Social media apps read your keystrokes
Surprise, surprise, TikTok is able to track what its users type inside the app’s browser. Hands up who isn’t surprised. No, not you, Donald Trump. (Unless you are lifting your hands for the FBI’s handcuffs.)
News broke this week that TikTok can track everything inside its own browser after privacy researcher Felix Krause’s blockbuster warning. “While you are interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click,” the former Google engineer wrote.
This can include passwords, credit card information and other sensitive user data, which “is the equivalent of installing a keylogger on third-party websites,” he added, specifying he had only tested this in Apple’s iOS operating system.
This has obviously got all the privacy conspiracy theorists and Chinese haters frothing at the mouth – even if other apps also offer such in-app browsers and can just as easily track your behaviour.
Chinese-owned TikTok responded that “contrary to the report’s claims, we do not collect keystroke or text inputs through this code”. It said this unnecessarily intrusive software is for “debugging, troubleshooting and performance monitoring”.
Krause says that other apps, like Instagram and Facebook, “inject JavaScript code into third-party websites that cause potential security and privacy risks to the user”.
They’re owned by the biggest surveillance capital firm in the world (playing a sleight of hand by renaming itself Meta), which is notorious for tracking its users (and non-users) as they wander across the web.
What really surprises me, though, is that people use the in-app browser inside any app. Why would you? If you are less security inclined and you save your passwords inside a browser – or if you use Apple’s Keychain or a password manager like LastPass – then there’s no need to save your user name and password in another browser.
Since it is the only social media app on my phone, Twitter, for instance, always launches links in its own browser. Why? Because it keeps you inside the app. When you finish reading that New York Times article about Krause’s findings and click done, you’re still inside Twitter. That’s what Twitter, or in this case TikTok, wants you to do – keep you where they can show you advertising. The same is true in Facebook and Instagram.
I specifically use software from two companies that don’t data-mine me as a user – Apple and Microsoft. On my phone I alternate between Apple’s Safari and Microsoft Edge. Being the underdog really suits Microsoft, as the excellent browser attests.
As an aside, there are many good reasons not to use Google’s Chrome browser – which is generally a resources hog. But Google makes its money from surveillance capitalism and therefore is more focused on tracking its users than privacy. To protect yourself, you need to change a number of settings and harden your privacy.
So, why would you ever use the browser in an app that makes money from selling advertising to you? It’s like Arthur Fraser leaning over your shoulder while you are browsing anything. These apps actively data-mine you to know more about your activity. Why would you trust them with your login details? For anything?
What were you thinking?