TikTok and others scrape your data, whether you use their apps or not

Cal Jeffrey

Posts: 3,667   +1,129
Staff member
A hot potato: Data collection has become so ubiquitous that most people just assume that any website or app they use is tracking them. Indeed, even after Apple's recent privacy crackdown, Meta has been caught in the act of scraping personal data via a loophole. However, even the savviest users might be surprised that TikTok is tracking them even though they have never used the company's website or app.

According to a Consumer Reports (CR) investigation published last week, TikTok has been planting trackers called "pixels" on hundreds of websites. Partnering with security firm Disconnect, CR looked into about 20,000 websites searching for TikTok's pixels specifically. The pool included the top 1,000 most visited websites and many of the biggest, .org, .edu, and .gov domains since those tend to have more sensitive user data.

The study found that hundreds of companies share data with TikTok. Some prime examples of websites allowing TikTok to embed pixels include the United Methodist Church, Weight Watchers, and Planned Parenthood. Perhaps most disturbing is the Arizona Department of Economic Security's sharing of user data regarding visits to its domestic violence and food assistance pages. By the way, none of these groups would respond to CR's requests for comment. Big surprise.

"I was genuinely surprised that TikTok's trackers are already this widespread," said Disconnect's Chief Technology Officer Patrick Jackson. "I think people are conditioned to think, 'Facebook is everywhere, and whatever, they're going to get my data.' I don't think people connect that with TikTok yet."

"The only reason this works is because it's a secret operation. It shouldn't be happening in the shadows." — Disconnect

Consumer Reports says that the number of Meta and Google pixels it found dwarfs TikTok's by a long shot. However, it pointed out that TikTok's advertising platform is just getting started, whereas Google and Facebook/Meta have been at it for years.

Consumer Reports was mainly concerned with personal data from organizations with which users would likely have an issue, like hospitals or advocacy groups. Analysts looked closely at the identified TikTok pixels to see what information they shared. TikTok pixels regularly transmit visitor IP addresses, unique ID numbers, pages users view, and what they click and type. It also has access to search requests. All of this is regardless of whether or not the user has a TikTok account.

When asked for comment, TikTok spokeswoman Melanie Bosselait said, "Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services."

Bosselait added that her company does not create profiles to sell to advertisers. She also claims that data from non-TikTok users is only used for "aggregated reports that they send to advertisers about their websites."

"We continuously work with our partners to avoid inadvertent transmission of [certain sensitive] data," TikTok claims. This type of information would include anything about health conditions, personal finances, or children.

However, CR states that previous investigations have shown that even though sites like Meta and Goole have policies barring transmitting sensitive data, trackers often send it regardless. TikTok's pixels are no different.

For example, CR looked at the national Girl Scouts domain and found that TikTok has a pixel on every page of the website that can transmit personal information if a child is visiting. The analysts also found that searching for "erectile dysfunction" on WebMD resulted in the tracker reporting the query back to TikTok.

Those are just a couple of examples that returned sensitive information to the company despite its privacy statements and rules. If users knew a website they do not even visit had access to this data, they'd likely be outraged.

"The only reason this works is because it's a secret operation," said Jackson. "Some people might not care, but people should have a choice. It shouldn't be happening in the shadows."

Some company executives were unaware of what data their firm was sharing or to whom. Consumer Reports informed the Mayo Clinic that its public website (not the patient portal) was sharing data with TikTok. Disconnect checked later to find that the clinic had removed the TikTok tracker but that the site still used a "considerable number" of other pixels, including those from Microsoft, Google, and others.

Currently, there is not much that consumers can do about this situation. However, CR notes that switching to more privacy-friendly browsers such as Firefox or Brave and strengthening security settings can reduce a lot of tracking. Privacy-protecting extensions are helpful too.

Image credits: TikTok App by Solen Feyissa, Data Value Chain by Open Data Watch

Permalink to story.

 

DSirius

Posts: 368   +773
TechSpot Elite
A very good written article. Keep posting.
Hope that in near future to have browser extensions to completely block Tik-Tok, or Facebook, Instagram aaaand..... Google?
Would be the ultimate irony that in Chrome to have an extension to block Google to spy on users.
 

Plutoisaplanet

Posts: 849   +1,363
Barely a month ago, TikTok was also found to log all information on any pages you visit from the app, including passwords/credit cards and they would send it to their servers: https://www.techspot.com/news/95688-tiktok-app-browser-found-recording-keystrokes.html

Other social media apps also show an in-app browser and may do similar things, but I believe TikTok gave you no option to open the page in your default web browser. Not sure since I've never used it though and probably never will.
 

MyIOnU

Posts: 128   +291
CCP knows with a little money, they can buy anyone. Thic Thot should be banned long time ago.
Even CCP won't let their own people to get on Western version of Thic Thot.
 

envirovore

Posts: 533   +982
TechSpot Elite
That's why you use EFF's Privacy Badger in all your browsers. Always.

https://privacybadger.org/

That paired with Decentraleyes and uBlock Origin with all filter sets enabled and firefox's built in settings set to strict.
It's still probably not enough to prevent it all, at least helps mitigate most of this stupidness though.

Edit: this set up applies to both my desktop and phone.

Edit edit: if anyone is still for some reason using the Ghostery extension (which was supposed to do the same thing as Privacy Badger), remove it.
Many years ago now they sold out and would allow trackers from companies that paid them through, much like how AdBlock+ sold out to allow ad networks through if they paid them.
 
Last edited:

envirovore

Posts: 533   +982
TechSpot Elite
A very good written article. Keep posting.
Hope that in near future to have browser extensions to completely block Tik-Tok, or Facebook, Instagram aaaand..... Google?
Would be the ultimate irony that in Chrome to have an extension to block Google to spy on users.

Google won't allow that. As it is adblocking extensions have to allow ads from Google's network though on Chrome because Google got salty over their network being blocked.

Chrome is as much a cancer to the internet as social media sites and their tracking habits. Hell, it's more damaging than those sites even.
 

envirovore

Posts: 533   +982
TechSpot Elite
Maybe a follow up 'how to' on blacklisting not only the 'base' home page of these social media cancers, but their all their known content delivery networks as well (such as cdn.facebook[dot]com) should be in order.
 

PeekABo0

Posts: 6   +7
So...other BIGGER companies are doing it too, longer and taking more information...and the article decides to single out Tiktok only, well done
 

Hodor

Posts: 264   +183
TikTok, How Dare You!!!

<image of Greta here>

Planting pixels everywhere. Covertly, without consent. Mimicking Gogle spying network. Did you get a permission from Google to use their techniques? To me this is a clear case of copyright violation.