[kbenson]

While Tiktok is technically slightly worse, focusing on that rather than the gaping real problem of publicly posting top secret info is missing the forest for the trees.

Solve the problem of people posting this to social media and it won't matter if the company is US owned and operated or foreign owned and operated because neither will have anything to work with.

[kindle-dev]

I think you're missing the forest for the trees. Publicly posting confidential information is definitely bad. Bringing a device that can covertly collect information for adversaries is even worse.

[kbenson]

> I think you're missing the forest for the trees. Publicly posting confidential information is definitely bad. Bringing a device that can covertly collect enemies for adversaries is even worse.

If you aren't posting top secret data, you also aren't sharing it with enemies on accident.

[falcolas]

There’s no requirement for you to actively post data to break opsec - often it happens behind the scenes. See the fitbit/airbase incident.

https://www.popularmechanics.com/technology/apps/a15912407/s...

[kbenson]

Sure. I was a little less clear in this thread than I was in the other. I'm more making a case for a more sane policy on what apps people can run, or even devices they can have, to make it so this is not a problem that's normally possible. Whether the info is shared with China or the U.K. isn't really a distinction worth making if it never should have been shared with either, period (and let's not act like the U.K. wouldn't want to know just as much, we do with out own allies as shown through some of our exposed wiretapping programs).

[themacguffinman]

Who is disputing that you shouldn't share secret information on social networks? TikTok's ties still changes the potential impact of this breach. That's relevant information that gives context to the basic facts of the case that we usually call "the news".

[beaner]

I don't think you're understanding what the person you're replying to is saying.

If the app is made by an adversary, you don't need to post it publicly for there to be a problem. The app has the ability to send it directly without you even knowing.

[kbenson]

By "Solve the problem of people posting this to social media" I mean the more general "you shouldn't be accessing apps that are security problems while in a secure area, which I covered in a separate thread on this article.

In that respect, whether it's TikTok or any other social media makes little difference. If it's use of apps like that is prohibited, then it's either not a problem or it's a personnel following policy problem.

That said, if people really think TikTok is a problem they should be worried about some other app that's ties are far less known that might get far less public scrutiny and do far more. By the time we're nitpicking which specific social media platform is the worst to have posted to in this case, we're so far down the path of problematic behavior that we're in absurdist territory. The fact that someone's walking around with the equivalent of a video camera taking movies of what appears to be top secret material is the problem, and whether they put it up on TikTok or YouTube, or sell to the Washington Post or to RT is just bikeshedding mostly irrelevant details.

The solution to this all is probably along the lines of "don't allow smartphones in secure areas" or only allow smartphones that have been vetted by security.

[beaner]

Ok sure, I don't think people are disagreeing with that, it's just not what anyone else was talking about so you seemed to be missing the point.

[elmomle]

How certain are you that TikTok only gathers data of any kind when you, the user, ask it to?

[chrischen]

Pretty sure iOS security policy mitigates this unless they are Zero-daying something.

[kindle-dev]

Responding to your other comment: the app has access to your camera. Nothing is stopping it from using your camera, without your knowledge, and then uploading what it captures while a user browses their TikTok feed.

[kbenson]

Then don't allow people to keep smartphones while in secure areas?

My point is, the problem is posting to social media, or using a device that's insecure. There's plenty of apps that a user could be tricked into installed that are much worse than TikTok and that will have much less public scrutiny.

That TikTok is affiliated with the China in some way is a red herring. There's no reason to solve the problem of TikTok if you solve the general problem of people using unapproved applications (which all social media would obviously be unapproved in secure areas) or insecure devices.

Otherwise what you'll find is that Facebook as some Cambridge Analytica type situation going on, and some Chinese shell company ends up using it to get special access and details, and the same thing as this happens through Facebook and China has special additional info and "TikTok fix" helped solve exactly nothing.

Bringing up that TikTok is associated with China in the article is useful in showing people some of the ramifications of the problem. Focusing on that as the problem leads people to think banning TikTok is the answer, when it clearly is not, since it doesn't go nearly far enough in combating the problem.

[BelenusMordred]

> Nothing is stopping it from using your camera, without your knowledge

The app needs to be open and in the foreground for it to take photos. On Android at least.