people making some really great content!
When Vine disappeared, there was a pretty big hole for content creators who wanted byte-sized entertainment. Another platform that started to fill that void was musical.ly – I had a lot of students who were super excited about lip-synching their way into their friends’ views.
I had some reservations about musical.ly, mostly because the terms of service (privacy for kids) were somewhat concerning. Alex Zhu and Louis Yang, Musical.ly founders, saw the potential and the popularity of this app and dreamed that it could be the next big social network.
A year after my students were buzzing about musical.ly, I read that it had been sold to Bytedance Technology and re-branded as TikTok. It became exactly the platform Zhu and Yang envisioned.
Again, I had privacy concerns for kids, as did a lot of other people. As a result of that pushback, ByteDance/TikTok added some privacy settings, and that seemed to calm a lot of nerves.
But then I started working on our school’s firewall/proxy server and noticed all the activity generated by TikTok. Even when the kids weren’t actively using the app, there were a lot of connections to sites that have been identified as “malicious” or associated with data collection dumps. At the very least, it is essentially spyware, even when running in the background, but not active. At worst, it could be installing malware without you (or kids) knowing.
Sometimes, even when the app isn’t even open at all, the device is still pinging those malicious websites. I tested this while holding a kid’s iPad. I closed all the apps myself. When I downloaded the app on my own device to test what was happening from the point of installation, the app created an account for me, even though I didn’t allow any of those permissions. I deleted both the account and the app right away from my device.
I know that kids aren’t going to understand the severity of this situation, but I’m hoping that adults will do better. Here’s why:
Every time I talk with people about security risks, I often hear excuses along the lines of “Well, I don’t really care. I don’t have anything to hide.”
That’s not only ignorant, but dangerous. You DO have things to hide. I fear that our lack of concern about data privacy enables the mentality of “there’s no such thing as privacy anymore.” Do you ever use an internet-connected device to access financial information? What about your health information (including connections with a physical activity tracker)? Most of us have. And even if, somehow, you have managed to avoid any online financial or health transactions… you’re allowing an unknown entity to harvest your personal data for purposes unknown.
Yeah, yeah… I know Facebook mines your data*. I know Instagram**, owned by Facebook, does this. I know Google and Apple*** do it, too. But they’re fundamentally different. The kind of sites TikTok communicates with is the differentiating factor. While Facebook/Google/Apple are still collecting your personal data, they aren’t communicating with malicious websites or installing spyware/malware. And yes, even Mac and iOS devices are vulnerable to malware attacks.
I’m definitely not giving any free passes to Facebook, Apple, or Google. But there have already been major concerns calling out ByteDance’s practices, including lawsuits:
https://www.vox.com/open-sourced/2019/12/16/21013048/tiktok-china-national-security-investigation (if you only read one of these links, read this one.)
Think I’m being too alarmist? I know this is a long post with a lot of linked material, but I’m begging you to read at least some of those links. We are putting an entire generation of kids in a position where their data is being used without their INFORMED consent as a standard practice in our schools. Encouraging the use of TikTok takes that risk to the next level.
If you don’t care about your own data privacy, I know I probably won’t convince you. However, if you’re an educator with any type of influence, please do anything you can to help parents and children understand the HUGE implications of using an app like TikTok.
Like to deep-dive into (somewhat) dry reading about data privacy? Read here: https://link.springer.com/chapter/10.1007%2F978-3-540-34351-6_12
* I deleted my FB account two years ago, btw.
**Did you know, if you disable the microphone setting that you can’t do InstaStories, but you’ll also notice fewer targeted ads? I got tired of seeing ads for things that I had only spoken about minutes earlier.
***I don’t use voice-activated devices in my classroom (and neither should you), nor in my home. I only enable Siri in the car while I’m driving, for safety purposes.
I have three talking points with teachers when they ask about an app/program to use in their classroom:
1. What age do the terms specify? If a student is under that age, your responsibility is to talk with the student about it.
2. As a teacher, requesting students to download a specific app for _any_ purpose means you had better completely understand the terms or service and privacy statements inside and out.
3. Social media is generally bad. There are better ways.