A growing number of public schools and colleges in the U.S. are moving to ban TikTok – the popular Chinese-owned social media app that allows users to share short videos.
They are following the lead of the federal government and several states, that are banishing the social media app because authorities believe foreign governments – specifically China – could use the app to spy on Americans.
The app is created by ByteDance, which is based in China and has ties to the Chinese government.
The University of Oklahoma, Auburn University in Alabama and 26 public universities and colleges in Georgia have banned the app from campus Wi-Fi networks. Montana’s governor has asked the state’s university system to ban it.
Some K-12 schools have also blocked the app. Public schools in Virginia’s Stafford, Prince William and Loudoun counties have banned TikTok on school-issued devices and schools’ Wi-Fi networks. Louisiana’s state superintendent of education recommended that schools in the state remove the app from public devices and block it on school-issued devices.
As a researcher who specializes in cybersecurity, I don’t believe these schools are overreacting. TikTok captures user data in a way that is more aggressive than other apps.
The version of TikTok that is raising all these concerns is not available in China itself. In an effort to protect Chinese students from the harmful effects of social media, the Chinese Communist Party has issued a rule that limits the time students can spend on TikTok to 40 minutes a day. And they can view only videos with a patriotic theme or educational content such as science experiments and museum exhibits.
All major social media platforms raise privacy concerns and include security risks for users.
But TikTok does more than the rest. Its default privacy settings allow the app to collect much more information than the app needs to actually function.
Every hour, the app accesses users’ contact lists and calendars. It also collects the location of devices used to access the service and can scan hard drives attached to any of those devices.
If a user changes privacy settings to avoid that scrutiny, the app persistently asks for that permission to be restored. Other social networking apps, like Facebook, don’t ask users to revise their privacy settings if they lock down their information.
How TikTok handles the data it collects from users also raises concerns. Ireland’s data protection regulator, for instance, is investigating possible illegal transfers of European citizens’ data to Chinese servers and potential violations of rules protecting children’s privacy.
As with other social media services, researchers have found serious vulnerabilities with TikTok.
In 2020, cybersecurity company Check Point found that it could send users messages that looked as if they came from TikTok but actually contained malicious links. When users clicked on those links, Check Point’s researchers could seize control of their TikTok accounts, get access to private information, delete existing content and even post new material under that user’s account.
Hackers have also taken advantage of viral TikTok trends to distribute malicious software that creates additional cybersecurity problems. For instance, a trend called the “Invisible Challenge” encouraged users to use a TikTok filter called “Invisible Body” to film themselves naked – assuring users their followers would only see a blurry image, not anything revealing.
Cybercriminals created TikTok videos that claimed they had made software that would reveal users’ nude bodies by reversing the body-masking filter. But the software they encouraged users to download actually just stole people’s social media, credit card and cryptocurrency credentials from elsewhere on their phones, as well as files from victims’ computers.
Many U.S. lawmakers have objected to the app’s location tracking services, saying it could allow the Chinese government to monitor the movements and locations of U.S. citizens – including members of the military or government officials.
If the Chinese government wants information about the more than 90 million TikTok users, it does not need to hack anything.
That’s because China’s 2017 National Intelligence Law requires Chinese companies to share any data they collect if the government asks.
Technology industry observers have also raised concerns that ByteDance, the company that makes TikTok, may be partially owned by the Chinese government.
These problems take on even more importance in the context of the Chinese government’s alleged efforts to build a huge “data lake” of information about all Americans. China has been linked to several large-scale cyberattacks targeting federal employees and U.S. consumers. These attacks include the 2015 hack of the U.S. Office of Personnel Management, 2017 attacks on the consumer credit reporting agency Equifax and the 2018 attack on hotel group Marriott International.
Teachers and school administrators have used TikTok in some interesting, and useful, ways – such as connecting with students, building relationships, teaching about the risks of social media and delivering small, quick lessons.
But it is not clear whether those positive effects counterbalance the potential and actual harm. In addition to general concerns about the possible risks of social media addictions, some school officials say increased TikTok use has distracted students from paying attention to teachers.
Also, the app’s algorithm for recommending videos to watch next has increased students’ risk of suicide and eating disorders. The “One Chip Challenge,” which asks TikTok users to eat a single chip containing two of the world’s spiciest chili peppers, sent some students to the hospital and made others sick.
TikTok videos have also led students to engage in vandalism. In response to one viral challenge, some students stole bathroom sinks and soap dispensers from schools.
With all that potential for harm and damage, it’s not surprising school officials are considering a ban on TikTok.
Republished from The Conversation under a Creative Commons license in the United States. Read the original article.
Nir Kshetri is Professor at University of North Carolina-Greensboro. He has authored twelve books and more than 180 academic articles, which have been translated into Arabic, Chinese, German, Spanish, French, Japanese, Portuguese and other languages. He has been ranked among the world’s top 0.03% researchers in the 2021 list of the World’s Top Researchers by Stanford University. Nir’s work has been featured by hundreds of media outlets such as Wall Street Journal, Foreign Policy, Public Radio International, Scientific American, and Bloomberg TV. He has provided consulting services to Asian Development Bank, the Commonwealth Secretariat, various UN agencies and a number of private companies. His editorial roles include Computing Economics editor of Computer, IT Economics editor of IT Professional and Associate Editor of Electronic Commerce Research. In 2018, he gave a TED Talk about the potential roles of cryptocurrencies in fighting poverty (https://www.youtube.com/watch?v=WDo_Jlov9R4).
More than 86 million Americans use the social media app TikTok to create, share, and view short videos, featuring everything from cute animals and influencer advice to comedy and dance performances.
Concerned experts point out that TikTok’s parent company, the Beijing-based ByteDance, has been accused of working with the Chinese government to censor content and could also collect sensitive data on users.
The recent leak of Pentagon documents included the suggestion that China is developing sophisticated cyber attacks for the purpose of disrupting military communication satellites. While this is unconfirmed, it is certainly possible, as many sovereign nations and private companies have considered how to protect from signal interference.
The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.
Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.