this post was submitted on 03 Oct 2023
3 points (53.3% liked)

Privacy

32103 readers
1017 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I want to follow some people on tiktok, for the content they put out. I am, however, a somewhat privacy-minded person. Any suggestion on how to make TikTok less privacy-invasive? Some DNS app?

I am on Android, not rooted.

all 32 comments
sorted by: hot top controversial new old
[–] anon5621@lemmy.ml 52 points 1 year ago* (last edited 1 year ago) (3 children)

Better use just web version if honestly.Because application is really awful.

https://gist.github.com/Theoistic/d419667b1052c4c21e789341e085b5a0

Just look at permission manifest of android.

It has

  • location tracking
  • phone calls reading
  • Making screenshot of your scren
  • get wifi networks around you
  • facial recognition
  • Microphone analyze of your speech
[–] bl00dmeat@kbin.social 5 points 1 year ago

Wow thanks for sharing that gist! I never even considered installing and don't use it, it's just wild to see how insane that list is.

[–] nick@midwest.social 3 points 1 year ago (1 children)
[–] RQG@lemmy.world 4 points 1 year ago

Jesus Harold

[–] ViciousTurducken@lemmy.one 2 points 1 year ago (1 children)

You don't have to give it permission to do any of those things

[–] anon5621@lemmy.ml 5 points 1 year ago

So far not every u can control,how u would prevent screenshoting of screen? U will need using something like appmanager which require adb or root (better ofc)

[–] mp3@lemmy.ca 33 points 1 year ago

The only winning move with that platform is not to play with it at all. It's a privacy hellhole.

[–] Number1SummerJam@lemmy.world 25 points 1 year ago* (last edited 1 year ago) (1 children)

I suggest you avoid short-form video apps entirely. There is a correlation between reduced interest in learning/ADHD and Short form video formats 1 2 3. When you use sites like Lemmy and actively read, you are at least becoming a better reader and critical thinker. Short form video shows you fast-paced content tailored to you that's designed to keep you addicted and entranced. From what I've seen firsthand, once people start using these platforms they have a hard time stopping.

[–] wit@lemmy.world 5 points 1 year ago

Thank you for the sources! I will surely read them.

[–] WarmSoda@lemm.ee 16 points 1 year ago (1 children)
[–] wit@lemmy.world 6 points 1 year ago (1 children)

This is a good question and one that whose answer is probably not going to be well received in this community but:

  • I want to follow some stand up comedians. I like to laugh. Sue me.

I tried finding their content elsewhere but was not very successful. Seems like TikTok is being used more and more for that.

[–] WarmSoda@lemm.ee 7 points 1 year ago* (last edited 1 year ago)

Firefox. Ad block. YouTube. Just look them up.

[–] cooopsspace@infosec.pub 16 points 1 year ago
[–] ViciousTurducken@lemmy.one 11 points 1 year ago (1 children)

Totally fake profile data, VPN with DNS tracker blocking, and put it in a separate user profile or work profile.

[–] wit@lemmy.world 2 points 1 year ago (1 children)

This is what I was considering.

[–] Boring@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Also consider the possibility of the app implementing DNS over https/TLS you may want to find a DNS that filters knonw DoH and block port 853 on your router.

[–] miss_brainfart@lemmy.ml 9 points 1 year ago

Do you want to use an account?

Maybe you could use a frontend like proxitok in the browser instead, and bookmark the people you want to follow? Or maybe this works with RSS, but I don't know, never used proxitok.

I don't actually know if it still works, or how well it ever worked, for that matter. But that would definitely be a lot more private than having the official app installed.

[–] Zak@lemmy.world 7 points 1 year ago

It seems to me viewing their content via TikTok's website is a good solution. Bonus points for private mode or clearing cookies afterward.

[–] Lemmchen@feddit.de 5 points 1 year ago* (last edited 1 year ago)
[–] jeffhykin@lemm.ee 5 points 1 year ago* (last edited 1 year ago) (1 children)

Most of the comments seem to be missing the point. AFAIK the question is "how can I sandbox a malicious app?" which would be nice to know the answer to.

  • Different profile/VPN is a good start
  • What about location spoofing?
  • What options are their for faking mic data/call logs
  • How to protect against nearby WiFi detection
  • Do user profiles protect against screen access
  • etc
[–] eddie_of_ny@lemmy.ml 2 points 1 year ago (1 children)

As far as sandboxing goes, there's always Island, Shelter, and Insular, which all leverage the work profile function in android to give you a privacy sandbox of sorts. Problem is, your phone still uses Google Play Services at the system level, so any tracking data being sent through it still gets where it's meant to go. That being said, leveraging the work profile gives you an extra VPN slot, which can be used with either an always-on VPN, or that slot can be filled by a firewall, something like RethinkDNS or Netguard. Invizible Pro is a good option too, it can route all traffic through TOR, has DNSCrypt built in, and has a firewall (though I've never had success with using it). One thing to consider is that Android has been caught sending tracking data around the VPN tunnel if I'm not mistaken.

As far as location spoofing, faking logs, etc., I'm pretty sure you'd have to be rooted to do that kind of stuff with any real efficacy.

The real answer is root + microG + AFWall + any other privacy controls you can get your hands on (I'm a huge fan of XPrivacyLua, personally) and THEN consider something like Shelter

The realer answer is don't use TikTok

[–] jeffhykin@lemm.ee 1 points 1 year ago

Thanks for all those details! I'll be taking a look at a ton of those things, especially the rooted tools. I'd love to be able to feed Google Play services a bunch of garbage data on a burner account.

[–] Boring@lemmy.ml 4 points 1 year ago

Install insular, put it on a work profile, block all telemetry at dns level

[–] Eideen@lemmy.world 4 points 1 year ago

Separate phone.

[–] EpicFailGuy@kbin.social 2 points 1 year ago (2 children)

@wit

Moded APK with lucky patcher
localhost blocklist to make sure you're not uploadign a bunch of info
Shelter and install it in it's own virtualized profile

[–] ViciousTurducken@lemmy.one 2 points 1 year ago

What can you do with lucky patcher?

[–] wit@lemmy.world 1 points 1 year ago

Moded APK with lucky patcher

Can you tell me more about this lucky patcher? Any links? I have never installed an APK, other than the f-droid one. I stick to apps from stores.

[–] ame@lemmy.frozeninferno.xyz 2 points 1 year ago (1 children)

I don't understand the down votes here. Yea TikTok = bad, but you basically have to have one nowadays if you do anything social media related for your job

[–] Dsklnsadog@lemmy.dbzer0.com 2 points 1 year ago

We have lots of fanatics here too. I would never ever use TikTok but that didn't mean I think someone who use it is less privacy focus than me. Other people other needs.

It's a good question how to sandbox a shitty but needed app.