Do I really need to write about this if I do not use TikTok? That is the question I have asked myself several times. The U.S. government has been laser-focused on banning TikTok, citing national security risks, concerns over data collection, and its ties to China. While there are legitimate debates over the app’s influence and data privacy practices, the obsession with banning TikTok seems more like theater than an actual cybersecurity issue.
For myself, if the government cared about protecting Americans’ data, it would be going after the real threat—the dark web marketplaces and cybercriminals selling stolen data every single day. In this article, I discuss the TikTok situation and the importance of action against cybercriminals, which I call the 10%.
The TikTok Controversy: Data Privacy or Political Leverage?
The push to ban TikTok has gained major political support and lawmakers arguing that the app’s Chinese ownership allows the Chinese Communist Party (CCP) access to large amounts of American user data. The Biden administration even threatened to force ByteDance, TikTok’s parent company, to sell the app or face a nationwide ban. That means no more cute videos to keep you up at night instead of sleeping. More recently, new legislative efforts have resurfaced with the same argument: TikTok is a national security risk. But where is the evidence to stake the claim?
Concerns about TikTok aren’t baseless. The app collects a significant amount of user data, from location tracking to behavioral analysis, much like its American counterparts, Facebook, Instagram, and Google. This is good news because the American apps have suffered no data breaches and are safe for you. This is said with a sarcastic tone of course. I wouldn’t be writing to you if I didn’t know that most apps suck when it comes to security.
However, there is no concrete evidence proving that TikTok has handed over user data to the CCP. At this point, the fear is more about the potential for abuse rather than documented incidents. I do not know what the CCP would do with information about me going to the gym and loving cat videos.
Meanwhile, the U.S. government struggles to address data breaches and cybercrime ecosystems that thrive outside of TikTok’s influence. The dark web operates as an unregulated black market, where personal information, financial records, healthcare data, and corporate secrets are sold daily. If the concern is about data security, why isn’t there an equal push to crack down on the cybercriminals responsible for this trade?
What We Know About TikTok and Privacy Issues.
-
U.S. National Security Threat: One of the most prominent legal battles involves concerns from the U.S. government about TikTok’s data privacy practices. U.S. officials have argued that TikTok could share user data with the Chinese government, given that the app is owned by ByteDance, a Chinese company. This raised national security concerns, leading to discussions about a potential ban and the forced sale of the app to an American company.
-
Data Collection Practices: TikTok has faced scrutiny for its extensive data collection practices, including location tracking, device information, and browsing habits. Critics argue that this data could potentially be misused by the Chinese government or any other malicious actors.
-
Children’s Privacy (COPPA Violations): In 2019, TikTok faced a $5.7 million fine from the U.S. Federal Trade Commission (FTC) for violating the Children’s Online Privacy Protection Act (COPPA). The FTC accused TikTok of collecting personal information from children under 13 without obtaining parental consent, which is required by law.
-
Biometric Data Collection: TikTok has also faced legal challenges regarding the collection of biometric data (such as facial recognition data). In Illinois, TikTok was sued for allegedly violating the state’s Biometric Information Privacy Act (BIPA) by collecting biometric data without user consent.
-
Censorship Concerns: TikTok has been criticized for censoring content that is critical of the Chinese government, particularly content related to sensitive topics like the Tiananmen Square massacre, Tibet, or Hong Kong protests. The platform has faced allegations of censorship in favor of Chinese political interests.
-
Inappropriate Content: TikTok has also been criticized for its handling of inappropriate content, including hate speech, bullying, and explicit material. There have been lawsuits and public backlash over how the platform manages and moderates user-generated content.
-
Indian Ban: In 2020, India banned TikTok, citing national security concerns related to the app’s data practices. The Indian government claimed that the app was a threat to the sovereignty and integrity of India. This was part of a broader crackdown on Chinese apps amid rising tensions between India and China.
-
European Union Scrutiny: TikTok has faced investigations from European regulators concerning its data privacy practices, particularly in relation to the General Data Protection Regulation (GDPR). This includes scrutiny over how TikTok handles data for minors and how it stores and processes user data.
I am not stating that there is an app in particular that is the safest; I am stating that TikTok does have a history of privacy issues. The government is not wrong about that. Although in regard to privacy, TikTok has made significant strides in improving security and privacy. It’s not enough for the United States government since the owner is Chinese-based, and they are pushing for it to be US-owned. This, of course, is folly to the TikTok user on the grounds that ownership has nothing to do with security mechanisms and data privacy. Maybe the focus is misplaced?
A Misplaced Focus: The Need for Real Cybersecurity Reform.
While the government obsesses over a social media app, cybercriminals continue business as usual. Over 10% of all cybercrimes are driven by stolen data sales, creating an underground economy where breached information is bought and sold at scale. Unlike TikTok, which operates in plain sight under public scrutiny, these cybercriminals operate in the shadows, profiting off identity theft, fraud, and corporate espionage.
Major breaches affecting companies like Equifax, T-Mobile, and various healthcare providers have led to millions of Americans’ data being leaked, yet the government response remains weak. Instead of focusing on proactive cybersecurity measures—such as better enforcement against cybercriminal marketplaces, improved corporate data protection standards, and cracking down on initial access brokers—the political focus remains on TikTok, an app that collects no more data than any other mainstream social platform. If the government truly wanted to protect American citizens, it would prioritize:
• Disrupting dark web markets – Going after the infrastructures that enable mass data sales rather than focusing on a single company.
• Regulating data brokers – Holding accountable the legitimate companies that collect and sell user data legally, often with little transparency.
• Strengthening cybersecurity laws – Enhancing federal protections against large-scale breaches and increasing penalties for companies that fail to secure sensitive information.
• Funding cybercrime investigations – Providing law enforcement with more resources to track and prosecute hackers operating within and outside the U.S.
Welcome to Rock Bottom
TikTok may or may not pose a security and privacy risk, but the larger and more immediate threat comes from the thriving cybercrime ecosystem that profits off stolen data. The U.S. government’s fixation on banning TikTok feels more like a distraction from the real issue and a need to tackle the rampant data breaches and cybercriminal activities other than a short-form video app ever could.
If lawmakers truly cared about national security, they would stop fearmongering over TikTok and start addressing the 10% of cybercrime that actively sells stolen data in broad daylight. Until then, the focus on TikTok seems more about politics than cybersecurity.
In the end, all social media platforms have data and security privacy issues. If you are worried about it, you can always come to the dark web…it’s a trustworthy place and lawless.