BBC to staff: Uninstall TikTok from our corporate kit unless you can 'justify' having it The world's oldest national broadcaster, the venerable British Broadcasting Corporation, has told staff they shouldn't keep the TikTok app on a BBC corporate device unless there is a "justified business reason." A Reg reader inside the Beeb told us yesterday's edition of internal staff newsletter Ariel contained some new rules …
TBH that's Google's fault, since the address book API gives actual contact phone numbers, not hashes.
But then again TikTok collects a hell of a lot more than just phone numbers. It can rifle through all of your documents and downloads if it wants to, because it has "shared storage" permissions. But again it's Google's fault that such a permission is so widely granted in the first place.
Supposing it turned out that Google and Apple were not very privacy-respecting companies either. Should we ban Google and Apple software from all phones?
A great idea if you ask me. I'll revive my old N900.
Doesn't do that on Apple. I have mine set to Specific Contacts, and Specific Photos/Videos. It's a bit of a pain to manually 'manage' which photos it has access to whenever I want to send something, but at least I'm happy it's not just rifling through willy-nilly.
Maybe time to ditch Android and buy a real phone.
Modern Android has quite a bit of privacy controls...that almost not a single person bothers using. The app permission controls are there but they are completely ignored by the Great Unwashed. I, OTOH, have so many permissions denied to everything that I'm sure the app writers would get into a fit of denial-rejection once they knew that people *can* say, Yes, Screw You.
Very. There is a "Permissions manager" in the App control panel, plus an additional "special access" permissions manager as well.
But I *will* pass on an easy secret: newly installed apps inherit permissions from the settings of Google Play Services. Deny Play Services everything....all apps also inherit the denials upon installation. Simple.
Modern Android has quite a bit of privacy controls
Stress on the word 'modern' - that only got implemented when it proved hugely popular on iOS. That said, some things were first on Android (can't remember what it was now, but I noticed at the time that it was a feature I'd love to see in iOS) so from a feature perspective they're keeping up with each other.
However, the huge difference is in the motivation of the companies behind them and where they make their money, and whereas Google monetised every scrap of data it can grab (read their Terms completely to see how much permission you've given them), Apple wants to sell you hardware and is thus happy to protect your privacy if that means it can sell more.
Or, put differently, for Google the hardware is not where their profit lies, it's your data, whereas with Apple it's the reverse.
That difference in motivation is what makes me prefer iOS, but others may decide differently - vive la différance, I'd say. It would be terribly boring if everyone made the same choice..
Drank the Apple advertising Kool-aid, I see. Apple sheeple to the rescue.
Forget the Facebook scandal? Forget the iCloud photo scanning? The Siri records sharing? The Apple phone home usage and location systems?
https://duckduckgo.com/?q=apple+privacy+issues&t=fpas&ia=web
He didn't say he trusted Apple, just that he trusted them more than Google. I make the same judgement. Admittedly the spectrum of insitutions more trustworthy than Google is vast. It's unfortunate that it's essentially a binary choice between the two if you want to be able to use things like e.g. banking apps.
The thing is, the Chinese could probably go to data brokers in the USA and buy more information than they are currently collecting... The whole system is broken.
This is more scapegoating than anything else, there are US companies that collect the information or even more information and sell it openly, but that is fine, because capitalism. But a Chinese company doing the same thing? That is BAD!
That said, banning such apps from company devices should be standard behaviour anyway...
I think Apple is a bit ahead on the privacy protection front, to the point that they seriously pissed off emperor Zuck*, first when they imposed hard controls on which app can access which resources quite early on in iOS (and you can retrospectively change it too), and next when they implemented mandatory reporting on all apps in the app store a few years later on what it wanted to access, so you could decide before you downloaded what risk you were taking.
As Apple doesn't really make any money reselling personal details as a revemue stream, their motivation to implement things that break your privacy is a lot lower.
And the phones are more secure, to the point that even an iPhone 6 will still get updates, and that model is now 8 years old.
* My apologies if that led you to picture him naked..
I agree with you. I just object to doing everything the "apple way" which is forced upon anyone who uses one of those iDevices. It;s even worse when everyone (i.e. Google and Microsoft, even GNOME) copies them in their dumbing-down of the user interface and creeping integrations that make you buy more iThings.. and if you don't buy all the iThings and join the cult then you're Doing it Wrong.
On security though, they have it well locked down from sharing my data with 100 corporations that I don't trust, to 1 corporation that I don't trust. Yet somehow that doesn't make me feel all warm and fuzzy.
So they're OK for Google and/or Apple to spy on them (plus whoever is behind a host of other apps) but not TikTok? Despite us knowing that these other sources are collecting data and having no proof that TkTok is any worse.. hmmm.
Personally I'm not a TikTok use so it doesn't effect me but there does seem to be a large element of hypocrisy....
The problem is that TikTok is linked to the Chinese government. While you or I probably wouldn't do much to get the attention of the Chinese government, most journalists (including those employed by the BBC) would, so, TBH, while I have no problem with TikTok for personal use (that said, I don't have it on my phone, but this is because I have no real need to TikTok beyond watching the odd video), I am surprised the the BBC haven't acted before now, and I'm still surprised they haven't banned it.
That has been SOP at every company I've ever worked at.
No private apps on company device, no company apps or data on private devices and never the twain shall meet.
Social media has never been part of an employees normal duties at the companies I've worked at/with either. Apart from, maybe, marketing, none have ever had social media applications on their company devices.
My employer is the other way around. Company (i)phones are on a dedicated WiFi network with very few restrictions; the laptops and desktops have their Internet traffic decrypted and scanned. We're instructed to do anything personal on the phones (I guess this avoids liability if an employee looks at the medical or banking records etc).
Is that a firewall icon? -->
>And the BBC have acknowledged that some staff will require access for that reason. But that part of the BBC involves < 5% of the staff, if that.
Isn't the BBC a *broadcaster* and as such most departments will use social media to advertise the TV channels, radio stations, websites and all the other stuff it does?
Yes, Karen in accounts and Keith in maintenance won't, but it would be far more than 5% of the staff involved with making broadcast content - and that is before you get to the contractors and freelancers who produce content for the BBC.
Yes, but you will have a designated person or persons in each team, or a central team that coordinates everything.
Not every employee in every team needs access to the official social media channels - in fact, everything has to be controlled and a release given, before anything can be posted, so you will have very few people who have access to the official social media channels.
Social media has never been part of an employees normal duties at the companies I've worked at/with either
We have a dedicated team to do external comms and they are the only ones allowed to comment on behalf of the organisation. Other people doing so will lead to a very terse conversation with their manager, especially if it's negative.
I know one person that had their career ended prematurely (gross misconduct after the usual warning processes) for bad-mouthing work very loudly in social media.
It would be over in 10 minutes if it was an IT decision, but the higher-ups will want to create policies and that will take time, particularly given the BBC's recent policy-based issues where freelancers are concerned.
It's banned where I am but already we've had the media/comms teams request an exemption.
I guess in an organisation such as the Beeb there would be more people who would be active on Tiktok than in a regular office, due to them working in media themselves.
But AFIAK Tiktok can be used in a web browser anyway, so no real need to have the app on even on a work device, sure if they need it for work purposes just go to Tiktok.com and do whatever they need to do from there?
FYI I don't have a Tiktok account so don't know how much functionality the app has over the browser version, but certainly when someone has shared a link to something on Tiktok before now, its loaded up in Firefox OK without me needing to login or anything.
This is part of the issue that lots of stuff that works fine from a technical standpoint in a browser with all the sandboxing and restrictions on what can be accessed on the OS side built in by the browser developer. But we seem to have gone down the patch of making everything into an app which often request far more permissions than needed.
Original AC here.
Oh I agree with that - some of the CBBC stuff is excellent. I think my point was more along the lines of TikTok started off as a children's app, when did adults start using it? Not being into social medai I never notice the change in audience and I'm more curious about the transistion from where TikTok started to where it is now. Is it the original children grew up and took TikTok with them or did 'crusties' like myself start using it as well?
This post has been deleted by its author
If you have a company device then the company should have installed software and privs to prevent installs by users. All our corp kit is manage by company policies, you need to break them then it has to be agreed with both head of IT and head of infosec and you better have a very good reason else you get laughed out the door. If there's an app you need then it comes in via the company supplied repo/store delivery, not you randomly installing stuff!
FFS! We pay licence fees and they're not just for Aunty to piss away money making shitty middle-class sitcoms or dreary working class dramas, it's for the org to manage it's tech stack as well.
You connect to corp resources, you get a corp mobile device management policy. This enforces things like:
* encryption
* PIN/passcode complexity
* Block/allow list of apps that can be installed
* Remote wipe (with granular control of work-only resources using Android Work Profile)
* Conditional Access to corp resources (e.g. you have to be patched and up to date on OS etc)
This is TRIVIAL to set up. There are loads of options for corp IT and if they are an M365 user they can just enable InTune in the management console and it'll do it for them.
IMHO ALL corps that care about security should be doing this now. This also should apply to gov/civil service etc.
Whether it's government agencies or the BBC this shit puzzles me.
It's a work device, why the chuff would you need social media apps on a work device?
I can accept that some people in the BBC might need it if they actually use social media (ie the social media teams) or if they report on that shite (so technology journalists).
Wherever I've worked in the past any devices have come with strict instructions that the device is for work only and not for personal use. Using your work device for social media (not just tiktok) comes with security risks sure, but the big thing here is that these reports imply that the BBC and various government agencies are firstly using social media on work time and secondly they are using publicly funded devices for recreation.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
