“This is a non-trivial engineering task. This does not happen by mistake or randomly.” Eventually, policymakers and journalists need to accept that the culture of internet platforms guarantees they will always choose the alternative that produces the most harm for users. https://t.co/Q3His1PLKP
— Roger McNamee (@Moonalice) August 19, 2022
Wow, what an honour to have my work featured on @forbes
— Felix Krause (@KrauseFx) August 18, 2022
Including statements by TikTok confirming the code I found exists and does what I expected.https://t.co/1p8hOwQBWN via @richardjnieva pic.twitter.com/13M78cHEEy
As reported by @VICE: the researcher walks back his claims, saying that his report “doesn’t say TikTok is actually recording and using this data," and re-emphasizing that he can’t talk about if and how the system is actually being used. https://t.co/MdtTsEguui
— TikTokComms (@TikTokComms) August 19, 2022
NEW: A developer says TikTok "can monitor all keystrokes, including passwords, and all taps" in its in-app browser.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) August 19, 2022
The company denies doing this, and another researcher said there's no evidence this is happening. https://t.co/gmw3hT7wFE
The report's conclusions about TikTok are incorrect and misleading. Contrary to its claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring. https://t.co/eUl9hikO3h
— TikTokComms (@TikTokComms) August 19, 2022
NEW: TikTok's in-app browser injects code that could let the company monitor a user's keystrokes and taps on outside websites, according to research by @KrauseFx https://t.co/7mrBvPmIs2
— Richard Nieva (@richardjnieva) August 18, 2022
This isn’t just about TikTok, but also in-app browsers that inject JavaScript in general
— Jane Manchun Wong (@wongmjane) August 19, 2022
Let alone what the injected script does, the fact it alters third-party webpage w/o explicitly informing the user is overreaching
I talked to @nytimes about it:https://t.co/Faq0ljXwN2 pic.twitter.com/sh9WttjzUW
“Tiktok strongly pushed back at the idea that it’s tracking users in its in-app browser. The company confirmed those features exist in the code, but said TikTok is not using them.”
— Rakesh Agrawal (@rakeshlobster) August 19, 2022
Then remove the code. You don’t accidentally include spyware, which is what this is. https://t.co/ppqcuaqK3D
While there's no evidence that TIkTok *collects* keystokes, this isn't the first time the company has been suspected of *tracking* users' typing. And the fact TikTok has code in its app that could allow it to do so is worrying, say researchers.https://t.co/XXtPObUK8N
— Ryan Mac 🙃 (@RMac18) August 19, 2022
This should be illegal. https://t.co/ZTQlwgA5nX
— Whitney Merrill (@wbm312) August 19, 2022
"The company confirmed those features exist in the code, but said TikTok is not using them." https://t.co/P3gHkygWQT
— John Paczkowski (@JohnPaczkowski) August 18, 2022
serious question: can we just get rid of in app browsers? is there any reason we need them vs just opening links in the system browser? https://t.co/EWviU1uSAi
— J Emory Parker 🏳️🌈 Subscribe to STAT+ (@jaspar) August 18, 2022
FYI: At least on Instagram you can just dm the address to yourself to try it. No need to send it to a friend.
— Holger Eilhard (@holgr) August 18, 2022
How long till apple gives us the option to turn off in-app browsers. https://t.co/M9g4jNAFfq
— Ian (@Ianmurren) August 19, 2022
A security researcher's post about TikTok's in-app browser went viral. They said TikTok could steal passwords, credit card info with it. Lots of outlets ran with it.
— Joseph Cox (@josephfcox) August 19, 2022
Spoke to TikTok, they strongly deny. Actually no evidence TikTok *is* doing this https://t.co/hUxZRZzGhV
I have asked this question for the last few years: “what will it take for you to care about who is watching you even if ‘you are doing nothing important’”
— Brian Roemmele (@BrianRoemmele) August 19, 2022
Take a moment and contemplate what you have agreed to and speculate what value it has to the folks that ultimately use it. https://t.co/24OUoxoTMM
TikTok is capturing every keystroke you make on their in-app browser - including potentially passwords and credit card details - but don’t worry, it’s just for “troubleshooting”: https://t.co/zeNSr2lb0s
— James Paterson (@SenPaterson) August 19, 2022
When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information)
— Felix Krause (@KrauseFx) August 18, 2022
TikTok also has code to observe all taps, like clicking on any buttons or links. pic.twitter.com/Dcv0N4ccKD
As reported by @VICE: the researcher walks back his claims, saying that his report “doesn’t say TikTok is actually recording and using this data," and re-emphasizing that he can’t talk about if and how the system is actually being used. https://t.co/MdtTsEguui
— TikTokComms (@TikTokComms) August 19, 2022
Once again @tiktok_us is playing games. Perhaps they’re not collecting keyboard data via the browser; BUT, that’s because the TOS of the app already grants this access/permission. Read the spokesperson’s statement carefully—it’s only about the browser.https://t.co/v1Gxk60Fg8
— Klon Kitchen (@klonkitchen) August 19, 2022
Yet another horrifying article shows TikTok has a back door on its iPhone app that lets it scrape passwords. Their defenders acknowledge that it CAN but say there's no evidence it does. 🤣 #BanTikTok #BBIG $BBIGhttps://t.co/vUAE7dxEMd
— John Colucci, Prison Commissary CEO (@FloridaUnemplo1) August 19, 2022
"...this is the equivalent of installing a keylogger on third party websites.”
— Brett Johnson (@GOllumfun) August 19, 2022
Beware of TikTok. Addictive. Fun. Dangerous.
And if you haven't watched episode #42 of the Brett Johnson Show which discusses TikTok--you may want to.https://t.co/jC9n6rsfca
"TikTok's custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor "all keyboard inputs and taps" while a user is interacting with a given website" https://t.co/zb9mkurlpg - IABs are a boil on the bum of the Web.
— Bruce Lawson (@brucel) August 19, 2022
TikTok is capturing every keystroke you make on their in-app browser - including potentially passwords and credit card details - but don’t worry, it’s just for “troubleshooting”: https://t.co/zeNSr2lb0s
— James Paterson (@SenPaterson) August 19, 2022
TikTok's In-App Browser Reportedly Capable of Monitoring Anything You Type https://t.co/CvJR1VtVXJ
— Matt Navarra (@MattNavarra) August 19, 2022
This site exposes the creepy things in-app browsers from TikTok and Instagram might track https://t.co/PDExumUC2G pic.twitter.com/VipdnvSbRr
— The Verge (@verge) August 19, 2022