For NordVPN, TikTok is a privacy nightmare in the US

• TikTok has been on the radar of the US authorities for a long time because of its numerous privacy issues.
• The chief executive of the video-sharing app will testify before Congress next month.
• NordVPN shares why TikTok has been facing growing national security concerns in the US.

On March 23, TikTok CEO Shou Zi Chew will be testifying before the US Congress about the ByteDance-owned app’s security and privacy practices. He is also anticipated to testify on TikTok’s impact on young users and its “relationship to the Chinese Communist Party (CCP),” according to a hearing announcement on the House energy and commerce committee website. 

With more than one billion monthly users worldwide, out of which 80 million are from the US, TikTok has transfixed many with a platform that seems to know the kind of user they are. However, critics reckon TikTok might know too much; next month’s hearing will not be the first for TikTok. 

A Senate hearing took place last year, when members of Congress grilled TikTok COO Vanessa Pappas, arguably the public face of the company in the US. They were not satisfied with the outcome of that hearing or the assurance from Pappas that the video-sharing app “will satisfy all national security concerns.”

Pappas affirmed in that hearing that the company has said on record that its Chinese employees have access to US user data. She also reiterated that TikTok has said it would “under no circumstances … give that data to China” and denied that TikTok is in any way influenced by China. Overall, she avoided saying whether ByteDance would keep US user data from the Chinese government or whether China may influence ByteDance.

What happened to TikTok in the US?

It started in earnest during the Trump administration in 2020 when a sweeping executive order prohibited US companies from doing business with ByteDance, TikTok’s parent company. Three years since then, the company has sought to assure Washington that the personal data of US citizens cannot be accessed and its content cannot be manipulated by China’s Communist party or anyone else under Beijing’s influence.

Although the Biden administration eventually revoked the Trump administration ban in June 2021, the reversal was made with a stipulation that the US committee on foreign investment (CFIUS) conducted a security review of the platform and suggested a path forward to avoid a permanent ban.

That review has been ongoing as the CFIUS and TikTok have been in talks for more than two years aiming to reach a national security agreement to protect the data of US TikTok users. TikTok even shared that it has moved its US user data to cloud servers managed by Oracle, from servers that TikTok controlled in Virginia and Singapore, and that it would eventually delete backups of US user data from those proprietary servers.

For context, TikTok has so far been banned on government devices and school campuses in several states in recent months, as well as on federal devices after a ban was passed in Congress in December. On top of that, next month, the House foreign affairs committee plans to hold a vote on a bill aimed at blocking the use of TikTok entirely in the US.

How the app violates the privacy of 80 million American users

Although bans on TikTok have only occurred since December of last year, the ByteDance-owned app has been on the radar of American authorities for a long time because of its numerous privacy problems. 

“Currently, around 95 million Americans use TikTok, and its popularity is growing daily. These numbers show that very few understand the risks this social media network brings to its users’ data, including intrusive tracking and a possible connection to the Chinese government,” Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said.

In explaining how TikTok compromises its users’ privacy, Warmenhoven first highlighted the app’s data-driven algorithm and intrusive tracking. “One reason for the app’s success is that it can provide users with highly individualized content. Every user has a unique feed based on their interests and preferences. But behind that individual approach is gathering vast amounts of user data within and outside the app,” he noted.

As soon as a user starts using TikTok, the company begins building a profile about them, including their interests, political leanings, sexuality, and every other variable that could impact the selection of videos they see. TikTok even collects information about users’ keystroke patterns, location information, browser history, and biometric information.

Secondly, Warmenhoven discussed TikTok’s in-app browser, whereby when users try to navigate off TikTok through an ad or a bio link, they stay on the app. “Instead of switching to Chrome or Safari, users view pages through TikTok’s browser. The internal browser allows the company to monitor behavior on websites and pages that a user might assume are not within TikTok’s purview. This type of monitoring is another area where users might end up exposing more personal information than they intend to,” he added.

He also highlighted ByteDance’s relationship with the CCP and noted that it is required to share user data with the authorities if requested under Chinese law. “While it’s hard to verify TikTok’s stance on these issues, the fact that ByteDance operates under the authority of the CCP should raise concerns about user privacy,” he concluded.

---

---

---

---