Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 年前

    From “the olden times” (Reddit link):

    The type and scale of the data that TikTok collects is different than other Chinese apps.

    There will be replies that talk about advanced ML and predictive algorithms. There will be replies that talk about potential hacks the app can use to bypass iOS or Android policy. That’s a threat, sure, but we don’t even need to go there. We can just focus on the basic data that companies like Google, Meta and TikTok explicitly tell us that they collect in their privacy policy.

    Every time you open TikTok, you should assume that the Chinese government knows exactly where you are at that moment, because the app gives them access to your location through GPS. If you use the app frequently, they not only have time and location data, but they know your travel patterns too!

    They know who you interact with and who those people interact with. They know what kinds of content you like and what you dislike. They can use this information to intentionally feed you with disinformation in ways that make you more likely to believe it.

    The misinformation feed attack risk is not unique to TikTok. Others have already been misused in this exact way. The important difference is that when information is housed by companies like Meta and Google which are incorporated in the US, its use and storage is subject to US regulation. We can simply disallow use and storage of data and practices that we don’t approve of.

    If you’ve done something illegal or embarrassing on TikTok, it could be used to compromise you for a foreign nation’s interest. If you are a 20 year old wild child, they won’t have any interest in doing anything with that information right now. In a few decades, if TikTok continues its dominance in social media, China will have compromising information on an uncomfortably high number of powerful leaders and politicians. You don’t even have to do something obvliviously stupid like say something racist or admit to a crime in a DM. For example, with just location data they can know if a politician cheated on their spouse and with whom! Imagine a politician publicly saying that they did not meet with some business leader or politician about some scandalous thing. Well, in a world where everyone has TikTok, the Chinese government knows if that’s a lie or not. In theory Verizon/Meta/Apple wouldn’t know that since that data is purported to be anonymized. Even if they did have that information, it’s hard to imagine any US tech company using it for their own interest. A US company would likely not survive that kind of act - it would be corporate suicide. On the other hand, it is hard to imagine a foreign adversary NOT engaging in that type of blackmail when given the opportunity.

    Now consider companies like Tencent. How can information on League of Legends play sessions can be used to blackmail a politician, manipulate an election or foment widespread social unrest? It might be possible, but it’s not easy to think of how it could be done. With TikTok, it’s blindingly obvious how all of those things could happen.

    Most other Chinese apps don’t collect anywhere near as much personal and sensitive information. The ones that do collect the same level of sensitive data, like Tencent’s QQ, aren’t used by enough people where it would be realistic to speculate that this information can be used in a similarly widespread and extremely damaging way. Even then, the US government should seriously think through the damage that could be done with the information QQ collects by assuming the Chinese government has complete access to all collected data and hostile intent. With TikTok, you don’t need to spend more than a few seconds thinking about this to frighten yourself.