TikTok Can Now Collect Biometric Data

Comments

echo • June 14, 2021 10:41 AM

Oh, the old codification of intent wheeze. We know where this is heading before they begin. That’s where the US is with its “freedom of speech” and institutional hands off approach to business regulation, and privacy backdoors via judicial rulings on ownership of private data and the Patriot Act etcetra.

TikTok is the international version of Douyin as it is known in China.

Ooh look. Zoom is owned by a Chinese-American.

I’ve never used TikTok nor Zoom regardless of whoever the ultimate owner is. They strike me as being so much mind pollution and junk. Ditto Whatsapp and Telegram Messenger etctera.

I guess being European and within the jurisdiction of the European Court of Human Rights has its pluses. The ECHR is really just a container for UN human rights obligations the US by and large choses to ignore so there is a lot of shooting itself in the foot by the US. I have been told by a US “certified professional” in law that the US versus UN treaty obligations is essentially settled law but in my opinion it’s more of a stitch up by out of touch nodding dog long in the tooth job titles. China and Russia too when you get down to it.

TimH • June 14, 2021 11:25 AM

“Zoom is owned by a Chinese-American” is just prejudice. Don’t judge a person by country of origin, unless you want to accept responsibility for your own country’s atrociticies. Any EVERY country has a history to hide.

FYI “Chinese-American” simply means American, because China doesn’t allow dual nationality. I’m actually dual nationality – ooh, obviously I’m high risk then!

Tatütata • June 14, 2021 11:44 AM

ByteDance (aka Douyin), the parent company of TikTok has something like 6-7 thousand (!!) patent applications in its name, far too many to assess in a few minutes. Using “biometr*” as a limiting keyword returns zero results, but with “face”, “head”, or “person”, I could find a few that are probably an indication of what they’re generally after, i.e. identifying attributes such as age and emotion, from uploaded videos, and processing the videos in accordance. Not Han. Uyghur. Not happy. Cancel social credit. Go to jail. Do not pass GO. Do not collect $200.

Sample:

CN110163171A / WO2020238321A1 : [A method] for identifying ages. A specific embodiment of the method comprises the steps of extracting a face image set from at least one figure video in response to obtaining the at least one figure video published by a user; […] According to the embodiment, one or more persons displayed by at least one person video released by a user can be subjected to age recognition.

US11023716: An embodiment of the method includes extracting an image sequence from a person-contained video to be processed; identifying emotions of the faces respectively displayed by each of the target images in the image sequence to obtain corresponding identification results; based on the emotional levels corresponding to the emotion labels in the identification results corresponding to each of the target images, extracting a video fragment from the person-contained video, and acting the video fragment as the stickers. The image sequence comprises target images displaying faces; the identification results comprise emotion labels and emotional levels corresponding to the emotion labels. The embodiment can extract the video fragment from the given person-contained video to act as stickers based on the facial emotion match, which can achieve the generation of stickers based on the facial emotion match.

Etienne • June 14, 2021 12:07 PM

Like 9/11, when the country has no Air Defense worthy of the name, the country now has no Cyber Defense worthy of the name.

It’s like Congress allowing citizens to own nuclear weapons, while legislating fearsome 22 cal rifles as contraband.

The Smart Phone has been militarized, and the peasants sitting in their offices are just waiting for the next hijacked transport to kill them, while the centimillionaire politicians shout “Never Again” or “Lest We Forget” or “Wow, that’s not right.”

jones • June 14, 2021 12:16 PM

This isn’t surprising. The iTunes EULA makes you promise not to use Apple products not to develop nuclear weapons.

“You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture, or production of nuclear, missile, or chemical or biological weapons”

https://www.apple.com/legal/internet-services/itunes/dev/stdeula/

These agreements take the place of product liability. These agreements let them do whatever they want. Literally.

echo • June 14, 2021 1:06 PM

@TimH

“Zoom is owned by a Chinese-American” is just prejudice. Don’t judge a person by country of origin, unless you want to accept responsibility for your own country’s atrociticies. Any EVERY country has a history to hide.

FYI “Chinese-American” simply means American, because China doesn’t allow dual nationality. I’m actually dual nationality – ooh, obviously I’m high risk then!

His being America isn’t the big sell some people think it is. I also recall if you were previously a Chinese citizen and land in China and do something naughty things do not go well for you. But anyway while my language was loose and careless I accept some people will have read things into this I’m also equal opportunity with my criticism. The main issue is the US is a bad environment on a number of critical human rights issues along with Russia and China. No the EU is not perfect but the legal framework is superior in lots of ways from a human rights perspective.

Dual-nationaliy is always an individual thing given the spectrum of opinions and attitudes. That’s not to say natural born patriots and their ilk are not without their problems too.

But no. I feel the main issue is the lack of adhering to UN obligations. It covers not just human rights but equality and, yes, reparations. Reparations isn’t necessarily the cash cow some on either side of the fence may think it is but more a framework for resolving injusticies which may inlude but not be limited to legislative changes, financial compensation where appropriate, various policy measures to address equity, and so on. And that rather neatly takes care of the “historical” issues you allude to.

Scott Lewis • June 14, 2021 1:10 PM

@echo Free speech is hardly an issue here. In any event, look at my phone, there’s no Tik Tok app. That was easy.

Clive Robinson • June 14, 2021 1:18 PM

@ jones,

The iTunes EULA makes you promise not to use Apple products not to develop nuclear weapons.

Actually it’s the “traditional” not “extended” notion of NBC WMD.

It’s there to stop the “nuttery” in the US legal system. We used to be horified at the idea of “Ambulance Chasers” and their notion of when there was a hurt there was someone who could be sued.

The usual attacks were against the fast food industry for coffee that was too hot etc. So US legislators under the influence of lobbyists and a lot worse effectively changed the law.

Well with US domestic terrorism on the rise[1], a company with large amounts of assets, and lets be honest Apples off shore cash reserves are eye wateringly large, thus a “Target of Opportunity” for some legal low life to make a name for themselves by carving off a chunk of that cash…

By putting that wording in Apple buy themselves some protection from opportunist lawers and the resulting law suits.

Thus the wording is,

A Product of US get rich quick culture.

As are the lawyers who start those “where there’s blaim make a claim” cases by inventing new forms of blaim way faster than you can say “Are you for real?” to them.

[1] The question of the rise in “domestic terrorism” is not that traditional terrorism has increased significantly in the US itvhas not (no thanks to the waste of resources “Security Theatre” is). What has happened that the coverage or scope of domestic terrorism gets extended to keep the security theatre cash flowing to the “favoured few”… It probably won’t be too long before sneezing/coughing in public becomes “Domestic ‘Bio Terrorism'” or some such…

MarkH • June 14, 2021 2:50 PM

@Jones:

I’m forbidden to use my iPad in the production of nuclear weapons?

My bad

Rick • June 14, 2021 3:27 PM

Let’s face it. With TikTok’s nude content, the biometric data will be much broader in scope.

lurker • June 14, 2021 3:55 PM

This must be several centuries old, q.v. “Labarynth” by David Bowie, where the door knockers not only analyzed a visitor’s intentions, but took it a stage further: the visitor was forced to make a binary decision about the result of their intention, without knowledge of an arbitrary influencing factor behind the door.

SpaceLifeForm • June 14, 2021 5:37 PM

@ jones, Clive

It seems to me that Apple is trying to avoid getting pulled into 3rd party lawsuits.

Just because I know how to make a nuclear bomb (I do), does not mean I have the material to do so. And, even if I was trying to do so, and trying to acquire the material, it would not happen online.

The iTunes EULA most likely is more oriented towards the missile, or chemical or biological weapons.

Then again, I do not live in Iran.

echo • June 14, 2021 9:15 PM

Reading up more on TikTok not only is it a privacy thief but it has serious human rights problems with respect of content and moderation. The whole thing seems like a ghastly dare and management have no excuses. As for the celebrities who flocked to it don’t their marketing advisors do any due diligence or are they too busy counting the cash?

Tatütata • June 14, 2021 9:30 PM

Re: nuckular prohibition

I guess the folks at Lawrence Livermore will have to get their CDC 7600 out of mothballs. But where will they get the freon?

CFCs: another WMD, brought to you the same fellow who gave you lead tetraethyl…

Re: McDonald’s coffee. I recommend the 2011 documentary “Hot Coffee”, in which the Liebeck v. McDonald’s Restaurants case prominently features. It presents the issue from the point of view of the plaintiffs, and how it was transformed by some corporate PR flack as some sort of “only in Murica” talking point. I also vaguely remember some scholarly law reviews out there.

Tatütata • June 14, 2021 10:10 PM

I should add that the legendary American litigiousness does have its advantages, despite less than perfect independence of the judiciary and the weirdness of the legal framework.

In the US, Volkswagen had to pay reparations to their buyers for the diesel scandal as a result of class action lawsuits, in addition to the federal and state fines.

In Germany, VW’s home turf, each car owners had to sue the manufacturer individually. Those who persisted got far less–or nothing at all.

Clive Robinson • June 14, 2021 10:18 PM

@ SpaceLifeForm,

Just because I know how to make a nuclear bomb (I do)

Including the “golf-ball” that acts as “the eye of the storm” at the start and significantly upps the yield?

Oh and the fix for that plutonium-240 problem…

Most of the rest you can find in the documents I mention in note 3 of,

https://www.schneier.com/blog/archives/2018/01/detecting_drone.html/#comment-315052

(which is also up on the wayback machine).

I have copies of the documents tucked away, not I will note in the dead tree cave.

Back last century when computers still generated as much heat as small steam engines, for a project I tried writing a hydro-code simulator and outputing it on an HP Vector Graphics terminal. A lack of horse power led me to switch late in the day to writing a much simpler but graphically more exciting satellite orbit calculator and display. I still have the “punch paper tapes” of both projects in “tobacco tins” one being the all important “points of the world” that produced a map that had uniform degree reticule. That also went into another graphics project to simulate the same sort of display as the WOPR did in “War Games”. Ironically it ran on my Apple ][ and it was only years later I found out –because I was asked by someone who worked at London’s Shepperton Studios– that in the original film the WOPR stage set ran on an Apple ][ driven by a stage hand inside it who typed away at the Directors bidding.

Clive Robinson • June 14, 2021 11:42 PM

@ Tatütata,

CFCs: another WMD, brought to you the same fellow who gave you lead tetraethyl…

Well the idiot[1] did get hung by his own petard according to “stories” he poured TEL on his hands as part of an excercise to convince people it was safe… Which it was not[2], and the hands later withered. He was also known to be irrational and tempestuous that effectively got him sacked from his vice-presidents job (just another two of TEL’s known side effects). He realy should have been locked away for “Corporate Murder” due to the number of deaths he caused in the TEL factories he was responsible for. But no… He got medels and awards of honour and GMC profited greatly…

He should have known better organo-metalic compounds have been known for centuries to be poisonous.

I can not mention the chemical again as it caused some one to complain last time and the comment to get moderated.

But some can cross the blood-brain barrier causing a rather unpleasant death from just a single drop getting on your skin. Which it can do because it easily passes through most normal chemical protection such as IPE/PPE cloathing, gloves etc.

But there is an ironic side to TEL and you mentioning WMD in the same sentance…

A US company manufacturing TEL in the UK claimed to be the only place in the world making the “antiknocking agent” and they sold vast quantities to poor countries including North Korea and Iraq… So US/UK sending WMD…

https://www.independent.co.uk/news/uk/home-news/made-britain-toxic-tetraethyl-lead-used-fuel-sold-world-s-poorest-8449967.html

[1] Thomas Midgley Junior, engineer and chemist, and otherwise certifiable madman with sever lead poisoning,

https://en.m.wikipedia.org/wiki/Thomas_Midgley_Jr.

[2] TEL’s health down sides, that used to be called “Toxilogical disadvantages” as a polite way of saying “it kills people”,

https://www.sciencedirect.com/topics/pharmacology-toxicology-and-pharmaceutical-science/tetraethyllead

Duchess Gloriana XII of Grand Fenwick • June 15, 2021 12:47 AM

TikTok is and always has been an obvious data collection operation. I submit to you that ‘defective by design’ technology like this should be illegal. It might be time to bring legal and civic minds in on this. In addition, can we now finally argue that Tiktok (etc) is a national security risk?

Denton Scratch • June 15, 2021 1:13 AM

@Clive: “hung by his own petard”

It’s “HOIST by his own petard”.

A petard was a bomb that you would hang from a doorknob, to blow down the door (I think we are talking about the doors and gates of forts and castles). I have no idea how you would “hoist” someone by a petard. Or hang them. This phrase has always bewildered me.

/dev/null • June 15, 2021 1:27 AM

Well at least they’re being somewhat up front about it. Imagine what YouTube/Google is doing with their vast treasure of data that they’re not telling anyone about.

lurker • June 15, 2021 1:44 AM

@DentonScratch: to blow down the door

there you go then, a petard is used to blow down doors, gates &c. but we usually think of bombs blowing stuff up. Thus when it went off unexpectedly it would lift the victim off the ground, or hoist. Identifying the past participle is left as an exercise for the reader.

name.withheld.for.obvious.reasons • June 15, 2021 2:41 AM

@ /dev/null

I’m thinking it looks something like (boot only from a rc.boot perspective)

mount /VM/kernel /local/BootCoreInstance > /dev/null 2>&1 &

As the VM may actually catch the virtualized instance of /dev/null, duping the dev device node and copying it word for word seems like a place to start.

Clive Robinson • June 15, 2021 3:55 AM

@ Denton Scratch,

In the past I’ve explained the meaning on this blog. As has @JonKnowsNothing just a month ago on May 14th,

https://www.schneier.com/blog/archives/2021/05/ransomware-is-getting-ugly.html/#comment-378489

And yes “Old Bill the bard” did definately say “hoist” and he did mean “hoist up”. Back then “hoist up” kind of ment “thrown up” as in “what goes up must come down” sort of way.

Thus the implication being the “engineer” would plant his mine/bomb on the fortress door and light the fuse, but not get away quickly enough so he would get thrown up in the air by the explosive blast and come crashing down again…

As for “hang down” you should know of a US song[1] the words of which supposedly are,

Hang down your head Tom Dooley,
Hang down your head and cry.

Hang down your head Tom Dooley,
Poor boy your born to die.

But that last line also gets sung as,

Poor boy your gona die.

But as is the case with such things, eventually some whit will have at it and sing the last sentance as,

Hang down your head Tom Dooley,
You’ve got your tie caught in your fly.

Thus things get changed for humorous intent, or sometimes to carry a different meaning or message the audiance will pick up on.

[1] The song like the events it poetrayed is much contested in many ways and History as is often the case is not kind to either heros or martyrs. The story has much doubtdebauchery, lust and jealousy along with Apalacian twang to add spice to it,

https://en.m.wikipedia.org/wiki/Tom_Dooley_(song)

Tatütata • June 15, 2021 9:37 AM

At the risk of sounding macabre, in the context of Midgley’s polio paralysis and (accidental) demise, “hanged” would actually be a better fit than “hung” or “hoist”.

The inventor had plenty of co-conspirators, including Charles Kettering, the celebrated corporate figure. I think he had a lot of good reasons to have his personal archives destroyed after his death.

CFCs proved to be awful in hindsight, but 90 years ago they were considered a “miracle of modern science”.

Ammonia, the refrigerant of choice of the day, was fatal in a number of well publicized and horrible accidents. Modern refrigerators cooling circuits are essentially entirely sealed units, with nearly no possibility of leakage in normal service. But early devices had plenty of fittings, bushings, gaskets, cylinder compressors, etc., which all could go wrong.

There was therefore an incitement to find a solution to this problem. Albert Einstein and his buddy Leo Szilard filed a number of patents for a non-toxic cycle, but which did not find acceptance in the commercial market. (It has however niche application in physics).

The development of freon was however similar to that of TEL, and anticipates “modern” drug discovery: try every possible combinations, patent them, and flog them.

Manufacturers have been peddling a R-12 substitude, R-1234yf. As a coolant it is fine, but it is very flammable and decomposes into fluorine when burning. English language sources commend the product, German ones condemn it. To my eyes, it is puzzling that a product is pushed forward that is objectively worse than propane, which is a good coolant, but also flammable. Propane cannot be patented, this is a possible explanation.

R744 (CO2) is an even better gas, but with the downside of requiring a different cycle and high-pressure fittings.

Today, there is a worrying increase of the concentration of R-12 in the atmosphere, but its source can’t be pinpointed.

We’re f****d.

Returning to TEL, the JU87 dive bombers terrorizing Poland in 1939 used fuel additives produced under a DuPont license. The Mitsubishi Zero bombers over Pearl Harbor were burning high-octane fuel supplied by Standard Oil. There were several congressional inquiries during the war, but even though fines were slapped, there was an obvious and immediate motive not to go too far…

What did Lenin say about capitalists and their bowels?

echo • June 15, 2021 9:34 PM

@lurker

there you go then, a petard is used to blow down doors, gates &c. but we usually think of bombs blowing stuff up. Thus when it went off unexpectedly it would lift the victim off the ground, or hoist. Identifying the past participle is left as an exercise for the reader.

Language use is complex. It can involve neuro-psycho-sociology with imaginative and handwaving or even psychiological feedback. Simply the way words roll together so they require less effort to enunciate is one reason. Some word combinations may appear to break language rules but on a deeper past actually do adhere to rules.

SpaceLifeForm • June 16, 2021 1:38 AM

@ name.withheld.for.obvious.reasons

Do not try to dup /dev from a live environment. There be Dragons.

Nor /proc or /sys, just do not try. Let new environment populate.

Otherwise, you may be dealing with the plutonium-240 problem where things blow up unexpectedly quicker than you can imagine.

Clive Robinson • June 16, 2021 3:53 AM

@ SpaceLifeForm, ALL,

you may be dealing with the plutonium-240 problem

And so a meme is born.

Michael llen • June 17, 2021 2:41 AM

My biometric data is being used for unique identification and financial security, so capturing this data is like validating the use of a keylogger to capture my password, for some, apparently necessary, business-justified reason, but can then be used for illicit activities. How many times, are those who think they know it all, going to force the use of an obviously leaky, technical bucket, which then ends up destroying lives, because of the lack of foresight?

kropp • June 17, 2021 9:25 AM

@TimH

“Chinese-American” simply means American, because China doesn’t allow dual nationality.

It is generally true, but the rule doesn’t apply to Chinese citizens who are permanent residents of SAR Hong Kong or SAR Macau.

Schneier on Security

Comments

Leave a comment Cancel reply