TikTok refuses to confirm or deny that ICE is obtaining detailed information about its users via private data brokers.

Last month, the popular social video app TikTok finalized a deal with investors, including Oracle, to appease a bipartisan bill that called on the app’s Chinese owner, ByteDance, to divest — or be banned in the United States.

The deal launched a frenzy among its US-based users over possible censorship, with some accusing it of taking down footage of ICE agents or restricting searches for words, such as “Epstein.” While TikTok denied these claims, pointing to a “data center power outage,” the app also changed its privacy policy at the time — now allowing it to collect more detailed data on its users, including their precise locations.

That sparked new fears. As The New Republic argues, TikTok’s deal means that agents at Immigration and Customs Enforcement (ICE), whose deportation efforts have been supercharged under the Trump administration, could skip tedious court-ordered data requests and monitor users by buying their data from private data brokers that obtain the info from TikTok directly — a “highly ironic” development, the magazine writes, considering the ByteDance deal was motivated in the first place by fears over Chinese state-sponsored surveillance.

    • Bazoogle@lemmy.worldEnglish
      8·
      1 day ago

      They have a page dedicated to everything they have given over to the US government: https://signal.org/bigbrother/

      Signal themselves cannot decrypt the messages, so they are literally not able to provide any substantial information to the government. They can literally only provide two timestamps, when the user registered and the last time they connected to the server.

      the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service.

      source

    • AlecSadler@lemmy.dbzer0.comEnglish
      131·
      1 day ago

      If/when Signal has complied historically, they hand over what they have…which is to say, pretty much nothing.

      I’ll take Signal any day over private Facebook chat, Whatsapp, or even telegram.

        • Bazoogle@lemmy.worldEnglish
          5·
          1 day ago

          The attack chain is as follows: the threat actors masquerade as “Signal Support” or a support chatbot named “Signal Security ChatBot” to initiate direct contact with prospective targets, urging them to provide a PIN or verification code received via SMS, or risk facing data loss.

          Should the victim comply, the attackers can register the account and gain access to the victim’s profile, settings, contacts, and block list through a device and mobile phone number under their control. While the stolen PIN does not enable access to the victim’s past conversations, a threat actor can use it to capture incoming messages and send messages posing as the victim.

          That target user, who has by now lost access to their account, is then instructed by the threat actor disguised as the support chatbot to register for a new account.

          Don’t give your signal PIN to someone via text? And even if you did, they still don’t have your message history.

    • scytale@piefed.zipEnglish
      5·
      1 day ago

      If it’s truly E2EE, then it doesn’t matter if they’re forced to hand over the data.