Or
People could just not use social media.
Just an idea.
The US Department of Justice has alleged that TikTok shipped personal information to China and allowed profiling of the short video app's users based on their attitudes to some ticklish topics. The Department's views emerged in a filing [PDF] from the US government in response to attempts by TikTok and its parent company …
I dispute that. El Reg has nothing in common with Facebook or any other "social" media. I have no way of finding out who is new on El Reg if they don't post something somewhere I read. You don't have a wall I can check. I am not alerted to your presence in the forums, nor can I "follow" you in any way. The only personal info I have access to is what you put into your public profile. If you decided to include your gender, religion, family details and/or sexual preferences, that's your decision. It is neither a requirement nor, I believe, encouraged by El Reg.
And I can't send you a private message. I can only publicly respond to your posts, as can you.
It's a forum, it's not social media.
A few months ago, you could simply accept only functional cookies on ElReg. Now, you have the full panoply of invasive popup yes/no choices. What is even more interesting if we wish to understand the ElReg publisher's motivation, is that you can agree to have them store required cookies simply for information (such as your choice in this regard - as little as possible thank you). Apparently the publishers of ElReg these days are too fucking greedy to accept that I turned off as much of their tracking as I could, and asked them to remember that I turned it off. So every time I get the same twatty dialogues as if the morons are too stupid to accept the decisions I already made. They are not too really too stupid, of course, it is a choice on their part, to milk information.
"A potential role for Oracle as an overseer of TikTok's source code was also rejected, on grounds that the sheer volume of the codebase – two billion lines as of 2022 – meant that a review would require at least three years of work on the code used at that time."
What? No AI pixie-dust to get the job done today?
Entirely possible. I worked as a contractor on a website backend that had been written by a Chinese company. I found to my horror that it contained literally millions of lines of code because that Chinese company had a business model of including literally every piece of code they had ever touched and switching off most of it. Seriously, there was unused code for face recognition and all sorts in this simple small business website. It took me ages just to figure out which parts of the code were actually used.
Presumably it's too much trouble for them to, sort of like, maybe, I don't know if this idea would work or not, but just maybe maybe, actually think about which of those components you actually need to include in this particular product, perhaps? You know, instead of include absolutely everything, maybe?
I don't think it's conceivable at all - all of Android itself, with dependencies, is only ~7 million according to, say, https://derdilla.com/blog/size-aosp/. That's more than two orders of magnitude less. Oracle are... How do I say this without being legally liable... "Mistaken".
Now yeah, you suggest the idea that vast swathes are "turned off", whatever that looks like. Preprocessor directives, source-level configuration switches etc. - it would be a comparatively easy job to run the preprocessing steps on the code base to get the lines *actually* being fed into the compiler/transpiler/whatever-they-use, because that's what the app's build system would have to do anyway.
If every line of that code were in use and compiled down to just a single byte - not even an instruction - that would give you a 2GB application binary. For Android, it's 123MB; for iOS, 158MB. Unclear if iOS is still built for armv7 as well as arm64. but assuming that accounts for the size difference and expecting most of the overhead to actually be e.g. Electron or a similar XP layer, we could say the actual compiled code size is around equal to that 35MB difference and the rest is assets. All of these numbers are likely as absurd to your eyes as they are to mine - bloat in modern software is just incredible - but we're a long, long way off 2 billion anything. That's not even 2 billion bits!
Apart from anything else, Oracle claim it's impossible to analyse that code, yet somehow the developers of TikTok itself manage the complexity of 2 billion lines just fine. It's simply not reasonable to suggest this.
I can just imagine Oracle with its fat snout at the teet of the US people again, feeding off incompetence and fear, swelling its belly whilst delivering nothing. There would be contract extension after extension, more staff needed, increase in rates and well, we tried, but the job was just too big and Bytedance kept moving the goalposts.
Tiktok does, in fairness, list very clearly in it's T&C's that it will broadcast all manner of data back home, way beyond anything reasonable needed to play a given video...
It is the spawn of satan that application and has no place anywhere near ANY of your business devices. And not really at home either. It makes googles tracking efforts look positively amateurish.
"in it's T&C's that it will broadcast all manner of data back home,"
And the problem is that people don't care, because they do not think anything that there's anything in there that might adversely affect them. They have no idea how sophisticated the monitoring is and what can be reliably extracted from the data. The only way anyone can be made to care is if they're sat down and told exactly what complete strangers, who do not have their best interests at heart, know about them personally. Until it's served up on a plate, as a real example of how they are being manipulated with this knowledge, no-one cares.
And no-one reads the T&Cs, because they are almost always screeds of legalese that is impenetrable to all but the lawyers.
U.S social media companies and Government participate in the same data collecting activities, this collecting of "very personal" information could be (and probably is) performed on any\all of the social media platforms. The NSA and FBI employ dragnet data collecting operations, the FBI has zero room to accuse TikTok or China of violating personal information when they were caught in the act of stealing drivers license data and photos from multiple states without a warrant(s) or permissions of the individuals. The FBI has been abusing the FISA database for years, agents using it for illegal activities that would easily land any citizen or hacker in Federal prison. Yet none of the agents are prosecuted or lost their jobs.
NSA has had employees violate the conditions of the laws granting them rights of spying, with none losing their jobs or being prosecuted. Multiple employees stealing classified information on USB thumb drives, while stating they cannot block the use or access of thumb drives. It has been possible to block USB access on Windows for years before the large leaks plaguing the NSA occurred. Both of these agencies are fed personal data on U.S citizens from all social media platforms, phone apps...etc., phone and PC location data is commonly collected and sold, probably just given or fed directly to the U.S Government.
So only foreign Governments are in violation of U.S laws when stealing very personal information, but no laws are applicable to employees of intelligence and law enforcement agencies tasked with supposedly protecting the very same data of U.S citizens when they willfully violate those same laws. The laughable comments made to Snowden by senators and agencies alike, told to come back to the U.S and defend his leak of classified information. Yet, by Federal Statute you are not allowed to offer or submit to the court any defense or explanation of actions in an espionage case. The push to backdoor or ban encryption on the Internet is directly tied to both agencies wanting unfettered access to all the very personal information on the Internet. But that is to protect the country from terrorist attacks, right. Don't you believe it!!
I agree we need to keep pressure on our elected officials to eliminate unconstitutional spying on citizens. But please don't use whataboutism to alleviate the pressure on elected officials to block spying done by governments that are the poster children of exactly why we need to fight government spying. The big difference between what is done by our government spying on us now (and the legitimate concern is absolutely that it'll gradually get worse and worse) and certain other governments is that today and the last few years, what you say online absolutely can get you locked up and possibly killed in other countries (or even if living outside that other country). That is a very big, very real difference. I agree with the principle but the massive difference in degree means this is two distinct battles both of which we need to fight.
This isn't an outright, because X it must be Y thing, it just struck me as very high.
So I did a very quick and dirty search and it came back with a Linux.com article about there being 27.3 Million lines in the Kernel and 1.3 Million in SystemD in 2020.
https://www.linux.com/news/linux-in-2020-27-8-million-lines-of-code-in-the-kernel-1-3-million-in-systemd/
I know they are vastly different use cases, but it strikes me as odd that a video sharing app would have orders of magnitude more lines of code than the entire Linux kernel.
And rough estimates put windows 11, a vastly more bloated entire operating system, at 60 to 100 Million lines of code. Still not even close to 1 app on a phone?
https://windowsreport.com/windows-11-how-many-lines-of-code/
Is this a mis speak, mis transcribing, or just lies to suit a narative?
Off the top of my head I can't think of any mobile** application that doesn't routinely ship user data off to head office. This data's used for a variety of purposes but prominent is it being mined by data brokers in order to profile users, the better to sell add space on their devices etc.
So now we know the real reason why Tictoc's at the top of the lobbyist's agenda and so of pressing concern to receptive legislators. It represents a huge goldmine of prime demographic user data, data that they want to get their claws on. (Not to mention the tools for collecting, collating and evaluating that data -- lots of good eating in that codebase.)
Personally, I don't like being treated like a fool.
(**Non mobile applications too, of course. Its just mobile was the big driver for all this, before they came along software was just software, it just did a job.)
Lark (Chinese name Feishu) is basically a knockoff of Slack. It's a messaging tool targeting enterprises.
Yes it's all based on Chinese servers. No it's not an internal ByteDance tool as such: they are only one customer.
The news here is that ByteDance are putting data on their (third-party served) messaging system that shouldn't be anywhere near it.
Why does ByteDance keep talking about Constitutional rights? They're not a US citizen. In fact, the US government is wary of ByteDance because China likes to hunt down their citizens who are hiding in other countries after saying something that the Chinese government didn't like. Whether ByteDance approves of that or not, it's what their government does.
(I'm sure the US does the same thing, but the threshold for being wanted is different)