FYI: TikTok tracking pixels can be found all over the web – just like Meta, Google
Don't have a TT account? Doesn't matter!
Updated Google and Meta may be the first names that come to mind when thinking of silent online tracking of users, but another business is getting into the game in a very similar manner: TikTok.
Tracking pixels belonging to the social network, owned by Beijing-based ByteDance, were found on a number of highly trafficked websites, including those owned by Planned Parenthood, the Arizona Department of Economic Security, WebMD, the Girl Scouts, sexual violence prevention organization RAINN, US pharmacy chain RiteAid, among others.
Like Meta's Pixels and Google's Analytics tags, the info TikTok is harvesting is used for online advertising, and it doesn't limit itself to those who have signed up to its service. Websites can opt into having the pixel on their pages, which allows companies advertising on TikTok to measure how effective TikTok ads are at driving netizens to pages and sales, and so on.
According to Consumer Reports, which directed an investigation performed by web privacy firm Disconnect, hundreds of organizations share data with TikTok, via these pixels, which gather information that "can include your IP address, a unique ID number, what page you're on, and what you're clicking, typing, or searching for."
According to a TikTok spokesperson who talked to Consumer Reports (TikTok did not respond to The Register's questions in time for publication), the internet biz uses the data to improve and monitor ad targeting, and said it doesn't use the data to group people into interest categories for other advertisers to target.
That is to say, according to TikTok, the pixels are used to measure how many people coming to a site got there via a TikTok ad, whether that resulted in an action – such as a sale or booking or account sign-up – and relaying those stats back to the advertiser.
The spokesperson told Consumer Reports that TikTok's pixel can track users who don't have TikTok accounts; their activities are delivered as aggregate reports to advertisers.
However, as Consumer Reports pointed out: "There's no independent way for consumers or privacy researchers to verify such statements."
Is TikTok a greater threat?
Patrick Jackson, CTO at Disconnect, expressed surprise that TikTok's tracking pixels were already so widespread. "I think people are conditioned to think, 'Facebook is everywhere, and whatever, they're going to get my data.' I don't think people connect that with TikTok yet," Jackson said.
- TikTok faces $29m fine for 'failing to protect UK kids' privacy'
- Afghanistan's Taliban government bans TikTok
- TikTok wants your trust around US midterm elections data
- UK Parliament bins its TikTok account over China surveillance fears
The report claims that Meta and Google's trackers are far more widespread than TikTok's.
Meta, Google, and others have been spotted slurping data from the Scottish NHS's online symptom checker, Meta has been caught harvesting sensitive data from US student financial aid websites run by the government, and even hospital patient portals have been spotted sharing data.
Those US-based companies have been under further fire since America's Supreme Court overturned Roe vs Wade earlier this year, ending the national guarantee to safe, legal abortion access. US senators have urged the Federal Trade Commission to protect user data from tech companies that could be used to build a case against someone seeking access to reproductive healthcare – a scenario that has already happened, though pixel-harvested advertising data wasn't involved.
TikTok, based in California, is making regular appearances in privacy headlines, including being investigated this year over whether its algorithms were promoting harmful content to children, and was recently fined £27 million ($29 million) in the UK for illegally harvesting the data of children under 13 and failing to protect their privacy. Beyond that, TikTok has also admitted staff in China are able to access US data, which ByteDance said it's trying to resolve by moving its US user data to Oracle cloud servers located exclusively in the United States. ®
Updated to add
TikTok's spokeswoman Melanie Bosselait has been in touch to tell us what she told Consumer Reports: "Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services. Our terms instruct advertisers not to share certain data with us, and we continuously work with our partners to avoid inadvertent transmission of such data."
Also, she said TikTok's "publicly available advertising policies" that transparently and openly define the kind of advertising data it collects.