SPECIAL EDITION: TikTok spied on journalists

While the all-caps message above may come as a bit of an over-reaction, there's a lot at play here. Forbes just released this article going over the details, but I want to elaborate on a few things in the article.

Brief summary of the article:

An internal investigation by ByteDance, the parent company of TikTok, has found that employees improperly gained access to the IP addresses and user data of multiple journalists in an attempt to identify potential sources of leaks within the company. The investigation, known as Project Raven, was initiated after BuzzFeed News published a story revealing that China-based ByteDance employees had accessed US user data. The covert surveillance campaign targeted multiple journalists from Forbes in particular. In an internal email, Liang acknowledged that TikTok had been used to track journalists, contrary to the company's previous statements denying the surveillance.

1. This is definitive proof that ByteDance, the parent company of TikTok, collects our data and regular employees have fairly open access to it. While in this case the data was used in order to identify who could have been the source of a leak, it seems like any employee can collect specific user data.

2. This breaks a few promises that ByteDance had made about storing US users' data in the US - but we kind of already knew that those promises were bogus to begin with. Senator Mark Warner puts it well, as quoted in the article: “This new development reinforces serious concerns that the social media platform has permitted TikTok engineers and executives in the People’s Republic of China to repeatedly access private data of U.S. users despite repeated claims to lawmakers and users that this data was protected.”

3. The employees did not just look at the journalists' data, but also the data of those who were close to the journalist (using whatever network algorithm ByteDance has). This implies that ByteDance employees are willing to use the people you know (mutuals or other friends) to target you. Probably not a good thing.

4. This appears to be an individual issue - where individual employees accessed data, not the company. But it does bring into question serious issues about the company's handling of user data. Where is it located? What do they have collected? Unlike other apps, we can't request our data from TikTok/ByteDance -- what if we could? That, to me, would be the best thing in the world for both users and for the company itself.

5. This, alongside other stories, will give more power to the politicians who want to ban TikTok from the US entirely. In the omnibus bill for the Senate, anti-TikTok folks banned TikTok on federal phones. I'll probably write a longer newsletter on banning TikTok in general, if I can find the time.

6. Does this mean I will get rid of TikTok? Probably not. I'm currently in Africa for the next two weeks with limited service (and a want to be on vacation), so I won't be posting much anyways. Definitely means that I will be using Instagram, YouTube, this newsletter, and maybe even Twitter a lot more.

All this being said, I'm probably going to shift away from cool links to other thoughts on news. You'll still get cool links, but I'm not sure what it is going to look like. Thank you for subscribing, and have a wonderful wintertime no matter how you celebrate.

-- Zev

p.s. please consider subscribing if you can. it's completely free! sign up here.