Block Tiktok on Employee Computers With BrowseControl Web Filtering Software
UPDATE JUNE 2022:
- Leaked audio from 80 internal TikTok meetings allegedly shows that US user data has been repeatedly accessed from China | Learn More
- TikTok acknowledged in a letter to senators that its non-U.S. employees had access to data of U.S. users.
- The company, which is owned by China’s ByteDance, told lawmakers in June 2022 that it’s working to protect that data.
- TikTok said it’s now storing all U.S. data by default in Oracle’s cloud infrastructure. | Learn More
- TikTok’s June 2022 letter to several US senators regarding their data governance practices
- Recommendations regarding TikTok use and privacy risks | University of Ottawa
- Commissioners launch joint investigation into TikTok | The Office of the Privacy Commissioner of Canada (OPC)
- Why TikTok’s security risks keep raising fears | AP News
In 2020 data security and privacy concerns led the US Military, India, and other government entities to ban TikTok.
Later, the Biden government reversed former President Trump’s executive order to ban TikTok in the US in June of 2021.
But for employers with privacy, security, company reputation, and productivity concerns there may be desired to prevent employees from using TikTok at work.
In this article, you will learn how to block TikTok on both mobile devices and computers, why TikTok was banned, whether or not TikTok is safe to use, and how TikTok has responded to the controversy.Table of Contents
- How Does TikTok Work?
- Should I Let My Employees Use TikTok in the Workplace?
- How to Block TikTok
- Where Has TikTok Been Banned?
- Why Did the United States Try to Ban TikTok?
- Is TikTok Safe to Use?
What is TikTok, Anyway? How Does TikTok Work?
TikTok is a video-sharing social media app owned by ByteDance, a Chinese internet technology company. Users of the app film vertical short-form videos ranging from dances, lip-syncing, comedy skits, and other creative clips.
According to a report from Sensor Tower, as of February 2020 TikTok had been downloaded nearly 2 billion times since its launch in 2012. ByteDance also operates a China-exclusive version of TikTok known as Douyin.
TikTok’s main feature is its For You Page, which is an algorithm-driven feed of curated content that is unique to each user of the app. The TikTok algorithm studies each users’ engagement patterns (likes, shares, watch time, comments, etc) to understand what content they are most interested in so it can serve them relevant content.
Should I Let My Employees Use TikTok in the Workplace?
There’s no doubt that TikTok is used in the workplace by employees. Viral videos of employees performing dances and comedy skits while in uniform or sharing insights into their day-to-day work life are quite popular on the app.
Whether or not you decide to enforce a ban of the app on company-provided devices will depend on a few factors
Should you block employees from accessing TikTok in the workplace?
- Productivity: Employers with productivity concerns should know that while TikTok is available through web browsers, it is most commonly used as a mobile phone app. Employees using personal devices in the workplace could be using TikTok during working hours using their own data plans.
- Privacy & Security: Every additional app on a mobile device increases the potential attack surface. On company-provided devices, there may also be cause for concern regarding the data that TikTok and other apps are able to collect and share with third parties.
- Company Reputation: While most TikTok videos of employees in uniform are well received, from a brand reputation perspective there may be concerns that employees will not represent their company in a professional manner.
How to Block TikTok
For employers that would like to follow suit with India and the US military, there are ways of enforcing the ban of TikTok on company-provided devices.
- Website Blocking Software: Block access to TikTok on laptops and workstations by adding domains related to TikTok to the block list of your web filter.
- Internet Monitoring Software: You can find out whether or not TikTok is being used on your computers with an internet usage monitor that reports the websites visited by employees. With BrowseReporter you can even set email alerts to notify designated personnel when unwanted sites are accessed.
- Block Mobile Apps: For company-provided cell phones, a mobile device management solution can be installed to enforce the blocking of the TikTok app and monitor user activity for attempts to bypass application policies.
- Acceptable Use Policies: An acceptable use of technology policy will set clear expectations regarding the use of TikTok in the workplace. In the policy you can include guidelines for representing the company on social media and whether or not the app is permitted for use during work hours.
These very same practices will apply when you decide to block any other potentially dangerous applications and block websites in the workplace.
Block TikTok on Computers
If you don’t have a web filter installed on your company computers, your users will have unrestricted access to TikTok at work.
With BrowseControl you can block TikTok in the workplace to prevent employees from browsing the social media platform on company computers.
Instructions for Blocking TikTok With BrowseControl Web Filter:
- Download your free trial of BrowseControl
- Install the CurrentWare Console on the administrator’s computer
- Install the CurrentWare Client on your users’ computers
- In the CurrentWare Console, select BrowseControl > URL Filter, then select the users or computers that you want to prevent from accessing TikTok
- Add the URLs/IP Addresses used by TikTok to your Blocked List to block TikTok on your computers
Examples of domains used by TikTok:
- To block all websites that mention TikTok in their URL you can add “TikTok” to BrowseControl’s Blocked List. BrowseControl will apply a wildcard, allowing you to simultaneously block the TikTok homepage along and TikTok’s CDNs. For more granular restrictions you can add the exact domains used by TikTok manually.
- When your employees try to browse to TikTok on their computer, they will encounter a custom blocked message; this can be customized with your own message or automatically redirected to a different page.
How to Block the TikTok App on iPhones & Other Mobile Devices
While there is a browser-based version of TikTok, it is primarily a social media app.
Any company that wants to prevent their employees from using TikTok on company devices needs to have a Mobile Device Management (MDM) solution in place.
Apple devices (iPhone/iPad) use enrollment profiles, configuration profiles, and payloads for MDM purposes. Users can enroll their own devices in MDM, and organization-owned devices can be enrolled in MDM automatically using Apple School Manager or Apple Business Manager.
Companies with Android users will also require an MDM solution to control what apps can and cannot be used on company devices.
Individual consumers can use mobile app blockers found in the app store for their respective manufacturers.
Where Has TikTok Been Banned?
Bans of the popular social media platform amid privacy and security concerns were on the rise, with India’s banning being a high-profile example.
- India: On June 29, 2020, India banned over 59 apps with connections to China, including TikTok. These bans were stated to be related to national security issues. Many thought the TikTok ban was heavily motivated by deaths caused by the ongoing stand-off along the Line of Actual Control (LAC) in Ladakh between the Chinese PLA (People Liberation Army) and the Indian Army.
- United States
- January 2020: Branches of the US military enforce the banning of TikTok from all government-issued devices, strongly encouraging its members to refrain from using the app on personal devices.
- February 2020: The Transportation Security Administration has banned employees from representing the company on TikTok when taking part in the agency’s social media engagement efforts.
- August 2020: US federal employees are banned from downloading and using the app on government-issued devices—The TSA, Department of Homeland Security (DHS), and other entities follow suit over time.
- August 2020: Then US President Donald Trump issues an executive order to ban TikTok, claiming that the Chinese government was using TikTok to collect data and private information from Americans. The order is later struck down by US courts.
- June 2021: Biden reverses Trump’s executive order banning TikTok in the United States, opting to shift to a broader US government review of all apps with ties to “a foreign adversary,”
- Australian Military: In January 2020 the Australian Defence Force (ADF) followed suit alongside the USA in banning TikTok from use on government-supplied devices.
While a ban was not considered in Europe, in June 2020, the European Data Protection Board (EDPB) announced that it would assembling a task force to examine TikTok’s user privacy and security practices; this came to be named the “TikTok Task Force”.
This is the goal of the task force, according to a letter released by the EDPB in February 2021:
“…to enable its members to exchange information regarding any enforcement proceedings relating to TikTok’s compliance with the GDPR undertaken by the participating authorities. The EDPB is not conducting on its own any enforcement action, as this does not fall within its remit.”
Is TikTok Getting Deleted in 2022?
The short answer is no, TikTok is not getting deleted in 2022. While there have been some rumours (or, rather, pranks) alluding to TikTok being shut down in 2022, the app is still going strong and has no plans to go offline. That said, TikTok has been legitimately banned in several countries over the years. The biggest market where TikTok is still banned in 2022 is India, with the ban taking place in 2020.
Despite the bans, TikTok has seen a meteoritic rise in popularity—it has toppled Google as the #1 most popular website of the year, according to a report by Cloudflare.
Why Did the United States Try to Ban TikTok?
There were growing concerns about data collection through TikTok such as facial recognition, location data, and A.I. based image scanning can be used for nefarious purposes should Bytedance be compelled to share that data with the Chinese government.
These concerns led some to wonder if TikTok is less of a social media app and more of a remote spying software to surveil foreign citizens.
US senators and data privacy advocates alike were concerned that the quantity of data collected by TikTok could potentially be shared with the Chinese government due to China’s history of data collection, monitoring the online activity of their citizens, and internet censorship (the “Great Firewall of China”).
Due to the National Intelligence Law of the People’s Republic of China there were concerns that TikTok could be compelled to share user data with the Chinese government.
At the Social 2030 conference, it was revealed that Reddit’s CEO Steve Huffman considers the app to be remote spy software, with him stating “I actively tell people, ‘Don’t install that spyware on your phone’” and that he thinks that the app is “fundamentally parasitic”.
“I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone”Steve Huffman, Reddit CEO
Is TikTok Safe to Use?
After the attempted bannings called the security and privacy practices of TikTok into question, there have been several cybersecurity research projects dedicated to reverse engineering and studying the app.
- Penetrum (2019): TikTok Security Analysis Whitepaper
- Zimperium (2019): Zimperium Analyzes TikTok’s Security and Privacy Risks
- Citizen Lab (2021): TikTok vs Douyin: A Security and Privacy Analysis
- At the time of testing, some of the researchers raised concerns regarding potential vulnerabilities of the app
- From a data privacy perspective, some are concerned with the potential for TikTok to send user data to China
- There were concerns regarding the data that TikTok is able to collect and share with third parties.
- TikTok and Douyin do not appear to exhibit overtly malicious behavior; Citizen Lab did not observe either app collecting contact lists, recording and sending photos, audio, videos, or geolocation coordinates without user permission.
- While TikTok collected many data items, overall they still fall within general industry norms for user data collection.
At the start of the controversy, TikTok released a statement clarifying their user data collection and sharing practices.
Where TikTok stores it’s US user data & it’s stance on Chinese law:
“We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.
TikTok’s stance on censorship and providing information to the Chinese government:
“TikTok does not remove content based on sensitivities related to China. We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period. Our US moderation team, which is led out of California, reviews content for adherence to our US policies – just like other US companies in our space. We are not influenced by any foreign government, including the Chinese government; TikTok does not operate in China, nor do we have any intention of doing so in the future.”
What Kind of Data Does TikTok Collect?
Based on the data that TikTok claims to collect, it is in par with other social media apps in terms of the data it collects about its users, their usage habits, and their devices.
“TikTok is essentially malware that is targeting children”Statement by Reddit user bangorlol after reverse-engineering TikTok to see the data it collects from its users
- Your IP address
- Your browsing history in the app (i.e. the content you have viewed on the Platform)
- Your mobile carrier
- Your time zone settings
- An identifier for advertising purposes
- The version of the app you are using
- The model of your device
- Your device system
- The network type you are using
- Your device ID
- Your screen resolution and operating system
- The messages you send to other users on the app
However, a crowd-sourced team of software engineers and cybersecurity community members have been actively reverse engineering the app to learn more about what the app is collecting. Much of the findings have come from a Reddit user by the name of bangorlol. Here are the highlights of his reddit comment:
“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.
- They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication
- There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately.
- They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level.
- For what it’s worth I’ve reversed the Instagram, Facebook, Reddit, and Twitter apps. They don’t collect anywhere near the same amount of data that TikTok does, and they sure as hell aren’t outright trying to hide exactly what’s being sent like TikTok is.” – /u/bangorlol
What Has TikTok Done to Improve Privacy and Security?
Since the initial controversies, TikTok has made an active effort to demonstrate its commitment to the security and privacy of its users.
- Independent Review: TikTok is working to launch a Transparency Center that invites policy, content safety, and security experts to independently review the platform.
- Security Certifications: As of April 2021 TikTok is officially ISO 27001 certified in the US and UK, with Singapore, Ireland, and India soon to follow
- Transparency Reports: TikTok releases biannual reports showcasing their moderation efforts and their responses to data access requests from government entities.
- TikTok US Info: TikTok launched https://www.tiktokus.info/ to showcase its privacy, security, and transparency efforts. The site collects expert opinions from third-party sources, statements from TikTok, and sample headlines from major news outlets.
The sheer amount of data collected by TikTok and the potential for them to be forced to share user data with the Chinese government has caused privacy and security concerns among federal governments.
The bans from India and the US military may only be the start of such policy changes, with other governments potentially following suit.
If you are concerned about the use of TikTok in the workplace you can block employee access to TikTok on company-provided devices using web filtering software for computers and a mobile device manager for smartphones.
Start Blocking Tiktok on Employee Computers
”As a ‘novice’ I was able to set up with help from support in about an hour. Previous software took forever and didn’t work as advertised; this software worked right out of the box. It allows my workers to use the internet and make money for the practice without distraction/temptation to use personal websites/email/shopping.”
– Gerard B., Office Manager