flexghost.Mar 10, 2024

The teens of america are uniting!

To end war? No

To solve world hunger? Nope

To stop congress from banning TikTok? Yep

After the spyware… (ahem) after the app supplied users with numbers to call, one teen threatened “I promise you do not ban TikTok. If you want a January 6th riot, that's what's going to happen. Don't do it”

…this, after giving their full name and address at the start of the call
(Via Politico)

And the calls keep coming

We’re about to see the wackiest uprising ever 🇺🇸

Show thread@infosec_jcp 🐈🃏 done differentlyMar 10, 2024

@flexghost

Strange how this is a 1:1 thing w/ Mark Meta also yet no one is up in arms about doing a Meta ban. >.<

"But, the hosting provider!" 😂

Show threadmozzMar 10, 2024

@infosec_jcp @flexghost

They are not the same thing. Facebook is bad too (and actually, a platform-neutral legal restriction based on behavior would be better, credit to @maynarkh for pointing it out), but TikTok is absolutely unique in the type of threat it poses:

  • The Chinese government treats communication networks as their personal hoovering-attachment for any data they might want. Companies are required by law to operate as an arm of Chinese intelligence, both in terms of giving information and in terms of manipulating what information people on their network are allowed to see.
  • It's not just your TikTok data. It's photos and files on your phone, your contacts, your messages, basically anything that the app with its too-permissive permissions can get its hands on, can potentially go up to Chinese intelligence.
  • TikTok is not structured like any other app. It has features like custom-downloading and running arbitrary binaries from its central server that honestly don't even make much sense except as spying apparatus (consistent with #1).
  • What China might do with this unprecedented level of access to everyone's phones is malevolent in a different way than, say, Facebook's access to everyone's data. Like Facebook they have the ability to e.g. influence an election, but they also have the ability to try to blackmail an individual to compromise them, or do for-real torture in the real world (say by tracking down a dissident via TikTok spying and then having one of their little Chinese-police-in-America units grab them).

    • Citations:

  • https://thehill.com/opinion/cybersecurity/532583-for-chinese-firms-theft-of-your-data-is-now-a-legal-requirement/
  • https://www.proofpoint.com/us/blog/threat-protection/understanding-information-tiktok-gathers-and-stores
  • https://www.currentware.com/blog/block-tiktok/
  • https://www.businessinsider.com/china-hong-kong-spy-agency-official-presence-national-security-laws-report-2020-6 https://www.npr.org/2023/04/17/1170571626/fbi-arrests-2-on-charges-tied-to-chinese-outpost-in-new-york-city
    • For Chinese firms, theft of your data is now a legal requirement

    Cooperating with Chinese firms means cooperating with the Communist Party and its predatory mining of data and other property.

    The Hill
    Show thread@infosec_jcp 🐈🃏 done differentlyMar 10, 2024

    @mozz @flexghost @maynarkh

    I'll say it again. Same. 1:1. Arguments.

    Change the company name above to Meta in your arguments.

    Same. Arguments. ☑️✅✔️

    Meta is a #malware company masquerading as a Banner AD company. No more. Definitely Less due to Leadership issues.

    TikTok is run by a former Facebook Intern who is now CEO.

    So how's that project going again, Oracle Systems? What was that project name to localize this in TX data centers for TikTok? ✔️🦉📰🗞️

    (Edit: #ProjectTexas, by #OracleSystems, a former client, on #OracleCloud !) 😂

    This: https://www.washingtonpost.com/technology/2023/02/02/ticktok-transparency-center-opens/

    TikTok launches charm offensive amid calls to ban the app

    It's part of an effort to mount a public relations campaign to counter claims the app is a threat to U.S. national security.

    The Washington Post
    Show threadmozzMar 10, 2024

    @infosec_jcp @flexghost @maynarkh

    Wat

    Where in Facebook's app can it download a custom binary to an individual user's computer and run it on behalf of Chinese state intelligence?

    Show threadEl Jefe "Mar 10, 2024

    @mozz @flexghost @infosec_jcp @maynarkh lol you're funny.

    It absolutely can and does.

    My generation used to call it Zinga.

    Show threadmozzMar 10, 2024

    @eljefedsecurit

    @flexghost @infosec_jcp

    You're on a server called "infosec.exchange" and you can't tell the difference between the user initiating a download of a thing which is the same for everybody, which provides a function the user wants to have on their phone... and the company initiating a download of a custom thing they want on one user's phone in particular, which isn't available for anyone else to try to analyze, invisible to the user, without telling the user about it?

    Show thread@infosec_jcp 🐈🃏 done differently

    @mozz @flexghost @maynarkh @eljefedsecurit

    So your comment about the Google Play store and Apple app Store and what happens there applies the same, obvs.

    Mentioning what users of this do or don't pay attention to DOESN'T change the targeting btw.

    Educating you on the SPYWARE on YOUR computer will probably be a funny story though tech bro. 😂

    Mar 10, 2024 at 4:44pmWeb