TikTok has your data even if you've never used the app

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,772
A ban on TikTok in the United States or a sale of the app by its Chinese owner, ByteDance, will not resolve national security concerns or fears TikTok could be used to siphon Americans' data, according to a new cybersecurity report obtained by ABC News.

The report, from the cybersecurity company Feroot, said the app still has your data even if you've never used TikTok. And it's collecting and transferring that data whether or not the app is deleted, according to the report.

"TikTok can be present on a website in pretty much any sector in the form of TikTok pixels/trackers," the report said. "In many cases, the pixels/trackers immediately start executing and have little to nothing to do with the immediate business of the website owner."

Webpages associated with everything from airlines and e-commerce sites to technology companies and state and federal governments are riddled with TikTok's trackers called pixels, which are part of the code that loads into your browser from various websites, according to Feroot. They immediately link to data harvesting platforms that pick off usernames and passwords, credit card and banking information and details about users' personal health.

Sites that require logins and authentications may think they're adding a layer of security, but TikTok's pixels just collect those names, passwords and authentication codes along with other data, according to Feroot.

The pixels transfer the data to locations around the globe, including China and Russia, often before users have a chance to accept cookies or otherwise grant consent, the Feroot report said.

TikTok is not the only company that uses its pixels throughout the internet. The report found Google, Meta and Microsoft, among others, use these trackers.

The company told ABC News on Thursday that since June, all new U.S. user data has been routed to the Oracle cloud, and since October, access to that secure environment has been limited to employees of TikTok U.S. Data Security; Today, those employees manage all access to U.S. user data.

A TikTok spokesperson told ABC News this week amid the Biden administration's call for ByteDance to divest from the app, "The best way to address concerns about national security is with the transparent, U.S.-based protection of U.S. user data and systems, with robust third-party monitoring, vetting and verification, which we are already implementing."

TikTok said it will continue to move forward with a plan called "Project Texas" to safeguard U.S. user data as it evaluates the administration's position.

 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,147
The findings of the cybersecurity report from Feroot regarding TikTok's data collection practices are concerning. It appears that even if you have never used the app, your data could still be collected and transferred to locations around the world, including China and Russia. While TikTok claims to have taken measures to address national security concerns and protect U.S. user data, it is important to remain vigilant about the potential risks associated with this app and others like it. It is also worth noting that TikTok is not the only company using these types of trackers throughout the internet, as the report found other major tech players like Google and Microsoft utilizing them as well. Overall, it is crucial for individuals to take steps to protect their personal information and privacy online.
 

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
593
Yeah, I dunno about this... need to do some research on it. The term 'pixel' being used to describe a scam/virus/tracker sounds suss to me. I know pixel size images can be used as trackers via remote downloads on email attachments, but embedded in web pages... mmmmm. Begs the question, can they get past cookie/tracker blockers etc. Not enough info in this article for mine... but darn interesting.
 
  • Like
Reactions: vtqhtr413

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
5,995
Yeah, I dunno about this... need to do some research on it. The term 'pixel' being used to describe a scam/virus/tracker sounds suss to me. I know pixel size images can be used as trackers via remote downloads on email attachments, but embedded in web pages... mmmmm. Begs the question, can they get past cookie/tracker blockers etc. Not enough info in this article for mine... but darn interesting.

Those embedded in webpages are know as web beacons

Here is one way to block them



Other methods for blocking include having a secure DNS server or VPN service which provide tracking protection
 

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
593
Cheers, never heard of them! I'll have a read-up about the pesky little beggars.

Ok, so they basically the same as the email attachment activity tracker.

Interesting distinction between the two towards the end of the article.

 
  • Like
Reactions: Jonny Quest

Jonny Quest

Level 13
Mar 2, 2023
642
From the article:
"TikTok can be present on a website in pretty much any sector in the form of TikTok pixels/trackers," the report said. "In many cases, the pixels/trackers immediately start executing and have little to nothing to do with the immediate business of the website owner."
"The report, from the cybersecurity company Feroot, said the app still has your data even if you've never used TikTok.....
with TikTok's trackers called pixels, which are part of the code that loads into your browser from various websites"

My question is, how does it get loaded into the browser or the website in the first place, how is that "allowed" or not allowed (no control over it) by the website owner?
 

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,533
My question is, how does it get loaded into the browser or the website in the first place, how is that "allowed" or not allowed (no control over it) by the website owner?
Every web-page loads various frameworks, JavaScripts and other third-party content. Some of this content provides visual effects, such as graphics and animations, other allows site admins to view who uses the site and how. This data is valuable for sales to drive more revenue
Some JavaScripts may provide rich experience or apps.
JavaScripts have quite a lot of control over the browser, specially compared to HTML and CSS. They can draw over the page as well and site admins have very little control.
.

What’s been discussed here is the TickTock analytics. More information about them and methods how they get added to the website is available here:
 
Last edited:

Jonny Quest

Level 13
Mar 2, 2023
642
Every web-page loads various frameworks, JavaScripts and other third-party content. Some of this content provides visual effects, such as graphics and animations, other allows site admins to view who uses the site and how. This data is valuable for sales to drive more revenue
Some JavaScripts may provide rich experience or apps.
JavaScripts have quite a lot of control over the browser, specially compared to HTML and CSS. They can draw over the page as well and site admins have very little control.
.

What’s been discussed here is the TickTock analytics. More information about them and methods how they get added to the website is available here:
Thank you, Trident, that link pretty much answered it $$ :)
 

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,533
Thank you, Trident, that link pretty much answered it $$ :)
The only difference here is that many trackers are normally scripts, but this is a tracking pixel. A small 1x1 image usually with alpha channel (transparency) that once loaded, provides tracking functionality. The article is very misleading as it makes it look like TickTock or the other companies add them. Whilst it is not impossible for an extension to modify a website, it is the website owner adding these. How data gets processed after is another question. Normally site users should be made aware of these trackers and a privacy policy should be provided too.
 

Jonny Quest

Level 13
Mar 2, 2023
642
The only difference here is that many trackers are normally scripts, but this is a tracking pixel. A small 1x1 image usually with alpha channel (transparency) that once loaded, provides tracking functionality. The article is very misleading as it makes it look like TickTock or the other companies add them. Whilst it is not impossible for an extension to modify a website, it is the website owner adding these. How data gets processed after is another question. Normally site users should be made aware of these trackers and a privacy policy should be provided too.
Winner, both of your replies nailed it for me, especially and including this one :) :)
 

Trident

Level 26
Verified
Top Poster
Well-known
Feb 7, 2023
1,533
Yeah, exactly... try disabling Java Scripts in your browser... things come to screaming halt pretty quickly
This is a very rough approach that is not needed. There are many ways to disable trackers, with the most preferred by me personally is NextDNS (or maybe ControlD) as it blocks them before they are even loaded. In addition, most of the browsers now have these functionalities built-in as well.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,448
the app still has your data even if you've never used TikTok
Drama Monkey GIF
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,394
Nothing new. Advertising companies (US, China, wherever) have been exploiting Internet users for decades. It's not by luck or chance that your social media feeds shows your interests that you recently talked about in "private chats".
 
  • Like
Reactions: MuzzMelbourne
F

ForgottenSeer 98186

It’s not even formulated correctly, it is not the “app”, it is ByteDance, the business behind it. The app is just one of their products. Feroot through low-quality publications jumps on a bandwagon that is now well heated, in order to get 2 minutes on the news.
Bytedance is the problem

The monkey gets it
 
  • Like
Reactions: vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top