国外研究机构(五角大楼)对TikTok开展的大量调查结果

Buckle up folks, it's about to get pretty wild.

直接上源代码!https://penetrum.com/tiktok/Penetrum_TikTok_Security_Analysis_whitepaper.pdf

感谢bangorlol实干型选手为我们提供了如此多的证据!不整理了,直接贴原文!

Question:
Is there a Snopes for this? I'm sure there are skilled engineers at NSA, FBI, GCHQ, etc... that are capable of RE TikTok. If this app is as nefarious as you're stating, why aren't government agencies (or reputable private cyber security organisations) coming forward with this commentary?

Anser:
Ummm.. they have. The Pentagon has already deemed a threat to national security a few months back. It cannot be installed on government issued phones.
https://www.military.com/daily-news/2019/12/30/army-follows-pentagon-guidance-bans-chinese-owned-tiktok-app.html

Plenty of cyber security firms already publishing their findings. Google search is your friend! https://penetrum.com/research https://blog.zimperium.com/zimperium-analyzes-tiktoks-security-and-privacy-risks/

"We do not allow it on government phones." Is not the same as "the Chinese government is spying on everyone."

I'd wager many government issued devices aren't able to visit bangbros either. Are tits a security threat too?

I'm still not seeing the level of proactive engagement from credible western governments that would otherwise lend some authenticity to this claim. Without this kind of support, the anti TikTok movement comes across as biased/racist and as little bit like "the sky is falling" fear mongering.

I've signed up for the Zimperium research, looking forward to reading their report (and others like it), and I'll be happy (horrified?!) to change my position and advocate for the removal of TikTok from my loved ones devices.

https://www.classaction.org/blog/tiktok-quickly-settles-child-data-collection-case-still-faces-class-action-alleging-data-sharing-with-china

https://www.chicagotribune.com/business/ct-biz-tiktok-illinois-biometric-privacy-lawsuit-20200513-jogjwzp4ofa67nu6pwsduxz7si-story.html

https://www.businessinsider.com/tiktok-class-action-lawsuit-sending-data-china-2019-12

https://www.businessinsider.com/us-government-agencies-have-banned-tiktok-app-2020-2

First three links are settled lawsuits that didn't even get to the discovery phase (two might be the same case) - TikTok just threw money at them to make it go away. The last one is from February this year and outlines which areas of the US government are banning the app and citing the rough reasons as to why. I'm guessing they've had their guys look into the app and made the decision to ban it based on that.

They might be keeping things quiet for intelligence reasons, like they found a backdoor they can leverage or something. TikTok had quite a few vulnerabilities back when I was actively reversing it, so that could be a reason.

https://www.classaction.org/blog/tiktok-quickly-settles-child-data-collection-case-still-faces-class-action-alleging-data-sharing-with-china

First lawsuit: COPPA violation, settled.

Second lawsuit: general claims of data collection without privacy agreement (reasonable suit, but data collected is not different from any other social media app). Claim that app performs "eager upload" of videos, after user records a video but before user posts it (reasonable complaint, but not clearly nefarious given that eager upload is a legitimate performance optimization).

https://www.chicagotribune.com/business/ct-biz-tiktok-illinois-biometric-privacy-lawsuit-20200513-jogjwzp4ofa67nu6pwsduxz7si-story.html

This is an absolutely absurd lawsuit. They're claiming that because TikTok has face filters, and to use those filters the app has to scan for faces, any use of filters or uploading of video constitutes collection of "biometric data". "We are suing because we don't understand how facial recognition works."

https://www.businessinsider.com/tiktok-class-action-lawsuit-sending-data-china-2019-12

Same as earlier, unexpected "eager upload".

https://www.businessinsider.com/us-government-agencies-have-banned-tiktok-app-2020-2

Various government agencies and departments have banned TikTok on phones. Makes sense, given the Chinese government has the ability to use it for intelligence (both direct access to ByteDance's servers, and potentially through insertion of a targeted backdoor). This isn't surprising, though. No government org should run software it doesn't trust, especially in national security contexts. Similarly, the US military probably shouldn't allow Yandex browser, or apps from other Chinese companies. And the Iranian military shouldn't allow the app "CIA Front Corp presents: Candy Blast 3000".
4
分享 2020-08-05

0 个评论

要发言请先登录注册

要发言请先登录注册

发起人

真理、正義、勇氣永不灭

状态

  • 最新活动: 2020-08-05
  • 浏览: 1188