[HN Gopher] Amazon says email banning TikTok from employee phone... ___________________________________________________________________ Amazon says email banning TikTok from employee phones was 'sent in error' Author : danso Score : 481 points Date : 2020-07-10 17:07 UTC (5 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | Sindrome wrote: | Company doesn't want employees to install spyware. Is Fortnite | next? | atarian wrote: | Makes a lot of sense considering AWS deals with sensitive | government data. | nitrobeast wrote: | Standard corp policy? Google disallows dropbox on devices that | can access Google internal data as well. | bigtones wrote: | Jeff Bezos, Amazon CEO, got his phone hacked and embarrassing | text messages stolen off it from a vulnerability in the video | parsing library in WhatsApp in a message sent to him by Saudi | Crown Prince Mohammed bin Salman in 2018. So Amazon as a company | is now very sensitive to what applications are installed on staff | devices and how data on those devices can be extracted from | vulnerabilities in other installed apps. This may be an outcome | of that. | | https://www.businessinsider.com/jeff-bezos-phone-hacked-saud... | RavlaAlvar wrote: | Does anyone have any technical detail of that story. It is hard | to imagine how a bug in the image parse library can be utilise | to steal text message. | shp0ngle wrote: | oh bugs in the parsing libraries are the things MOSTLY used | for attacks like this. | | Parsing is hard, and parsers are buggy and lead to all kind | of unsafe C code | voxic11 wrote: | Exactly, parsers are complicated, generally involve a lot | of manipulation of memory buffers, and for performance | reasons are usually written in a language without memory | safety (though this is starting to change with languages | like https://github.com/p-org/P and rust). | bigtones wrote: | Sure, the blog post below covers it, and the vulnerability | was probably CVE-2019-11931. You can do an awful lot with a | buffer overflow if you're clever. | | https://www.okta.com/blog/2020/04/what-the-jeff-bezos- | whatsa... | sevencolors wrote: | Does anyone have a "explain it like I'm 5 but took some CS | classes back in college"? | | I know that if you craft your buffer overflow just right it | will overwrite other parts of memory with the new function. | | But how do you know what parts will get overwritten? | | Does that mean the new function can do almost anything? | jsf01 wrote: | With a buffer overflow, you can write your own code into | a chunk of memory that ends up being run by the | application. In this case, since WhatsApp already had SMS | read privileges as part of the signup auth flow, the | attacker also had those privileges. | | The article has some detail about the remote code | execution part of this exploit. | | "What this means is that there was a software flaw in the | WhatsApp code for handling MP4 media files. If an | attacker triggered the flaw, the function in question | would crash in a way that could allow a potential | attacker to gain "RCE" or Remote Code Execution. | | In layman's terms, this means the attacker could inject | his own code into the application and, by triggering the | flaw, make the application to run with all the privileges | and access of the WhatsApp application itself." | hoten wrote: | So the payload would be some corrupted video file sent to | Bezo's phone. Would the attack look something like: | | 1) Discover/buy/steal Bezo's Whatsapp number (how did | they do that...) | | 2) Discover/buy/steal a 0-day bug in Whatsapp. | | 3) Write and compile a program that reads SMS from the OS | and beacons it to some server you control. | | 4) Create a corrupted video file that would trigger the | video parsing bug, and within that video file place the | compiled program from the previous step in the correct | place so that it gets executed. | | 5) Send to Bezos. | [deleted] | pjc50 wrote: | The classic buffer overflow has the buffer on the stack, | near the return address, so you can just write a new | return address and jump into the code you put in the | buffer. | | It's become more complex due to mitigation, but the | general principle is the same. | Natsu wrote: | There are multiple techniques that might be used (and | countermeasures that might have to be bypassed) but these | links should get you started - | | https://stackoverflow.com/questions/14760587/how-does-a- | nop-... | | https://stackoverflow.com/questions/49620893/return-into- | lib... | | And yes, arbitrary code execution is a common goal of | these exploits, though it may not always be possible-- | sometimes you only get a DoS attack or such. | qwertox wrote: | It starts with a buffer overflow. This then will allow you to | execute your own code. | Jaepa wrote: | Actually their pretty common. They are complex and generally | fairly old interpreters that generally have system level | access. Android have had a ton of them, but they are pretty | universally common. | glxxyz wrote: | It's even harder to imagine how someone could rewrite the | code to Super Mario World on an unmodified SNES to play | Flappy Bird just using regular controllers, yet it's | possible: https://www.youtube.com/watch?v=hB6eY73sLV0 | swyx wrote: | is the jury still out on whether MBS knowingly sent him that | hack? that is, not to put too fine a point on it, a fast path | to becoming even more of an international pariah than he | already is | jessaustin wrote: | Tricking a [EDIT: thanks 'spyspy!] WaPo journalist into | visiting a consulate and then chopping him into pieces with a | saw while he screamed and cursed you? Dropping bombs to kill | hundreds of thousands of Yemeni children? Making the people | of _Saudi Arabia_ somehow _less_ free? Those things were | pretty bad sir! But now you 've gone too far! How dare you | peep on our first trillionaire while he's courting outside | his marriage?!? At long last, have you no shame?!?? | pc86 wrote: | > In Comments | | > Be kind. Don't be snarky...Comments should get more | thoughtful and substantive, not less, as a topic gets more | divisive. | | > Please respond to the strongest plausible interpretation | of what someone says, not a weaker one that's easier to | criticize. Assume good faith. | | https://news.ycombinator.com/newsguidelines.html | jessaustin wrote: | You're going to have to spell this one out for me. To my | (admittedly poor) judgment, the above comment does not | violate the guidelines. I provide relevant examples of | behavior that reasonable people would consider far worse | than hacking some rich dude's iPhone. | pc86 wrote: | Sure. To the first point, I think it's pretty evident the | comment is snarky (even if it has a good point in there). | I'm guilty of that too, more often than I'd like and I do | get called out on it occasionally. And I don't think that | alone is an excuse to just flippantly toss the guidelines | at someone, which admittedly is basically what I did. | | To the second point, however, I do think you took the | worst possible interpretation of swyx's comment, which | was basically "nobody cares that the person in question | is a murderous tyrant, but he hacked Bezos's phone and so | is a bad person _now_. " I don't think that's what he was | saying at all, especially given the end about "more than | he already is." Whether we like it or not, one of the | primary reasons that Saudi Arabia is tolerated in the | West is their economic importance, and their connections | to the elite, almost entirely because of their wealth. | That starts to crack if they go after the elites | directly. So I took the comment as basically saying that | it didn't seem to serve MBS at all to hack Bezos | directly, as it would only (further) delegitimize him | interntionally. | jessaustin wrote: | I'm glad that some light snarking is still somewhat | tolerated. It's one of the things that makes life | bearable for me. | | To more seriously address the various possible | interpretations of the comment in question... yours is a | reasonable interpretation, but I don't think I was | unresponsive to that interpretation. _Of course_ ethical | people object to MbS 's previous evil deeds. Still, those | _are_ his deeds. If global opprobrium didn 't sway him | before, there's no reason to believe it did so more | recently. If there is evidence that some electronic | communication that appeared to come from MbS contained | malware, that evidence should be analyzed in itself. It | shouldn't be dismissed by vague unsupported perceptions | of MbS's interests and motivations. It's not as though | Bezos is universally adored, even among other satanically | wealthy reptiles. | stanfordkid wrote: | All whilst being propped up for decades by the USA for | geopolitical objectives??! | | It's not an accident that one of the stupidest, most | theocratic countries in the middle east receives the most | weapons and support from the USA. | | We _don 't_ want a strong middle east. This is why | countries like Iran, Lebanon, Syria are labelled as | "terrorist". | [deleted] | spyspy wrote: | Nitpick: Khashoggi was a writer for WaPo, not NYT. | puranjay wrote: | I fail to see any situation where MBS would be an | international pariah while still controlling Saudi Arabia | Natsu wrote: | The jury is still out on whether there was even a hack to | begin with. The analysis team claimed they couldn't decrypt | WhatsApp messages, so they never actually analyzed any | malware at all. HN called them out on that failure: | | https://github.com/ddz/whatsapp-media-decrypt | | They never responded with an actual malware analysis on the | file they claimed might be responsible. | | The only evidence left after that was a claim of higher data | usage which has to be weighed against the alternate | explanation for how this got out: | | https://www.forbes.com/sites/martingiles/2020/01/24/report-b. | .. | tester756 wrote: | >in the image parsing library in WhatsApp in a picture message | sent to him by | | Your link says | | >Bezos' phone appeared to be infiltrated after he opened a | video file sent from the crown prince's number on WhatsApp. | albatross wrote: | A video is a series of pictures, so not "technically" | inaccurate... | catalogia wrote: | A sort of "motion picture" if you will. | krm01 wrote: | How about making Whatsapp not permitted on Amazon employee's | phones? | viklove wrote: | How about making Jeff Bezos not permitted on phones with | access to Amazon email? | mc32 wrote: | Looks like the DNC is also disallowing the app on their | employees's phones too.[1] | | Don't blame them, they don't want the kind of leaks that | happened last cycle. | | [1] https://www.kdrv.com/content/news/571708792.html | dequalant wrote: | US would destroy anything not originating from its soil. | Pathetic. | LUmBULtERA wrote: | How do you make this leap? | dequalant wrote: | Look at TikTok? Not from US, immediately being attacked by | US. If it was from US like FB, Twitter, there would be no | discussion about it's security. | Crash0v3rid3 wrote: | What a flawed stance to have on this. There are plenty of | popular apps used in the US from other countries. Spotify | immediately comes to mind, and they're not controlled by | the CCP, an added bonus. | dequalant wrote: | Yes but none of those apps make their way to top 10, dont | they? US works this way. They eliminate whatever not | originating from their own companies. TikTok is very | clear example of this. Give me a break about "Security | concerns". Everyone knows that whats happening around | TikTok is political. | shripadk wrote: | Yes it is political. It is CCP controlled company. How is | that hard to imagine? Yes this is a problem of National | Security. India was the first to ban these apps. I don't | see you having a problem there! But if US does it, it | pains you. Why? Is National Security a concern only for | Countries except US? Why is US an exception in your | argument? If China can ban foreign apps why can't other | Countries do the same? I don't understand your logic at | all! | dequalant wrote: | With your logic, FB and Twitter has strong ties with US | government and controlled by them. Should all countries | ban, attack and try to eliminate FB and Twitter from | their markets? | shripadk wrote: | "Controlled by them". This is so wrong! If the US | Government controls FB and Twitter you wouldn't have FB | censoring Trump ads and Twitter attaching its own fact | check opinions on Trump's tweets. By all evidence you | have FB and Twitter functioning completely independent of | the US Government. Does it share data with the US | Government based on some legal requirement? Yes it does. | As long as the requirement is legal. I am against social | media companies as well but for the completely opposite | reason. I believe social media companies are acting as | Supra-National Governments and they have powers to | influence that even National Governments (like the US in | this case) do not have. They can literally alter the | political discourse and no one can do anything about it. | Not even the US Government. I have expressed my opinions | about social media here which you can read for yourself | [1] | | Don't be surprised if there is a ban on FB and Twitter by | other countries too! But not for the reasons you | mentioned. The reason would be undue political | interference if there is evidence of the same. | | But TikTok is not like FB or Twitter. The parent company | ByteDance has direct affiliation with CCP. They have an | actual agreement in place where they will share any and | every data with the CCP even without any legal basis. | This is not the case in the US. The US Government has to | get a court order to get information from FB or Twitter. | | Here is a quote from Twitter's Law Enforcement page [2]: | | "Private information requires a subpoena or court order | | Non-public information about Twitter users will not be | released to law enforcement except in response to | appropriate legal process such as a subpoena, court | order, or other valid legal process - or in response to a | valid emergency request, as described below." | | And if the US Government wants communications details it | needs to obtain a Search warrant [2]: | | "Contents of communications requires a search warrant | | Requests for the contents of communications (e.g., | Tweets, Direct Messages, photos) require a valid search | warrant or equivalent from an agency with proper | jurisdiction over Twitter." | | [1]: https://news.ycombinator.com/item?id=23774779 | | [2]: https://help.twitter.com/en/rules-and- | policies/twitter-law-e... | sdinsn wrote: | China bans American apps. Why wouldn't we do the same? | J5892 wrote: | Because we're not a totalitarian state built on the backbone | of censorship and information control. | | Yet. | sdinsn wrote: | Is this about censorship and information control, or just | about economic equity? Why should we be a market for | China's applications when we can't do the same? | dequalant wrote: | You are already. You are trying all possible ways to | destroy TikTok. | J5892 wrote: | Explain | shripadk wrote: | So you will allow an app whose company is tied to a | "totalitarian state built on the backbone of censorship and | information control" to steal your data? You cannot have a | company in China without agreeing to the terms and | conditions of the CCP. The CCP is the totalitarian state | you are so against. They are actively collecting your data. | In realtime. And you don't want that app to be banned | because you have a moral ideal to uphold. Great logic! | J5892 wrote: | No, I would never use TikTok. | | Why are you so eager to have the US copy the ideals of | the CCP? | shripadk wrote: | > Why are you so eager to have the US copy the ideals of | the CCP? | | There are no "ideals" in supporting something that is | obviously stealing your data and handing it over to a | totalitarian regime. Should you not be asking why this | app exists in the store in the first place when the store | and the app is being used within the jurisdiction of the | United States but data being sent to a foreign entity? | Would you be okay with US citizens personal information | being handed over and stored in the servers controlled by | a totalitarian Government? | | As far as being "eager" to have the US copy the ideals of | the CCP are concerned let me tell you where you are | wrong: If the US was to indeed copy the ideals of CCP, it | would be forcing TikTok and other social media to hand | over personal information of you and fellow US Citizens | without a subpoena or a court order. Now that is copying | the ideals of CCP. | adreamingsoul wrote: | And that's why I never setup email on my personal mobile device | when I worked for AWS. | melling wrote: | The email sent to Amazon employees was a mistake. | | https://variety.com/2020/digital/news/amazon-bans-tiktok-emp... | east2west wrote: | From WSJ: Amazon Says Email Ordering Employees to Delete TikTok | Was Sent in Error. | | I suspect Amazon realized late what a legal mess it is to ban | an app on their employee's cell phone when they have no clear | legal basis or governmental guidance. They banned employee | using Huawei phones when I was working there, for some things | -- don't remember exactly. But in that case, US government | already banned it for its employees, so there is precedence | Amazon can claim as legal basis. | wiml wrote: | Why do you think Amazon doesn't have a clear legal basis to | decide which devices are allowed to connect to their internal | network services? Or, for that matter, to decide which | devices ca be taken into non-public, secured parts of Amazon | buildings? | kenhwang wrote: | They probably got informed that since phones are personal | devices and not company provided, this level of restriction | might land them in the parts of BYOD laws that require | employers to compensate for personal device use for work. | | Amazon probably decided most employees don't have anything | too sensitive and it's not worth buying everyone a phone. | vxNsr wrote: | Our company gets around that by banning BYOD. | GekkePrutser wrote: | Someone goes through all the trouble of typing that explicit | email and it's a mistake? | | Sounds more like 'pulled after huge feedback'. | | Though personally I'd agree with this decision. TikTok seems to | be a particularly bad apple: | https://www.reddit.com/r/videos/comments/fxgi06/not_new_news... | kevincox wrote: | Yeah, not "This email was sent by mistake." but "Sending this | email was a mistake." Two completely different sentences. | che_shirecat wrote: | I keep seeing that Reddit thread linked but still cannot for | the life of me figure out what substantially TikTok does that | is a concern compared to other popular apps? The guy has like | 10 paragraphs of stories but no actual evidence? What is | TikTok doing that somehow is flying under the app store | guidelines of both Google and Apple but still a "national | security concern"? Why is the only actual "evidence" that can | seemingly be found, a comment from some rando on Reddit, not | peer-reviewed, reproducible work from legit cybersecurity | researchers? This reeks of the same scent that Bloomberg's | "omg they're hackz0ring our chips!" story gave off. | DaiPlusPlus wrote: | For one, the clipboard snooping problem. | | If you're using a password-manager (like we're supposed | to!) and use it to copy passwords (say, your Amazon | employee internal credentials...) while you have TikTok | open, the TikTok app would see it and could upload it | somewhere. | | ...and we only know about this issue now because iOS 14 | adds clipboard snooping notifications - and that was only a | month ago! Think about the stuff that the app could be | doing that we _don't_ yet know about. | | There's too many bloody-obvious security vulnerabilities | that are decades old but don't get fixed until they either | become a meme (like SQL Injection) or the platform vendor | does something about it (iOS 14 clipboard notifications) - | and don't forget that the SIGINT community is sitting on | millions of dollars worth of zero-days that they won't | disclose to vendors unless they feel like it - so I fully | expect there to be more surprises in TikTok - and other | apps - in the years to come - probably indefinitely. | dang wrote: | Ok, I guess we'll change the title to that since the submitted | title ("The TikTok app is no longer permitted on mobile devices | that access Amazon email") has become misleading. | | https://news.ycombinator.com/newsguidelines.html | a13n wrote: | I feel like this TikTok backlash is so overblown. I don't think | TikTok is spying on US consumers/business, and I don't think | TikTok is sharing any US private data with CCP... I believe this | because there's no evidence to the contrary, and out of principle | you shouldn't assume malintent. | | In fact, TikTok explicitly left Hong Kong because if they didn't | they would have to share private data with CCP to comply with new | laws... they're intentionally leaving MAU on the table to keep | their users' data safe. [1] | | If you look around, US social companies are making the same | mistake with your clipboard data that TikTok did. LinkedIn just | got caught reading your clipboard data [2], but we aren't talking | about banning them... I would assume in all of these cases, it's | just an engineer who accidentally shipped a bug. There are | legitimate use cases to read the clipboard (eg. more seamless | 2fa). | | It feels like the negative reaction to TikTok is so politicized | and just comes from a "China bad" attitude. | | [1]: https://www.cnn.com/2020/07/07/tech/tiktok-leaving-hong- | kong... | | [2]: https://news.ycombinator.com/item?id=23716451 | vesche wrote: | Some light reading: | | https://rufposten.de/blog/2019/12/05/privacy-analysis-of-tik... | | https://docs.google.com/document/d/1QEyWqAiTE_5xzCs_X3tjDCQx... | | https://www.reddit.com/r/videos/comments/fxgi06/not_new_news... | | https://www.washingtonpost.com/world/tiktoks-owner-is-helpin... | | https://www.thetimes.co.uk/article/video-app-linked-to-china... | | https://www.wired.com/story/tiktok-is-the-latest-window-into... | | https://thehill.com/blogs/congress-blog/politics/478015-exer... | | https://www.forbes.com/sites/zakdoffman/2020/06/26/warning-a... | a13n wrote: | I just read/skimmed each of these links. | | Is this any less data than is collected by Facebook or Google | in their apps/websites? | | This seems like mostly an issue with the fact that Android | lets apps get at this much data - something that should be | fixed at the OS-level. There's very little mention of similar | practices/vulnerabilities on iOS. | vesche wrote: | You read all of that in 8 minutes? Try again and maybe even | read the very first link. Facebook and Google aren't | creating unique fingerprints for you based on high | frequency audio... Read the two other research reports, | they mention that TikTok's aggressive data collection is | much more extreme than apps like Instagram, Facebook, and | Twitter. | | Why defend China? You are aware that they are currently | conducting an operation that is likely the worst human | rights crisis since the Holocaust. You need to re-evaluate | your views. | jml7c5 wrote: | >Try again and maybe even read the very first link. | | >You are aware that they are currently conducting an | operation that is likely the worst human rights crisis | since the Holocaust. You need to re-evaluate your views. | | Please don't belittle or look down upon others. It does | not foster discussion. | vesche wrote: | Do you wake up in the morning thinking... Ahhh what a | great nights sleep, better login to HN and defend my | favorite genocidal, communist, surveillance state, anti- | freedom, global super power: | | https://news.ycombinator.com/item?id=23795989 | | https://news.ycombinator.com/item?id=23758513 | | https://news.ycombinator.com/item?id=23689255 | | https://news.ycombinator.com/item?id=22854487 | Mekantis wrote: | I have no idea how anybody can look at TikTok with a straight | face and not see that they're a threat. Maybe if you've | conveniently closed your eyes to the CCP's behavior in the | past, say, 10-20 years regarding corporate espionage and | suppressing freedom of speech and compiling profiles of | everybody who dares speak out about them, as well as their | behavior _now_ in recent events (particularly how they 're more | than eager to punish local dissidents). Then, I guess, sure, | there's absolutely nothing here to see. As with every Chinese | company, the problem isn't that they're Chinese. It's that as a | Chinese company, they exist only with the blessing of the CCP. | metaphorical wrote: | TikTok left Hong Kong because HK is a tiny market, and they | wouldn't want the PR backblash if they had to share HK data | with CCP. | | There's evidence that Bytedance is not independent of CCP | interferences though - such as the CEO's public statement in | 2018 where he stated that Bytedance products should support | "socialist core values" etc. | | https://chinamediaproject.org/2018/04/11/tech-shame-in-the-n... | bonzini wrote: | Or maybe they left so that HK users must switch to the app | for the Chinese-market, the one that definitely shares stuff | with the CCP?... | scohesc wrote: | It's been admitted that tiktok actively suppresses content on | peoples front pages that include visibly disabled users, "ugly" | users, fat users, etc. etc. - anything that makes their image | look "bad" in their eyes. | | Kind of goes against current shoe-horned American societal | values of "everyone should be respected, regardless of who, | what, how, when, where they are" | nickthegreek wrote: | And they also came out to make changes to that system. | propogandist wrote: | after they were exposed, to avoid negative PR | themacguffinman wrote: | Assuming good intentions from TikTok is pretty ignorant. | ByteDance's other app, DouYin, is unambiguously a CCP | controlled tool that censors dissent and their CEO | ingratiatingly and apologetically dedicated the company to | "Strengthening the work of Party construction, carrying out | education among our entire staff on the "four consciousnesses," | socialist core values, guidance of public opinion" in a public | statement [1]. | | Suggesting that TikTok is leaving MAU on the table to keep | users' data safe is laughable when ByteDance's other Party- | controlled app, DouYin, is remaining in Hong Kong with a | captive audience (as helpfully confirmed by Global Times [2], a | well-known mouthpiece of the Party). To even suggest that it's | a sign of good intentions would ignore extremely important | current events and ByteDance's self-proclaimed devotion to the | Party. As we speak, the Party is aggressively assimilating Hong | Kong into the mainland by banning public expressions of | dissent, controlling educational curriculum, and yes, good old | censorship. Forcing HK residents to use only Party-controlled | tools that the rest of the mainland uses, like DouYin made by | ByteDance, only serves to further the "work of Party | construction". | | TikTok is political because it is wholly owned by a self- | proclaimed political entity: ByteDance. It's disingenuous to | suggest there is no reason to assume malintent when ByteDance | has a history of censorship and propaganda in its flagship app: | DouYin. Your glib dismissal of "China bad" has no substance | behind it, while China's ample human rights and totalitarian | abuses speak for themselves. Putting the actions of independent | private corporations in a free-speech democracy on the same | level as the actions of a publicly-proclaimed ally of an | authoritarian human rights abuser is plain nonsense. Context | matters. | | [1] https://chinamediaproject.org/2018/04/11/tech-shame-in- | the-n... | | [2] | https://twitter.com/globaltimesnews/status/12803650546557911... | michaelmrose wrote: | China is building concentration camps that they use for slave | labor, ripping organs out of the still living bodies of | political prisonersto give to its rich class, creating an | increasingly dystopian super surveillance state wherein you | could be subtly punished for associating with the wrong people, | has no means of redress or removal of the dictator for life, | and treats all enterprises as organs of the state that are | expected to spy for the state. | | China is bad. | jml7c5 wrote: | All that may be true, yet it still does not mean rationality | should be thrown out the window when evaluating claims about | TikTok. | apta wrote: | Better be safe than sorry. That's quite rational given what | we've seen from the Chinese govt. | reaperducer wrote: | _All that may be true, yet it still does not mean | rationality should be thrown out the window when evaluating | claims about TikTok._ | | If you lie down with dogs, you get fleas. | michaelmrose wrote: | I reasonable position is to trust nothing originating from | China that can't be dependently verified. I don't think any | system can be said to be fully proof against malicious | software which could be reintroduced at any given time. | | The logical position is to throw out the bathwater and the | baby its not like there aren't enough sources of short | pointless videos to waste our time on. | kilo_bravo_3 wrote: | >It feels like the negative reaction to TikTok is so | politicized and just comes from a "China bad" attitude. | | The Chinese government is actual, literal, evil. | | That is not "PoLiTiCaL" or "China Bad". | | It is indisputable that the Chinese government: | | * is running concentration camps that house over a million | people | | * exploits forced labor, a polite term for actual literal | slavery | | * imprisons people arbitrarily for anti-government sentiment | | Anyone who says "buh buh facebookz and NSA" to excuse or | minimize the actions of the Chinese Communist Party is so | incapable of rational thought that they should be shunned and | ridiculed. | | You are not put on a government watchlist for comparing the | President of the United States to a cartoon character and you | are not arrested for subversive thought for selling anti- | government books. | | And no, YouTube telling bigots to GTFO is not the same thing as | being arrested for selling books. | | The CEO of ByteDance (the firm that owns TikTok) is on the | record has having said that it is his intent to deeply | cooperate with the Chinese Communist Party to promote its | ideals and policies. | | It is probably best to take him at his word. | | I invite anyone who disagrees to fly to Beijing and walk around | Tian An Men Square carrying this book: | https://www.amazon.com/dp/1423135792/ref=cm_sw_em_r_mt_dp_U_... | | I will buy the book for you. | | edit: or better yet, take a flight to any city in China. Book a | room in a hotel and go down to the pool and write out one page | about the TianJin explosion, questioning whether or not the | offical death count is correct. Then go to a print shop and | make a couple hundred copies. Then stand on any busy street | corner with a sign that reads: "questions about the TianJin | explosion, please take one" (in Chinese, of course). | | And here's the kicker: video it and upload it to TikTok. | | I won't do it because the Chinese government is evil and I'm | scared. | hn3333 wrote: | Does anyone else feel we're suddenly supposed to be anti-China? | Is it because of Hong Kong? (Honest question, I have no strong | opinion .) Because it feels like after Russia and Muslims now | China is the new enemy. Kind of stupid imho. Anyway, the high | road would probably be not to ban any apps but to make the | operating systems safer.. | [deleted] | partiallypro wrote: | China has been an American economic foe for a while. The CCP | has stepped up measures and started to push their agenda and | censorship globally. They have stepped up their presence in the | South China sea and claimed ownership of international waters. | They have clamped down on Hong Kong and other provinces, put | Muslims in concentration camps using them as slave labor, | stealing their organs, shaving their heads and selling the hair | on the market. They've been using their state controlled | enterprises to spy on people outside of their borders (I'm not | saying the west is innocent 100% on that one.) | | So...I don't think it's stupid at all. China (the CCP) is anti- | freedom. The west is generally a liberal society. | | https://www.axios.com/china-hong-kong-law-global-activism-ff... | 8ytecoder wrote: | They have used Belt and Road to expand their influence. They | have extended loans and goodwill to bring various countries | in Asia and Africa under their influence. They are way more | aggressive and assertive than they used to be. Chinese | companies and investment firms have been aggressively buying | companies throughout the world. The list goes on. Without | commenting on the values of it, at the very least it's a | challenge to the current world order and we'd expect | countries to at least push back a bit. In fact, I was | surprised it took over a decade for countries to start | pushing back. | president wrote: | > In fact, I was surprised it took over a decade for | countries to start pushing back. | | It didn't help that many politicians, media, and elites had | been slowly bought by China. There were many China skeptics | that had raised red flags but were largely ignored. | president wrote: | You have incorrectly framed the issue. The fact is that China | has been anti-US and anti-democracy for the past few decades | and the world is finally coming to terms with that and | defending themselves. It is both laughable and sad that so many | Americans like yourself are so ill-informed and quick to jump | on the "US bad" train. | nxc18 wrote: | They never said US bad. | | I think its totally reasonable to point out that there was a | sudden, drastic shift in tone over the last 3-6 months. | | TikTok was gaining popularity last summer, and no one, short | of a few NYT op-eds, said anything. | | China is a geopolitical rival. We should probably aspire to | be better than them first rather than copy them with an | internet firewall and censorship of our own. One of the | challenges of doing that nowadays is we have a president who | thinks cultural genocide of Uighur muslims is 'exactly the | right thing to do' and that Tienanmen square massacre was | also the right thing to do. | | edit: gendered language edit: updated quote for accuracy | (absolutely->exactly) | president wrote: | > China is a geopolitical rival. We should probably aspire | to be better than them first rather than copy them with an | internet firewall and censorship of our own. | | You fail to realize that allowing these apps will allow a | foreign adversary to siphon data and act as a platform for | spying. China has already demonstrated that their | technology is not to be trusted. | | > One of the challenges of doing that nowadays is we have a | president who thinks cultural genocide of Uighur muslims is | 'absolutely the right thing to do' and that Tienanmen | square massacre was also the right thing to do. | | Fake news much? See the 2020 Uyghur Rights Act [1]. I have | no idea where you came up with this. | | [1] https://www.congress.gov/bill/116th-congress/senate- | bill/374... | | EDIT: Since I have been blocked from replying, here is my | response to your reply: | | > This claim originates in John Bolton's book [1] | | As you said, it is a claim, and has not been validated. By | the way, the bill he signs has sanctioned a high-ranking | member of the CCP Politburo among others so it not merely | meant as a symbolic win. | gerbal wrote: | > > One of the challenges of doing that nowadays is we | have a president who thinks cultural genocide of Uighur | muslims is 'absolutely the right thing to do' and that | Tienanmen square massacre was also the right thing to do. | | > Fake news much? See the 2020 Uyghur Rights Act [1]. I | have no idea where you came up with this. | | This claim originates in John Bolton's book [1] Make of | it what you will. Personally it seems pretty consistent. | | > At the opening dinner of the Osaka G-20 meeting in June | 2019, with only interpreters present, Xi had explained to | Trump why he was basically building concentration camps | in Xinjiang. According to our interpreter, Trump said | that Xi should go ahead with building the camps, which | Trump thought was exactly the right thing to do. The | National Security Council's top Asia staffer, Matthew | Pottinger, told me that Trump said something very similar | during his November 2017 trip to China. | | [1] https://www.wsj.com/articles/john-bolton-the-scandal- | of-trum... | jessaustin wrote: | Bolton _is_ consistent. He has consistently been a | warmongering villain. Like many other USA "international | security experts" he has never shied away from lying in | pursuit of his terrible goals. I'm not eager to believe a | story from him that only Trump or Xi could contradict, if | they even cared to do so. | | But sure, Trump could have said it. He could say anything | at any time. As he sees it, he got elected by promising | to bully minorities. In office, he has bullied | minorities. It's not surprising that during negotiations | he would attempt to find common ground through shared | appreciation of commonplace governmental activities. | edapa wrote: | You know the CCP is engaged in an active genocide right? | geogra4 wrote: | Evidence always goes back to that adrian zenz fraud. I don't | believe it. | CobrastanJorji wrote: | Could you clarify what you don't believe? You don't believe | that "Vocational Education and Training Centers" exist, or | you don't believe that they are internment camps, or you do | believe in them existing but don't believe in the scale of | how many hundreds of thousands of people have been in them? | geogra4 wrote: | >> that "Vocational Education and Training Centers" exist | | Yes - they exist. Kind of like community colleges exist. | | >> you don't believe that they are internment camps | | I don't and neither do muslim majority countries all over | the world including UAE, Eritrea, Sudan, Pakistan, and | Algeria, among others[0] | | 0: https://thediplomat.com/2019/07/which-countries-are- | for-or-a... | yorwba wrote: | >>> you don't believe that they are internment camps | | > I don't | | Why not? They're officially intended to hold and re- | educate violent terrorists and extremists who have been | determined to be a danger to society, among other groups. | http://www.xinhuanet.com/politics/2019-03/18/c_1124247196 | .ht... (Search for She Hui Wei Xian .) Of course they're | internment camps. | | > muslim majority countries all over the world including | UAE, Eritrea, Sudan, Pakistan, and Algeria, among others | | Think that interning Muslims in camps is perfectly | justified by the "war on terror", and they're doing it | quite often themselves. Of course they're not bothered | when China does it. | president wrote: | With the overwhelming amount of evidence and testimony | regarding human rights violations in Xinjiang, burden of | proof is on the CCP to disprove. | | EDIT: Since HN has blocked me from posting too fast, here | is my response to your reply: | | > It's so absurd! Not a SINGLE MUSLIM MAJORITY COUNTRY is | against these supposed Xinjiang camps! Why do you think the | USA suddenly cares about muslims? Use your brain. | | Maybe China has bought their silence? See | https://www.businessinsider.com/imran-khan-pakistan-wont- | cri.... UN has been bought as well. See all actions by WHO | since Covid-19 started. | geogra4 wrote: | Why bother with Global Times? Why not go straight to the | UN. Which countries support china's Xinjiang policy and | which oppose? Notice which side most islamic countries | are on? And which side the countries that have a muslim | ban are on? | | https://thediplomat.com/2019/07/which-countries-are-for- | or-a... | | It's so absurd! Not a _single muslim majority country_ is | against these supposed Xinjiang camps! Why do you think | the USA suddenly cares about muslims? | dang wrote: | Hey, please edit out swipes like "use your brain" from | your HN comments. They only make things worse. I realize | that it's frustrating to represent a contrarian position | on the internet, but there's really only one way to do it | effectively and that is to prevent the frustration from | boiling over and stick to neutral information. Otherwise | you just give people an additional reason to reject what | you're saying, which ends up discrediting whatever truth | you're advocating for. I've written about this elsewhere | in case it's helpful: https://hn.algolia.com/?dateRange=a | ll&page=0&prefix=true&que... | | Also, please note this site guideline: _Please don 't use | uppercase for emphasis. If you want to emphasize a word | or phrase, put asterisks around it and it will get | italicized._ | | https://news.ycombinator.com/newsguidelines.html | geogra4 wrote: | yes done. Apologies. | dang wrote: | Appreciated! | rydre wrote: | [deleted] | [deleted] | [deleted] | guerrilla wrote: | That's not new though, which I think is what the poster is | pointing to. China has always been an economic competitor and | has been violating human rights for a very long time. There | seems to be more attention on it now though. | enitihas wrote: | China wasn't always an economic competitor though, just | that their economy has grown at a large rate for a long | time to become almost as large as the US. | jedberg wrote: | Because their GDP is growing and at the current pace they | will pass the USA around 2025. That's why the USA cares | now. | | Left unchecked, China will soon be the biggest economy in | the world. The USA doesn't want that. | president wrote: | > The USA doesn't want that. | | Nothing wrong with having another superpower surpass you | but China is not the superpower anyone wants leading the | world given their track record. | patrickaljord wrote: | > China is not the superpower anyone wants leading the | world given their track record. | | Anyone? Really? I think a good number of people on this | planet is fed up with the US leading the world with its | own track record. Not saying I agree with them but saying | no one would be happy to see China surpass the US is | wrong in my opinion. | enitihas wrote: | Social anger changes in response to black swan events. | Islamophobia was rampant after 9/11. People were angry on | Russia after the Crimea incident. People are angry on China due | to Hong Kong , their treatment of uyighurs, and their growing | economic power. This is also amplified by Trump talking about | China a lot more than any other country. | Rapzid wrote: | The CCP and Xi Jinping(have we forgotten president for LIFE?) | poses an existential threat to all liberal democracies. | | This has been true for a quite a while but there was money to | be made and China was keeping a very low profile. In recent | years however they have been making extensive soft and hard | power plays externally. They were busted infiltrating | Australian government, running a propaganda news paper out of | New Zealand, and controlling their citizens abroad through | means such as the Confucius Institutes. They have been getting | countries in Africa under their control by dumping money into | them in the form of loans they can't hope to pay back. | | Members of the intelligence community have been warning for | years that China is the largest national security threat. | Governments and businesses are waking up to the fact that it's | simply not possible to continue business with China while | ignoring the CCP. | | These are also not alt-right/left wacka-doodle conspiracy | theories. There has been a lot of reporting from most credible | news sites over the past 5 or so years on the power struggle | we(liberal democracies) are engaged in with China: | https://www.npr.org/2018/10/02/627249909/australia-and-new-z... | . | | Perhaps how you feel about authoritarianism will determine | whether you should view the CCP as an "enemy" or not.. | | PS: Xi "I've read history so I won't make the same mistakes" | Jinping, now President for Life(mistake), is making a fool of | himself by putting his ego front and center on issues such as | Hong Kong and Taiwan. He wants desperately to unify China(under | fascism, hooray!) which is why China has essentially reneged on | the Hong Kong timeline and are now forcing authoritarianism | down the throats of a population quite set on democracy. | danso wrote: | Note: since this tweet/submission, some outlets have written | stories about this: | | https://www.theverge.com/2020/7/10/21320196/amazon-employees... | | https://www.nytimes.com/2020/07/10/technology/tiktok-amazon-... | ehsankia wrote: | I'm curious, are these | | 1. Devices owned by Amazon, for work | | 2. Personal devices with the amazon email added directly | | 3. Personal devices with amazon email added on Work profile | | Could not find this info in the articles or tweet. | nvr219 wrote: | They're devices that are under Amazon's MDM. So if the device | was enrolled with their MDM then it applies. | ehsankia wrote: | Right, but on Android at least, you can either have the | whole device be under MDM (#2) or just a work profile (#3). | In the latter, if your sysadmin decides to wipe your | device, it only wipes your Work profile and not your entire | phone, from my understanding. Is that not correct? | | My assumption was that any apps installed on the personal | partition were off limit for the MDM. | bonzini wrote: | They might still require you to comply voluntarily (and | be on your own if you lie). | Nicksil wrote: | Mobile Device Management | | https://en.wikipedia.org/wiki/Mobile_device_management | SteveNuts wrote: | I'm surprised devices enrolled in their MDM would have EVER | allowed Tik Tok in the first place. | nvr219 wrote: | A lot of companies with MDM have it just because they | need to check a box saying they have it, and so that they | can remote wipe and make sure users put a PIN on their | device at least. Extra capabilities like authorized | software lists, URL filtering, etc add admin overhead and | are just not worth it for the company to get into. | sdoering wrote: | Believe me - a lot of companies roll MDM just to be able | to remotely wipe the device in case it gets lost. | | A lot of them do not block apps (or remove them). | koolba wrote: | Can one do this as an individual as well? | Nextgrid wrote: | For iOS you can use Apple Configurator for profile-based | M2M. For remote management you need a server-based | solution and I believe there's an open-source | implementation of that out there. | GekkePrutser wrote: | Yep it's called MicroMDM. | | https://micromdm.io/ | | Only supports Apple though! Not Android. | jsjohnst wrote: | There's a handful of others, including some that support | both platforms | scohesc wrote: | Cisco had their Meraki MDM free for small numbers of | devices - but that was a while ago and I'm not sure if | they still offer it. Was only compatible with I believe | Samsung phones as they had the best hardware security | built in (KNOX?). Apple phones required (still do?) a Mac | in order to deploy specific certificates to devices to | enroll in MDM as well. | GekkePrutser wrote: | These days Android MDM has changed a lot. | | In the 'old' days, there was an app called device admin | which would control the phone. This app would be supplied | by the MDM vendor. This could leverage APIs from various | vendors. Samsung had Knox but almost every phone vendor | had their own plugin. | | This was a huge PITA because each MDM feature only worked | on manufacturers A and B and very often was limited to OS | versions Y and Z. It meant we had to validate each phone | and OS version and have a long list of what phones people | could and couldn't use. It was a nightmare as an admin. | Users hated it because they often only found out after | they'd bought the phone. Samsung was indeed one of the | best here, I have to agree. | | Since then Google has thrown this overboard and started | afresh with Android Enterprise. Controlled only by | Google, and offering new ways of management like the work | profile which is basically a kind of "phone inside a | phone". Have your work profile managed by work and the | rest of your phone to yourself. | | For company-owned phones they also still have more | comprehensive management options like COBO and COPE. But | as long as the phone supports Android Enterprise, it | supports everything. | | Sadly some vendors in particular Samsung are fighting | this approach because they feel they have invested too | much in the old method. For example Samsung won't support | Google Zero Touch auto-enrolment, having instead their | own alternative Knox Mobile Enrolment. This is again | making things more difficult for admins. But because | Samsung is such a big party, and KME is free, we have | gone for it anyway (Also Google Zero Touch is not | available very widely yet, each reseller has to support | it) | | As an Admin I'm glad to see the end of the old management | model. It's deprecated as of Android 11 (and already | severely limited in 10) but we've already dropped it | altogether. | | And no, for managing Apple phones you don't need a Mac. | You just need this for manual installation of management | profiles, if you use an MDM you don't need it. | | However if you want to manually supervise phones (instead | of using Apple DEP / or Automated Device Enrolment as | they call it now), you do need one. But this is really | rare now. | a-wu wrote: | If you have an Apple device enrolled in Find My you can | remote wipe it. | ls612 wrote: | Is this any different from the Find My Apple Stuff | feature on modern iDevices? One of the options is remote | wiping. I assume android as a similar feature. | variaga wrote: | AMZN employee here - In my case, it's (3) | kerng wrote: | Assuming you get somehow reimbursed, like some companies | that dont have corp issued phones? | mattcrox wrote: | Yes we have cell reimbursement | paxys wrote: | I don't think any mid-large company allows 2 anymore. Access | to company resources always comes with an MDM policy. | ehsankia wrote: | I think #2 can require MDM still, but one let's them | control the entire device, whereas #3 limits them to a | section of your phone dedicated to work. | codegladiator wrote: | You are wrong to think that. I wish I could name the | companies. | sdoering wrote: | I know some. And I know others with MDM - but without | policies regarding installation of apps. | [deleted] | btashton wrote: | I don't get why people are OK with a company being able to | wipe a personal device on a whim. If you want full control | of my mobile, then provide a mobile. | GekkePrutser wrote: | In Work Profile mode they absolutely can't do that. They | can only remove the work profile side and all apps and | data contained therein. Not the personal side. | | Of course most companies provide phones, but many users | prefer to use their own, both for the benefit of having | to carry only one, and because they have more choice. | | Another big benefit of work profile is that you can | switch all work stuff and notifications off with one | click! I really like it overall, it gives great | separation. | scarface74 wrote: | Everything on my phone is automatically backed up. | Whether I would accept the tradeoff of them being able to | remotely wipe my phone or wanting to carry two devices is | up in the air. | ehsankia wrote: | My understanding is that they can only wipe the work | profile. Is that not true? (Android). | GekkePrutser wrote: | In work profile mode this is absolutely correct. | | In other modes (COBO, COPE) it's not but those are much | more difficult to enrol, as you have to do it from the | setup wizard on a new phone or after a factory reset. So | you don't happen to get into this mode by accident. | They're only used for company owned phones (this is what | the CO part stands for). | khuey wrote: | If you're using the Android MDM thing on a personal | device it only wipes the work profile. | advisedwang wrote: | Many companies make MDM mandatory and refuse to pay for a | phone. Most people will just comply rather than have _no | mobile access_ to their work email at all (which will | cause conflict with managers, and may even lose you a | job) | moneil971 wrote: | Many companies do provide a mobile, but then your choice | is to carry 2 devices, or let your company control the | only device you carry and use all day for personal | communication. I chose the former but even that's not | ideal | schnable wrote: | What's the security/privacy vulnerability that would allow TikTok | access to sensitive info from email? | [deleted] | Randor wrote: | Exactly. | | The real question is why does your phone even allow such things | to happen in the first place? | jeffbee wrote: | Clipboard access. | Andrex wrote: | Contacts at least, as the lowest-hanging fruit. | closetnerd wrote: | Likely that they have the potential to have as much information | about us as Facebook does - but China? | | If there was a real security/privacy issue - I'd be more upset | with Apple than China (as an iPhone user). Apple needs to watch | my back. | remarkEon wrote: | Does anyone have a link to a legit security analysis on this app? | I'm trying to weed through all details, and I want to get past | any FUD. | dvt wrote: | Looks like TikTok is slowly imploding. | | I know there's plenty of political implications and a lot of | discussion here is on that (which is interesting in its own | right), but I wonder if there's opportunity here for a potential | competitor. | maram wrote: | > Looks like TikTok is slowly imploding. | | While they are still in the App Store | shripadk wrote: | > While they are still in the App Store | | Not for long! The banhammer is coming for them! | suyash wrote: | Real implosion will happen if US bans it. | gsich wrote: | They fight what they can't understand. | goalieca wrote: | You mean like vine? Twitter bought it and killed it. The | founder moved on to launch Byte https://www.byte.co/ | dvt wrote: | Vine was definitely the precursor to apps like TikTok, and I | tried Byte but I didn't really like it (at least not as much | as I do TikTok). | what_ever wrote: | Vine was different. I just posted this on another thread | couple of days ago. | | > | | Vine was 6 second long video clips. Comparing Vine to TikTok | is somewhat like comparing TikTok to YouTube videos. They are | different. | | Lot of TikTok popularity has come from offering songs/lip | syncing functionality (done better by their acquisition of | musica.ly). That wouldn't have worked on 6 second Vines. | JeremyNT wrote: | > _Vine was 6 second long video clips. Comparing Vine to | TikTok is somewhat like comparing TikTok to YouTube videos. | They are different._ | | As an aside, it's insane to me that the differentiating | feature of an entirely new video hosting platform can | simply be the length of the content it supports. | | The world of tech companies is truly bizarre. Why doesn't | Google launch dozens of Youtube variants under their own | branding with their own slightly different length | restrictions to just dominate the market? | manojlds wrote: | That's like saying Twitter is not Twitter because we can | type more than 140 characters now. | Jtsummers wrote: | For the rest of us that don't follow social media systems | closely (just looked up, I'm trusting my search results): | | TikTok allows 15 second videos (only 2.5x the length of | Vine videos) but also has a way to string multiple videos | together for 60 seconds of play time (10x longer than | Vine had). | | So this is actually a pretty fair comparison (old Twitter | @ 140 vs new Twitter @ 280) if you ignore stringing them | together. | im3w1l-alt wrote: | It's not only about the mathematical factor. It's about | which usecases are possible. | xxpor wrote: | >Byte | | Which is different from ByteDance, which is the company that | owns TikTok, for those confused like me. | ubermon wrote: | Surprised nobody talked about Fb's Lasso which intends to | "copy" TikTok and recently got killed. | | https://techcrunch.com/2020/07/01/lasso-facebook-tiktok-shut... | kkarakk wrote: | Lasso launched outside of india/china...the two biggest | markets for tiktok right now and your app simply doesn't | support them? doomed to mediocrity | carlosdp wrote: | There is absolutely no evidence of that, its users still love | using it. | ccktlmazeltov wrote: | China is blocking all the US apps, I don't see why the US (or | US companies that get blocked in China) shouldn't do the same | to popular Chinese apps. | quuUuw wrote: | Everywhere I go I see this comment. Competitors are literally | being made daily. Hell, even instagram has one now. The problem | is money and technology can never buy a community and that's | really why vine and tiktok were so successful. | taurath wrote: | Tiktok isn't imploding, its broadly a bunch of old men | (senators, CEOs) afraid of china. The userbase of tiktok is | tweens and teens. | | The best thing those old men could do is legislate system level | privacy protections onto IOS and Android so an app can never | get the level of info they're worried about. | jml7c5 wrote: | I'm not so sure. Reddit skews young, yet the narrative there | is that TikTok and the Chinese gov are just shy of evil. The | iOS clipboard bug in particular has startled reddit into a | wave of self-reinforcing "TikTok is spyware" stories and | comments. A story like this one just reinforces that | narrative, and I'm not sure there's any way TikTok is coming | back from it. | catalogia wrote: | I'd guesstimate the average redditor is somewhere in their | late 20s to mid 30s. Compared to Congress, that's certainly | young. But that's about twice the age of what I imagine the | average tiktok user to be (teens.) | reaperducer wrote: | The local TV news uses TikTok and mentions it regularly. | Not exactly a teen-age audience. | dvt wrote: | Just a few days ago, TikTok was banned in India (a _huge_ | emerging market). I'd say it's imploding. | asutekku wrote: | India might be an emerging market and you get tons of users | from there, but it is not profitable at all. Any mobile app | dev can tell you that. | alextheparrot wrote: | They made some really funny TikToks, though | suyash wrote: | It's simple Math, Great number of Indian users, even if | ad dollars per person is not as much as in US, overall it | is bound to exceed in the long run. | reaperducer wrote: | _its broadly a bunch of old men (senators, CEOs) afraid of | china_ | | If your entire worldview is ageist, works strictly on | stereotypes, and encompasses only the United States, that | might be true. But there are companies, organizations, and | governments around the world locking out TikTok. | vxNsr wrote: | What does the age or gender of the people have to do with | this? | BookmarkSaver wrote: | Ninja, the biggest (English-language) video game streamer in | the world, just posted yesterday that he's deleting TikTok | for these concerns. | | I'm not going to get into whether or not this actually makes | sense, but he is a massive celebrity among young | millennials/gen-z. | kkarakk wrote: | idk about that, his tweet only got 10K re-tweets... | frequentnapper wrote: | I am a brown guy in my 30s and I also would like to have | tiktok be banned from my home country. | dragonwriter wrote: | Isn't this a space (short social video sharing) that has been | filled by a near infinite succession of short-lived dominant | offerings and that's pretty much always ready for a new, | slightly different flavor of season? | rhizome wrote: | The space TikTok is occupying, for which video sharing is the | vehicle: personal information. | qppo wrote: | I think they all failed for the same reason, video is | expensive and the markets can't pick a winner when the game | can't be won without money. | | But if the Chinese government wants to prop up TikTok and | pick them as the winner, they can. | justicezyx wrote: | TikTok parent, ByteDance, already owns DouYin, which is the | original APP that TikTok was based on, with significant | ingestion from Musically. As a matter of fact, TikTok's | previous CEO was Musical.ly's founding CEO. | | Although it seems the online records are disappearing fast. | I could not find a good source of the TikTok history and | key figures any more... | c3534l wrote: | My understanding was that TikTok was basically the Chinese | response to periscope and vine, which was popular, but couldn't | make money. TikTok's scheme is to be spyware that even puts | Facebook to shame, in a way that I'm not convinced isn't just | government spyware disguised as social media where the point | isn't to make a profit to begin with. If similar attempts have | failed because of monetization struggles, I don't see an | identical competitor emerging. We alrealy have many close | substitutes. | ubermon wrote: | They are/were planning to IPO, and their financial will be | published so I doubt the conspiracy theory. I've used the | original TikTok(Dou Yin), it is super addictive, even my | parents fall into that. They do a very good job in terms of | engaging both the viewer and content producer(profit cutting | etc.) | | In my opinion, are still "evil" in terms of hijacking our | brain, but I am a bit fed up with those prevailing political | prejudice nowadays for anything related to China. | frequentnapper wrote: | Yeah but this is in response to people being fed up with | what China has been doing. I really hope more countries | catch on and put China in its place. | GekkePrutser wrote: | Some extra info to establish your point which I totally agree | with: | | https://www.reddit.com/r/videos/comments/fxgi06/not_new_news. | .. | | TikTok is really exceptionally bad in this regard. | maerF0x0 wrote: | What does tiktok have that IG stories or SnapChat does not | provide? | | It appears to me that TikTok is just a perpetuation of | exclusivity in Social Networks (the same way kids exited FB | when their parents signed up) ... | hdjrklt wrote: | The discovery tab (For You) is awesome. Its the first social | app where the discovery tab is better than your feed, so much | more that you can actually use it without following anyone. | It's quite addictive too, you can easily spend half an hour | watching videos. | | The way the discovery tab works also created a meta game: Alt | TikTok, Deep TikTok, Elite TikTok, ... | | The exclusivity aspect is there too, very few users are over | 30, but it's not the driver. | KaoruAoiShiho wrote: | Can you give some examples of alt tiktok, deep tiktok, | elite tiktok. | nickthegreek wrote: | alt tiktok is mostly some counter culture users between | the ages of 16 and 30. dyed hair, 90s influences, and | lqbtq+ supportive. It's a whole aesthetic and rallies | against "straight tiktok". You dont want to get stuck on | a straight tiktok algorthmic FYP (for you page) feed. | Other popular mini tiktok areas include frogtiktok and | the holy grail, prison tiktok. | | deep tiktok is weird video effect stuff, deep fried meme | kinda stuff... I dont want it. | kkarakk wrote: | so...like every online community? this isn't rare or | novel | hdjrklt wrote: | You can't just "go" to Alt TikTok, like you can just open | some subreddit. | | That's the thing, you need to consume a certain kind of | content, until the recommendation algo takes you to Alt | TikTok. | | In a sense, it's like the difference between going to | let's say a heavy metal bar, and becoming an heavy metal | kind of guy, which gets you invited to some obscure | invitation only club. | deusofnull wrote: | tbh it seems like the distinction being made by the stuff | about 'alt-lit twitter' and 'weird-facebook' from a few | years back | | https://stayhipp.com/media/tiktok/what-is-alt-elite- | tiktok/ | qppo wrote: | Technically, probably very little. | | Practically I think it's more diverse content and easier | access to other people/fame/glamour for kids than Instagram, | Snapchat, or even YouTube/Twitch/etc, since those platforms | have been cornered by an existing group of "influencers." | | It's probably just a different kind of dopamine hit that kids | can't get elsewhere. | centv wrote: | TikTok seems to be more specialized on addictiveness: auto- | play unlimited stream of short videos. It's all about | removing friction, and TikTok has a good recommendation | system. | xxpor wrote: | It's twitter but video in other words | analyte123 wrote: | Besides recommendations that actually work like everyone else | is saying, the "sound sharing" / "original sound" feature | (don't know what it's officially called) is pretty unique, | and it both encourages creation of new videos and leads to | virality. If you want to make tiktoks and don't know what | else to do, you can just do a dance that someone else started | or re-act an existing tiktok with the same audio, perhaps | putting your own spin or personality onto it. And from the | other direction, if you see a funny or interesting tiktok, | it's one button to see all videos made with the same audio. | Also, it _works_ -- everything in the UI is snappy, videos | load even faster than YouTube, particularly on bad | connections. | amznthrwaway wrote: | TikTok is incredibly enjoyable to use even while following | literally nobody. | | That simply isn't true of IG, FB, SnapChat, etc. | azinman2 wrote: | Creation tools and licenses to large music library that you | can leverage. This is a key part of differentiation. | raverbashing wrote: | From what I've heard (besides the points mentioned here) the | dubbing/scene editing capabilities are on-point (which is the | big point of Tiktok | ralston3 wrote: | The "For You" page. | | Sure its just another algorithmic-based feed. But in my | experience (and from talking to a few ppl who enjoy TikTok), | the For You page is a differentiator. It's like a combination | of what's trending, what's recent (time wise), and what | you've spent time interacting (watching, liking, commenting) | with previously. | | Again all platforms do some form of this, but just saying | TikTok does it in a pretty addicting way. | | Also combine that with the fact that TikTok videos are so | incredibly short that by the time they're over, you haven't | even decided whether or not you liked it (no doubt by | design), which means you can endlessly consume content. | | Also, I've heard that TikTok has better (read: better for | comedy-style content) tools to edit videos in the app | kkarakk wrote: | idk whenever and whomsoever's phone i look at it's always | just pushing videos of scantily clad underage gals dancing | to whatever song is popular att. you have to actively hide | that stuff/follow creators and hit "only people i follow" | to see any actually creative|interesting stuff. | | surprised there hasn't been any controversy about that - | tiktok is a predator's paradise. | quuUuw wrote: | I seem to be the only person here who actually uses tiktok. | What makes tiktok different is the musical background | (somehow people never mention this when comparing it to | vine), the fyp algorithm being incredibly good, and the | various communities built around certain niches. It's night | and day compared to other apps. | Firebrand wrote: | Quibi pivots to user generated content and becomes the comeback | kid. | vorpalhex wrote: | Between this and streamers such as Ninja talking against the | app, I do hope this signals the death knell for tik tok... | nemothekid wrote: | I imagine Ninja has an incredibly low overlap with the teens | that use TikTok. | SpicyLemonZest wrote: | Tiktok does have gaming content, although I have no idea | how to quantify how popular it is. | newguy1234 wrote: | Probably not. Gen Z is already addicted to it. They like it | more than all other social media apps from what I've seen. | rhizome wrote: | They'll switch to something else just as soon as they took | up TikTok in the first place. | shripadk wrote: | Gen Z was addicted to Vine before it. And it will be | addicted to anything else that comes after it. No addiction | is greater than national security. And the US Government is | not obligated to TikTok in any way, shape or form. It can | ban without any consideration to the number of people | "addicted" to the platform. | newguy1234 wrote: | Wouldn't be surprised if Google, Facebook, or Microsoft | suddenly come out with a competing app. Didn't google have one | that they shut down recently? | x86_64Ubuntu wrote: | Do those three ever truly come out with something new, or do | they just buy up existing tech? | hdjrklt wrote: | Tell me a single good social app from Google. I'll wait. It's | not like they didn't try, but all of them seem to suffer from | the design by committee syndrome. | raverbashing wrote: | The only one legitimately and accidentally created by | Google was: Google Reader | | Orkut: stagnated and killed | | G+: design by committee as you said | | YT: acquired but the social aspects are down the drain | | We can complain about FB and Zuckerberg as much as we want | but they knew how to evolve the network and keep the users | Sohcahtoa82 wrote: | I'm still convinced that what was the true killer of G+ | was the slow rollout. | | It's like Google forgot that a social network needs to be | social. Limiting how many people could get on G+ created | hype for sure, but whenever someone got a invite, they | realized none (or very few) of their friends were on it, | and quickly forgot about it. | | The slow rollout approach worked for GMail because your | friends didn't need GMail for it to work for you. | Wowfunhappy wrote: | What was that social network that used to be bigger than | Facebook in Brazil? Orkit I think? It was something like | that. | | Edit: Oh, I forgot the one staring me in the face--Youtube! | It's no less of a social network than TikTok. | kshacker wrote: | Orkut | broknbottle wrote: | google settled a lawsuit with affinity engines after the | engineer came over to google and misappropriated trade | secrets. lol the irony.. Google bought youtube.. | | Google is completely incapable of coming up with their | own successful social network. | wizzwizz4 wrote: | Google bought YouTube, but it was hardly a social network | when they bought it. | jonas21 wrote: | YouTube? It's the second largest social media site in the | world: | | https://buffer.com/library/social-media-sites/ | BookmarkSaver wrote: | They bought it after it had already established its | market presence. | | They have tried to launch at least 2 of their own, and | both flopped hard. | kkarakk wrote: | Every content creator who gets a major voice on the | platform laments the absence of a competing platform to | move to. | | Youtube is successful coz of google infrastructure not | google decisions/methodology. | | Now Google is trying to move Youtube into becoming a | hollywood-lite experience and providing major support to | entrenched hollywood celebs like will smith/brie | larson(they even bypassed monetization policies for | larson - her first video launched with full monetisation | in play) | TedDoesntTalk wrote: | This is an example why I don't use Twitter regularly. | | Someone mentions the copy/paste sec vuln in TikTok and "Onur | Olmez" writes: | | > LinkedIn app apparently also has this issue [...] Uncalled for | to ban apps for this one reason. | | I mean, wtf? Everybody on Twitter has an opinion about | everything, even things they know nothing about. | jml7c5 wrote: | Are they wrong? | TedDoesntTalk wrote: | In my opinion, yes. This is an enormous security | vulnerability. TikTok can exfiltrate any data that the user | types into any application: passwords, any kind of sensitive | data. | echelon wrote: | What's the probability that the Trump admin/DOJ places a | nationwide ban on TikTok and other Chinese apps? Could it | actually be enforced, or will the First Amendment override any | such ban? | | What would the ramifications be if a ban were enacted? | Retaliation from China against domestic companies? | | Will this be an inflection point in the escalation of the trade | war? | J5892 wrote: | I am 100% against anybody using TikTok for any reason. But if | the government bans it, I will immediately start using it. | bigpumpkin wrote: | 25%. Yes. Yes. | | Millions of angry teenagers. China retaliates against by | barring a few American SAAS companies/ cloud providers on | national security grounds. | | It's a continuation of trends that were well underway since the | Huawei entities list. | la6471 wrote: | Time to buy SNAP stocks :) | ziddoap wrote: | I'm more surprised Amazon (or any company, really) employees | using an employer-managed device would have TikTok on them to | start with, to be honest. | | As the follow-up tweet says: "Completely independent of the | specifics in this instance: get a second device before installing | an employer's config profile on your personal device" | easytiger wrote: | Yea. Coming from a banking and financial services background | I'm incredulous than any company would allow any social media | on a device. | | This was all much easier in the blackberry days for them to | control | braythwayt wrote: | "This was all much easier in the blackberry days for them to | control" | | And indeed, that was Blackberry's big sales pitch. | | BYOD creates many, many wonderful consequences, however it | also has tradeoffs, and those tradeoffs are not for the | faint-of-security. | thesausageking wrote: | Most people I know check their work email from their personal | phone. Work either doesn't buy them one or they don't want to | carry around two phones. | kevin_thibedeau wrote: | Most people don't need to be on call 24/7 so they could just | divorce themselves from off hours work and live like in the | ancient times. | coldpie wrote: | Amen. If you're not paying me to be on-call, I'm not | putting any work info on my phone. Whatever's going on can | wait until 9 tomorrow morning. | disgruntledphd2 wrote: | My dad worked in construction, and from the late 80's and | throughout all of the 90's his company kept offering him a | company phone (I think car-phone first). | | He never got one, because as he said, if they have your | number they'll call you, if they don't then they'll solve | their own problem. Looking back on it now, it was prescient | advice. | GekkePrutser wrote: | I don't really agree... I like the flexibility. Sometimes | someone from the US calls me with an urgent problem in the | evening (I'm in Europe so not much overlap in work hours). | | So what... Sometimes I go to the shop or bank during the | day. Or even a walk to the beach if it's not so busy. | They're paying me to do a (global) job, not to sit at my | desk between 9:00 and 17:00. | | Personally I love this flexibility. And I don't feel like I | work more than 40 hours, I don't even count them but I | doubt I do, especially if I omit the time I spend during | "working hours" reading hacker news or other stuff. My work | is my hobby anyway. | | I do think people who like having fixed work times should | have the opportunity to have them. But I also think people | like me should be able to work like this without it being | considered a bad thing. | wiredone wrote: | From what I know of ppl who work there, they pay for employees | phone plans (is they pay for a phone). | wittyreference wrote: | It's been a while since I've seen employers offer work phones. | What I've seen for the last few years is an offer to pay or | subsidize a data plan. | | If Amazon doesn't provide me a work phone, they can eff right | off in attempting to dictate what I put on my phone. | ardy42 wrote: | > I'm more surprised Amazon (or any company, really) employees | using an employer-managed device would have TikTok on them to | start with, to be honest. | | I am too. Many years ago at my employer, someone fat-fingered a | command and _wiped every single iPhone /iPad_ that an employee | had configured to connect the company email system. Even after | restoring a backup, the devices would just wipe themselves | again unless the owner managed to remove the MDM profile before | it reconnected to the internet. A good fraction of my coworkers | were affected. | | I'm not giving _anyone_ access to do that to my personal data. | matsemann wrote: | Not exactly the same, but where I used to work someone had | turned on "wipe the phone after x incorrect pins" without | notifying anyone. Lots of people with kids got their phone | remotely deleted. | | After that I've never allowed an employer to control my | personal devices. Not that I actually did before, didn't know | activating that stuff had so bug implications. I just wanted | the calendar on my phone. | bonzini wrote: | With Android work profiles the employer can require you to | allow remotely wiping the work profile, but that would not | allow them to touch your personal profile. | btgeekboy wrote: | If you can't handle your phone being remotely wiped, you also | can't handle it being lost, stolen, or broken. | | For me, it's a minor inconvenience at best, not a death | sentence. | scohesc wrote: | I'd rather be able to blame myself for my stupid mistakes - | not be beholden to Amazon's (or whoever's) MDM profile. | Especially when companies don't make it clear that "if you | log into your email on your phone using this app, we | install MDM, root certificates, have the ability to remote | wipe, etc. etc. etc." | scarface74 wrote: | I saw that warning when I started to set up my phone and | I immediately stopped. If anyone needs to contact me | about something urgent they can do it using the work | approved IM client that doesn't require a profile to be | installed. | | If it does get to the point where I need to have access | to my company email, I will have a separate device. | | That being said, if my phone was erased, it would only be | a slight inconvenience, I can restore from backup. | ianmobbs wrote: | Does Amazon provide company phones or just install an MDM | profile on your personal phone? I have TikTok installed on my | phone, and if my employer said I had to remove it to access my | work email, I'd ask them to buy me a work phone. It seems a bit | ridiculous that they'd want to control what apps you download | on your personal device without providing an alternative. | nixass wrote: | If your job requires it, you will get it. It's been like that | for a while now | haalia wrote: | Microsoft does the latter, so it wouldn't surprise me if | Amazon does likewise. | filoleg wrote: | > Does Amazon provide company phones or just install an MDM | profile on your personal phone? | | > Microsoft does the latter, so it wouldn't surprise me if | Amazon does likewise. | | Not true (source: current MSFT employee). More detailed | explanation below, as neither former nor latter describes | MSFT accurately. | | So, for most teams and positions (there are many | exceptions), you don't get a dedicated work phone. So yeah, | if you want to access work stuff on a mobile device, you | need to install MSFT MDM on your personal phone, and they | will, allegedly, be able to control stuff on it (depending | on the device itself and how MDM is configured). | | However, there are no requirements to do it. You can simply | not install any work-related stuff on your phone, so you | won't need an MDM. I simply don't access any work resources | on my personal phone. If I need to do work, i open my work | laptop. If they want me to use work apps on mobile and be | accessible, they should provide a company phone for this. | | There have been zero conflicts around it on my end, even | after multiple years of working there on multiple different | teams. Not once have I even got an implied request from | anyone (managers, colleagues, etc.) to be accessible on | mobile (except for when I am on-call, but for that, they | just need my phone number, not any specific apps installed | on my phone, and everyone knows it) or any questions about | it. Everyone is totally cool with people not being glued to | their work apps on their phones on their own free time. | | But you are correct, those who choose to use work apps have | to give MDM permissions to their personal devices or buy a | dedicated device for that (exceptions apply, because there | are some teams that provide dedicated work phones). | However, unless it is required for the job to be able to | use work apps on your mobile device, I think it is fair if | they don't provide a work phone. Makes it easier for me to | not check on any work stuff during the weekend. | haalia wrote: | Yes, you're correct, and I didn't mean to imply that MSFT | forces employees to install their MDM on personal | devices. It was optional for me as well, with a large | full-disclosure prompt stating that they can remotely | wipe your device if you proceed with mobile setup. | unethical_ban wrote: | At my company, you have to provide your own device, but the | phone number/plan is either (a) paid for by the company, or | (b) you get a $40/mo stipend for cell service. | | It turns out that I can use our 2FA app without MDM, on my | personal. And nowadays, I rarely use slack or email from | mobile, and I don't get calls. | | I am pretty strong in the "don't put company stuff on | personal devices" camp. Even if they don't control your phone | by policy, they do technically. They put root certs on the | device, and though they can't see individual app data | (depending on config) they can see a list of installed apps, | and enforce certain baselines. | Sodman wrote: | Most companies I've worked for wouldn't provide a work phone | and there's no explicit expectation that you read or answer | work e-mails on your phone. But like everything else, if you | don't read/reply to work e-mails on your phone, and your | colleagues do, good luck getting that promotion/raise/bonus. | ta20200710 wrote: | Amazon has MDM (Airwatch). AFAIK there are not generally | company phones or phone plans. Monthly limit on reimbursement | for phone business expenditures in the US is $50, although I | think you can also expense the device itself. | yumraj wrote: | No, they are controlling the environment under which their | company emails can be accessed. | | If you, as an employee, don't want to remove TikTok I believe | you will have that right, it's just that you won't be able to | access company emails from that device. | | Now, whether or not that leads to a company phone or you | having to look for another job, depends on the individual and | how important that individual is to the company. | RobRivera wrote: | That framing is the exact point. I'm in the same boat. If | my employer mandated that I not be able to use a personal | device the way i want, a device I bought with wages i | earned from working with my employer, the employer really | SHOULD provide a cost free alternative. | | It falls under the category of providing your own resources | to do your job, and that territory enters socioeconomic | discrimination territory real quick. | ghaff wrote: | I might be with you if Uber, say, is requiring its | drivers to install MDM--which I'm guessing would be a | really bad idea for their drivers-not-employees position. | | But for engineers and other office workers at tech | companies? | | As a practical matter, people have to buy lots of things | to do professional jobs that they wouldn't need to buy | without those jobs. In this day and age, if you want a | second phone, buying a few year old phone is cheap as is | adding another phone to your existing cellular account in | most cases. | RobRivera wrote: | Wasnt there a recent supreme court ruling regarding the | Native Americans of Oklahoma that said something to the | effect of 'just because you keep doing an evil, doesnt | make it right, and letting it be right is an injustice to | those in the right'? | ghaff wrote: | You have to dress into the office--albeit many don't wear | suits any longer. Many have to drive. Those who travel a | lot need many accessories for the purpose. The ideas that | well-paid professionals should have all these things | covered by a company seems... unreasonable. | | And, seriously, complaining about having to spend a few | bucks for something you need at work is equivalent to | circumstances around Indian treaties in the US? | chooseaname wrote: | If any company expects me to access my work email while | mobile, they have to provide a phone. I _never_ mix work | and personal. I 've also never had a company say no to | that. | cheonic729 wrote: | > If any company expects me to access my work email while | mobile, they have to provide a phone. | | No they don't. | | If you don't like it, switch employers. | chooseaname wrote: | I don't think you understood. I _would_ switch jobs. | That's what I meant by they have to. | [deleted] | Assumer wrote: | Pretty sure that's what he's saying. The company gets to | choose between dropping the requirement, providing a | phone or hiring/retraining. | sdoering wrote: | Depends on the jurisdiction. In Germany they do. Labor | rights explicitly says that your employer needs to | provide the means for you to do your work. And that | includes mobile phones if they want you to access your | work email (or whatever) from a mobile device. | GekkePrutser wrote: | Yes they do... The problem is some users in Germany | actually prefer to use their personal one so they don't | have to carry two.. But due to this mindset they can't. | | I don't think the German approach is always the best. | lovich wrote: | Adding another anecdote, when I said I did not want to | let work control my mobile phone, my boss told me I could | figure out whether I wanted to keep the job or not | franciscop wrote: | You can always show up next day with a dumbphone or | without phone at all if you are feeling risk-taking. | | I personally just bought the cheapest $60-80 Android | phone from a random Amazon seller. | chooseaname wrote: | Well, for me, that is a hill I choose to die on. | sillysaurusx wrote: | Switch jobs! Environments like that will grind down your | soul. Or at least they did for mine. | | Perhaps I'm projecting a little, but: please don't feel | like you're stuck there. It's an illusion more often than | not. | lovich wrote: | Perhaps when I was younger I would, and did, switch jobs | immediately when something like that came up. I've gotten | older and the cost of switching jobs is not zero for me | anymore | scarface74 wrote: | Switch from a well paying job instead of just getting | another cheap phone? | | Of all the hills I am willing to die on, getting another | phone isn't one. Especially if they provide a credit for | your cell phone. | | https://www.teamblind.com/post/Amazon-Cell-Phone- | Reimburseme... | sdoering wrote: | I agree with my co-commenter. At least in Germany your | employer isn't allowed to do this. They must provide the | means to do your work, if they have specific requirements | (having a mobile phone, being reachable, accessing | company email and so on). | lovich wrote: | Well I am commenting from America and there is very | little they cant do unless they go out of their way to | officially state they are doing it for an illegal reason | driverdan wrote: | What if you don't have a smart phone? | spelunker wrote: | There's also no requirement to have your business email on | your phone, at least in my organization in Amazon. I'm happy | to leave it off and not worry about any issues like this. | | Of course I do have other apps directly related to work... I | guess those aren't an issue if I had TikTok? | foolfoolz wrote: | i haven't had work email on my phone in 7 years. it has not | impacted my career negatively | smabie wrote: | How do you know? | ziddoap wrote: | I'll admit I don't know the specifics beyond what was | tweeted. | | I'm with you though... If an employer wants to manage my | device, they can provide the device. | jkaplowitz wrote: | When I worked at Google over 5 years ago, mobile device | options for accessing company accounts were a company- | provided and company-owned device with a company-paid phone | bill, a personal device with company-provided mobile device | management (and sometimes cell phone bill expensing if you | for example had on-call duties), a personal device with | only limited browser-based work account access, and no | account access via mobile. | | The first of these could sometimes have implications for | ownership of personal projects created using the device, | which was one of many reasons I picked the second option, | but it was absolutely permitted at least for any case where | the company cared about you having mobile account access. | Spoom wrote: | Nowadays, at least on Android (though I think iOS has | something similar now?), one can have a work profile, and | the employer can only control activity in / monitor / | wipe that profile. Most employers have switched to that | for personal devices. | | Disclaimer: Googler, opinions my own. | jeffbee wrote: | The third option - accessing only browser sites - is | under appreciated. I never needed to install Google's MDM | on my mobile devices, I just used mobile web gmail and so | forth. It's great, honestly, and the mobile web Calendar | has the advantage that it doesn't destroy your battery | life like the Calendar app will. | | I even saw a guy using the code review site on his | mobile, on BART. That was dumb from the standpoint of | infosec, usability, and mental health, but shows how much | is possible in the browser. | ghaff wrote: | Part of me thinks that MDM on employee phones has become | a something of a checkbox item because customers ask for | it but it's not clear to what extent it really protects | sensitive customer data (which is what they're concerned | about). | jeffbee wrote: | It is literally a checkbox item for PCI DSS. | prteja11 wrote: | Can you share the requirement from PCI DSS? [it's not] | mikepurvis wrote: | Having the code review app available outside of the corp | network / VPN is pretty unusual, at least for shops who | aren't just using SaaS services that are available | publicly anyway (github, gitlab.com, etc). | jeffbee wrote: | You must have missed their "zero trust" initiative. | | """BeyondCorp began as an internal Google initiative to | enable every employee to work from untrusted networks | without the use of a VPN.""" | | https://cloud.google.com/beyondcorp | mikepurvis wrote: | I'm aware of it as a Google thing, but I think it's fair | to say that it's pretty unusual to see it anywhere else. | aboringusername wrote: | With all the security implications there could be, I would | just refuse to use or own a smartphone in any capacity if | it's related to work, unless there was no camera, mic, or | GPS sensor (or they could provide hardware switches). | | Seriously, they could be logging your exact location, | remotely activating the camera or doing any number of | disgusting things. | | Requiring the use of a spy should not be a factor in an | employment setting, of course we're seeing this is the case | and it is very offputting. | | Thankfully not something I need to worry about though. | Xylakant wrote: | Apples iOS MDM framework is exemplary in that regard. | Access to the camera is not possible. Access to GPS is | only possible if the device is marked as lost, which will | visibly change the lock screen. Even when lost mode is | deactivated, GPS access that happened during lost mode is | highly visibly marked on the lock screen. | | Installing an app that relays GPS and camera may be | possible, but permissions need to be granted by the user | explicitly- the MDM server cannot grant those | permissions. | GekkePrutser wrote: | I don't think Apple is the best at this. Yes they limit | the things you mention, but they don't limit visibility | to things like the app list... This can already be quite | revealing in some cases. | | Google has in my opinion the better approach with work | profile. Only give the MDM control and visibility over | the work area and nothing else. | | Apple has started heading into this direction with User | Enrolment but it's not sufficient for most companies as | it only allows built-in apps to be used for both work and | personal data. And it requires Apple account federation | which is problematic. | smabie wrote: | You don't have a work laptop? | dickjocke wrote: | No Amazon generally does not provide you a company phone, at | least not when I was there. | wilde wrote: | Not everyone can afford 2 phones, but their employers expect | them to be online all the time anyway. This is particularly | true of people who work in US hospitals. | scarface74 wrote: | How many people are both important enough to be on call and | can't afford to add a line? | mulmen wrote: | I worked in a hospital and was oncall. My employer provided | the phone. And the pager. To do anything else would be like | asking an employee to provide a laptop, or a desk. | tristor wrote: | Why would you need to be able to afford 2 phones if your | employer is requiring you to have a mobile phone for work? | That's a situation in which the employer should provide the | phone. I've been on-call or mobile-connected for over a | decade, I have never had an employer even suggest that I | should foot the bill for a work device. Either they've | provided me a phone fully paid for work to be returned if I | exit, or have covered the cost of my phone bill for my | personal device in return for accessibility outside business | hours. | thereticent wrote: | There's no good explanation except that US healthcare orgs | tend to misuse staff and clinical providers. Super- | specialized doctor with untold postdoc training in faculty | at my academic medical center? You've got to encrypt your | personal phone to standard and install several required | apps. No it is not expensed. | FireBeyond wrote: | Apropos of the rightness or otherwise of this stance, I | don't think "specialist physicians" typically fall into | the category of people who "cannot afford 2 phones". | markovbot wrote: | I assume they won't be doing that to the main-stream spyware | pushed by US companies. | sdinsn wrote: | Such as? | manquer wrote: | The threat model for AMZ is state sponsored corporate | espionage, not government intruding on your and my privacy. The | former cost them a ton of money unlike the later. Given their | inability to enforce IP or many other laws in china even if | there was similar espionage happening in the U.S. the legal | system is strong enough for Amazon not to worry of losing | money. | andybak wrote: | Which ones and what is your threat model? | vkou wrote: | The threat model of the US government, or a US company spying | on a US citizen is, to the citizen, about as harmful as the | Chinese government spying on them. | | Actually moreso, in the case of the US government. | rrix2 wrote: | but amazon doesn't care about its employees in that | context, only about protecting their own company standing. | (and many people will say here "why shouldn't they?!") | ac29 wrote: | There is no reason for the US government to do industrial | espionage on US companies. China might not be doing it | either (via TikTok, at least), but it does have a motive. | vkou wrote: | No, but there's reason for the US government to spy on | _you_ , if you are a problem person. | | Why do you assume industrial espionage is the sole reason | for a government to spy on you? | treebornfrog wrote: | Byte.co waiting for adoption on the sidelines. | s1mon wrote: | There are a bunch of TikTok wannabes (Byte, Dubsmash, or the | various attempts by Facebook), none that I've seen are as fluid | or addictive. TikTok's ability to navigate around with a bunch | of responsive swipe gestures and keep showing things that might | be interesting is miles ahead of the competition. The fluidity | is very dependent on a good internet connection. | xendo wrote: | For the context, as an Amazon employee I'm not required to access | email from my mobile. The only app that I need to have is virtual | pager and it doesn't require allowing Amazon to administer my | phone. Physical pagers are also an option. | Multicomp wrote: | TLDR ooh Amazon has pagers, I wonder how? | | Are there any pager networks left in the US? I've always been | interested in them out of historical curiosity because I was | too young to use them when they were actually a thing, but from | what I understood, pagers are pretty much not a thing anymore. | Nbox9 wrote: | I wouldn't expect a modern pager to operate on the same | technology as older pager. Pagers are a thing and they have | there uses. I've heard of a physical pager being used to | symbolize who is "on call", and a team of engineers will pass | the pager between themselves. I've seen restaurants pass out | pagers to people waiting for tables. I've heard talk about | some medical/emergency personal still using pagers. | | I imagine pagers are probably used in highly secure | communications (military, statecraft), because the thing | being paged doesn't have to give away it's location, or even | the fact that it received the message. | spelunker wrote: | Hospitals still often use pagers - they're deemed more | reliable than cell phone networks. I don't know if that's | actually true or not but there you go. | bonzini wrote: | Are they using work profiles on Android phones of employees | that need mobile email access? It is a very good solution that | lets the employer administer only a separate identity and gives | them no access to personal stuff. The only global thing that | the employer can do is enforce a certain level of security (for | example requiring a PIN on the lock screen and data | encryption). | ballark wrote: | Amazon employee here. They do use work profiles on Android | phones. | bonzini wrote: | So in theory they should have no control on the apps you | install on the personal side. Is this just moral | obligation, or are they requiring full control of the phone | even outside the work profile? | GekkePrutser wrote: | I manage phones for a big corp. Just want to clarify | what's possible. Google highly limits what you can do in | Work Profile mode, you can't control much outside the | work profile. | | We can't see the app list on the personal side in work | profile mode, BUT we can specify some that are a no-go. | I'll show up as a compliance violation. But we can't view | the list anymore like we could do with the pre-work | profile Android Device Admin management (and still can | with Apple). | | We're not blocking any apps ourselves right now but it is | possible. We do grant all BYOD phones access to our | network, so for that reason we would want the capability | to block any known threats if they are around. | | We can also control some minor things on the personal | side, like a pincode requirement and forbidding of | sideloading and rooting. But in general we have very | little visibility and control, which is the way I (as an | admin) like it too. I only want to know what I really | need to know especially on the personal side. We can (and | do) also block copy/paste from work profile to personal, | as data loss prevention, but we allow it the other way | around. | | In general users complain a lot about the work profile | being separate, and not being able to integrate their | personal and work calendars.. But for personal privacy | it's a big win IMO. Apple has something similar since iOS | 13 (called User Enrolment) but it's still a bit too | limited to be sufficient for us. And it requires Apple | federated accounts which have some requirements that are | impossible for us to meet :( | bonzini wrote: | > we can specify some that are a no-go. | | Oh, that's very interesting! I knew about the PIN | requirement as an example of control outside the work | profile, but I didn't know this was possible. It makes | sense though. | Aperocky wrote: | As a developer, I don't see why I need to be constantly alerted | to emails. I check about once or twice per day for items that | need to put on calendar but every/anything urgent is for the | pager. | reaperducer wrote: | Preach, brother. | | Unfortunately, middle managers gotta middle manage. And they | don't get the adrenaline rush of having people under them | unless they can tabulate those people. | | Which is why a lowly web dev like myself is expected to carry | around a company-issued phone even in my off hours. In four | years I've never needed it. | blondie9x wrote: | Snapchat are you listening? Make a page for your users and allow | them to persist the videos and images. You will have implemented | a complete platform for those who want images to disappear and | for those who want them to persist. That makes TikTok redundant | and unnecessary. | metaphorical wrote: | In 2018, Bytedance CEO released a public statement after an | incident with the CCP censor. In that statement, he promised that | Bytedance apps would strengthen "the work of Party construction" | and "socialist core values" etc. | | https://chinamediaproject.org/2018/04/11/tech-shame-in-the-n... | | I don't know how Bytedance as a company can serve CCP interests | AND claim to be independent of CCP interference _at the same | time_. | | TikTok is a good product, but it may not be a safe product. | | More on the dystopian practices of Douyin (TikTok in China): | https://twitter.com/Izzy_Niu/status/1280906443273768960 | https://twitter.com/JoshuaDummer/status/1280877750245453828 | m0nsoon wrote: | TikTok and Chinese apps in general are having a tough day. While | nothing malicious has been conclusively shown--save for iOS | pasteboard spying which it seems EVERY app is doing--I suspect | that this is a geo-strategic move by the US and our Allies to | dominate and flex economic power over China. | btgeekboy wrote: | If I had to judge between whether I wanted TikTok or corporate | email on my phone, it wouldn't be just about the email. I could | live without that. What I really liked, especially back when we | actually went into offices, was that I had my calendar available | without opening up my laptop, and that it showed the next place I | needed to be right on my wrist. | tzs wrote: | How does Amazon email access work from home desktops? I assume it | is not just simple POP/IMAP/SMTP authenticated by | username/password, because if it was you could use that from | mobile, too. | somethoughts wrote: | Bytedance should just take the cash and spin off TikTok as a | separate entity run by the new CEO Kevin Mayer. Perhaps selling | the spin-off to Disney or Snapchat or Private Equity while its | still worth something. | apta wrote: | Good start. Hopefully the rest of the corporations and world | governments follow. | ddevault wrote: | Is TikTok officially the scapegoat now? Sure it's bad, but it | seems like an awful lot of attention is being brought to it | compared to many of the other companies (and governments!) that | are doing... the exact same shit, and often more so. | orblivion wrote: | Sorry if I missed something obvious, but if we're at the point | where the U.S. government is even contemplating banning TikTok, | how come it's on Google and Apple stores at this point? They seem | to be at least somewhat vigilant about spyware etc. | tehwebguy wrote: | Apple should remove it for being spyware. | | Google should remove it for being competition. | yesplorer wrote: | 1. Because the app stores don't serve a single country. | | 2. People don't use the app store at the pleasure of the US | government. | orblivion wrote: | Forget countries and governments. Don't they serve the users, | at least to some extent? Forgetting the political issues, | there have been multiple spyware scandals here, right? Or did | I get the wrong idea? | | Of course these companies have selfish corporate interests, | but I've seen both of these companies show at least _some_ | level of care for their users. Even if it's part of keeping | up appearances out of concern for their corporate interests. | yesplorer wrote: | At this point, no single government has provided a | verifiable reason why Tik tok should be banned. if there | were verifiable claims, you think Apple and Google will | conveniently let them be in their app stores and take the | heat for it? | | What benefit would they get? | sc11 wrote: | > 1. Because the app stores don't serve a single country. | | There are country-specific Apple app stores and apps that are | only available in some countries | yesplorer wrote: | therefore, see point 2. | whoisjuan wrote: | China is Apple's second largest market. They are not removing | it from the US App Store unless they are legally obligated to | do so. | | They have no reason to add wood to that fire. Apple's best bet | right now with this particular issue is to play neutrality. | orblivion wrote: | This answer makes sense, thank you. | bonestamp2 wrote: | > China is Apple's second largest market. | | At least for now. It's important to note that the Chinese | government has a very strong campaign against American phones | (and it's working), as backlash against the US for banning | Huawei. | | This is also why Apple is even less likely to do anything to | further upset the CCP, not to mention they manufacture the | bulk of their products there. But if Apple loses enough | market share and/or moves enough production out of China, | then they might change their tune as well. | rvz wrote: | > China is Apple's second largest market. They are not | removing it from the US App Store unless they are legally | obligated to do so. | | That's true. However Apple's hands are tied here due to this | and they always bend to the side of China. Due to this, they | are still being accused of hypocrisy. | ngold wrote: | Tik tok is actual Chinese state owned malware, you think | apple would have removed it day one or never let it on their | walled garden, since it breaks most apple rules about phone | access. Same with the play store. | geogra4 wrote: | And those rules are...? | [deleted] | bigpumpkin wrote: | Perhaps Google and Apple's standard for evidence is higher than | the US government's. | time2stop wrote: | tiktok is controlled by CCP, don't you know that? | enitihas wrote: | Apple earns a lot of money from China, so difficult for them to | do something which irritates the Chinese government. | | Google behaves the same way, even though they have no income | from China right now, but I think they are secretly hopefully | of dragonfly. | linuxftw wrote: | They don't have to ban it on "Chinese Spyware" terms, they | could just ban it on normal "spyware" terms. The fact that | tiktok is Chinese is incidental, and not necessarily an | indictment on all Chinese apps. | inetknght wrote: | That would then create a double standard for all the | American Spyware in the app store. | [deleted] | sushid wrote: | What does dragonfly mean in this context? | enitihas wrote: | The secret google search engine that google planned to | launch in China which would comply with the great firewall. | | https://en.m.wikipedia.org/wiki/Dragonfly_(search_engine) | [deleted] | three_seagrass wrote: | Dragonfly was canned after Google employees revolted. I'd be | surprised if Google could even get a project like that | resourced again without more leaks. | enitihas wrote: | I think it might have been canned due to revenue | implications more than employee revolt. Google doesn't want | to end up in a situation where dragonfly doesn't earn much | money, causes constant headache from the Chinese | government, and gives ammunition to both left and right | wing politicians to use it as an argument against Google on | everything. | | I think enough money can buy silence from a lot of people, | plus it's clear google already has the tech, as they show a | banner on every thing relating to covid (search results, | YouTube) and do a quite impressive job at that. So I guess | they can just tweak it for dragonfly, or even get their | Chinese employees to do the tweak, since they already hire | in China. | | Once the growth slows, companies look for alternative | revenue sources, like Apple is doing with services. The | problem is that google has shown itself to be wildly | incompetent at non engineering parts of their businesses | other than search. e.g, Google cloud might be the only | cloud to raise prices for anything so far(Google Kubernetes | Engine price update) | | It will be interesting to see what they choose. I don't | think dragonfly can make them much money anyways, since | Baidu too isn't making a lot of money in China.(When | compared to how much Google makes in the US). I guess | mostly due to closed mini app ecosystem on wechat, and | probably a smaller internet eco system outside wechat. | mrlala wrote: | From what I read, I think the issue is people keep claiming it | does all this various "spyware" stuff, when it sounds like it's | doing _nothing_ that any other app could do, given the (what | appear to be) lax permissions of android /ios. | | If people are so worried about what tiktok can be gathering | outside of the app, that is a problem for apple & google. | | For this, I think it's 100% overblown what people think tiktok | is doing. It just doesn't make sense. If it was really some | kind of massive spyware, I agree apple/google would be all over | this.. but they aren't. | | This comes down to a lack of trust in China obviously, and I | don't think there's anything really more concrete than that. | snazz wrote: | Yep, I think you're right. Apple needs to put permissions on | things like the clipboard for all apps. I certainly don't | support the CCP, but extending that distrust to TikTok is | somewhat illogical when there is no good evidence of TikTok | doing anything that other apps don't do. | ngold wrote: | It was the whole read write access that was a massive | violation of apple and googles store policy. | | It can upload and download whatever to your phone. | | No other app is even close to allowed that. | mrlala wrote: | >It can upload and download whatever to your phone. | | >No other app is even close to allowed that. | | So an app that is on like a billions people phone is | knowingly doing things against google & apples app store | policy.. yet they choose to let one of the largest apps | exploit them? | | If you can read the above and not see why there is a pretty | large obvious logic flaw then it's not even worth | attempting to convince you otherwise... | nxc18 wrote: | Can you please point to any evidence or source? I've never | heard of this happening (beyond what every other app can do | in terms of downloading and uploading data) and the wording | isn't clear as to what exactly you mean. | GekkePrutser wrote: | This wasn't just the clipboard thing though. Some more | elaboration: | | https://www.reddit.com/r/videos/comments/fxgi06/not_new_news. | .. | orblivion wrote: | This also makes sense (in addition to another answer that I | said made sense). I didn't look much into the spyware | scandals. "This app isn't any more spyware than many other | popular, accepted apps, and people focused in on this app and | made a big deal of it" is believable to me because I've seen | it before. | ngokevin wrote: | China is just US public enemy #1 because it's a geopolitical | and economic threat. The US doesn't want to export data to | them for free. It's funny America sometimes gives China flak | for banning Google/FB/etc because they wanted to control | their data (on top of national security stuff but I think the | data is just important). And now the US is doing the same. | scarface74 wrote: | I doubt the government even has the right to ban an app. If so, | could they also ban a website? | guuguuguu wrote: | government don't need to do anything, they will let google | and apple do the work | LinuxBender wrote: | Yes, if the owner or organization is found to be breaking the | law. Malicious domains are seized every day. Here [1] is one | of the most recent examples. Some people try to evade this | [2] with varying degrees of success. | | [1] - https://www.msn.com/EN-US/news/technology/microsoft- | secretly... | | [2] - https://torrentfreak.com/how-to-stop-domain-names- | being-seiz... | scarface74 wrote: | And if the domains are registered out of the country? | kevin_thibedeau wrote: | I would like to know what US laws TikTok has violated first. | jlarocco wrote: | Yeah, not to defend Tik-Tok, China, or spyware in general, | but it's ironic that nobody has a problem with Google, | Facebook, and other American companies tracking everything | people do, but when a Chinese company starts doing it, it's | suddenly a big problem. | | But then again, TikTok probably doesn't answer their | subpoenas... | adventured wrote: | There's nothing complicated or unusual about it. It's not | ironic either. | | China is increasingly an adversary to the US. That context | is going to get a lot worse this decade. TikTok is owned by | a Chinese company and ultimately must (and will) answer to | China. Facebook, Google, et al. are of course American | companies. | | For a nation, whether Facebook concerns you as much as | TikTok depends largely on which side you're on (or if you | have a side at all). | | The world is going to be aggressively bifurcated, US-USSR | style, going forward. There will be the liberal side and | the China side. China's direction is fundamentally opposed | to the major liberal nations, what they commonly believe in | and how their systems operate. That conflict and | incompatibility will get worse as China's behavior | continues to get worse. | pishpash wrote: | Unfortunately, the so-called "liberal side" is going for | all the tools like censorship and banning, state | interference in the corporate sector, and more that it | berates the other side about, so there is no moral case | here, just pure tribalism. Actually the "liberal side" | invented all these tools but has had a vastly better | propaganda machine and hides under the cover of due | process and procedural justice that never seem to deliver | actual justice to the people most in need of it. I'm glad | the world is getting to see the naked body of the | "liberal side" under Trump. | azinman2 wrote: | Regardless (I both agree partially yet think you're | omitting major differences here), you still live | somewhere. When states are adversaries, that means there | are consequences to being involved with the other state. | jm4 wrote: | Google and Facebook implement tracking to serve ads. The | risk with TikTok is the CCP tracks and builds profiles for | the purpose of furthering communist goals. For example, | they can serve up content that persuades users to be more | sympathetic to communist ideals the same way Google can use | AI to identify the types of ads you might respond to. | kevin_thibedeau wrote: | Building profiles on people is not illegal and neither is | espousing communist ideology. Hundreds of US based | organizations do both. | pishpash wrote: | Please dispense with the naivete. Serving ads is the | ostensible _commercial_ goal of Google and Facebook. That | 's not their only duty. | jlarocco wrote: | First of all, that assumes serving ads is somehow better | than spreading communist ideals. I'm skeptical, and I | doubt there are convincing arguments for either side that | don't rely on people's personal preferences. | | Second, you're ignoring that many US politicians and | government agencies use web services like Twitter and | Facebook to spread their own propaganda and control what | people see. Unless somebody wants to argue that Donald | Trump tweeting "POLITICAL WITCH HUNT"[1] isn't spreading | propaganda, or that Facebook flagging political ads is | somehow 100% completely unbiased. | | Obviously countries have some control over the media and | propaganda and manipulation their citizens get to see, | but lets not pretend ours is better just because it's | ours. | | [1] https://twitter.com/realDonaldTrump/status/1281260329 | 2473999... | fastball wrote: | Yeah the difference is that if FB violates my rights, I | have some recourse. Not so if its the CCP. | everfree wrote: | What recourse do you mean, exactly? | tropdrop wrote: | One can successfully sue Facebook, etc. for violating | privacy rights - | | https://techcrunch.com/2020/01/29/facebook-will- | pay-550-mill... | jlarocco wrote: | Facebook had net income over $60 billion dollars in the 5 | years that lawsuit was going on. | | At that rate they can continue violating people's rights | indefinitely, so I really don't see the difference. | tropdrop wrote: | The question was only "what" recourse there was (and the | answer - some), not whether said recourse fixed the issue | entirely, nor even whether it is effective. | | The difference between "some" recourse and "no" recourse | is not insignificant. It is exponentially harder to move | the needle from "no recourse" to "some" than it is from | "some" to "more." | kevin_thibedeau wrote: | That's great for Illinois citizens. Federal legislators | are bought off to prevent this from happening nationally. | [deleted] | gruez wrote: | Does the government have to go through judicial approval to | get apps banned from its devices? | 013a wrote: | Our laws are woefully out of date to account for the | technological innovation that has happened in the last, even, | decade. | | Of course, this is a fact that everyone here is perfectly | willing to admit when it comes to topics that are easy to | take the "right" side on, like privacy, encryption, and net | neutrality. When the topic gets more contentious, like | allowing the ability for another country to collect data on | the citizens of the US, its not so clear. | | But, the core reasoning behind the issues are the same: we | don't have the legal precedent to say that they're breaking | the law. This is how new laws are made: we get executive or | judicial precedent, this leads to a new law, and now they're | breaking it. The law is not set in stone, and allowing | applications like TikTok to exist simply because they're not | breaking any existing laws is not the kind of conversation | any decision makers are having right now, for the better. | kevin_thibedeau wrote: | Privacy incursions have been made by data brokers for 50 | years. There's been plenty of time to legislate privacy. | The people controlling Congress won't let it happen. | nemothekid wrote: | > _Sorry if I missed something obvious_ | | The fact that they aren't doing anything that FB isn't already | doing. The beef the USG has is that the CCP will have access to | the data, not the fact that they are collecting the data at | all. | | The privacy hawks have been warning about this exact situation | and people are now "surprised" when someone gets access to the | data that they might not like. | J5892 wrote: | Any tracking that TikTok is doing likely doesn't violate the | terms of the Google/Apple stores. So removing it from the | stores would just be straight up censorship. | | Note: I'm not defending TikTok in any way here. I personally | believe that nobody should be using it. | dragonwriter wrote: | > if we're at the point where the U.S. government is even | contemplating banning TikTok, how come it's on Google and Apple | stores at this point? | | Because the US Government, Google, and Apple share neither | leadership nor most strategic goals. | hoorayimhelping wrote: | Because Google and Apple are private entities, and they're not | beholden to the government's whims. They have relationships | with citizens, who may not necessarily agree with the | governments' assertions. And because the government is forced | to follow a set of rules for enacting laws. Talk isn't enough | to enforce will. | | I think a better question to ask is, under what authority is | the US government talking about banning TikTok? If there are | clear security issues, or TikTok or the people running it are | in violation of some US law, the onus is on the government to | prove it. I haven't seen any proof of this, just a lot of | hearsay. ___________________________________________________________________ (page generated 2020-07-10 23:01 UTC)