It's particularly annoying with account cookies and such when I'm already authenticated in the normal browser.
I’ve heard of developers adding the in-app thing despite hating it personally just to reduce the support burden.
There’s the tiny “back button” in iOS that takes you back to an app which triggered an app context switch, but it’s barely noticeable and barely reachable on most current iPhones. I swipe between apps even when I do notice that. But I’m not sure how widely it’s even known you can swipe between apps.
(For anyone reading who doesn’t know, if you have an iPhone without a home button, you can swipe left/right on the space right at the bottom of your screen, where you normally would swipe up, and it’s like the cmd/alt+tab default. You can also do this on the URL bar in Safari to switch tabs, if you stick with the default bottom URL bar.)
No need to poison the well for everybody else due to wanting to avoid a "support burden."
My own product/company has a few common issues like this, and the help page strategy works fine. Answering emails for these types of things is not a big deal as long as you have stock answers/pages prepared.
But ok, let's say I am giving too much credit to people. Just put a setting in to use the default browser for those of us that want it?
It’s quite clearly a user hostile decision, but they presumably did it for all that activity tracking they can do.
Does Apple Lockdown help in this situation? I thought that typical TikTok use just involved scrolling and watching video content. Are users who only view content subject to this security flaw?
Thanks in advance for any clarification.
Also, off topic but doesn’t YouTube’s “Shorts” take the place of TikTok? I have my Google privacy settings set so YouTube can store my viewing history for one month so I get reasonable recommendations. Does TikTok have similar settings?
Now you could go really far to get around it. Request resources yourself and hand them to WKWebView directly so no CSP is served but that’s not going to be easy. You’d have to scan for any other resources that might get loaded, pull those, inject them correctly, etc.
Seems like it would be very fragile.
> [...] they use JavaScript to offer some of their functionality, like a password manager.
Basically a 3rd-party browser needs to use JS to offer any features or real benefit over simply using Safari. But as a TikTok user you have no benefit when all links open inside the app with tons of custom JS injected that seems to be mainly for tracking you.
"Protecting the user" is supposed to be one reasons they take a 30% cut of all in app purchases. Apple even uses this as an excuse to not allow side loading apps.
How are they not blocking this?
not to mention the elephant in the room: Apple Finds Its Next Big Business: Showing Ads on Your iPhone https://www.bloomberg.com/news/newsletters/2022-08-14/apple-...
Even so, I disapprove of Apple’s forays into ads and wish them swift and hard failures in the area.
It is actually quite a hard problem. The App Store does ban third-party browser engines so maybe they can add a restriction that apps can only inject code into verified domains. Surely a few legitimate use cases would be lost (IDK apps that let you annotate websites or something) but it may largely mitigate this issue. Maybe there can be a permission or a review entitlement that allows this for valid use cases (as decided by Apple of course).
It makes it so I can easily select and refine which HTML element I want to add to a custom blocking list.
I think that would be impossible without this.
This is why we continue to lock down browsers and provide ever narrower permission classes.
But as we know, that which can be used by advertising/tracking people will be used by them.
So frustrating to even explain to people that this thing they are scrolling isn't their own, Safari/Chrome!
How does Apple even remotely allow this?
They ban apps for the most arbitrary of reasons, I know small devs that get bumped for tiny things.
This is beyond ridiculous.
A company that has ~100M american users, and CCP on the board with a CEO/Board completely and publicly compliant with the 'wishes of the CCP' including reporting any and all sorts of things, is literally able to collect any data including passwords.
WTF.
How is this not a giant story?
How does the US Government not issue an immediate statement/warning to the general public and talk to Apple/Google about this issue?
My gosh.
I will say that it doesn't look great to have a `keypress` listener on the window/document...certainly that's not used for anything good.
We can’t know what TikTok uses the subscription for
According to the code on that page, the function named 'i' needs to be investigated further. It appears to return another function which is then called to process the keypress event.
You can also detect bots, even skillfully crafted ones.
There is a call for comment by the fcc right now about how people feel about data collection and surveillance. Please go and send in a comment to regulate these behaviours
What I could see them doing is making apps declare URLs that they need access to. Basically, you get full functionality on declared URLs, but if you are just using WebView for a "generic" in-app browser you lose the ability to inspect random pages.
This is exactly what I'm expecting, because that's how they've handled other similar restrictions. Becoming a full on web browser with the iOS 14 web browser entitlement will probably be the only way to not be bound to a list of URLs, and they don't hand that entitlement out willy nilly.
Apple „just“ need to enforce it.
Browsers would get a pass where Apple would come up with some rule but clearly the Instagram app, the Facebook app, the TikTok app, the Gmail app, the Google app, are not browser where as Firefox, Chrome, Brave are.
1) If you go with the "associated domains only" approach that requires proof of domain ownership(usually through adding TXT into the ZONE files), you lose the category of apps that function by transferring a session of a website into the app to function. This is a popular approach for reader apps that don't have an official official affiliation with the website they interact with or the website doesn't have an API to do direct app connection.
2) If you go with the route of pre-defined domains that might not be associated officially, you fix the problem in the first point but you also create a vector of attack to scoop data from targeted websites. For example you can collect data from reddit, facebook and instagram. 3 websites only but more than enough to cause headaches.
"TIKTOK WOULD LIKE TO READ THE AND MODIFY THE CONTENTS OF THIS WEBSITE - ACCEPT/DENY"
For legitimate reasons, the app can inform the user about why they need to do this and the user can accept that and even better, they can implement legitimate APIs.
While SFSafari is a much better choice for what the apps are doing here, WKWeb has legitimate uses.
I suppose Apple could lock it behind an entitlement, but that would take a while as WKWeb is already very prevalent and people won’t replace it on short notice like a point release. Even iOS 17 seems fast.
Plus there is the general power issue. Apple could have done many things over the years to FB (and IG) but they’ve been treating them with kid gloves because those apps are so important. You can definitely add TikTok to that list.
Any change would be a huge nightmare for apps like ours, potentially impacting many other apps as well.
I expect app-bound domains to become required for all apps in iOS 16 or possibly iOS 17. There will probably a be a limit and some review on which domains an app specify as app-bound. Web browser that use WKWebView already have a special entitlement that excludes them from this.
One could just follow what browsers do for extensions: have the developer specify a list of all the hostnames that they want to enable script injection on in a manifest, and ask for permissions at the start. Anything not on the list must be loaded via a sandboxed browser.
Keeps legitimate uses functional while preventing broad script injection.
are you just making a prediction, or do you have knowledge of this?
I use Apple’s new Lockdown Mode on the beta iOS 16 and iPadOS 16. I generally like it. It largely disables arbitrary JavaScript, as far as I know. A few times a week, I will turn off Lockdown temporarily for a few minutes for a web site if there are any problems. This is usually Amazon.com’s Kindle preview feature.
It disables JavaScript JIT compilation, which makes it slower but more secure.
It should not disable any JavaScript execution itself.
I thought lockdown mostly applied to system stuff (including Safari).
Whether if it is collecting biometric data, voice prints, reading the clipboard, collecting information around local network devices and now abusing the in-app browser to further collect user data, the same social networks will try anything to abuse the iOS system to collect as much data as they can.
Given that Facebook did the exact same invasive actions and was fined in the billions, there is enough evidence of these invasive data collection practices that TikTok has done over the years to be worthy of a multi-billion dollar fine.
There is no exceptions, excuses or any room for double standards.
> TikTok iOS subscribes to every tap on any button, link, image or other component on websites rendered inside the TikTok app.
> TikTok iOS uses a JavaScript function to get details about the element the user clicked on, like an image (document.elementFromPoint)
And that's just a sample of the calls the author was able to find.
Perhaps Apple should ban in-app browsers? But what about Safari? Apple itself collects and benefits from Safari data for its ad product
What they do that is publicly known is not bad. Maybe there is something bad they're doing but these random HN top stories are not it. If NSA/US govt really wants us to avoid tiktok it needs better convincing than "omg they're stealing the x,y of your finger when you tap on an image."
TikTok isn't the only app abusing this. Instagram and Facebook will both do sneaky things like respond to the content of the page you're browsing (asking to save passwords in their own private keychain, showing context specific information, etc.)
-
You're not exposed to any of these if you don't open a link inside the in-app browser.
The most common reason to click a link in their in-app browser is an ad... so obviously TikTok, Instagram and Facebook are using the in-app browser to track your interactions after the ad click and sell the data
yes but i doubt the hundreds of millions of users, many of which are children, know this
Non-technical people don't have a concept of "in app browser sandboxing". In their minds they clicked on an ad, they're still inside TikTok, TikTok's UI is showing, TikTok will show prompts based on the content shown... they probably assume TikTok has access to that page?
Honestly I'm more annoyed that Apple allows big apps to use the loophole that is the legacy webview than I am that TikTok uses that webview to do the exact single thing it's good for... having full control over the web content you're showing in app.
Just make your own http(s) requests, fetch the page contents, ignore header CSP, strip CSP in the HTML and send the string to the web view thing. A cursory glance at the documentation seems to show that the web view thing allows for rendering HTML strings. Not sure if that also loads external resources in the HTML supplied, but if so it would be relatively minimal work.
(Companies have spent much more dev effort to get similar tracking capabilities. E.g. WeChat on Android implements an entirely custom rendering engine from scratch rather than use any system web view component.)
I know someone who has no problem getting back to the app they were in, but doesn’t seem to know about/use tabs on their phone. Since tabs don’t auto-close by default they often have hundreds of them by accident that opened one by one when they followed a link in another app like Messages or Mail.
I’m pretty sure they know about tabs on the desktop, though I’m not sure they use them. On the phone it seems to be just a little too “out of sight out of mind”.
TikTok is not pretending to have opened your system browser, it goes very far in doing the opposite:
- Hides the normal browser UI
- Replaces every page load with a TikTok spinner
- Permanently places a TikTok header bar over the screen with a report content button tied to TikTok
Combine that with the fact so many people seem to not realize... the only links you can open with the browser are links sold with analytics (ie you can't post arbitrary links as a user commenting) and the outrage just doesn't add up.
A completely non-technical user going through that flow would expect that they're still in TikTok and are using TikTok not their browser
Because I doubt it is. People click links in chats and in their feeds way more than they click ads
The only way for a non-ad link to be opened from comments is to copy it and paste it in your native browser.
Business accounts get a special link field that's part of their bio, so again, deeply embedded in TikTok... and those behave exactly like the ads do. TikTok has a permanent "Flag" UI on top of the site, they replace every page load with a TikTok spinner
As expected half the people outraged don't even know what they're outraged about.
That is not "what happens in Tiktok's app," as you put it in your reply. It may be hosted "in" the app in a technical sense, but the typical user who is fullscreen viewing a totally different website may not feel like they are "in" the app at all. I wouldn't bet that most users even get that there's a distinction between an in-app browser vs. opening a tab in the main OS browser (on Android at least, the back gesture takes you back to the app either way). Users almost certainly doesn't expect the original app to be able to read passwords and other text that they type on those 3rd-party sites.
Tik tok are not a party to these communications, and they’re not a carrier or service provider. What they’re doing is wire tapping.
Lack of consent and lack of transparency, make this whole thing pretty messed up.
Are you possibly conflating tiktok tracking its own users within its app with somehow it gaining access to the OS itself and tracking users at that level? That is clearly not happening as far as what is publicly known as much as stories like this want you to believe for it to be the case.
In that guy's other comment he was talking about Meta/Facebook too which is what I'm most familiar with and was primarily referring to about people clicking on links.
Even with TikTok I bet people click on profile links more than ads
Also that's not ironic, maybe you are thinking of another word
And "you bet" wrong, since the profile links are only enabled for business accounts.
But you're right about one thing: it was not at all ironic you'd deflect. It's exactly what I'd expect after someone misses what a thread about and makes assumptions about a subject they don't know.
That was some people call sarcasm.
PS: very convincing GPT-3 bot comment, exactly what a redditor on autopilot would write(according to the profile, the OP is a bot).
https://news.ycombinator.com/user?id=Traubenfuchs
I also think that the bot did a good job here.
In the case of UIWebView/WKWebView (AKA the browser within an app that can access web data), this can be implemented by Apple as any other data access prompt like location data access or App tracking access for example.
Apps like to track user data like user location too but thanks to Apple's implementation of prompting the user first, they need to have a legitimate reason to request that information.
So, I guess, apps can claim that they need to access web data to provide some service(like widget, sign in session to transfer the login into the app etc) and users who want that can accept the requests and those who don't can have peace of mind.
That's a really low quality discussion, so I will leave it here. Can we please not turn HN into reddit? If you have an argument write an argument instead of trying to insult people(or don't write anything, we don't have deficiency of this type of attitude).
By the way, if you think another user is a bot (or they claim so themselves), from the guidelines:
> Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
Edit: the confusing part was “the contents of this website”, which made me think of per-site basis.
You were the one who brought up Facebook first in your other comment...
Given that Facebook was fined in the billions for this abuse in the past, TikTok should also be fined for this with in the billions of dollars.
We have learned nothing around this and have repeated the same problems in social networks a decade later.
Also, cannot avoid thinking that Facebook was accused of (somewhat similar) web site spying long time before Tiktok existed.
Banning it isn't for geopolitical reasons although I think those are valid given the CCP's publicly stated agenda (Global communist revolution essentially. Millions of lives sacrificed for Marx). It's just that one less mind hacking app for children is a good thing. What about FB, Insta who are just as bad etc? Simply doesn't matter. If people left FB for TikTok, and TikTok disappears, some significant % won't come back and that's a win.
It doesn’t matter much what some state’s publicly stated stuff is. There’s no reason to believe any country blindly. Their actions speak louder.
Trump was right about that
Same with housing, why can Chinese nationals buy housing here, while I can't do so there?
If I click a link inside the Instagram app, that for whatever reason takes me to gmail or microsoft or wherever that requires authentication, and I decide to login on that page so I can view the link in question, Meta and TikTok are able to capture my credentials and ingest the data back in to their metrics and analytics pipelines?
Is that even f*cking legal?
Probably the developer account banned too.
It is Spyware. Nothing else.
/s
I’m glad it’s reported on, but it’s almost uninteresting hearing the the same plot line over and over.
Fed manufactured content with artificial mental stimulus
Privacy got infringed in every second
ex) Kiaboyz wreaking havoc in Columbus as videos of stealing Kia/Hyundai cars went viral on TikTok
Suffice to say that the bar isn't very high in America. This type of video would never catch on in places like Japan or Switzerland.
They'll use it to make their algorithm better, and they'll use it to better target ads.
Both of those things are good for me the user, so I'm fine with it.
And for those who don't like that, use a blocker, or don't use TikTok.
They use it to make their algorithm better, and they'll use it to better target ads. Both of these things are good for me the shopper, so I'm fine with it. If they sell that data to other companies, have their employees LOL at my problems, or secretly pass it on to the police or spy agencies, that is totally cool. Nothing to hide here!
And for those who don't like it, don't shop at this particular store.
What incentive do they have to satisfy this feature request?
Of course politicians don't really understand tech enough to realize how quickly (and how unfairly) China is growing to dominate the space.
> Same with housing, why can Chinese nationals buy housing here, while I can't do so there?
Housing is a completely different conversation, and the answer there is that existing homeowners would never allow the influx of foreign cash into their local markets to stop, and they are the ones with all the influence in this country, not the renters or aspiring buyers.
This is really quite false.
Rules are broken all the time, they are difficult to arbitrate, and often they are not.
The CCP requires foreign entities to surrender critical IP, then hand it off to a state-backed competitors, they don't allow full ownership of local companies, there's direct political interference including the requirement for all companies to directly hire CCP members as oversight, and if it's important enough, to have the CCP right on the board.
All of this in addition to the death by a thousand cuts the system can make for foreign competitors via local bureaucratic requirements at every level.
This applies not only to commerce but critical institutions such as WHO which are directly compromised by China (i.e. not allowing any material investigation into 'lab leak origins' etc. etc..)
The OP presented the situation very clearly: there is no way in any scenario that China would allow an American company to have a TikTok like app used by large swaths of the Chinese population, controlled by the US.
Neither would Russia.
On some level, that kind of thing is a bit understandable, I don't quite mind if China would not allow 'Facebook' to be the #1 communications tool in China, that said, it should be reciprocal.
And for other things, like high-speed rail etc. China has been grabbing IP using leverage that never should have been allowed.
See Golden rule and Silver rule.
So China ran away with renewable tech developement because greedy Wall Street executives didn't want competition to their lucrative fossil fuel investments. Fucking retards.
Distributing software for you to run on your own hardware is speech, though, and it's protected by the first amendment. You can license the distribution of your own software if you want, but you can't tell me I can't give you software if you want it.
Basically: how do you think this would work, in a way that wouldn't also make Linux or gcc or whatever available only at the whim of the government?
Any company injecting keyloggers or monitoring systems into web content should be subject to the same equally damning judgement. Just because it's China doesn't make keylogging bad. Keylogging is bad because keylogging is bad. Companies like Fullstory [0] and Hotjar [1] are used all over the western internet and effectively act as full session recorders. Sure, used well they can be used for analytics, but you could just as easily inject Fullstory or Hotjar into an in-app browser and suddenly record all data a user does. Should this be possible? No. Does it help to just ban China? I mean sure, but why should you be okay with a western company doing it?
TikTok is a short video app used mostly by younger generations. It produces highly accurate recommendations for videos to watch. We're not talking about something like a banking app, a healthcare app, or even a messaging app. It's a video-based social network. There are bigger fish to fry than TikTok in almost every single possible category of app. Yet, TikTok is always brought up because it's from China.
We all shit our pants because Russia used Meta, and American company, to influence the 2020 election. Imagine the same amount of data, a more accurate algorithm, and entirely within the control of foreign actors.
It doesn't matter if it is China or Colombia or Japan, a foreign company have that much influence over the opinions citizens of a country is dangerous.
If the leaders in the West weren't concerned about the "average Joe" and their (mis)understandings of politics and situations with complex nuances, then the West would likely be a true Democracy (like ancient Athens, where the People vote on issues such as War and Taxes) instead of a Republic or Democratic Republic (where the People elect a small group to vote on their behalf).
Regardless, I think our Western leaders SHOULD be concerned with the "average Joe" mentality. That includes, by a wide margin, propaganda efforts by other nations.
https://rankingdigitalrights.org/2021/07/14/testing-tiktok-d...
There are _far less_ antisocial practices featured on Chinese TikTok than on Western (specifically American) TikTok. However, the comparison to Instagram and Facebook doesn't differ all that much, so maybe they're simply giving us the content we want.
And I don't just mean the politicians. I mean downright to the pension funds, hedge funds, and retail investor.
They are all long China and especially Chinese tech. If you start declaring war on Chinese tech you are going to obliterate a huge amount of money all to protect the privacy that US voters don't care about privacy in the least. So why would they do such a silly thing?
National security? Please, the son of a sitting President is a crack user with huge ties to China. Nothing some Tiktor user could divulge through the in app browser could ever compare.
Because we are the West, and China is China. We have different laws and customs.
And on the merits, it is unhealthy like all social media, but it still feels so much more fun and worthwhile than facebook or insta where everything feels like a competition to have the best life. So much of Tiktok still feels like vine 2.0
You idiot.
Remember that this is a country that regularly threatens a war that would likely involve the US.
Also the fact that the entire world relies on China is a pretty good place to start.
Also, if you don't know facebook, instagram also have same issue as tiktok. Maybe government should enforce privacy requirement for all apps including facebook and instagram instead of blanket banning Chinese apps.
In the west you typically have to be rich to be a politician, in China you have to be smart, then you get rich(and ban the NYT when your corruption is uncovered).
China and the West are both controlled by factors not really in line with helping the stereotypical Common Person.
For example, when the media in The West "front pages" the smog in Beijing keep in mind The West owns a good part of that. It's not like what's manufactured in China stays in China. I would presume their water ways are nasty as well.
Just one example mind you. The point is, there are other imbalances. That's not to say TikTok should get a free pass, only that it's complicated than an app for app comparison.
I'm not 100% sure on this at this point, but I think if Facebook/Google/etc were willing to do the same they would be allowed in China too, but as it stands they can't/won't comply with Chinese law (I may be mistaken on this, haven't read up on the topic in quite some time)
> How we can allow a Chinese social media app in the west, while any non-Chinese social media apps aren't allowed there?
Easy. The laws are different.
"Non-Chinese social media app"s are not banned in China, just that if you run one it need to be licensed (https://beian.miit.gov.cn/) first before you can start servicing. Licensing is difficult since there's requirements about keeping data domestic, having physical presence should legal enforcement be necessary (i.e. there are people to arrest if something goes wrong), and complying with takedown requests (both copyright and political). Western big tech companies (rightfully) do not want to comply, so they do not get licenses, and thus have no presence. Attempting to "just provide service" without a license will result in blacklisting via the GFW as enforcement.
"Allow a Chinese social media app in the west" -- this is also more complex. If TikTok or friends violate laws in the west they are also liable for any punishment. For example, TikTok and WeChat comply with the GDPR in Europe and keep EU data local to the EU. If they didn't they'd be looking at a potentially huge fine and possibly getting banned. Similarly they also comply with copyright stuff like DMCAs. If they didn't, the FBI can seize their domain and compel ISPs to not resolve it just like the GFW (this has precedent and has been done before).
So the meta question becomes: Are the current protections in the west sufficient? To which the answer is probably no.
But in any case, in the free world, whether a Chinese social media app's presence is allowed to be maintained should not be dictated by ideology, but rather through real demonstrated evidence of misbehavior and/or harm (which is why research like this is important).
The thing is, and I don't believe this to be controversial, that China has built a digital database of all (or most) of its citizens based on the data they collected. Now the question is, do they stop there, or do they have a file on all of us? The technology is cheap, and I think based on video data etc that they collect through apps like this, they might well build a social graph of the rest of the world (i.e. who does exist, what are their interests/beliefs/political affiliations, and what are the relations between those entities.)
The repercussions of using such apps might be, that they have info on citizens in the rest of the world, which might allow them to nudge people into giving into their political goals (this has already been happening after people posted stuff critical of China on sites like Twitter) - and I think that we have to ask ourselves how that could threaten our democracy.
Simply because when XXX nationals come with all cash offers and willing to pay above market & waive all contingencies, sellers are willing to sell.
It just so happens that certain nationals are more prone to having that sort of money than others.
And, don't forget farmland.
Seems we'll look back on all of this at some point and decide maybe it wasn't the best idea.
If that happens, I imagine our Congress will brew up some justification for seizing all that Chinese owned property.
Fundamentally west can't get too faraway from these ideals or it will end up destroying its hegemony. Huawei has already been banned, but what comes after social media? And if some action is taken, will other countries start banning western imports specially cultural and services?
The answer both of our questions is of course money. Our version of capitalism is dominated by cult-like disciples of financial management principles.
If the US fucks with TikTok, well maybe they’ll mess with Office 365.
The only way to prevent this is to create laws specifically targeting the Chinese for being Chinese, because 1) the chance for domestic regulation on social media and surveillance is very low, and 2) any regulation we're likely to pass would be about "spreading misinformation" and "foreign interference," so would probably end up closely resembling Chinese regulations.
Suddenly doesn't seem to work so well when a Chinese app is granted that privilege.
[0] https://www.unipi.it/index.php/welcome-and-support/item/7413...
Trade limitations have always and will always exist. Heck there are hundreds of limitations in trade between the US and Canada - including the complete illegality of Kinder Eggs in the US, which I still find hilarious.
Instagram's privacy policy: https://privacycenter.instagram.com/policy/
>We call all of the things you can do on our Products "activity." We collect your activity across our Products and information you provide, such as: [...] Apps and features you use, and what actions you take in them.
Tiktok's USA privacy policy: https://www.tiktok.com/legal/privacy-policy-us
>We collect information when you create an account or use the Platform. We also collect information you share with us from third-party social network providers, and technical and behavioral information about your use of the Platform. [...]
>We may collect information about you from third-party services, such as advertising partners, data providers, and analytics providers.
Aren't EULAs fun?
I mean, this is literally XSS. And it's not just Facebook and Tiktok, unless this is a private API scummy apps can and are (I guarantee) doing this to steal user passwords and bank credentials. Your average person already needs to know that they can't type in their credentials unless the URL says facebook.com, now they also need to check the app is Safari. And you may not even need to enter credentials, a malicious app could just load my-bank.com and extract the cookies or local storage or send API requests.
If true...wow. That's a massive security oversight. But it seems to massive I'm not 100% convinced. Especially because websites are tightly sandboxed from other websites and apps are tightly sandboxed from other apps. Yeah you could in theory re-implement your own web browser in your app which looks and acts like Safari, but in practice Apple technically forbids other web-views, and it's really hard to fully implement a web browser and not make it immediately apparent anyways.
Those were never trustworthy.
The problem is when they render external websites and unsuspecting users think they are using the phone's web browser. That is something Apple/Google can have rules about without banning/restricting web views.
Android has these in-app browsers too, they may or may not be subject to this.
A lot of apps use webviews to render HTML, often in ways where you wouldn't even notice it's web content. Apps shouldn't use webviews to render external web sites but nothing in the APIs restrict them from doing so (recent versions of iOS have made it seem like they're heading in that direction but nothing concrete).
Easiest thing would be for Apple and Google to enforce this via denying app approvals. Would be a very interesting fight against apps this popular, though.
Obviously both Android & iOS let you open things in the default browser.
iOS has SFSafariViewController, which more-or-less corresponds to Chrome Custom Tabs on Android. These basically make a browser UI that is in the of the app for the purposes of multitasking/app-switching, but which is controlled by the browser. Devs can't inject code into these.
And both have WebViews, which let the dev do more-or-less whatever they want inside their own app.
The difference is that this was done before by Meta / Facebook and they were fined in the millions, and even by billions by regulators like the FTC over this. This same problems a decade ago are being repeated once again and we have learned nothing.
TikTok should be under the same regulations, especially when they are operating in many countries that have strict data privacy laws and given this unsurprising and extremely invasive data collection practice which is even worse than Facebook, they should be fined in the billions of dollars as a reminder that it applies to any social network, especially those with billions of users.
If left alone, it will only get worse for everyone.
If that is happening then cases under those legislation would succeed. But those legislation don't somehow magically forbid practices that people on HN don't like.
Given they are operating in countries like the EU, US, etc and they are doing the same privacy violations and actions like what Facebook did years ago but worse, and even after regulations such as GDPR, CCPA, etc and Facebook was fined in the billions by the FTC, TikTok should be no exception and must be fined in the billions for this invasive and repeated privacy violations.
Nothing has changed, even after the invasive tracking done by Facebook, and Instagram.
US Housing is generally a safe investment for foreign investors. Since US vestigial racist policies make it difficult to create dense, affordable housing, single family homes are in high demand and relatively limited supply.
I don't see any reason they wouldn't be? If anything they probably face more scrutiny than US domestic companies exactly because they are foreign. The problem (at least in the US) is just that behavior like in this post should be illegal but it isn't (yet). They _feel_ ethically wrong but there's no punishment for doing it.
> (...) that China has built a digital database of all (or most) of its citizens based on the data they collected (...)
But so do companies like Google, or Meta, or Clearview etc... This is a real problem but Chinese companies are hardly alone here and they aren't even the first to start mass data collection. As for the domestic data collection and association, that's largely a domestic issue that their citizens need to figure out for themselves. For what it's worth, most countries do at least a little bit of domestic surveillance (as seen from the Snowden leaks), China just has a much more robust system with fewer safeguards.
> I think that we have to ask ourselves how that could threaten our democracy.
That is a good question and I think it should be asked of all tech companies.
Facebook had the whole election meddling thing which started the gears turning in legislative branches of how we might reign in companies as instruments that threaten democracy, and by now we all more or less assume countries like Russia and China will try to exert influence in other countries. However, getting the regulations right is hard even though it is also important. We'll need both experts in the technology (re: this whole thread about discreet behavior tracking that a layperson would never identify) and in the legal space to figure out how to protect individuals. This is not the cold war era. It should not be a battle of ideology. We should instead figure out how to protect people from institutions of power, be it hostile foreign powers, domestic tyranny, or just corporate greed.
Only data specifically about Americans(and Americans alone, contact with a foreigner is open to data collection) that hasn't traveled in and out of the country is protected from the spies, if the spies are to be trusted. They're already known to be lying to Congress, so chances are the American government has a file with all of your social media activity, except maybe your tic tock usage.
I see no reason to consider the Chinese apps special in this regard. American domestic apps have already shown themselves to be dangerous to american democracy, and the American government can do much worse things to Americans than the Chinese government can. The data collection itself is bad, but no government will cut off its own spies
I would be astonished if they did not. The data is freely available and inexpensive, I imagine they are hoovering it all up constantly.
Facebook, Whatsapp and Instagram worked pretty well here, to the point where almost every teenager has an Instagram account, so I think this is proven to be false. The only reason Instagram is banned now is because of the ability to use it to spread pro-Western propaganda instead of pro-Russian one.
That isn't completely true anymore.
"Foreign investors are now allowed to establish wholly foreign-owned enterprises for whole vehicle manufacturing, including special purpose vehicles, new energy vehicles, commercial vehicles and passenger vehicles."
https://www.iflr.com/article/2a647jipe3beiloc6xeyo/primer-ch...
For what it's worth HK internet presently uncensored, though ironically TikTok pulled out of the HK market as they felt it was too expensive to comply with Hong Kong laws given the size of the available market here.
DouYin is still available in HK though -- not sure if DouYin is available in US/Euro market or not??
It’s some somewhat ironic, because TikTok is Chinese owned, and so is the NSL.
Also, as mentioned in the first sentence of the article, this is exactly what Meta does in the Facebook and Instagram apps.
I’m not saying that others don’t do it. Just that it’s not speech ?
http://anychinavisa.com/news/can-foreigners-buy-a-house-in-c...
So to be more precise what you actually can't do is speculate in Chinese real estate.
The US is a capitalist society; if you have sufficient money US National or not, you have nearly carte blanche to do what you want.
Regardless of China et al laws for foreign home ownership, the US is very permissible simply because money.
This is actually the underpinnings of the free market and free speech. It's the ability for everyone to influence everyone else. What do you think speech is? It's the ability to say things that may influence others... and we let people think for themselves whether they should get influenced or not. Once we decide to think for others and choose what's best for other's, we'll have become the authoritarians.
Any US company caught putting arbitrary keyloggers in products can and should be condemned. Companies still track large amounts of data and pull shady antics, but the big difference is there is a means of holding US companies to account if they violate privacy standards, not least of which is through uncensored condemnation and legal action. That is not possible in China.
More stringent privacy norms and protections in the US would be welcomed. That doesn’t mean the status quo is comparable to China.
Have yet to see this in practice. What usually happens is a bunch of articles are written "condemning" their actions, they are fined some ridiculously small amount and then business continues as usual.
The most recent action that seems to have had a significant impact on how Facebook captures data is Apple's "Ask App Not to Track". This is not exactly a shining example of the how the US system protects users privacy as the action was taken by a company, not a regulator.
For example, we normally think about the opposite of free speech as speech being suppressed, but being made to speak, to people you don't wish to speak to, at a time that is not of your choosing, none of that is freedom of speech even though you expressed your thoughts.
Hence, there is no freedom of speech without privacy. That's why it often gets wrapped up in the, in my view far better, phrase freedom of expression.
TikTok knows my age, my location and viewing habits, TikTok knows that I stared at clip x more than clip y. TikTok might have figured out my age, gender and my sexuality based on what I watch and can probably figure out more just from what I view but saying it's somehow more than Facebook is inane.
one is literally made to have as much information about you as possible, that's like the core concept of Facebook.
And I wasn't saying FB is better overall; I deleted my FB account 7-8 years ago. I don't go on Tiktok either because I don't trust it (also not that interested). I do use IG (yes, I know owned by FB but I don't have it linked to any FB/other account) and Twitter (and Reddit, IRC of course).
"Important Note: This tool can’t detect all JavaScript commands executed, as well as doesn’t show any tracking the app might do using native code (like custom gesture recognisers). More details on this below."
And users appreciated it, and used it to discover more content that they were more interested in.
Preventing that happening would be a good reason to implement it. Don't wait for someone else to implement something users like...
TikTok's differentiating feature is that it ruthlessly serves up algorithmic content so it can collect data on the result of that interaction and iterate.
Feels like you're fundamentally breaking it if you remove that.
And the "software is free speech" argument itself doesn't apply when we are talking about something malicious that is installing keyloggers and transferring private data to overseas servers.
Plus, criminal speech can be restricted in any case. If it's determined that the TikTok app is violating the law or facilitating the commission of criminal activity, the distribution of that app could itself be deemed a crime, or even worse for app stores, subject them to civil liability.
This definitely needs a reference.
US companies and regulators do not have to be shining beacons of user privacy and protections to be better than a system with no boundary between the state and private companies, with no expectation of privacy, and with censorship of opinion that criticizes shortcomings of the state.
TikTok is not an American citizen. Nobody is preventing American citizens from printing the source code of TikTok on their tshirts so that people can compile it and use it. This is the only conceivable scenario where the 1st amendment would apply.
And even if that was happening, the US could rightfully ban use of Chinese owned servers in the US. Then we'd get what happens in China: a US-owned entity forms to run TikTok in the US. It is now subject to US rules and regulations etc.
However the true question here is more likely to be "what does unfair mean".
Tik tok dominating is just good old outcompeting the competition.
Protectionist strategies create less domestic competition, resulting in underdeveloped industries that would die off in the face of real competition. So if Chinese companies are insulated from outside competition then in theory they should have a harder time developing globally competitive products. If we continue to allow TikTok and other Chinese products it is not without inherent benefits of increased competition driving better domestic competitiveness.
Of course it just all looks like we are getting screwed because TikTok is outcompeting despite all this, but banning or hobbling it will just make Facebook et al complacent and likely even less competitive in the global market.
We need the competition, basically, if for no other reason than the fact that a competitive market is what underpins healthy capitalism.
Plus, subsidies are simply another form of protectionism and the US heavily engages in this too. We can’t pick and choose when protectionist policies are applied because everyone is doing it in certain industries.
You can't sell your widgets in my location. Would you as a seller of widgets think that is fair?
I know the reality is more nuanced than that but people are talking about reciprocal agreements to at least ensure some sense of fairness.
The rest of the world is generally playing on a level globalist playing field of free trade and open competition. The theory for decades has been that if the world treats China like every other country and then over time they will become more open. But this theory has been disastrously wrong. China’s communist party is a mercantilist country where the government and private industry act together as one.