TikTok and Facebook are two of the most popular social media platforms, but they take very different approaches when it comes to user privacy and data security. On the surface, TikTok’s security may seem better because it collects less personal data than Facebook. However, experts argue that TikTok poses unique risks due to its ties to the Chinese government. This article examines key differences between TikTok and Facebook’s security protocols to determine which platform offers better protection of user data overall. Thesis statement: TikTok’s security is better in some ways but worse in others compared to Facebook.
User Data Collection
Both TikTok and Facebook collect user data, but there are some differences in how each platform gathers information. According to a privacy researcher working with the Washington Post, TikTok gathers less data than Facebook in some cases (https://pirg.org/articles/demystifying-tiktok-data/). For example, TikTok does not access users’ phone contacts or calendar information. However, TikTok does collect data like location, browsing history, inferred interests, and more.
Facebook collects significantly more user data than TikTok. When users sign up for Facebook, they provide information like name, email, birthday, location, relationship status, and more. Facebook also gathers data on users’ interests, friend networks, browsing history, location history, and more (https://www.usatoday.com/story/tech/2020/08/06/tiktok-any-worse-privacy-and-data-mining-than-facebook/3311726001/). Facebook uses this data for ad targeting and content recommendations. Overall, Facebook has access to significantly more user data than TikTok.
Data Encryption
Both TikTok and Facebook use encryption to protect user data in transit and at rest, but their approaches differ.
TikTok encrypts user data in transit using HTTPS and SSL/TLS protocols. User data at rest in TikTok’s servers is encrypted using AES 256-bit encryption, which is an industry standard. Additionally, TikTok states that sensitive data like passwords are encrypted using more advanced methods like bcrypt hashing before being stored (source).
Facebook also uses HTTPS and SSL/TLS to encrypt data in transit. For data at rest, Facebook uses a mix of encryption methods depending on the type of data. Some data is protected by AES 256-bit encryption while more sensitive data uses more advanced encryption like scrypt hashing (source). Additionally, Facebook utilizes cryptographic signing of user data to prevent tampering.
In summary, both platforms utilize industry standard encryption methods to protect user data in transit and at rest. Facebook appears to employ a wider variety of advanced encryption methods for data at rest depending on sensitivity level.
Third-Party Access
Both TikTok and Facebook allow third-party companies access to user data, but Facebook appears to share more data with more partners. TikTok’s privacy policy states that they may share user data with third party service providers and partners, but limit the data shared to what is reasonably necessary. However, Facebook has been shown to share extensive amounts of user data with third party companies, with over 150 companies reported to have access in 2018 according to a New York Times investigation.
Facebook’s data sharing allows third parties to offer friend suggestions or target ads based on user data. However, the scale of Facebook’s data sharing appears to be far more extensive than TikTok based on investigations into their practices. While TikTok limits third party data access for service operations, Facebook grants extensive data access to bolster ad targeting and friend recommendations.
Content Moderation
Content moderation refers to the policies and practices that platforms use to review user-generated content and decide what to allow or remove. Both TikTok and Facebook invest heavily in content moderation, but take slightly different approaches.
According to Facebook’s latest transparency report, the company relies on a combination of artificial intelligence and human reviewers to moderate content. In Q2 2022, Facebook took action on 31.8 million pieces of content for violating its adult nudity and sexual activity policies, and took down 25.5 million posts for bullying and harassment. Most content actions were detected proactively by AI before any users reported it.
TikTok also issues regular transparency reports detailing its content moderation efforts. The platform is more aggressive than Facebook in using AI to detect policy-violating content – according to TikTok, around 98.7% of removed videos in H1 2022 were identified by automated systems. TikTok also runs a large network of human moderators to review more nuanced content. As noted by CNBC, many former Facebook moderators have been recruited to join TikTok’s new moderation hubs.
Both platforms still face criticism over moderation blind spots and inconsistent policy enforcement. However, their transparency reports demonstrate significant ongoing investments in keeping harmful content off their platforms.
Ad Targeting
Both TikTok and Facebook use user data to target ads, but there are some key differences in how they leverage that data. According to TripleWhale, Facebook has far more data points to target ads based on interests, behaviors, demographics, and more. Facebook’s ads can be targeted to custom audiences built from email lists, website visitors, app users and more. TikTok is more limited, focusing mainly on targeting based on age, gender, location and interests.
As noted by LeadsBridge, Facebook offers more advanced options like lookalike audiences and detailed targeting of life events. TikTok is still building up its ad targeting capabilities, though it does leverage the data it collects on users’ interests and in-app activity. Overall, Facebook has a significant advantage currently in leveraging user data for highly customized ad targeting.
Government Access
One key difference between TikTok and Facebook is how government entities can access user data. As an American company, Facebook must comply with data requests from U.S. law enforcement and intelligence agencies. Facebook received over 50,000 requests for user data from the U.S. government in 2020 alone.
In contrast, TikTok is owned by a Chinese company, ByteDance. While TikTok stores U.S. user data in Singapore and the U.S., there are concerns the Chinese government could potentially pressure ByteDance to share data. However, TikTok claims they have never provided U.S. user data to the Chinese government, and would not do so if asked. Still, the risk remains due to China’s national security laws and the nature of government requests often being secret.
In summary, government access is a key difference between the platforms. Facebook regularly complies with U.S. data requests, while TikTok claims they would resist any Chinese government pressure for U.S. user data. However, the legal and political dynamics introduce ongoing uncertainty around TikTok’s susceptibility to Chinese influence.
Hacking Vulnerabilities
In March 2022, a hacking group known as “AgainstTheWest” claimed to have hacked TikTok and stolen over 2 billion user records [1]. TikTok denied that a breach had occurred and no user data appeared online, so it’s unclear if this incident was legitimate. However, it highlights that TikTok could be a target for hackers looking to steal user data.
While major hacking incidents have not been widespread so far, experts warn that TikTok contains vulnerabilities that could be exploited. Check Point Research identified vulnerabilities that would have allowed hackers to manipulate user data and reveal personal information [2]. These issues were fixed after disclosure to TikTok.
TikTok has also provided guidance to users whose accounts have been hacked, indicating that malicious attacks do occur on the platform [3]. Accounts connected to third-party apps may be especially vulnerable. While TikTok appears to have avoided a massive breach so far, hacking remains an ongoing threat.
Security Features
Both TikTok and Facebook offer privacy protections to users, but there are some key differences in their approaches.
TikTok has implemented strict access controls so that all user data is stored in servers located in the US with encryption (USA Today). User videos are encrypted and only accessible to the user. TikTok also provides users with privacy settings to control who can view their content, message them, and see their likes and followers.
In contrast, Facebook has faced criticism over its data privacy protections. Facebook collects expansive data on users for ad targeting and provides that data to third parties (MalwareTips). While Facebook does allow users to adjust some privacy settings, the default settings are set to be publicly visible.
Conclusion
Both TikTok and Facebook collect significant amounts of user data and have faced scrutiny over their data privacy practices. However, there are some key differences:
- TikTok appears to collect more data points on its users than Facebook through its app permissions and tracking.
- Facebook provides more transparency into how it uses data for ad targeting purposes.
- TikTok’s data is more centralized in China with the parent company ByteDance, while Facebook data is spread across many countries and third party partners.
- TikTok employs strong encryption standards to protect user data in transit and at rest. Facebook has improved its encryption methods but they are still not industry leading.
- Both platforms have been accused of providing user data to governments when requested. TikTok may be more susceptible to requests from the Chinese government.
In summary, TikTok’s security around data collection and encryption seems stronger than Facebook’s in some areas, but its concentration of data within a Chinese company poses unique concerns. There are still many unknowns about how both platforms operate. Users should understand these tradeoffs before deciding where to share their personal data.