TikTok, like other tools, is actively tracking user behavior, analyzing their activities, location, past website visits, and cookies.
Unlike Google or Facebook, a major issue with TikTok is that the control is somewhat “gray.” It is owned by ByteDance, a very influential company in China. It is common knowledge in the cybersecurity world that Chinese threat actors are very active in cyberespionage for both political and financial gain. To put this plainly: U.S. enterprises that have implemented TikTok components in their website may have granted a Chinese entity open access to their users’ private data, while never knowing what the entity is actually doing with the information.
The threat that most people might miss is that even if the user doesn’t use TikTok, the simple fact that the person is browsing a website that includes a TikTok-owned component means that it gathers their personal information. Not only that, but even businesses with strict privacy and security policies are unknowingly exposing their own users’ PII (e.g., UserAgent, IP address, etc.) once they visit websites that have implemented TikTok components. According to BuiltWith, TikTok has shown exponential growth in popularity during the recent year, making it a very attractive target for Chinese threat actors.
“The problem with TikTok is that it is very hard to trace what they are doing with your customers’ data,” said Ysrael Gurt, CTO & co-founder of Reflectiz. “It’s common to have tags and trackers on a website, but we can’t really know what they do with the data they collected. However, we do know that TikTok already has the technical and personal data about most of the internet users right now, so the question that remains is: Who has access to this data, and how will they use it?”
“It’s important to remember that even free tools are paid with the users’ data – your website users’ data,” he adds. “In this instance, websites all across the U.S. are paying with their user’s data to a Chinese enterprise, never knowing where this information will end up.”