On January 9, the New York Times reported that in a study released on Wednesday by Israeli cybersecurity firm CheckPoint, TikTok had serious security vulnerabilities that allowed hackers to access user privacy videos, access to personal information and control accounts for uploading and deleting video content, simply to do what they wanted.
As soon as the news came out, it quickly sparked a heated debate at home and abroad. On the one hand, the exposed security breach is potentially more dangerous, a security breach that would worry users; and on the other hand, TiKTok is already \"under scrutiny\" for its privacy issues abroad, fueled by both the New York Times exposure and CheckPoint's summary of its findings to the US Department of Homeland Security.
But for domestic users, the focus is mainly on two aspects, on the one hand, whether the security hole involves the domestic version of the shaking sound, the current byte beat has not been explained and explained; on the other hand, at the end of October 2019, PGone and Li Xiaolu's draft box video exposure incident is still a case of suspension, whether it is related to the vulnerability, is also the focus of many users.
\"TikTok may be more focused on rapid growth and building new features for users than on consolidating security, and companies like this have security vulnerabilities that I expected.\" That's what Christophe Hebeisen, the head of research from another cybersecurity firm, Lookout, said about TikTok's security vulnerabilities in the New York Times report, and it's clear that similar public opinion pressures have hurt TikTok.
Returning to the exposed TikTok security breach itself really scared the sound of a cold sweat. \"The vulnerabilities we've found are at the heart of the TikTok system,\" said Oded Vanunu, who heads research on product vulnerabilities at CheckPoint. The TikTok website, for example, supports sending SMS messages to users, but one of the vulnerabilities allows an attacker to defraud by tampering with the link, that is, the sender is still TikTok, but the link has been tampered with, and once the user clicks on the link, his account will be controlled by the attacker, who can then upload, delete, access private video, make private video public, and focus on other users.
For example, in February 2019, the Federal Trade Commission of the United States complained that Tok Tik had illegally collected minor personal information, violating the Children's Online Privacy Protection Act (COPPA), which required websites and online companies to obtain parental consent when collecting personal information about children under the age of 13, to agree to pay $5.7 million to reach a settlement.
In addition, the latest US Department of Defense directive recently reported that Army soldiers were required to unload and remove TikTok in order to avoid exposure to personal information, while TikTok has been investigated by the US Foreign Investment Commission (CFIUS) since last October to see if it can be used for data-user users and to control shared content; in December, the US Navy and the Department of Defense issued a warning to TikTok, and the Navy was also asked to unload and remove TikTok; and the UK's Information Commissioner's office is still investigating TikTok, focusing on whether it violates European privacy laws, so the security breach may put more pressure on the safety of the incident abroad.
It's worth noting that foreign media reported that the latest version of the Android app by Israeli market research firm Watchful, based on DeepFakes technology, found the face Swap (Face Swap) code in the latest version of the TikTok app, which hasn't been released yet, said it was about the same as last year's famous'Zao', and that they found the unreleased terms of the service in the U.S. version of the TikTok app:
According to last year's experience, while popular, the privacy issues involved are equally complex, and it's not known if there's a way in which to respond to the \"secret research\" shake-up. For now, jitters have put a lot of effort into dealing with \"user privacy\" issues in the midst of their rapid expansion abroad, and a few days ago, according to bloomberg, consultants proposed options for byte beats such as legal defenses, independent operations of tik tok and the sale of a majority stake.
Compared with foreign countries, although domestic users are relatively less sensitive to privacy data and awareness of rights protection, and the relevant laws need to be strengthened, the state is tightening the trend of data regulation of Internet users, and shaking tone has been heatedly debated several times last year because of user privacy issues, the first of which is the exposure of the video in the draft box of PGone and Li Xiaolu.
On October 30,2019, three videos of PGone and Li Xiaolu's presence in the quivering draft box were revealed, instantly sparking uproar online. The initial focus was on the entertainment star's lace news, but in a follow-up to the PGone tweeted,\" Why was it released last year without any outside streaming of the titillating video?\" After that, the public soon turned its attention to the privacy of short video platform users.
So far, there is no final answer to the video, but the recent security breach exposed by TikTok happens to involve privacy issues, which makes many netizens cannot help but link the two things together, triggering a new round of heated debate. But for the time being, it doesn't matter if there's a direct connection between the two things, but it's certainly all about one issue - that's user privacy.
Faced with user privacy issues, jitters were also sued last year by Tencent, which was convicted by the court of violating the law by accusing Dooshi of illegally stealing WeChat\/QQ user data without authorization. According to Tencent, Tik Tok will provide Tencent's WeChat\/QQQ authorized login service to the multi-flash use without authorization, that is, even if users only register Tik Tok, not registered multi-flash, but multi-flash can still get WeChat\/QQQ avatar and nickname from the users.
In addition, the previous article called \"law rights doctoral students: why do I sue jitter, multi-flash infringement of my privacy?\" The article also sparked debate on the internet, where the author said the app's address book contained no information and he personally didn't specifically authorize the use of his personal address book, accurately recommending \"good friends\" to him, including those he hadn't spoken to for years, such as his predecessor, who angered the authors by taking the two app operators to court and questioning them about how they had acquired a \"good friend relationship\" and violated their privacy.
It can be seen that it is not only abroad, but also the protection of personal privacy by domestic users and laws is increasingly strengthened, and whether it is from the legal level or the public opinion level, the protection of user privacy by Internet platforms should be more \"attentively\" to avoid losing \"people's hearts \".
All in all, in the Internet age, data resources are \"new oil \", user data is\" new wealth \", whether it is the formal Internet platform, or the hacker who uses the technical loophole to obtain the user data illegally, its essence is to use the user data to obtain the benefit, only the hacker is illegal to obtain the data for profit, the formal Internet platform is to use the data to make money legally, the short video platform is the same.
However, for users and regulators, short-video platforms, like hackers, are as much regulated as they are, because if the platform illegally uses user data for profit, it may be more harmful. And for the platform, it should not only continuously improve the security technology, prevent hackers from illegally obtaining user data, but also constantly enhance the awareness of protecting user privacy, fear user privacy, and avoid self-theft to win the hearts of the people.
As Zhang Xiaolong said in the recent WeChat open class Pro, as a platform, because we have a lot of data, what should be used, what should not be used, in fact, we have been thinking about the problem, we also advocate here to pay attention to this issue together with our peers. I don't know if zhang xiaolong's peers are specific to us, but as a platform, it's worth thinking about how to treat a lot of user data, what to use and what not to use.