Freaking out about TikTok on your work phone? You should look closer to home.


Estimated reading time: 5 minutes
Privacy
Map of European countries doing TikTok bans, from Politico

One of the biggest stories in tech policy, right now, is that governments all over the world are banning TikTok on government devices. There are concerns about Chinese state access to the information on those devices, and on wider systems, enabled by TikTok’s background software.

I won’t go into the full details here, but here is a well-balanced podcast on the issue, if you need to get up to speed; Politico even have a handy tracker for Europe.

As always, I Have Opinions on this, and for good reason.

First off, I’m personally familiar with the paranoia that China creates: after all, as a university student in the 90s, in Washington DC, I interned for Republicans. (Look, they paid twice as much as Democrats, and there’s only so much spaghetti a young woman can eat.) Those people saw an international global conspiracy in every corner hot dog vendor. I’m not joking. I was paid better-than-spaghetti money to spend 20 hours a week scouring Lexis/Nexis databases to find the evidence they needed to support the conclusions they’d already arrived at, and to stand at the fax machine doing the “fax blast”, sending out the pundits’ weekly digest of their enlightened opinions on the imminent Chinese menace to every journalist and policymaker they’d ever encountered, whether those people wanted those enlightened opinions or not.

Good times.

25 years later, in a very different world, that’s not to say that there isn’t a real and valid political problem now, and there isn’t a real risk building for the future balance of power. And that’s not to say that there aren’t valid issues about Chinese state access to Douyin assets.

Chris Stokel-Walker has written an entire freaking book looking into TikTok’s relationship with the Chinese state. You might want to read it.

But there’s something I find frankly bizarre about a grand global panic, caused by one single app, whipped up by people who might just want to pause and think about things closer to home:

specifically, in their home.

For one simple example, I wonder if anyone – politician, staff, or pundit – who has railed against TikTok, as a cipher for grand global geopolitics, has ever checked the privacy settings on their Samsung TV.

As I have to do every bloody time there’s a firmware update and the privacy settings reset, necessitating two hours of manually opting-out of several hundred adtech vendors, all default opted in by both consent and legitimate interest, including this one:

My Samsung TV, showing the privacy settings screen and Yandex opted in

Russia tracking a Scottish woman’s home network, because reasons

That’s Yandex, the Russian company, with an active surveillance beacon in your living room, double opted-in, for ten years.

Here’s a longread on Yandex, in Wired, and how their relationship with the Russian government has changed in recent years, specifically in the past twelve months, and very much without their consent or in their legitimate interest.

And if you want to read that, here’s the consent dialogue on Wired, detailing the hundreds of trackers they use to monitor your reading of that article about a company which has a tracker in your living room.

Consent dialogue box

Now, I’m not picking on Wired here – I love it! I subscribe to the paper magazine and read it in the garden! I stream the podcast! But: this is the business model of much of modern journalism.

So I’m going to use them as an example. Let’s review what the back-end technology on that site, and on your smart telly, is doing.

Technology which has absolutely nothing to do with the delivery of ads:

  • Storing and accessing information on your devices, such as what other apps you use and who is in your contact lists
  • Using precise geolocation data to determine where your devices are, by the metre
  • Actively scanning your devices for identification, meaning who you are identifiable to your device
  • Matching and combining on- and off-line data sources, meaning linking your device characteristics to external databases, provided by largely unregulated data brokers, with information about your offline life
  • Linking different devices, meaning noting what else is on your network (phones, laptops, smart speakers, IoT devices, etc) and who else uses that same network – say, your family on your home wifi or your teammates in your office; with the same scanning of those devices
  • Receiving and using automatically-sent device characteristics for identification, meaning a constant exchange of data to make sure you are still you

And only after all of that, the adverts and the adtech tracking.

Now think of that in the context of a government employee who is using a device to read a news story. Or stream a cheeky episode on their lunch break. Or do pretty much anything in the year 2023.

Need a visual example? Here’s a tree graph showing a popular UK newspaper’s surveillance footprint. (It takes a while to load. You’ll see why.) That is par for the course: to deliver ads, they also deliver a payload of device identification, scanning, and surveillance.

Even on government devices.

That’s assuming a public sector employee even has one, and isn’t using a personal device. You should never assume that.

In fact, talk to any given network administrator and they’ll probably tell you that they are far more worried about online newspapers, and their device surveillance engines, violating their systems’ content security policies tens of thousands of times per hour, than they are about a vast Chinese conspiracy to surveil your team via drain cleaning videos.

But not only do politicians not have a problem with the device surveillance engine which powers everything we read and every programme we watch:

they bend over backwards to work within that system; to the extent that the Conservatives have made policy announcements behind newspaper paywalls, monetised for the newspapers’ profit with over a thousand device surveillance trackers (as detailed above).

And all of a sudden these same policymakers care about one company potentially installing the exact same surveillance that has never once bothered them anywhere else, tens of thousands of times a day;

except when they’re railing against the popups which tell them that both state and private surveillance of their devices, and teams, and homes, and families, is happening, right in front of their faces.

If only they cared about what happens in their own homes as much as they do about courting headlines, and feeding the beast in the process.

I spoke to Chris Stokel-Walker about this over at the i.

Postscript

For those who don’t see what I was getting at in this post, please consider one simple word:

diaspora.

The Author

I’m a UK tech policy wonk based in Glasgow. I work for an open web built around international standards of human rights, privacy, accessibility, and freedom of expression. The content and opinions on this site are mine alone and do not reflect the opinions of any current or previous team.

2 Comments

  1. I hope my circa 2011 TV never dies, as it does not connect to the Internet. Futile hope, I know, but hope isn’t always rational.

    • In the event that I break my active Samsung telly, I have a backup, old-school, flat screen but really good dumb TV, which in true Glaswegian/Northern Irish style just happened to fall off the back of a van, directly in front of my house, whilst I happened to be standing directly in front of it.

Comments are closed.