For regular TikTok enthusiasts, it's no surprise that the platform gathers extensive personal information. Yet a recent BBC investigation highlights a more concerning development: the service can monitor individuals' online activities even without them having an account or the app installed.
Behind the scenes, an advanced ad-targeting system has grown notably assertive following TikTok's acquisition by American firms including Oracle, Silver Lake, and MGX. This mechanism deploys hidden tracking pixels that follow people across various online platforms, irrespective of app presence on their devices.
The BBC describes this as an intentional strategy to build detailed user dossiers for precise ad delivery. Such dossiers encompass diverse details like shopping histories, contact emails, and medical information.
The investigation cites an instance where a questionnaire prompted visitors to disclose if they had cancer; selecting an option instantly relayed the input to TikTok through a concealed pixel on the page. Similar scenarios involved queries about reproductive health challenges and psychological conditions.
Site administrators often remain oblivious to these embedded TikTok trackers, leaving them unable to approve or block the practice. In certain instances, the BBC notes, TikTok diverts information originally routed to Google.
Privacy specialists label TikTok's methods as highly intrusive. Although the company may later scrub sensitive details, experts argue it has no right to capture such data covertly. Moreover, those without accounts face few avenues to halt TikTok's data handling.
Unlike conventional third-party cookies that users can readily disable, TikTok employs device fingerprinting. This technique aggregates seemingly harmless details—such as software versions, power status, regional settings, and display dimensions—to pinpoint individuals.
When merged, these elements form a distinctive digital signature tied to a particular user.
As per the BBC findings, simply removing the TikTok app, closing an account, or clearing cookies proves insufficient. The platform processes its surveillance information on remote servers rather than locally in browsers.
Security and data professionals advise proactive measures to block TikTok from accessing and retaining user info from the outset. Options include adopting browsers focused on privacy, such as Firefox, DuckDuckGo, or Brave, or adding extensions like Ghostery or Disconnect to existing setups.
Users should also limit ad personalization in device configurations. On Android, access Settings > Google > Ads and choose to erase the advertising ID. For iOS, go to Settings > Privacy and Security > Tracking and disable 'Allow Apps to Request to Track.'
TikTok maintains that its data practices are transparent. App participants can access and erase their collected information via in-app privacy controls. The core concern, however, affects individuals who avoid the platform entirely.
This piece first appeared in our affiliated outlet PC-WELT, adapted and translated from its German version.
Laura, a passionate video game player and devotee of films and series, holds a degree in communication studies. She began her career at PCMagazin and Connect Living, and since May 2024, she has served as a full-time contributor to PC-WELT, covering PC hardware and broader tech developments.