minimum level of suckage

i can't believe i have to write about tiktok again

(Pictured: my haters)

One thing I sometimes forget when writing a personal newsletter is that you, the reader, probably have not read everything I’ve written or tweeted over the past five years regarding Big Tech. (You’re not missing much.) In the last edition of BNet, I wrote a quick paragraph about recent reports/speculation/fears concerning the app TikTok.

People got mad about what I wrote after someone tweeted it out agreeing with it. Separately, a nice reader pushed back on what I said, and I responded to them laying out my thoughts in more detail. In the interest of doing as little work as possible, I’m going to repurpose those thoughts for this newsletter.

I think the TikTok paragraph was a pretty concise summary of my feelings, which, to be even more concise, can be summarized as such:

Being skeptical of TikTok is not weird. Being skeptical of TikTok to a far larger degree than any other Big Tech company is absolutely weird.

Every large tech company with a smartphone app, regardless of country of origin, violates your privacy to an absurd degree using similar techniques, and the data each of them collects is leveraged through different political channels to serve the same end: power and profit. Is there nuance here? Sure. Is there enough nuance for me to ignore one problem and focus entirely on another that differs only slightly? No!

Thus, all of these tech companies meet what I call the Minimum Level of Suckage, and have earned my scorn. In terms of privacy, if you think TikTok meets the MLoS, but Facebook (to name just one example) does not meet the MLoS, you are wrong.


I am not saying you shouldn’t be concerned about TikTok – there are plenty of reasons to be – but the reasons one might be wary of TikTok are the same reasons one should be wary Facebook or Google or Verizon or any other large internet-related service provider. Which is to say: they all harvest too much data and allows powerful entities to easily access that data. The country of origin for any of these types of data-harvesting operations does not matter to me.

One reason I feel fine with this equivalency is because, on a technical level, the TikTok app is not doing anything uniquely shady. You see a lot of talk of “a Chinese app installed on millions of American phones” (in the same way that FaceApp was deemed “a Russian app”) but the things it’s doing are allowed by the Android and iOS developer toolsets. For instance, TikTok apparently scanned users' clipboards, a function that will be recognizable to anyone who has had a read-later app like Pocket offer to automatically save a copied URL. Any app can scan your clipboard. (Should developers have that capability? Up to you. My point is that TikTok does not have some unique secret tool at its disposal.)

Given the scrutiny TikTok has enjoyed since its U.S. launch, I would bet that Apple, Google, and plenty of independent security researchers are combing over every detail in that app. To date, there has not been (or at least, I have not seen) any reports of TikTok’s software accessing device data outside of the permissions that these operating systems grant. The app wouldn’t still be available on iTunes or Google Play if it did. Whatever permission users grant TikTok to access photos or geolocation services, those are the same permissions users give to Instagram, or Google, or Bing, or the app for your local taco place. In other words, TikTok plays within the rules set by Android and iOS for data-gathering. Whatever shadiness is going on is platform-approved.

Apps collect far too much data. That should stop! American consumers need stronger privacy protections and better controls over how their data is retained and monetized. The issue is not limited to TikTok.

ByteDance has close ties to the Chinese government, and there are concerns that whatever data you supply to TikTok gets passed along to the government. That’s a reasonable concern, though TikTok says its servers are located in the U.S. and Singapore and has not and would not cooperate with the Chinese government. I’m skeptical! And American companies in China are willing to make concessions as well. Apple, for instance, moved data for its Chinese customers into the country in order to comply with regulations there, making it much easier for government officials to access users’ iCloud data.

In the United States, in my opinion, the same concerns exists. Facebook, Google, Apple, Microsoft, Amazon, your cell phone provider, and plenty of other companies all regularly fulfill requests for data from law enforcement. Many of them also have contracts with the government, offering services and support for existing state-run surveillance programs.

Could these American companies refuse to cooperate with the government? Theoretically, but the specter of regulation looms large over them, as does the threat of unrenewed or unawarded contracts, and worries of looking unpatriotic, and so they cooperate anyway. (The most prominent counterexample involves Apple drawing the line at refusing to compromise the encryption of every single iPhone in existence.) Facebook’s fear of regulators and its need to appease the ruling Republican Party is readily apparent to anyone who has paid attention over the past few years. American tech companies might not be owned by the government, but their cooperation is easily gained in almost every case.

On Twitter, former Facebook security chief Alex Stamos wrote, “There is a huge difference between requests that require pre-determined selectors and review by FB legal and the unfettered datamining people worry about with the PRC.” He misses the point. Law enforcement requests for data may have checks and balances, but they are “unfettered datamining” by proxy, taking advantage of a private, unregulated company that is recklessly hoovering up user data to an invasive degree. Here’s a report from just last week about Twitter helping to surveil Black Lives Matter protesters.

Another comparison between regions: ByteDance spreads propaganda on behalf of the government in China. Facebook is so scared of regulation and Republican ire that it allows advertisers to flat-out lie in political ads. The points of political leverage in China and America may differ, but the outcome – tech companies assisting government regimes – is the same.

Is China a privacy threat? Yeah, I don’t think I ever denied that, nor have I denied the significant human rights abuses being perpetrated there (weird that I have to state this outright). But American companies and American governments also meet the Minimum Level Of Suckage baseline. They suck at this shit too. The fact that one side is worse does not instantly make the other side “good.”

Every large tech company collects and retains too much user data, and both the American and Chinese governments are happy to leverage them for assistance in bolstering their own power. So when people single out TikTok, it seems to me that their concerns are largely animated by nationalism, racism, and/or xenophobia, and not motivated by privacy concerns. If your perspective on privacy and civil liberties is so narrow that you can only worry about it when China comes up, then yes, I question your motives.

Hope this clarifies things! Not really interested in arguing about this!


a supplemental anecdote about Facebook

In late February, Facebook invited me to its Manhattan office to talk to Lu’chen Foster, the company’s Director of Privacy Strategy and Planning. It had just rolled out a privacy tool that let users “disconnect” data that Facebook collects from tracking users around the web from their profiles. (A month prior, I had written about a nice sleight of hand Facebook routinely conducts where it announces a privacy feature for users and then waits months to make it available to Americans, by which point user interest has fallen off.)

The conversation, between Foster, a couple of PR people, and me went fine. But it took a baffling turn when they asked me, one dude, how the company — Facebook! — could get users to care about privacy. I didn’t really have a diplomatic answer for them. It was kinda like Exxon asking how it can get customers to care about the environment.

One thing I did try to convey, however, was that putting the onus entirely on users to safeguard their own privacy was bad design — especially when Facebook intentionally makes its privacy tools so complicated as to be exhausting to maintain. A simple way for Facebook to show it is committed to the privacy of its users and get them to feel similarly, I said, would be to voluntarily decline to collect certain types of data.

Part of the exchange:

Me: What’s a piece of [user] data that Facebook wouldn’t want to collect?

Facebook: We actually have rules against sensitive health information, banking information…

Me: That stuff’s regulated, right?

Facebook: It is, but businesses don’t adhere to that, and so we have to be very, very careful.

Me: But is there anything that’s not a legal liability that you guys wouldn’t collect?

Facebook: There are definitely conversations happening and policies being considered.

Which is code for “No.” (Whatever notes I have corresponding with my recording of this meeting are in a notebook on a desk in a Manhattan office belonging to a publication that no longer employs me, so apologies to whoever I am quoting as “Facebook” here.)

Facebook’s corporate stance is that there is no data-harvesting that it feels is too invasive, or creepy, or a liability to its users, outside of the types enshrined in law. This is the crux of the problem! I thought of that conversation this week when the Washington Post consulted a security researcher and reported that TikTok sucks up an “abnormal” amount of data… but not more than Facebook.

Which brings me back to my original point: if TikTok’s practices concern you, but Facebook’s don’t, then I don’t think privacy is your real concern.


Elsewhere…

  • the r/relationships subreddit is obviously very fake and sometimes the stories are fun but too often for my taste they are very fake. it’s tumblr fakeposting for normies. the official bnet stance is that reddit is a bad site

  • there are a few tumblrs that exist now whose purpose is to resurface ancient tumblr posts that make you want to die. this one has been reblogging dashcon posts for a few days and they all make me ill

  • shoutout to the curry bathtub


Thank you for reading BNet. Look, I’ve been doing this thing for almost three months. You were bound to get a boring overlong screed about privacy and Big Tech at some point. I promise we’ll get back to the weird stuff pretty soon.