Menu
EN

TikTok tracked a cat’s account to spy on its owner. Is your privacy at risk?

Of all the people who value their own privacy and the privacy of their business contacts, journalists are perhaprs at the top of the list. If they fail to protect the anonymity of people who have confided in them, often at great personal or professional peril, their reputation and their confidants will suffer. It’s expected of a journalist, and a tech journalist at that, covering Chinese social giant TikTok to put extra effort into flying under the radar.

Christina Criddle, the tech reporter for the Financial Times, went that extra mile and created a TikTok account not in her name but in the name of her cat, Buffy. That, however, was not enough to protect her from being spied on by TikTok employees.

The purr-fect spying target

Last year TikTok admitted that four of its employees, two in China and two in the US, gained access to the IP addresses and other data of Criddle and Forbes’ Emily Baker-White, as well as that of their TikTok contacts. Both women reported on TikTok and were in contact with insiders who provided them with damaging information about the company, such as exposing its ‘toxic’ work culture.

For a long time there were only scant details about that privacy breach. But recently Criddle has shed some light on how supposedly ‘rogue’ TikTok employees were able to keep tabs on her: it was by tracking… her cat.

Criddle revealed that she created a TikTok account for her cat, Buffy, using her personal mobile phone. To sign up with TikTok, you have to be at least 13 years old and a human, not a cat, so Criddle had to give the platform her email address, not Buffy’s, or a phone number to do so. The journalist did not put her own name or occupation on Buffy’s account, which reportedly had only about 20 videos and a modest 170 followers. That means TikTok employees had to do some digging to link this account to her.

But given how much information TikTok — much like any other social network — collects on its account holders, including device information and off-platform online activity, this did not prove to be much of a stumbling block.

The cat’s out of the bag…

The TikTok employees who did the spying were later revealed to be part of the internal audit and risk team at TikTok’s parent company, ByteDance. They acted on their own volition (that is, if you take TikTok at its word) and in violation of the company’s policies when they decided to track journalists in the hopes of uncovering the source(s) of the leaks. To do this, they used internal tools to access their personal data, in particular location, to see if the journalists had ever been near ByteDance employees.

The effort was reportedly a flop (that is, if we still take TikTok at its word): no sources were unmasked, and the offending employees were fired in disgrace. TikTok played up the incident as a one-off, never to be repeated.

…but it is still scratching at the truth

Recounting her interactions with TikTok post ‘cat-gate’, Criddle said that the company failed to respond to her many inquiries about the specific times and dates when she was tracked, as well as the exact nature of the data that was obtained and how it was used. She said that TikTok “has never fully answered” her questions.

According to TikTok’s privacy policy, the company may collect information about your “approximate location based on your SIM card and/or IP address.” The policy also states that “current versions of the app do not collect precise or approximate GPS information from US users.” An “older” version of the app that can still collect such information, TikTok notes, was last released in August 2020. This raises the question of how TikTok’s “spies” hoped to pinpoint Criddle’s location in the summer of 2022, assuming that knowing an approximate location is hardly enough to determine whether she was in the immediate vicinity of a ByteDance employee in London.

ByteDance told the New York Times that the four rogue employees accessed “historical data,” that had not yet been deleted from outside the Oracle cloud where all the US data is currently being migrated and where it will be stored. The migration of the data is part of the initiative, codenamed Project Texas, to address some of the US national security concerns and prevent the app from being banned in the US. Until Project Texas is completed, TikTok employees in Beijing could theoretically access US user data.

Following the revelations about spying on journalists, the US Justice Department and the FBI have launched an investigation into a breach of user privacy by ByteDance. Some, however, say that TikTok has been unfairly singled out by the US authorities because of its Chinese origin. What is certain is that TikTok is not the first social media platform to have employees who abuse their access to user data. As for the TikTok ‘spies,’ they are only following in the footsteps of their many other predecessors in US-based social media companies.

Big Cats Tech and their bad litter

TikTok is by far not the only cat in the alley that has been spying on users and having rogue employees. Here are some other examples.

In 2019, two former Twitter employees, Ahmad Abouammo and Ali Alzabarah, were accused of abusing their access to user data to spy on Saudi dissidents on Twitter and pass their personal information to Riadh for money. Abouammo was sentenced to 3.5 years in last December, while Alzabarah managed to escape the country. That same year, 2019, Motherboard revealed that “multiple” Snapchat employees had abused a set of internal tools, including one called SnapLion, to spy on users. The employees reportedly nicknamed SnapLion, originally designed to help process police requests, “the keys to the kingdom.” Those keys allowed them to view sensitive user information such as location data and saved Snaps.

Google, the ‘Big G,’ fired around 80 employees between 2018 and 2020 for misusing internal tools. This included accessing user or employee data. The list would not be complete without Meta, a serial privacy violator that boasts a less than an enviable record when it comes to privacy and security, or lack thereof. As recently as this past November, Meta fired or disciplined two dozen workers for abusing an internal tool, called ‘Oops,’ to take over user accounts, sometimes in exchange for bribes. However, this perhaps pales in comparison with the time (then still) Facebook fired 52 people for misusing employee access to spy on people. Among those given a boot was a Facebook engineer who tracked down a woman after she stopped answering his calls.

There is a problem, but is there a solution?

Few would argue that virtually every company has “bad apples” in its midst. And the larger the company, the greater the number of bad apples. What makes the likelihood of data breaches at TikTok and other social media companies so high is the bulk collection of user data that they do to survive: The livelihood of every social media platform, including TikTok, depends on advertising, which in turn requires data collection. The more they know about their users, such as where they live, what they like, and who they follow, the better they can target them with ads that match their interests. And when an ad is relevant to the user, they are more likely to click on it, which is what advertisers want.

Tech companies that handle this sensitive data have a responsibility to protect it and prevent its misuse, but the unbridled access that many employees seem to have to this data makes this task almost insurmountable.

So what can we do to protect ourselves? One possible solution is to have a separate phone for your socials, as Criddle did by having a ‘dummy’ phone for TikTok after finding out that it was spying on her through her cat’s account. Having a separate phone can restrict the access of social media apps to your main device’s features, your contacts and location. However, it won’t stop tracking completely: social media platforms will still be able to collect and share your data with other parties, such as advertisers.

It’s also important to be aware of privacy policies and permissions you give your apps, adjust your settings to limit data collection, use anti-tracking and ad-blocking tools on all devices, and be suspicious of any unusual activity, such as attempts to log in your apps from an unfamiliar location. While there’s no foolproof way to protect yourself from falling prey to spying, the less sensitive information you share on social media platforms, the safer you generally are.

Liked this post?

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
User Reviews: 13066
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
User Reviews: 13066
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
User Reviews: 13066
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard for iOS

The most advanced ad blocker for Safari: it makes you forget about pop-up ads, speeds up page loading, and protects your personal data. A manual element-blocking tool and highly customizable settings help you tailor the filtering to your exact needs.
User Reviews: 13066
4.7 out of 5
By downloading the program you accept the terms of the License agreement

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
User Reviews: 13066
4.7 out of 5

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
User Reviews: 13066
4.7 out of 5
App Store
Download
By downloading the program you accept the terms of the License agreement

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
User Reviews: 13066
4.7 out of 5

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
User Reviews: 13066
4.7 out of 5
By downloading the program you accept the terms of the License agreement
Read more

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
User Reviews: 13066
4.7 out of 5
Assistant for Chrome Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Firefox Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Edge Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Opera Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Yandex Is it your current browser?
Install
By downloading the program you accept the terms of the License agreement
Assistant for Safari Is it your current browser?
If you can't find your browser, try the old legacy Assistant version, which you can find in AdGuard extension settings.

AdGuard Temp Mail β

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
User Reviews: 13066
4.7 out of 5

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
User Reviews: 13066
4.7 out of 5
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device