TikTok Tracks You Across the Web, Even If You Don't Use the App (consumerreports.org) 44
An anonymous reader quotes a report from Consumer Reports: A Consumer Reports investigation finds that TikTok, one of the country's most popular apps, is partnering with a growing number of other companies to hoover up data about people as they travel across the internet. That includes people who don't have TikTok accounts. These companies embed tiny TikTok trackers called "pixels" in their websites. Then TikTok uses the information gathered by all those pixels to help the companies target ads at potential customers, and to measure how well their ads work. To look into TikTok's use of online tracking, CR asked the security firm Disconnect to scan about 20,000 websites for the company's pixels. In our list, we included the 1,000 most popular websites overall, as well as some of the biggest sites with domains ending in ".org," ".edu," and ".gov." We wanted to look at those sites because they often deal with sensitive subjects. We found hundreds of organizations sharing data with TikTok.
If you go to the United Methodist Church's main website, TikTok hears about it. Interested in joining Weight Watchers? TikTok finds that out, too. The Arizona Department of Economic Security tells TikTok when you view pages concerned with domestic violence or food assistance. Even Planned Parenthood uses the trackers, automatically notifying TikTok about every person who goes to its website, though it doesn't share information from the pages where you can book an appointment. (None of those groups responded to requests for comment.) The number of TikTok trackers we saw was just a fraction of those we observed from Google and Meta. However, TikTok's advertising business is exploding, and experts say the data collection will probably grow along with it.
After Disconnect researchers conducted a broad search for TikTok trackers, we asked them to take a close look at what kind of information was being shared by 15 specific websites. We focused on sites where we thought people would have a particular expectation of privacy, such as advocacy organizations and hospitals, along with retailers and other kinds of companies. Disconnect found that data being transmitted to TikTok can include your IP address, a unique ID number, what page you're on, and what you're clicking, typing, or searching for, depending on how the website has been set up. What does TikTok do with all that information? "Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services," says Melanie Bosselait, a TikTok spokesperson. The data "is not used to group individuals into particular interest categories for other advertisers to target." If TikTok receives data about someone who doesn't have a TikTok account, the company only uses that data for aggregated reports that they send to advertisers about their websites, she says. There's no independent way for consumers or privacy researchers to verify such statements. But TikTok's terms of service say its advertising customers aren't allowed to send the company certain kinds of sensitive information, such as data about children, health conditions, or finances. "We continuously work with our partners to avoid inadvertent transmission of such data," TikTok's Bosselait says. What can you do to protect your personal information? Consumer Reports recommends using privacy-protecting browser extensions like Disconnect, changing your browser's privacy settings to block trackers, and trying a more private browser like Firefox and Brave.
If you go to the United Methodist Church's main website, TikTok hears about it. Interested in joining Weight Watchers? TikTok finds that out, too. The Arizona Department of Economic Security tells TikTok when you view pages concerned with domestic violence or food assistance. Even Planned Parenthood uses the trackers, automatically notifying TikTok about every person who goes to its website, though it doesn't share information from the pages where you can book an appointment. (None of those groups responded to requests for comment.) The number of TikTok trackers we saw was just a fraction of those we observed from Google and Meta. However, TikTok's advertising business is exploding, and experts say the data collection will probably grow along with it.
After Disconnect researchers conducted a broad search for TikTok trackers, we asked them to take a close look at what kind of information was being shared by 15 specific websites. We focused on sites where we thought people would have a particular expectation of privacy, such as advocacy organizations and hospitals, along with retailers and other kinds of companies. Disconnect found that data being transmitted to TikTok can include your IP address, a unique ID number, what page you're on, and what you're clicking, typing, or searching for, depending on how the website has been set up. What does TikTok do with all that information? "Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services," says Melanie Bosselait, a TikTok spokesperson. The data "is not used to group individuals into particular interest categories for other advertisers to target." If TikTok receives data about someone who doesn't have a TikTok account, the company only uses that data for aggregated reports that they send to advertisers about their websites, she says. There's no independent way for consumers or privacy researchers to verify such statements. But TikTok's terms of service say its advertising customers aren't allowed to send the company certain kinds of sensitive information, such as data about children, health conditions, or finances. "We continuously work with our partners to avoid inadvertent transmission of such data," TikTok's Bosselait says. What can you do to protect your personal information? Consumer Reports recommends using privacy-protecting browser extensions like Disconnect, changing your browser's privacy settings to block trackers, and trying a more private browser like Firefox and Brave.
The Solution (Score:5, Insightful)
There's no way really to stop others from tracking you across the internet. However, there is another way. Build RandomBrowserBot, that randomly clicks on URLs. Trackers want data? Bury them with useless, wrong, and crap data.
Re: The Solution (Score:3)
Re: (Score:2)
Build RandomBrowserBot, that randomly clicks on URLs.
It is not difficult to distinguish random data from human-generated data.
Try to generate random mouse movements that will defeat the "I am not a Robot" CAPTCHA.
Re: (Score:3)
Re: (Score:2)
and yes, if this took off it'd be an arms race - then it's a fight instead of the abject total defeat for privacy we've g
Re:The Solution (Score:5, Insightful)
Re: The Solution (Score:3)
Re: (Score:3)
You'll never catch all of them, some will always slip through the cracks.
No, poisoning the data well is the better approach. Drown them in bogus data, if they can't tell good data from fake, they have to throw out the whole batch.
Go hybrid (Score:3)
Maybe a combination of both? You try to reduce the ability to track you, while mixing up with bad data. Neither is perfect, but together they lead to something even more capable.
Re:The Solution (Score:5, Funny)
Re:The Solution (Score:5, Interesting)
Re: (Score:2)
There's no way really to stop others from tracking you across the internet. However, there is another way. Build RandomBrowserBot, that randomly clicks on URLs. Trackers want data? Bury them with useless, wrong, and crap data.
Now THAT is what I call an excellent use of bots.
Lot better than watching someone attempt to find a use for a YT live chat feed, which is like pointing a webcam at a rhino's ass these days.
Re: (Score:2)
Re: (Score:2)
I haven't seen any tiktok trackers. (Score:3, Interesting)
But I have seen twitter, facebook and google on pretty much every website. What domain are they using to track?
Re: I haven't seen any tiktok trackers. (Score:2)
Yup. As you have surmised, the tiktok stories are mostly FUD.
I guess you can already see who is starting the anti tik tok battle :)
trackers, trackers everywhere (Score:5, Interesting)
Correction (Score:5, Insightful)
TikTok tracks Chrome users across the web, even if they don't use the app.
Safari and Firefox block that sort of behavior by default.
Re:Correction (Score:5, Insightful)
At least for now Privacy Badger works in chrome and blocks all this.
Re: (Score:1)
what major website don't (Score:5, Insightful)
Just about every single major websites track users who do not have accounts. So not surprising.
Put in effort to protect yourself and you can (Score:5, Insightful)
1) Use Waterfox
2) Copy many of the options from the Tor Browser config for privacy. They have a page that explains their config really well.
3) Install extensions like NoScript, uBlock, Trace, LocalCDN, Leakuidator, CookieAutoDelete, ReferrerControl, etc
4) Spoof/randomize as much as you can, but do so carefully. Doing so incorrectly will make you *easier* to trace.
An additional pro-tip would be to setup a script to create a ramdrive and copy your waterfox install to it and run it from there, intermittently copying back extension settings, history, whatever else you want to persist. This had an amazing performance impact as Waterfox now never writes to disk, and it doesn't take any additional memory since all the files it needs are already in memory, and the OS is smart enough to realize that.
There is of course MUCH much more you can do, but even with those basic steps you're going to be resistant to 90% of tracking.
Re: (Score:2)
Re: (Score:2)
There is no concern about standing out. With what I suggest many sources of tracking are never loaded and with what they can obtain (much of which is spoofed) they can't pin it to an individual.
The ramdrive thing is purely for performance. It would guard against hard drive examination but that's out out scope for this article's point.
Re: (Score:2)
You've provided many excellent examples as to why vendors spend billions fighting over the default settings.
Configuring privacy, isn't the hard part. Getting lazy users to give a shit enough to change default settings, is. That's why it's worth billions.
For now.... (Score:5, Insightful)
You can use something like Brave with ScriptSafe or NoScript
But this goes completely away with Google's Manifest V3 which blocks these blockers and enforces tracking.
Don't be evil my ass.
Re:For now.... (Score:4, Insightful)
"Don't be evil" has long been abandoned by Google. They are the same profit seeking amoral mess that every other publicly listed company legally has to be.
Re: (Score:2)
They are the same profit seeking amoral mess
You mean immoral.
A corporate "person" is just a legal fiction who's decisions and actions are made by real people. Real people who have very much thrown away any and all sense of morality and ethics to indulge their greed just a little bit more.
every other publicly listed company legally has to be.
Legally? Nope. There are laws against this kind of immoral and unethical behavior. The laws are simply not enforced because the enforcers are just as immoral and unethical as the lunatics running the companies.
Tracking pixels (Score:4, Insightful)
Re: (Score:3)
The whole story is just a repeat of what Facebook was doing 10 years ago. Remember the stories about Facebook tracking people who were logged out across the web?
But yeah, Chinese owners, so lets pretend they invented evil instead of copying it from US companies.
TikTok is the new Facebook (Score:3)
nothing new (Score:5, Insightful)
"TikTok Tracks You Across the Web, Even If You Don't Use the App " - so exactly the same as Facebook and Google? No, really? I am shocked!!!
If you can't beat them, (Score:2)
Like all the rest of them (Score:2)
That's why we have tracker-blockers.
as usual... (Score:4, Informative)
it's the facebook pixel all over again...
good thing firefox will not remove manifest v2 support, and adblockers work properly there...
How to Stay Private (Score:4, Informative)
Everybody will know everything anybody does (Score:1)
I suspect that everything a person does online is known by some group or another. Eventually down the road, everybody will know everything everybody does online. Then eventually after that, everything will be “online” and everybody will know everything anybody does.
Is this different than anyone else? (Score:2)
Just wondering if this is any different than any of the other trackers out there by various companies like Google or Facebook that track you across the web.
I guess it is news that TikTok also does it, but probably not very big news.
"There he is! Stay two car lengths behind ..." (Score:2)
That's for when you avoid them on the web, because they aren't playing games! lol