Many governments and businesses worldwide have banned or restricted the use of popular video app TikTok out of security concerns. In this second article of a six-part series on social media, cybersecurity expert Ben Finn details for Reporters Without Borders (RSF) the risks to which journalists may be confronted while using TikTok, and provides safety advice. 

Generally speaking, journalists should avoid using TikTok if possible, and take serious precautions if not – especially while reporting on China. TikTok is the international version of Douyin, a Chinese short-form video hosting service launched by ByteDance in 2016. With its user base younger than most social media sites being predominantly teenagers and “Gen Z” –,TikTok can appeal to journalists who want to reach a younger audience or understand youth culture and issues. However, using the platform poses significant security risks. 

Main risks

  • Suspected censorship on certain topics. LGBTQ+ and other content that the Chinese regime disapproves of has repeatedly been censored on TikTok. Only when this was made viral by journalists did TikTok respond, excusing the censorship as a “coding error,” though it could suggest coordination with the Chinese government’s censorship guidelines.
  • Unusually extensive collection of data. TikTok’s privacy policy outlines the data it collects, which includes “device brand and model, Operating System (OS) version, mobile carrier, browsing history, app and file names and types, keystroke patterns or rhythms, wireless connections, and geolocation,” as well as “the content of [messages] and information about when [messages are] sent, received and/or read.”
  • Employees can access user data. A Buzzfeed News report from June 2022 found that China-based TikTok employees are able to access the data of users in other countries, including the USA, despite TikTok’s developer Bytedance promising this would not be possible.
  • Employees have used location data to track journalists. In December 2022, TikTok admitted that employees had used the location data of journalists to identify the reporters’ sources within the company after information had leaked.

Recommendations

← Read Part 1: General recommendations
→ Read Part 3: Facebook
→ Read Part 4: Instagram
→ Read Part 5: X (formerly Twitter)
→ Read Part 6: Weibo

Written by Benjamin Finn. From Houston (USA), Benjamin has been in the IT field for a decade, during which his primary focus was the deployment of internal enterprise tools across large enterprises, including cybersecurity focused efforts. He has been engaged in training on proper security in the context of an oppressive nation-state, specifically in Myanmar. He has also been working with multiple groups in Taiwan to train them on proper security and safety measures.

2 Comments