Banning TikTok

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and side effects. In the end, all the effective ones would destroy the free Internet as we know it.

There’s no doubt that TikTok and ByteDance, the company that owns it, are shady. They, like most large corporations in China, operate at the pleasure of the Chinese government. They collect extreme levels of information about users. But they’re not alone: Many apps you use do the same, including Facebook and Instagram, along with seemingly innocuous apps that have no need for the data. Your data is bought and sold by data brokers you’ve never heard of who have few scruples about where the data ends up. They have digital dossiers on most people in the United States.

If we want to address the real problem, we need to enact serious privacy laws, not security theater, to stop our data from being collected, analyzed, and sold—by anyone. Such laws would protect us in the long term, and not just from the app of the week. They would also prevent data breaches and ransomware attacks from spilling our data out into the digital underworld, including hacker message boards and chat servers, hostile state actors, and outside hacker groups. And, most importantly, they would be compatible with our bedrock values of free speech and commerce, which Congress’s current strategies are not.

At best, the TikTok ban considered by Congress would be ineffective; at worst, a ban would force us to either adopt China’s censorship technology or create our own equivalent. The simplest approach, advocated by some in Congress, would be to ban the TikTok app from the Apple and Google app stores. This would immediately stop new updates for current users and prevent new users from signing up. To be clear, this would not reach into phones and remove the app. Nor would it prevent Americans from installing TikTok on their phones; they would still be able to get it from sites outside of the United States. Android users have long been able to use alternative app repositories. Apple maintains a tighter control over what apps are allowed on its phones, so users would have to “jailbreak”—or manually remove restrictions from—their devices to install TikTok.

Even if app access were no longer an option, TikTok would still be available more broadly. It is currently, and would still be, accessible from browsers, whether on a phone or a laptop. As long as the TikTok website is hosted on servers outside of the United States, the ban would not affect browser access.

Alternatively, Congress might take a financial approach and ban US companies from doing business with ByteDance. Then-President Donald Trump tried this in 2020, but it was blocked by the courts and rescinded by President Joe Biden a year later. This would shut off access to TikTok in app stores and also cut ByteDance off from the resources it needs to run TikTok. US cloud-computing and content-distribution networks would no longer distribute TikTok videos, collect user data, or run analytics. US advertisers—and this is critical—could no longer fork over dollars to ByteDance in the hopes of getting a few seconds of a user’s attention. TikTok, for all practical purposes, would cease to be a business in the United States.

But Americans would still be able to access TikTok through the loopholes discussed above. And they will: TikTok is one of the most popular apps ever made; about 70% of young people use it. There would be enormous demand for workarounds. ByteDance could choose to move its US-centric services right over the border to Canada, still within reach of American users. Videos would load slightly slower, but for today’s TikTok users, it would probably be acceptable. Without US advertisers ByteDance wouldn’t make much money, but it has operated at a loss for many years, so this wouldn’t be its death knell.

Finally, an even more restrictive approach Congress might take is actually the most dangerous: dangerous to Americans, not to TikTok. Congress might ban the use of TikTok by anyone in the United States. The Trump executive order would likely have had this effect, were it allowed to take effect. It required that US companies not engage in any sort of transaction with TikTok and prohibited circumventing the ban. . If the same restrictions were enacted by Congress instead, such a policy would leave business or technical implementation details to US companies, enforced through a variety of law enforcement agencies.

This would be an enormous change in how the Internet works in the United States. Unlike authoritarian states such as China, the US has a free, uncensored Internet. We have no technical ability to ban sites the government doesn’t like. Ironically, a blanket ban on the use of TikTok would necessitate a national firewall, like the one China currently has, to spy on and censor Americans’ access to the Internet. Or, at the least, authoritarian government powers like India’s, which could force Internet service providers to censor Internet traffic. Worse still, the main vendors of this censorship technology are in those authoritarian states. China, for example, sells its firewall technology to other censorship-loving autocracies such as Iran and Cuba.

All of these proposed solutions raise constitutional issues as well. The First Amendment protects speech and assembly. For example, the recently introduced Buck-Hawley bill, which instructs the president to use emergency powers to ban TikTok, might threaten separation of powers and may be relying on the same mechanisms used by Trump and stopped by the court. (Those specific emergency powers, provided by the International Emergency Economic Powers Act, have a specific exemption for communications services.) And individual states trying to beat Congress to the punch in regulating TikTok or social media generally might violate the Constitution’s Commerce Clause—which restricts individual states from regulating interstate commerce—in doing so.

Right now, there’s nothing to stop Americans’ data from ending up overseas. We’ve seen plenty of instances—from Zoom to Clubhouse to others—where data about Americans collected by US companies ends up in China, not by accident but because of how those companies managed their data. And the Chinese government regularly steals data from US organizations for its own use: Equifax, Marriott Hotels, and the Office of Personnel Management are examples.

If we want to get serious about protecting national security, we have to get serious about data privacy. Today, data surveillance is the business model of the Internet. Our personal lives have turned into data; it’s not possible to block it at our national borders. Our data has no nationality, no cost to copy, and, currently, little legal protection. Like water, it finds every crack and flows to every low place. TikTok won’t be the last app or service from abroad that becomes popular, and it is distressingly ordinary in terms of how much it spies on us. Personal privacy is now a matter of national security. That needs to be part of any debate about banning TikTok.

This essay was written with Barath Raghavan, and previously appeared in Foreign Policy.

EDITED TO ADD (3/13): Glenn Gerstell, former general counsel of the NSA, has similar things to say.

Posted on February 27, 2023 at 7:06 AM49 Comments


vaadu February 27, 2023 8:11 AM

Banning TikTok is not just about data privacy. The elephant in the room is psychological impact it has on children.

All social media should be restricted for under 16. Start with tiktok, which is using it as a psyop on the US. How the CCP restricts its own kids access to social media is all you need to know.

Social media is a drug, no different than alcohol or MJ and should be regulated accordingly. Or we can continue to let the CCP decide what our kids watch.

Michael February 27, 2023 9:04 AM

What I hate about all this talk of a national ban on TikTok is that it’s a fundamental attack on our rights and freedoms. Yes, TikTok is Chinese spyware, but who is the government to say we can’t download and use this app? TikTok isn’t doing anything that a thousand other social media apps aren’t doing. The only thing that makes TikTok different is it’s huge popularity and it’s associations with the CCP.

Really, Trump’s attempt to ban TikTok says enough. It was purely self motivated, because TikTok’s users are largely anti-Trump, unlike Twitter where, at the time, Trump had tens of millions of loyal followers.

By all means ban TikTok on government devices. By all means pass GENERAL laws that make TikTok’s businesses practices illegal (thereby applying to all other social media and other apps as well), such that violating these laws gets you banned from app stores and elsewhere. But a bill that specifically bans TikTok truly is a slippery slope.

Clive Robinson February 27, 2023 9:16 AM

@ Bruce, ALL,

Re : Wrong solutions to wrong problems.

“At best, the TikTok ban considered by Congress would be ineffective; at worst, a ban would force us to either adopt China’s censorship technology or create our own equivalent.”

None of which would solve the problem.

There are four general areas to consider,

1, Technical.
2, Legislative / regulation.
3, Social.
4, Education.

I’ve mentioned a few times that,

“Using technical fixes to try to solve social problems does not work”

The same problem happens with legislation and regulation, they all end up failing in some way.

The reason as I pointed out with CCTV years ago and with encryption more recently, is that as fixes they are effectively static, and as long as there is the incentive to get around them humans will take a dynamic approach and effectively “out evolve them”. The only way such systems work is when the reward is way way less than the risk of punishment, and the consequences of that punishment. As we know from history being hung for stealing a loaf of bread was still not sufficient risk to prevent the theft.

What many do not realise is that social preasure works way better with over 8/10ths of the population. Because in part they live inside others heads via interaction. Cut that interaction and effrctively put the person in worse than solitary confinement and it provides considerable preasure for the person to conform.

Unfortunatly the other near 2/10ths of society do not live in other peoples heads. One group because they don’t need to (autistic spectrums) the other because they see it as a method of control (the various psychopathy / Machiavellism traits).

Thus “social preasure” needs additional tensors to cover this, which currently boils down to “lock them up in an institution indefinately” which only works when you have them found and diagnosed.

Which brings us to education. Supprisingly to many education actually works well if applied at an early enough age. The problem with modern westetn society is the abuse of the work ethic. Quite literally most parents have no choice they are forced to work to survive and they actually have minimal time or in many cases inclination to educate their children in the crucial formative years below the age of six.

It’s been mentioned before about the various “traditional” groups that have historically taken advantage of that.

Less well talked about is the modern technology assisted groups that started with adverts in news papers and has grown into the largest money machine on the planet, we call “Marketing”. Which in short is,

“To use ‘suasion techniques’ on those insufficiently capable of defending themselves”

Part of the problem is that as humans there is evolutionary advantage in “blind trust” it enables us to build mutual support mechanisms and share work load thus create societies of upto around 100-150 people.

Larger groupings tend to fall to the issue of those 1/10th of the population who see it as a weakness to take advantage of. With more than a hundred or so people they will almost always find some one who’s trust they can abuse in the short term. Hence society developes a need for “guard labour” and “legislation”. But as society increases in size the ability to abuse grows faster than the ability to control it. With the ability to freely travel or present yoirself anew just makes the ability to abuse easier.

One form of abuse, we very very rarely address is those that abuse the process of making legislation. Thus if you stop your type of abuse being legislated against then it can florish freely.

It is perhaps of little surprise to discover as far as money is concerned the three major markets are,

1, Religion
2, Marketing
3, Technology

Who are mostly free from “effective” restrictive legislation, and that is unlikely to change.

So untill we do legislate in “effective” ways to stop the abuse these three groups get away with, our best hope is “education” at an early age.

But as some will note the “camel nose” of politics has pushed in and effectively pushed all else out of “the tent” of the education sector.

TimH February 27, 2023 10:20 AM

Tiktok isn’t part of Prism, which Google, FB, Apple, Yahoo. Microsoft and so are part of. The US gov isn’t thinking of the children, but the massive comms streams that it doesn’t have access too but the Chinese gov does. Along a similar vein, there’s the UK trying to pass a law to effectively ban E2E encryption, again with CSAM as the flag waver. Again, the concern is lack of (or painful) access to comms such as Signal. There are orders of magnitude more kids underfed in UK and US than those victimised by CSA, so if govs really cared about the children, there are plenty of honest actions to take.

fib February 27, 2023 10:32 AM

Certainly some sort of regulation needs to be put in place on social media. Those who are against seem to have fantasies of unlimited freedom [my right does not end where yours begins].

It is obvious that privileged groups are taking advantage of the populace. It is obvious that charismatic leaders sitting in power manipulate public opinion as they please.

Regulation is the only way to protect vulnerable groups from the overwhelming power of governments and technology companies. A measure of relative simplicity, which does not involve taking away the freedom of natural persons, nor the banning of technologies, would be to regulate the interaction of constituted authorities with the people. To put an end to the promiscuous chit-chat of potentates with their public, which sets up the perfect environment for the cult pf personality and disinformation.

That would be necessary because every time a citizen comes into direct contact with power he will certainly be abused. The citizen’s relationship with state figures [at its various levels] should be absolutely formal.

OutsideObserver February 27, 2023 10:36 AM

Trying to clear all the hubris we’ve been hearing about China, I think this winds up being the core “problem” with China.
Comparing Chinese GDP growth to US GDP growth, the trend is quite clear. China is on track to greatly exceed US GDP in a few years. While the chart shows nominal GDP, if we were to look a Purchasing Power Parity (PPP) GDP, China is looking pretty darn good. And a bigger economy can bankroll a bigger military.

So, I think the US views any entity in China that makes money as a national security threat. That includes Tic-Tok. China is doing just fine so long as the status quo remains intact. It is the US that is trying to upset the status quo. That is why the last speaker of the house, and the current one go to Taiwan, begging them to do something to upset the status quo.

the US has a free, uncensored Internet.

If a major site doesn’t ban content that the government doesn’t like, they’re going to wind up with SEC or anti-trust investigations. The origins of Covid comes to mind. And notice now that the “lab leak” is now acceptable parlance, whereas before, it was banned.

That has nothing to do with the science changing, and everything to do with the politics changing. Now that the country is in big bad China mode, the lab leak hypothesis is now mainstream.

Rozeann M. February 27, 2023 10:57 AM

TikTok is one of the most popular apps ever made; about 70% of young people use it.

The introduction on the linked page also calls TikTok an app, but the actual statistic seems to be that 69% of U.S. teens use the platform at least once a month. That doesn’t necessarily mean the app, and depending on how they phrased the question, it could simply mean they followed a link to the website (maybe without even knowing it was a TikTok link, as happens to me sometimes).

It also claims the data source is a survey of 9,800 U.S. teens, and I wonder how the participants were selected. It seems kind of hard to select members of this group at random: they probably won’t respond to telephone calls, but if self-selection occurs (as with “viral” polls) it could seriously bias the results.

Right now, there’s nothing to stop Americans’ data from ending up overseas.

This, of course, is how much of the rest of the world feels about their data ending up in America. Even in the EU, the USA always gets some legal exception to allow data to be transferred there. And then some years later the EU courts realize the USA has no effective privacy protections and declare it illegal, but the lawmakers make a new, reworded exception and that “resets the clock” because the courts take a few years to realize it puts them in the exact same situation.

So, if US lawmakers starts to write such a law, make sure China can’t get an exception by making empty promises. Even if that means giving up the most popular social media platforms (which is what the EU faced with Facebook).

the European Commission (the EU’s executive arm) recently told its staff to remove Tiktok from their devices.

That was only from government devices—or personal devices “with official apps installed”, which shouldn’t happen anyway (assuming “official” is referring to things for employee use only, rather than government apps for normal citizens).

PaulBart February 27, 2023 11:00 AM

Technical regulations don’t work, except when they do. See HDMI. That solved d/a-a/d for 99% of casual “pirates”.

Clive Robinson February 27, 2023 11:26 AM

@ TimH,

“US gov isn’t thinking of the children, but the massive comms streams that it doesn’t have access too…”

That would certainly be a major consideration for the unelected members of government.

As for the elected members… Well the previous POTUS says a lot about “politicians friends” and their free hand with a pile of green etc.

Getting money out of politics and the buy off of civil servants would stop a lot of this “think of the children” dog wistle behaviour.

JPL February 27, 2023 12:02 PM

Dear Bruce,

Could you please put the authors of articles you republish at the top of these articles, rather than at the bottom?

I personally find it misleading to be reading an article and realize only at the end that you are not the author.

Thanks for your consideration.

Chelloveck February 27, 2023 12:06 PM

@vaadu I’m curious, how do you propose we restrict social media so that kids can’t use it? Start by defining “social media”. Every site where users can comment? Only sites with over a given number subscribers? Next, define who’s a “kid”, and how you verify that over the Internet without face-to-face contact. Is there a way to verify age that doesn’t involve a central issuer who would do the verification, and without being able to track every of-age adult signing into every site designated as “social media”? Finally, what does enforcement look like, especially if the site is based in another country without ID requirements (possibly even where privacy laws prohibit checking ID)?

I’m not saying it’s impossible to do, but I would like to suggest that the people in charge of defining such a system might have motives other than just protecting children. If done maliciously (or even simply naively) it would be possible to twist “keep kids off social media” into “keep a permanent record of every adult who visits any site with any amount of user-generated content”.

JonKnowsNothing February 27, 2023 1:03 PM


re: …define who’s a “kid”…

As noted, some websites require you to enter a DoB as validation of age. You can put any DoB you like that falls withing the Lower-Upper Date Boundaries of the input field. There isn’t or normally isn’t much way to detect “true age”.

Social media that uses imaging or videos or image-generated avatars might be able to detect true age but that’s not an easy task. People age differently and you will find yourself in an Age-Bias-Quagmire pretty quick if you define some physical attribute as an age delimiter.

RL tl;dr

  • I am playing a new video game. It’s rated TEEN. It’s pretty fun but there’s a small or rather large problem. I am way past TEEN and I have yet to master the new UI, Keyboard Layout and HUD. I’m not out of INTRO and been killed more than 2 dozen times during the Opening Tutorials.

So should getting your avatar killed 30+ times because you cannot target the Ogre be an exclusionary condition? (1)

If we are going to exclude kids from one aspect, will we only permit kids in another?


1) I was hoping a game dev would pop into my session asking what’s wrong, but alas they didn’t. I’m sure my incompetence was logged by telemetry.

I was able to discover that a few changes to the UI may help, as I was not the only one who can’t target stuff. A keybind remap, changes to camera sensitivity, camera acceleration, follow camera speed, and motion blur are on the to-be-tried list.

Game code changes remain the province of the Devs. I surely hope they do something about the avatar head’s position which resembles the Head Spinning scenes from The Exorcist movie.

Aaron February 27, 2023 1:28 PM

Rotate the perspective!

Facebook, YouTube, Twitter, Instagram, and so on are almost exclusively US based entities with listings on the stock market and each have a user base in the 100’s of millions of people, if not over 1 billion people. They all have their dopamine strategies to keep you scrolling, clicking, sharing, etc. because MONEY!

Along comes TikTok, a solely China based entity, who is actually beating the user addiction metrics of the other guys and they don’t like it. What to do?

First, copy TikTok’s format! YouTube creates “Shorts”, Facebook enhances “Clips”, Instagram makes “Reels” and Twitter just relaxed the rules on posting videos in tweets (pre-Elon buy). What people forget is that Vine was doing this almost a decade ago and did it well until Twitter bought it and killed it. TikTok is just karma for their lack of vision.

Second, get your politician, who is already in your political donation pocket, to demonize TikTok because “China”. Every US social media company donates HUGE amounts of money to the Democratic party. (Please tell me how that isn’t a terrible precedence?)

But why demonize it on a national level? Deflection!!!

US Social Media companies cry foul at the “devious things” that TikTok is doing in the background to the data on your phone…. the exact same things they are already doing with their own apps but pretending not too! Don’t get me wrong, TikTok is taking it to the next level and we have no idea what China is doing with that data but considering they are a malevolent communist nation, it has a very good chance of being a very nefarious thing.

Why should we be ONLY concerned about TikTok, when a similar flavor of deviant data siphoning is being done by US companies?

NO social media application should exist on any government phone; it’s not your tax payer funded job to be scrolling all day on TikTok or Instagram!!!

As human beings, we need to take a giant step back and holistically view what social media is, what it does from a functional perspective but also from a brain chemistry perspective and actually address the negative but ignored impacts of it from a personal to a national level. It should concern us that China openly controls how long their youth are allowed to use technology & social media while we willfully let 2 year olds be babysat by an iPad and don’t think it has ANY effect on their development or interaction with the physical world.

Winter February 27, 2023 1:46 PM

I think all the discussions about social media an US politics are valid, but they miss the point

The crucial point is given in the OP:

There’s no doubt that TikTok and ByteDance, the company that owns it, are shady. They, like most large corporations in China, operate at the pleasure of the Chinese government.

China bans foreign companies that do not align with the Chinese government. The Chinese government has made Democracy and Human Rights a target of extermination.[1] China is openly hostile to any democratic or human rights movement anywhere in the world.

As long as we cannot trust ByteDance to put the laws of the land above the interests of China, ByteDance will encounter distrust.

[1] ‘

TimH February 27, 2023 2:35 PM

@Winter Per your comment “TikTok and ByteDance … operate at the pleasure of the Chinese government.”

Google, FB, Apple, Yahoo, Microsoft operate at the pleasure of the US government. The Prism surveillance program that Snowden laid bare shows that. And I’m not just picking on USA. All developed world governments operate surveillance on the citizenry in some way.

Winter February 27, 2023 2:44 PM


Google, FB, Apple, Yahoo, Microsoft operate at the pleasure of the US government.

Which is why they are/were banned in China, until the Chinese government got full access to and control over what they did in China.

I am sure the USA is willing to do the same to ByteDance.

Sauce for the goose…

Ted February 27, 2023 5:59 PM

Glenn Gerstell, former general counsel of the NSA, seems to take a similar position. In a NYT Op-Ed, he also advocates for Congress to pass a law that governs online data collection and use.

The next best outcome, according to Gerstell, may be to sell ByteDance to an American company, a move ByteDance has resisted so far. A more likely resolution might be that the US Committee on Foreign Investment would oversee the app.

If all else comes to naught, then an outright ban is something considered, though such a simple solution portends its own perils.

SpaceLifeForm February 27, 2023 7:28 PM

Trigger has been pulled.

Should have happened sooner.

The network traffic metadata is the problem.


Clive Robinson February 27, 2023 7:43 PM

@ Ted, ALL,

Re : Beware Geek Lawyers bearing grift.

“Glenn Gerstell, former general counsel of the NSA, seems to take a similar position. In a NYT Op-Ed, he also advocates for Congress to pass a law that governs online data collection and use.”

The NSA has a problem that Mr Gerstell is only to aware of and that from an NSA perspective would be to perilous for them to loose.

Think of the Internet as a real web, like that of a spider. All paths meet at the center it’s how the spider picks up the vibrations of any potential victim’s struggles communicated to the central point.

It’s the old,

“All roads lead to Rome”

Issue, only it’s Maryland or Utah or where ever the NSA slurps the Internet traffic up and sends it to these days.

If Congress comes down hard on the Internet in any way, then the Intetnet “center” will move out of North America, not just skip across the Canadian boarder.

Worse the NSA “plays in the cloud” and keeps where it can “upstream” of any leaf organisation or nation where it can and what it siphons off goes back on “dark backhauls” as the only way you can spy is to duplicate the traffic and send it home to be stored.

As we know thanks to Ed Snowden confirming it, the NSA for years installed implants in US manufactured technology as it was being shipped to the end customer.

What the US manufacturer knew of this is uncertain, but it is reasonable to assume at some point within their organisation they were conciously aware of it. As there would be a considerable amount of technical information needed by the NSA to ensure these implants worked without making their presence obvious to the the end user customer.

China had a couple of reasons to put up it’s Great Firewall and whilst we hear a lot about it’s “alleged” suppression of freedom, it’s the suppression of the NSA and other Western Sig-Int agency traffic that it probably regarded as the most important.

China eventually had enough of the NSA and similar spying via technical implants, so they did the sensible thing which is ban the use of US and other Western Sig-Int riddled equipment from banks and other places the Chinese Government regarded as of National Security concern.

The decapitation of the US CIA led spying by agent operation in China and Iran should have been a major alert to cyber-security personnel in the West about the view China takes on the Western IC and Sig-Int agencies playing in it’s back yard.

The point to recognise is that just about everything the US accuses China of, the US IC was already doing to China and just about every other nation. As I mentioned back in 2014 the UN ITU conferance in Doha was a very visable turning point. Various nations said that US behaviour was unacceptable and various proposals were put forward to strip the US of a lot of Infrastructure control etc. With the assistance of “Google” that was buying into world subsea cable and other communications infrastructure in a big way many but not all proposals got blunted.

Since then the National Firewalls supplied by China amongst others have started springing up all over the world.

The fear mongering of “Going Dark” that the FBI had been telling the world about, was actually happening for real to the various Five-Eye IC and Sig-Int agencies. The damage was only limited because the Five-Eyes sat on the main communications nodes that act as “choke points”. These nearly unseen to most users nodes are where a lot of Internet traffic goes through and in quite a few cases it surprises people to find just where their traffic gets routed.

Especially when a lot of the routing is effrctively invisable hidden away below the IP physical layer of the Internet. All you can see via ping and traceroute etc is at thr IP layer, you can not see X25 and similar at lower levels. To see these you almost hsve to physically “walk the wire”.

Due to history nearly all the subsea cables and satellite links “had” their choke point nodes in non-US Five-Eyes Nations such as the UK, Australia, Canada, New Zeland.

This was starting to change towards the US with the likes of Google pte Doha… Post Doha it’s not just national firewalls that have started to go up, it’s alternative data communications.

Part of this was that the US haf for a while a near strangle hold on what went up into Space in the form of satellites. The US made the mistake of butting heads with India, and since has found it’s influance on the wane.

What scares the NSA is being kicked out of what it regards as it’s playground… But the governments of other nations now have choices, they don’t have to go with what they see as “NSA Inside” US technology. They can go to China amongst others that offers alternatives. In part, this is what the US led 5G nonsense was all about, and why a certain US Silicon Valley Social Networking Mega-Corp did not stamp down on the “5G causes Covid” nonsense that it actively pushed. That was directly responsible for the burning down of mobile phone and other sites, including power distribution by groups of modern day “Klompen ludites”.

TimH February 27, 2023 7:45 PM


Congress to pass a law that governs online data collection and use


When any of the gov agencies (or companies that they bully into doing so) break any such new law, there will be no repercussions. Remember AT&T and their special tapping points for the NSA? Explicitly illegal, and Obama let them off.

Dave February 27, 2023 8:03 PM

It’s funny how the US government is suddenly very concerned about US citizens’ data being sent overseas but has no problems at all forcing other countries and governments to ship their citizens’ data to the US, the EU springing immediately to mind. This seems to be a clear case of one rule for us, a different one for everyone else.

Clive Robinson February 27, 2023 9:32 PM

@ Dave, ALL,

Re : US Gov and User data.

“This seems to be a clear case of one rule for us, a different one for everyone else.”

It’s actually worse than you think.

Not only does the US Gov not have a problem with US Corps collecting data on other nations citizens as well as US citizens. It has no problems with those US Corps sending all that data “over the boarder” and of to “some distant corner of a far foregin field…”

Where as the previous POTUS had a “political support” beef with TicTok the current POTUS appears to be doing the dirty work for those US Corps that are desperate becsuse of the way they are loosing ground to TicTok. @Aaron above gives a little of it and @TimH and @Winter another asspect going back to the POTUS prior to last.

But the actual reality of the “abuse” these Corps do @fib gives some insight to.

In short we have a “resident evil” we’ve alowed to grow and we have a “blind spot” with regards to it.

Behind which is a very real problem. As far as the US economy is concerned. Where it actually counts –manufacturing etc– it is at best stagnent if not rotting away. The E-Economy of Social Media is actually little more than a “shell game” which produces noting except faux monetary churn, that from a distance looks like economic activity, but actually in reality is just an inflation creating money pit siphoning money off shore where it is forever outside the US economy.

pd February 27, 2023 10:01 PM

Could not agree more that less sledgehammer regulation is preferable but “as technologists” you can’t just state this without details of a better solution.

Any regulation could fall foul of the more draconian style if there no effective policing and justice.

How exactly can we enforce privacy?

One option might be too actually enforce it at platform level but this would require effective policing of gargantuan corporations like Alphabet (Google), would it not?

Corporations like Google only care about the enforcing reasonable privacy up to the point where they cannot defend it legally. They have a mechanism for funneling apps into/outside their walled garden platforms. It’s simply a matter of whether they care enough to ensure nefarious apps never get through those garden walls. Google and The Fruit Company have had tighter censorship / filtering funnels since their cellular spying devices were created. Regular reports demonstrate how useless Google is at preventing apps from including malware. They simply either hide behind the supposed difficulty of doing so, or shovel a token amount of manure apps over the garden wall if or when they feel like it.

If subtle regulation is the answer, which I personally believe must be tested after decades of being dismissed, as potentially ‘hampering innovation’, by vested interests with ‘free market’ economic beliefs who palm themselves off as ‘technologists’ to silence the normal people who don’t consider themselves technical but nonetheless believe in decency in all contexts, then that regulation has got to surely start at platform level.

Problem? Politics has historically lagged behind the evolution of ‘technology’ – within the sphere of ignorant ‘technologists’ who failed to see the internet as more than some ‘cyber’ new planet wherein nothing impacts actual people and governmental, judicial systems alike – and whilst it may be slowly catching up, it’s not doing so fast enough. Partially no doubt because it’s still slammed by dubious “hampering innovation” rhetoric by ammoral get / stay rich prospectors with too much freedom to run rampant over the interests of anyone and everyone who perceives, sadly myself included (but I’m reviewing this stance hourly!), that ‘technology’ is the great unquestionable hope, inevitable force of good, for everyone.

In reality, live anything and everything that has ever created or existed, it can and will be used for nefarious, charitable purposes … and everything in between.

The overly nationalistic approach of blanket banning certain ‘channels’ of content is likely as motivated by reactionary ‘national security’ concerns motivated by out of control hacking. It’s arguably just the first step in recognising the innernetwebs is absolutely just a much of a threat as a source of progress for humanity’s best interests.

What do we all do when threatened? We go defensive and prioritise safety. It’s a base instinct in all of nature. Just like we built armies to defend the purely physical world, ‘technologists’ need to recognise the difference between draconian defences that may be overly blunt but necessary to defend againat a fundamentally out of control situation love the one we’re in now and have been for years. Humanity struggles to see the forest from the trees. Toxic Rump created incredible ‘noise’ where nefarious signal continued to wage it’s nasty ways for 4 years+. The threats continued to increase whilst ‘the people’ allowed a lunatic Sheriff.

The problem is not one strictly of ‘technologists’ vs laggard governments. It’s about figuring out how to fight a Guerilla war against myriad enemies in a virtual battlefield. Everything humanity developed to try and at least create some sort of ‘civilised’ warfare (oxymoron) in the purely physical realm with the Geneva Conferences, League of / United Nations, World Court, Interpol and so on, now needs to be replicated in the virtual world.

The stakes are more than privacy.

‘Technologists’ will finally wake up from their actual or proverbial basement portals to the virtual battlefield and realise they exist in the physical world of consequences, not the virtual realm they’ve been delusing themselves into thinking will be anything better than just another means of reflecting the barely acknowledged, let alone understood, fundamental horrors of the human condition as we know it now, if we wake up from reflexively, inevitably continuing to perpetuate it through ever-incredibly unsustainable procreation.

as February 28, 2023 9:17 AM

I don‘t think there would be an enourmous demand for workarounds when there are also apps like YT shorts. You overestimate a 14-year old girls willingness to do some stuff on her smartphone.

Adrian February 28, 2023 11:23 AM

Apple maintains a tighter control over what apps are allowed on its phones…. [emphasis added]

Perhaps the best approach is to help our representatives understand that our devices are not our devices. Not even once we’ve purchased them and paid the sales tax.

And not just phones. Tesla is particularly fond of bragging about all the data collected from its fleet, referring to the cars it manufactured and then sold to others.

And the television makers who profit more from the data their surveillance devices collect than from sell^H^H^H^H—er, licensing—the “smart” devices to consumers in the first place.

Petre Peter February 28, 2023 1:21 PM

Professor Schneier warned us about the data wars in Data and Goliath. I would certainly not like my data to end up in the hands of the CCP regardless of what type of social credit they are promising. Under GDPR, the data about a person belongs to the person whom the data are about. In the US the data belongs to whoever it’s storing it. In China, my guess is that it belongs to the CCP.

I am not a Trump supporter but his ban from Twitter kinda’ proved that platforms reserve the right to be selective about what they publish—just like this website does. Professor Schneier is right when he says that we ( I am guessing US) have a free Internet—Trump was able to create his own platform and publish what he wanted on the Internet.

If we think of governments as publishing entities, then they reserve the same right to select what’s being published in the country they govern. Same way France and Germany censors Nazi speech. However, there is a big difference between the right to be selective with what you publish, and making your competitor illegal.

Ted E March 1, 2023 3:11 AM

It doesn’t require a bloated analysis or reference to constitutional law. I would ban tik tok because it’s annoying.

Clive Robinson March 1, 2023 5:20 AM

@ Ted E, ALL,

“I would ban tik tok because it’s annoying AF.”

So are most politicians, would you ban them as well?

No don’t answer that, I think I know the answer most would give, very loudly and evun more resoundingly 😉

Phillip March 2, 2023 3:04 AM

Somebody ought to better explain something. Out of the entire App universe, how would this one measure dramatically improve our national security? In the United States, some scare emerges with every emerging generation of young adults. I recall how coverage of AIDS, a disease very real for its victims, was used to scare everybody in the universe. Alright, I did go to Catholic school, but the point is well-made. AIDS became a cudgel against any sexual relationship outside of marriage. Minimalist education made the scare worse.

Grima Squeakersen March 2, 2023 2:20 PM

@jon who knows nothing re: using photos to detect age
You mentioned the technical challenge, but failed to mention what is likely the most immutable problem, which is how to prevent a moderately intelligent kid from circumventing the check by using some form of fakery or other in providing the image. I imagine that in most cases that task would be pretty trivial.

Anonymous March 3, 2023 4:03 PM

The West’s objection to TikTok has nothing to do with the privacy of end users.

It’s about the potential risks of a propaganda outlet “operating at the pleasure of the Chinese government” in the pockets and homes of the western electorate.

I also believe it’s about the potential for a closed loop, shadow economy in the vein of Alipay or WeChat Pay. Moving payments outside the purview of western governments would not only shield them from taxes but would undermine the role of western reserve currencies.

lurker March 3, 2023 8:35 PM


Most Chinese operators accept payment in $US from credit cards based outside China. If western governments don’t like their “reserve” currency used this way they already have ways to kill this trade. Keeping it alive discourages shadow economies, with or without TikTok.

Clive Robinson March 3, 2023 8:38 PM

@ Anonymous,

“The West’s objection to TikTok has nothing to do with the privacy of end users.”

True, unfortunately

“It’s about the potential risks of a propaganda outlet “operating at the pleasure of the Chinese government” in the pockets and homes of the western electorate.”

Not true, that is just the ‘dog whistle’ / ‘think of the children’ excuse.

The real reason is two fold,

1, TicTok users are generally not GOP or MAGA types.
2, The Silicon Valley Corps who pay the legislators big stacks of green have been wrong footed by TicTok.

So the previous POTUS who had been ridiculed on TicTok and was deeply unpopular with the user base, had a personal interest in wiping TicTok off of the stage.

Having started the ball rolling, it’s become in the legislators interests to keep the ball rolling for their Silicon Valley pay-masters / lobyists…

As for,

“Moving payments outside the purview of western governments would not only shield them from taxes but would undermine the role of western reserve currencies.”

The US regulating agencies like the SEC and even the FED have treated this as being of lower interest than crypto-coins, and they are trying their best to ignore those…

In fact they have alowed the grass to grow to the point that China has already created an alternative bank transfer system to Swift, which Russia, Iran, North Korea have joined up to and even India is looking into.

JonKnowsNothing March 4, 2023 10:58 AM

@Clive, @ Anonymous, All

re: 2, The Silicon Valley Corps … have been wrong footed by TicTok.

What this translates to, in US economics is an instance where Neo-Econ-Liberatian-Oligarchs in USA decide:

  • Market Forces do not work

It’s a form of corporate protectionism. In the standard mantra about Market Forces, the best ideas, best acceptance, the best suited for use: Wins The Pot. However, when something from the USA does not compete or cannot compete, we pull out all sorts of reasons why This Market needs Corporate Protections.

A recent MSM article about cheese using the name Gruyere in the USA is an example of Corporate Protectionism by Reducing Competition.

Gruyere cheese is made in regions of Switzerland and France and has a “protected name” in the EU because it’s a regional specialty cheese. USA cheese makers want to cash in on that regional ID and name all sorts of cheese with “small holes” as Gruyere.

So the US Judge decided that Gruyere is just Cheese with Small Holes in it and anyone can splash the word Gruyere on their package, as long as the cheese has SMALL holes – which is THE important criteria.

So we will bust anything that deters the US neocon-libertarian-oligarchs from making a buck, and we will prevent any one else from taking an Oligarchs potential income elsewhere.

Just imagine if the EU decides to label loads of cheeses as “Wisconson Cheese”…


Search terms

Wisconsin cheese

  • As of 2013, Wisconsin continues to be the largest cheese producer in the United States, making over 600 different cheese varieties.

Clive Robinson March 4, 2023 1:06 PM

@ JonKnowsNothing,

Re : It’s a matter of taste…

With regards,

“Wisconsin continues to be the largest cheese producer in the United States, making over 600 different cheese varieties.”

As far as I’m aware, even having visited the US on a few occasions in the now long past (last shortly after fingerprint readers came in at airports) I’ve never eaten cheese made in Wisconsin. I always ordered burgers and similar without cheese. Because I’ve found like many other Europeans have American fast food cheese is mildly less palitable than congealed nearly dried PVA glue that coats the tounge in a way you get unplesantly reminded of during the night (apparently a lot of Americans also think this of burger cheeses). Likewise many other American dair products.

The cheese I did eat in the US was “protected name” which I always purchased from stores I could trust and some hotels found it odd but acceptable –I am after all, a crazy Brit as big as a bear with brown and red hair and sometimes a broad scots accent when a little pevish– that I made my own sandwiches with the likes of genuine French butter, genuine Itallian meats and what is now called artisan bread made with Canadian flour. (when in Redmont, North Home of some Big Tech they cater quite amicably with European tastes including what I’d call “real sausages” and “real bacon”.

However I’ve no probs with American beef as long as it’s not minced likewise pork, but not chicken and turkey it always had an odd smell like it had been raised next to a battery factory. I found Canadian grains gave better crumb and flavour. Where I could get them local veg were usually fine. For some reason back then lamb was not that easy to get unless you had a kosher store to go to. Oh and most local not big brand beers were fine.

The chefs in one hotel understood the idea of a grilled “blue steak” in a “brioche bun” with real mayonnaise and a solid salad on the side 🙂

Winter March 4, 2023 1:38 PM


Because I’ve found like many other Europeans have American fast food cheese is mildly less palitable than congealed nearly dried PVA glue that coats the tounge in a way you get unplesantly reminded of during the night (apparently a lot of Americans also think this of burger cheeses). Likewise many other American dair products.

That’s American cheese for us, indeed.

JonKnowsNothing March 4, 2023 7:48 PM

@Clive, @Winter, All

re: American cheese like congealed glue

Americans may have many tastes in “cheese”; glue is one of them. Related to our fondness for peanut butter which has the same consistency or elasticity.

There is an unverified demographic split, that at certain younger ages, an increase in glue-ness is preferred. This demographic does not have many culinary experiences and often has a plugged nose so “taste is a waste” but goo is tactile.

Years later this tactile experience is marketed as “comfort food”, a dietary regression to the single digit years. Taste again is irrelevant.

Many cheeses in the USA are actually “white or neutral color” and have color additives or are not even dairy cheese and not soy-cheeses either; they consist of large amounts of oil processed into a brick. Not unlike American mayonnaise which is just whipped aerated oil.

However, should you ever wish to recreate an Authentic American Macaroni Pie, large quantities of this glue-like cheese stuff is required.

  • Macaroni elbow pasta, milk, cheese goo, salt to taste.

Skip all the Haute Cuisine stuff and book an overnight stay at a cardiac unit afterward.

lurker March 4, 2023 11:33 PM

Gruyere, Camembert, Brie, Parmesan, all cheeses made in NZ and sold in NZ shops. Not permitted to be exported. The WTO overrides the US only ITC. The ship carrying Wisconson gruyere to Europe will be sunk before it’s halfway across the Atlantic.

Oh, what do they call cheese with big holes?

JonKnowsNothing March 5, 2023 1:49 AM

@lurker, @Clive, @Winter, All

re: What do they call cheese with big holes?

I dunno if there’s an official definition but it would probably have to come from SCOTUS, and they would have to consider if there’s any Material Difference between Large Holes, Big Holes, Small Holes or No Holes.

A practical definition from shopping is:

In the USA we have a cheese called Jarlsberg Lite. It’s what we call Swiss Cheese. It has holes in it. The thing the contributes to it being LITE is that the holes are Large Holes, so there’s not much cheese per slice. It’s also expensive so purchasing a package lightens your bank account. And in keeping with the LITE-Motif, the package weight/number of slices per package mirrors its description.

A perfect de-LITE.

Clive Robinson March 5, 2023 3:14 AM

@ JonKnowsNothing, lurker, Winter, ALL,

Re : S’not a lot.

“The thing the contributes to it being LITE is that the holes are Large Holes, so there’s not much cheese per slice…”

Hmm if you combined that with,

“This demographic does not have many culinary experiences and often has a plugged nose so “taste is a waste” but goo is tactile.”

Then you could have a realy up-market product, all you would need is a bit of retro style music for the adds from say Heinz n Kraft twerking…

Clive Robinson March 5, 2023 4:01 AM

@ JonKnowsNothing,

Re : Giving it the elbow.

Your recipe of,

“Macaroni elbow pasta, milk, cheese goo, salt to taste.”

Reminds me of just how flexible Macaroni elbows are and why they should be a staple in every pantry.

A not to disimilar recipe,

“Macaroni elbow pasta, milk, sugar goo, raisins to taste.”

Makes nice pudding for winter, my favourite “sugar goo” would be honey but failing that “golden syrup” or “treacle”. Or you could go all out with good old Molasses with ginger, cinnamon, and rum to spice it up (you can even add a pinch or two of pepper or chilly powder for some heat, even mild curry powder works with molasses as it gives it a sort of sweet chutny tang adding other fresh or dried fruit such as apples just adds to the taste).

aye March 6, 2023 1:59 PM

The solution is simple:
every time an entity snarfs data it must pay;
and all apps and browsers, etc. must display how much the user is paid and fund the user.
How will be left as an exercise for the reader.

If such entity can’t pay, then it cant play.
I a user can’t accept the cash then the data can’t be snarfed.

c1ue March 8, 2023 8:21 AM

Excellent writeup, Bruce, except for one thing:
Just how much of the US Government outrage over TikTok is because TikTok enables a foreign power/foreign corporation to potentially do what the US government considers its sole prerogative?
That is: control over media as well as gathering data and profiling social media users?
I strongly suspect that the dismay over TikTok is primarily because that company is far less beholden to US government desires than Google, Facebook, and pre-Musk Twitter.
Whatever the goals of founders and executives in US social media companies originally, it seems abundantly clear that they are now fully enmeshed in the Faustian bargain of enacting US government desires in return for immunity from various forms of otherwise legal restrictions including anti-monopoly laws.

Hasan Diwan March 8, 2023 10:51 AM

We have no technical ability to ban sites the government doesn’t like.

This “technical ability” most certainly exists. China, Cuba, Iran, etc have not extended the base protocols of the Internet nor added anything onto BGP to disavow access to, aay, Tiananmen Square.

What we in the west have that countries like China lack is a strong history of democratic traditions, robust debate, and a (lesser, but still) activist labour movement.

Clive Robinson March 16, 2023 3:55 AM

@ Sam Sorokin

Re : Facebook and GOP promoter.

With regards,

“Proof (yet again) that well-crafted commercial black PR campaigns that ride on top of existing racial or ethnic prejudices can be very cheap to deploy, and can work really well.”

If you read above you will find that some of us were only to aware of what was going on. See above and onwards from,

“Where as the previous POTUS had a “political support” beef with TicTok the current POTUS appears to be doing the dirty work for those US Corps that are desperate becsuse of the way they are loosing ground to TicTok. @Aaron above gives a little of it and @TimH and @Winter another asspect going back to the POTUS prior to last.”

You will note that whilst we knew, we did not have evidence, nor for that matter did you. Because if you did you would have said something prior to this. But no, you had to read it in the WasPo a considerable time after this thread before you said anything.

But consider the fact the WasPo also knew long before hand, but they could not publish untill they had fairly solid evidence. They do after all have a professional reputation to keep.

I suspect our host was likewise more than aware of what was going on but without evidence like the WasPo his hands were effectively tied.

As for the organisation “Targeted Victory” it was launched by Zac Moffatt as a Republican (GOP) digital consulting firm and sucked something like $230 million or so back in 2020 for facilitating Republican campaigns etc. Of which its largest clients were from the likes of the super PAC, America First Action and similar pro-Trump groups.

Zac Moffatt was a Digital Director for Mitt Romney’s failed 2012 presidential campaign, and now has his face well and truly pressed into the Suckerberg trough of endless bounty since 2016, for various reasons, one apparently being blackmail[1]. Yet Zac Moffatt’s “kiss of death” might have hit Meta and it’s recent devaluation down to a quater of it’s value… As apparently Zac Moffatt has routinely advised Facebook officials.

Though I doubt Zac Moffatt is the only one, in fact I know he’s not[2] I suspect that if people look in the right places they will find that Suckerberg has “Democratic” organisations and politicians on the pay book as well. After all there is “previous” as the Police like to say of crooks, according to the Verg,

“Several of Targeted Victory’s op-eds contained links to negative news coverage about TikTok and were often bylined by influential community figures and politicians, including Democrats.”


Anyway as the WashPo makes it’s self unavailable online in many ways it would be helpfull to include one or two other links. So I’ve given one to The Verg, so a second to The Guardian,

[1] From another press report (BBC),

“In 2016, Mr Moffatt met with Meta chief executive Mark Zuckerberg as part of a group of high-profile conservative figures following allegations – which the firm denied – that it tampered with its Trending Topics feature, to promote “progressive” views.”

Call it “strong arming” or “putting the bite on” it boils down to “blackmail”.

[2] Facebook paid “Definers” an alleged “public relations” organisation to run a campaign falsely claiming anti-Facebook campaign group “Freedom From Facebook” was backed by the financier George Soros. This was discovered by the New York Times who exposed the tactics used by the “Definers” firm back half a decade ago in 2018.

At the time Suckerberg said “he had not been aware” of the firms actions and said the Facebook would no longer work with the firm. But then he would deby it. We already knew he was at best a sociopath and had been caught out many times and provably lied. So he had probably learned to distance himself. Thus the chances are he fully orchestrated such action at a higher level, but took care not to know certain details –like the firms name– so he could have deniability.

Peter Coffee March 28, 2023 4:30 PM

“If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology,” famously said some guy named Schneier. When he [that is, you] said that, you said that you were “going to modify” something you’d heard before (, so it seems appropriate to remodify that here as “If you think that technology access controls can solve your data privacy problems, you don’t understand how people get around access controls and you don’t understand how data flows.”

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.