Scrolling through her “For You” page on TikTok, Palo Alto High School junior Megan Wong pauses to like a video of the newest dance challenge that has been dominating the app. She halts occasionally, clicking on creator profiles and making split-second decisions to follow some of them. However, beneath the viral dance challenges and comedy skits, everything — from the videos she likes to who she follows and the comments she makes — is being tracked and recorded in a form of large-scale data farming that affects all users of the app.
This form of user data collection is not only a phenomenon of TikTok, although the U.S. military says it has special concerns about the app. As humans spend increasing amounts of time on social media, they leave behind traces of personal information, ranging from simply what posts they like to their names and birthdates, and technology companies are able to harness this information to their benefit. Companies like Facebook and TikTok participate in the routine exchange of personal data, which can be bought and sold by dozens of corporations.
According to Dan Boneh, Stanford University professor in cryptography and computer security, companies have great influence over user data.
“These companies generally have many ways to track how people use their apps and how they use the web,” Boneh says. “They then compile all the data they collect into a recommendation system that lets them improve their services and propose user-specific content for people to view.”
Today, one does not have to look far to find media surrounding the data-farming controversy. Most notably, in the past six months, headlines about various lawsuits against technology companies have been a constant reminder that everything put online is subject to the mass sale of data.
Younger generations are often considered extremely tech savvy and capable when it comes to navigating the digital world, so it would make sense that they are also the most prepared when it comes to their digital safety. But do teens really care whether their information — which in all regards should stay private — is given to massive technology corporations and used for possibly nefarious purposes? Answers surprisingly vary among students, professionals and members of the Palo Alto community.
The flaws of TikTok and Facebook
TikTok, a video sharing social networking service that has grown exponentially in the past two years, gives creators the chance to make and share short videos to an audience of 500 million users. In recent months, TikTok has come under public scrutiny for giving and selling data to the Chinese government: a lawsuit filed in December 2019 accused TikTok of secretly selling user data. In September 2019, the app was also accused of censoring information that went against the ideals of the Chinese government, such as the ongoing protests in Hong Kong.
“Users should be aware that what they share on social media can be viewed by the platform, and often can also be viewed by other users.”
— Dan Boneh, Stanford University professor in cryptography and computer security
Facebook, too, has had its fair share of lawsuits and attention regarding user data security, the most famous incident being the Cambridge Analytica case. In 2018, the political data firm — hired by presidential candidate Donald Trump’s 2016 election campaign — gained access to information of about 50 million Facebook users. The firm used this data to understand voter preferences and habits, which were exploited with targeted advertisements designed to mass influence voter behavior.
It is difficult to gauge the amount of personal data being shuffled around and utilized for user-specific content. California’s Consumer Privacy Act, which went into effect on Jan. 1, is the first step in bringing to light the specifics of data farming. Besides causing an influx of “Changed Terms and Services” notifications on social media sites, the act aims to increase transparency on how data is used, and has been called a “victory for consumer privacy rights” by the media.
“The [privacy] law sets some boundaries on how platforms can share user data with other entities,” Boneh says. “It also requires platforms to notify users on how their data will be used.”
Though many believe the law, which is modeled after the European Union’s General Data Protection Regulation, is a step in the right direction, the reality is not so convenient. According to Boneh, though users will be notified through the CCPA, companies like Twitter and Uber try their best to create loopholes, such as making the process of requesting data records so complicated that it is impossible for an ordinary user to take advantage of their rights.
“These notifications are not too helpful because it is difficult for the public to assess the impact of data sharing,” Boneh says.
In the midst of a possible misuse of user data — which some are referring to as a national security risk — it is no surprise that many users of these apps have started to take precautions when it comes to how much information they give out. Wong has considered the implications of continuing to be a TikTok user.
“When I first heard about the data breach of TikTok, I was honestly not that surprised, considering numerous other social media platforms have had controversies regarding this data misuse,” Wong says. “However, what really concerned me was how the governments of foreign countries had access to all this information.”
Wong is one of many teens who has seen the effects of the CCPA, but has not been able to find a tangible benefit from it.
“In the beginning of the new year I got a notification that there were updates to the terms and conditions and there was a link to a long page of details,” Wong says. “But like most people did, I just ignored it.”
Despite concerns about security, Wong has decided to continue to use the video-sharing platform, albeit with increased consideration of where she shares personal information.
“The idea that our data can be accessed by a number of companies is kind of terrifying,” Wong says. “We are not aware in any way of how our data is being used, how far it might go, or how it might impact our lives. In the end, I chose not to delete the app because I don’t post much. Nevertheless, it definitely has made me think twice before commenting on posts or making my posts public.”
With TikTok’s content largely catering to children and teenagers, current user and sophomore Anisha Gandhi feels that the younger generation is not as concerned as they should be about security risks, and echoes Wong’s sentiments about terms and conditions.
“I feel like there’s always these terms and conditions, these agreements, but I don’t know a single person that reads those,” Gandhi says. “We’re not really that aware of the risks and concerns of social media, because we’re just so engaged in it. We don’t really think of the defects.”
Though teenagers like Wong and Gandhi are aware of the problems and possible consequences surrounding giving information to an app like TikTok, it is clear that they do not believe they are in enough danger to take action. In fact, they would rather preserve the social media ingrained in youth culture than take action.
In contrast, Paly parent Vincent — who, aptly, asked that his name be changed to protect his privacy — decided to deactivate his Facebook account over concerns about his data security.
“We’re not really aware of the risks and concerns of social media, because we’re just so engaged in it. We don’t really think of the defects.”
— Anisha Gandhi, sophomore
“With Facebook, there has been so much written about the amount of data that has been collected on users and then sold or made available to third parties,” Vincent says. “Facebook has a terrible track record of safeguarding the data of its users. Given the personal nature of chats in Facebook, Facebook groups and just general posts, it just doesn’t feel like a ‘secure space’ to connect with others.”
Though Vincent acknowledges that data farming is a problem if society is unaware of its consequences, he is still optimistic about the CCPA and its potential benefits.
“It [CCPA] seems to be a great first step, and I’m waiting to see how it plays out,” he says. “There is a fundamental tension for social media companies. Engagement of their users, data mining and data farming are bread and butter to profitability. Developing tools for users to have a choice to limit what is shared and being transparent about the data the companies have will always seem like a pain.”
Even with the CCPA, there are serious consequences to not protecting privacy, according to Boneh.
“Users should be worried, but mostly worried enough to make sure they correctly set their privacy settings,” Boneh says. “Users should be aware that what they share on social media can be viewed by the platform, and often can also be viewed by other users. Platforms sometimes share this data with other parties, which is something users would rather not happen.”