CyberFocus: The TikTok case: will it be banned again?

Even though the date of the TikTok ban in the US was known way back in 2024, it still came as a surprise to millions of its users. A big chunk acted right away by expressing their disbelief on other social networks or migrating to RedNote, another Chinese-owned alternative.??

The current status is that the ban has been postponed for another 75 days in the hope of finding a solution to numerous TikTok’s security and privacy concerns.

In this CyberFocus, together with Nord Security ’s Application Security Lead, ?ygimantas Kaupas , we’ll discuss the reasons for the imposed restriction and what will happen next for Chinese social platforms in 2025.

Why did TikTok get banned?

Firstly, it’s important to note that TikTok was the first social network to be banned in the US. Here’s the reasoning behind it:

• TikTok’s parent company, ByteDance, has ties with the Chinese government. Under China’s National Intelligence Law, TikTok would be required to assist in intelligence gathering if requested by the government. However, ByteDance claims the company operates independently and has never shared US data with the Chinese government.?
• The application collects lots of sensitive data about users, including location data (IP, GPS), biometric data (faceprints, voiceprints), user content, contacts, etc. It is also suggested that TikTok's in-app browser can monitor users' keystrokes, potentially allowing the app to capture sensitive information like credit card details or passwords.

• The Chinese app could be exploited as a vector for the injection of malicious software.

Because of that, many countries around the world, the US included, have forbidden their governmental employees to install TikTok on their work devices due to national security concerns.

To top it all off, the platform has had its share of security and privacy issues in the past.

In 2020, TikTok suffered a data breach where threat actors found information from multiple social media accounts.?

If that wasn’t enough, in December 2022, TikTok confirmed that its employees spied on the journalists covering the company. This happened after the social platform denied its capability to monitor its users.

At the moment, India is the only country that fully blocks access to TikTok. With the US sitting on the fence, it remains to be seen if other countries will follow the example.

What can happen if TikTok is banned permanently in the US?

A complete TikTok ban in the US would have a tremendous impact on ByteDance. According to the company’s CEO, 170 million users in the US are a major part of its 1B+ user base. Losing its key market would significantly devalue the company, which was worth about $300 billion in 2024.

At the same time, TikTok is a huge market for US influencers, especially Gen Z. Many use the platform to monetize their endeavors, and having it shut down would result in significant losses of personal income.

What can be done to save TikTok in the US?

The best option would be for TikTok to significantly improve its privacy posture. However, such a scenario seems highly unlikely at the moment.

Second, the most viable possibility is for another entity to purchase TikTok (or at least its US part) and commit to higher privacy and security standards.

If no other solutions are achieved, it is likely people will look for alternatives.

After the initial TikTok ban, one of its competitors, RedNote gained millions of TikTok US refugees, rocketing to the top of the free-to-download chart on the Apple App Store. However, Nord Security’s expert, ?ygimantas Kaupas, raised concerns, saying that RedNote can be as dangerous as TikTok.?

“RedNote's privacy side is even more questionable than TikTok’s – just look at their Terms of Service, which are only available in Mandarin.”

Additionally, the platform is also required to provide data for Chinese officials when needed.

Sticking to other popular apps, like Instagram Reels and YouTube Shorts is also a viable option, but users should keep in mind that in the event of a breach, users' data on these platforms will also be affected.

Instagram Reels and YouTube Shorts both gather huge amounts of details, including browsing habits, location, device information, and user interactions, which can become vulnerable in the event of a security breach. Indeed, as ?ygimantas Kaupas noted, nearly all social media platforms carry privacy and security risks that users consciously choose to accept.

Can buying TikTok solve its privacy and security issues?

To ensure TikTok functions at full speed after its 75-day ban reprieve, the US should own 50% of TikTok's shares. Among the high-profile buyers eyeing the platform are Elon Musk, Perplexity AI, ”Shark Tank’s” Kevin O’Leary and Frank McCourt from Project Liberty. YouTube star MrBeast and former Blizzard CEO Bobby Kotick are also among those looking to acquire TikTok.

?ygimantas Kaupas, Application Security Lead at Nord Security, points out that even if US billionaires, investors, or companies would buy TikTok in the US, the underlying privacy and security concerns might remain unaddressed:

“On the one hand, TikTok, like many other tech platforms, faces technical security challenges and has a history of vulnerabilities, including some serious ones (account takeovers). On the other hand, privacy issues are the pinnacle of the current situation, and just the ownership transfer won’t solve all the problems. TikTok collects huge amounts of data (even highly sensitive) by design. Different actors could use this information in different ways – from spying to manipulating or even influencing its users.”

So, can this move actually solve the issue? It might help separate it from the Chinese government oversight, giving the US more control over its citizens’ data. However, whether the new TikTok US owner can address concerns over personal data, app security, and national security within a 75-day deadline seems unlikely, but time will tell.

Can TikTok users benefit from a VPN?

As the US government monitors apps that might threaten national security and personal privacy, not just TikTok but also RedNote, WeChat, Temu, Shein, Telegram, and FaceApp are on the verge of potential bans.?

"VPNs are a reliable tool for accessing restricted apps by securely rerouting your network traffic as if accessing the banned content from a different location. However, whether after 3 months US users will be able to access TikTok via VPN also depends on how the ban will be implemented. If the ban is enforced at the network level by ISPs, then using a VPN to access TikTok from outside the US would work just fine. But if TikTok implements an account-level ban, a VPN wouldn't bypass this," explains the Application Security specialist.

However, even with a lifted TikTok ban, using a VPN is smart, as it encrypts your connection and helps to hide your IP. Yet it can't fully protect your personal data if TikTok is already installed and accessing your information.

“VPN can ensure that your data remains confidential during the transition from you to the service provider but has no impact on how the data is used afterward. So, the best way to safeguard your data on high-risk apps, such as TikTok or RedNote, is to avoid using them altogether. Yet, if you really need to install them, make sure you adhere to essential security practices when setting things up," points out Nord Security expert, ?ygimantas Kaupas.

Tips for safer TikTok usage

Even with privacy and security concerns, there are ways to use TikTok or its alternatives more securely. Here are some practical tips from ?ygimantas:

1. Secure your account?

• Use strong passwords and store them securely on the password manager.
• Enable 2-step verification to add an extra layer of security.
• Register with a unique email address.

2. Adjust privacy settings

• Control who can view, comment, and share your content.
• Restrict the location permissions.

3. Maintain app security

• Regularly update the app to protect against vulnerabilities.
• Don’t use TikTok on devices that you don’t own.

4. Think before you post

• Don’t share anything sensitive.
• Don’t post any content that might harm your reputation.

5. Stay alert for threats

• Beware of any phishing attacks and report suspicious activity.
• Check and manage regularly which apps have access to your TikTok, RedNote, Instagram, YouTube, or other accounts.

Ultimately, no social media platform is completely safe. Security risks are always present, so it's crucial for every user to stay vigilant and take proactive steps to minimize those risks.