TikTok Trackers Embedded in U.S. State-Government Websites, Review Finds (livemint.com) 46
Toronto-based Feroot Security "found that so-called tracking pixels from the TikTok parent company were present in 30 U.S. state-government websites across 27 states," reports the Wall Street Journal, "including some where the app has been banned from state networks and devices." The review was performed in January and February.
The presence of that code means that U.S. state governments around the country are inadvertently participating in a data-collection effort for a foreign-owned company, one that senior Biden administration officials and lawmakers of both parties have said could be harmful to U.S. national security and the privacy of Americans.
Administrators who manage government websites use such pixels to help measure the effectiveness of advertising they have purchased on TikTok.... The presence of the TikTok tracking code on government websites underlines the challenge for those who deem the China-owned app a potential data-security threat. Lawmakers in both parties are considering a nationwide ban, but simply uprooting the app from U.S. smartphones wouldn't stop all data-tracking activities....
Feroot found that the average website it studied had more than 13 embedded pixels. Google's were far and away the most common, with 92% of websites examined having some sort of Google tracking pixel embedded. About 50% of the websites the firm examined had Microsoft Corp. or Facebook pixels. TikTok had a presence in less than 10% of sites examined.
Administrators who manage government websites use such pixels to help measure the effectiveness of advertising they have purchased on TikTok.... The presence of the TikTok tracking code on government websites underlines the challenge for those who deem the China-owned app a potential data-security threat. Lawmakers in both parties are considering a nationwide ban, but simply uprooting the app from U.S. smartphones wouldn't stop all data-tracking activities....
Feroot found that the average website it studied had more than 13 embedded pixels. Google's were far and away the most common, with 92% of websites examined having some sort of Google tracking pixel embedded. About 50% of the websites the firm examined had Microsoft Corp. or Facebook pixels. TikTok had a presence in less than 10% of sites examined.
Re:Here's a side question (Score:5, Insightful)
Re: (Score:3, Interesting)
It isn't whataboutism. If there is a security hole or concern then plug it so no one can take advantage of it.
If this is NOT a concern for Google, Microsoft or Facebook than it shouldn't be a concern for TikTok. Personally I don't trust any of them and I'd prefer to address all their tracking capabilities. Bring up Google and Microsoft tracking... I want to hear about it and I want it addressed too.
Re: (Score:3)
It isn't whataboutism. If there is a security hole or concern then plug it so no one can take advantage of it.
If this is NOT a concern for Google, Microsoft or Facebook than it shouldn't be a concern for TikTok. Personally I don't trust any of them and I'd prefer to address all their tracking capabilities. Bring up Google and Microsoft tracking... I want to hear about it and I want it addressed too.
The whole point of this is being totally missed.
1. Ban TikTok in the USA.
2. The half of all Americans that currently use TikTok wonder wtf they will do now.
3. They find an alternative app that does the same thing and isn't banned.
4. Alternative app is owned by a US based company which now starts making record profits.
Step 4 there is the entire reason that the US government is up in arms against TikTok. Profits for American companies.
Re: (Score:2)
Step 4 there is the entire reason that the US government is up in arms against TikTok. Profits for American companies.
It's not the entire reason. Data that gets sniffed by facebook or whoever in the US is collected through PRISM and thus into the five eyes systems. Data that gets sniffed by TikTok only goes to China, and five eyes can't benefit from it. If you're not using the American sites, you're harder to track.
There's also legitimate concerns about Chinese tracking and manipulation, but I thought I'd just cover the nefarious stuff since that's where you were going, and I agree that those are the main reasons they care
Re: (Score:2)
Step 4 there is the entire reason that the US government is up in arms against TikTok. Profits for American companies.
It's not the entire reason. Data that gets sniffed by facebook or whoever in the US is collected through PRISM and thus into the five eyes systems. Data that gets sniffed by TikTok only goes to China, and five eyes can't benefit from it. If you're not using the American sites, you're harder to track.
There's also legitimate concerns about Chinese tracking and manipulation, but I thought I'd just cover the nefarious stuff since that's where you were going, and I agree that those are the main reasons they care.
If you look at what happened to pompompurin, arguably a grey hat rather than a real nasty black hat hacker, that took a LOT of cooperation from a LOT of companies for the FBI to nail him. Several social media companies plus his VPN provider etc etc. While he resided in the USA, I'm sure the companies would cooperate for people not in the USA too.
Re: (Score:2)
> It isn't whataboutism. If there is a security hole or concern then plug it so no one can take advantage of it.
Makes sense, stop pixels from all of them. And also do like France and ban all entertainment apps on all phones issued by the government.
Re: (Score:2)
And also do like France and ban all entertainment apps on all phones issued by the government.
Depends on what you mean by "government". Entertainment apps have been banned on Federal government phones for years. If you RTFA, you'll see the tracking pixels discovered were found on State government sites.
The web admin for a state site in Nebraska that offers outreach support for reducing cow flatulence is not going to have the same skills or yearly reviews that a federal government site receives. Unfortunately, the Nebraska flatulence web site might actually get more yearly traffic than, for example
Re: (Score:2)
> Depends on what you mean by "government".
Now that you mention it, state and federal or provincial and federal here, and I guess municipal too.
> Entertainment apps have been banned on Federal government phones for years.
This and some other links seem to contradict that "The White House said Monday it is giving U.S. federal agencies 30 days to delete TikTok from all government-issued mobile devices."- https://fortune.com/2023/03/01... [fortune.com]
And the focus by media and government on Tiktok, when attention sho
Re: (Score:2)
This and some other links seem to contradict that "The White House said Monday it is giving U.S. federal agencies 30 days to delete TikTok from all government-issued mobile devices."- https://fortune.com/2023/03/01 [fortune.com]...
Good point. When I was thinking about entertainment apps, I was thinking more about Candy Crush, Solitaire, Fruit Ninja, etc. which have been banned for years as Games.
Separate social media apps like TikTok, YouTube, Twitter, etc are used by some agencies for outreach and communication. Most of the time it is suggested to view those sites via a web browser, but if your job is in Public Affairs, it might require the app be installed to distribute content. I know the IRS, NOAA, and NASA have extensive YouT
Re: (Score:3)
Whataboutism. False equivalence. All of that in the FP. Congratulations.
Yes
Feroot found that the average website it studied had more than 13 embedded pixels. Google's were far and away the most common, with 92% of websites examined having some sort of Google tracking pixel embedded. About 50% of the websites the firm examined had Microsoft Corp. or Facebook pixels. TikTok had a presence in less than 10% of sites examined.
So these US based companies have far more pervasive tracking of Americans and TikTok is by comparison insignificant. I thought there were some restrictions on domestic spying?
Re: (Score:2)
I thought there were some restrictions on domestic spying?
There supposedly were, before the USA PATRIOT act [aclu.org], not that they were observed. The government can now legally do pretty much anything informational in the name of national security, though.
Re: (Score:2)
I thought there were some restrictions on domestic spying?
There supposedly were, before the USA PATRIOT act [aclu.org], not that they were observed. The government can now legally do pretty much anything informational in the name of national security, though.
So, just like China really eh.
Re: (Score:1, Troll)
Probably pretty close to 100%. But the 10% is notable because they're from a corporation that is nominally headquartered in a country the US is currently using as teh eeviill.
Re: (Score:3)
> How many Google, Microsoft, Facebook trackers are embedded in U.S. state government websites?
The summary says that in general of websites examined 92% of pixels are from Google, 50% are from Microsoft and less than 10% are from Tiktok.
So I wonder, can it be expected that about the same proportion are on government websites, cause Feroot (or the article) aren't being clear about it.
Re: (Score:2)
Let's say there are.
Is that the same as trackers controlled by the military of a "foreign adversary"?
If it's the same please explain why there's no difference.
But this is all a distraction from China destroying the psyches of Western children.
That's an operation with military advantage over a decade or so.
China plays the long game. It has time. Tick, tock.
This is happening elsewhere too (Score:2, Troll)
Iâ(TM)ve been finding TikTok trackers in iOS apps for a long time. Apps that have nothing to do with TikTok, and Iâ(TM)m not entirely sure what the devs are getting from it. Other than simple metrics.
Re: (Score:3)
Re: (Score:2)
Iâ(TM)m not entirely sure what the devs are getting from it.
erm... money, obviously.
To get back on topic though: these "state" websites are nearly all churned out by the same 2 or 3 companies (Tyler etc). They aren't developed by they states themselves, they're bought in from whichever commercial provider won the contract.
Even with the skill level of the average web developer these days, with every site being glued together from three frameworks each with multiple external dependencies and zero effort given to even basic security, the "inadvertent" claim might argua
3rd party libraries (Score:3)
Iâ(TM)ve been finding TikTok trackers in iOS apps for a long time. Apps that have nothing to do with TikTok, and Iâ(TM)m not entirely sure what the devs are getting from it. Other than simple metrics.
Most likely the devs are using some 3rd party library that lets them show ads. Such 3rd party libraries have caused apps to be dropped from the App Store in the past when found to be doing something unreasonable.
Is it just me (Score:3, Interesting)
Is it just me or are the tracking pixels way less interesting than the app?
China can buy the same pixel tracking data from any number of vendors. But the TikTok app has, for example, been caught sniffing clipboards even after they were caught previously and promised to stop. And more relevantly, they algorithmically present content like everybody else does — is that really who we want making those recommendations to children?
I recognize there's a real freedom of speech issue here, but it's also complicated.
Re: (Score:2)
Indeed. It is a whole different game. These pixels can track when somebody visits several web-pages with tracking pixels from the same group, nothing more.
Re: (Score:1)
You think Facebook or Google or insert corp name here are any better at making recommendations to children?
Re:Is it just me (Score:4, Interesting)
You think Facebook or Google or insert corp name here are any better at making recommendations to children?
I don't know that better is the right word, but I would say they are specifically less likely to intentionally promote content in a way intended to bring about the economic or other downfall of the United States.
Nowhere in this am I attempting to ascribe innocence to the USA in anything, I'm addressing the specific topic at hand. My posting history proves I'm willing to discuss this nation's ills when they are relevant. In this case, what you're doing is using whataboutism.
Re: (Score:3)
You think Facebook or Google or insert corp name here are any better at making recommendations to children?
I don't know that better is the right word, but I would say they are specifically less likely to intentionally promote content in a way intended to bring about the economic or other downfall of the United States.
Nowhere in this am I attempting to ascribe innocence to the USA in anything, I'm addressing the specific topic at hand. My posting history proves I'm willing to discuss this nation's ills when they are relevant. In this case, what you're doing is using whataboutism.
From what I've been seeing its questionable whether school boards in the USA can be trusted to make recommendations to children (with respect to recommended reading material in the libraries).
Re: (Score:2)
lol. They put them there. Not tiktok. (Score:1)
Let's not try to put the onus on tiktok here. This is the state government's fault.
Also almost every site I've been to has a facebook or google tracker. I have yet to see one tiktok one. I use noscript and uMatrix.
Inadvertently? I think not. (Score:5, Insightful)
Tracking pixels do not place themselves inside a web-page. They are either deliberately placed or they come with some library or framework and the developer did not care and did not check for them. They are _not_ hard to find.
Re: (Score:1)
Exactly. They didn't appear because some employee hat TikTok on their phone.
Not TikTok's fault (Score:4, Informative)
Re: (Score:3)
Re: (Score:3, Interesting)
Yep, it should not be that hard for them to bring up another Drupal instance [opensenselabs.com] without a bunch of BS on it, and it can even do tracking with opt in/out [drupal.org] to comply with visitors' privacy requirements.
Re: (Score:2)
That's not really the point of the propaganda.
The point is, "see government uses them, so you can't ban TikTok because that somehow follows". It's not very effective propaganda, but Pooh doesn't have a lot to work with.
trust (Score:2)
If you don't trust TikTok then don't advertise there, then you won't need tracking that you then complain about. Or don't bother with the tracking part, like how advertising used to be - you put an ad in a publication and you have some idea of the number of copies going out and where they are going but you don't have a way to count each and every view and reaction. The 21st century is dumb as fuck.
It's cruft like that ... (Score:3)
... why I've always used NoScript on Firefox and nowadays nMatrix on Pale Moon. If content doesn't come from your website, my browser has no need to download it.
There's so much bloat on websites from frameworks and advertising tracking and social media links, it's like having a news crew follow you as you walk down the road, broadcasting everything you do.
Re: (Score:2)
... why I've always used NoScript on Firefox and nowadays nMatrix on Pale Moon. If content doesn't come from your website, my browser has no need to download it.
There's so much bloat on websites from frameworks and advertising tracking and social media links, it's like having a news crew follow you as you walk down the road, broadcasting everything you do.
This. Just block everything and then selectively unblock those that you actually need to access the content. You really can't trust anyone these days.
Clickbait title (Score:2)