Ran across this article on Tiktok's insane and unprecedented level of obfuscation in the website's Javascript, which involves creating a virtual machine - more like a simulated CPU - in Javascript and then passing low-level instructions to it:
https://web.archive.org/web/20230109051551/https://ibiyemiabiodun.com/projects/reversing-tiktok-pt2/
While I would love to say Ahh Haa!!!
I have no idea what any of that means.
Can we get it in layman's terms?
Mr_Asa
UltimaDork
1/17/23 7:08 p.m.
In reply to Toyman! :
I am NOT the person to do this, I'm the person to translate what the person that does this is saying.
That out of the way, it sounds like it takes a bunch of data (presumably from you, the user,) runs it through a virtual machine, then runs that data through a program and sends that data to other virtual machines.
The issue with this, as I see it, is that there should not be any real reason to create a virtual machine
aircooled said:
MxRyan said:
What can security risk be on TikTok? It is an entertainment platform!
Uhm, yeah. Everyone knows entertainment has no affect on society.... yeah.
It would be interesting to see if you could get large circulation of a video of a giant Poo Bear squishing student protestors in Tienanmen square and locking up ethnic minorities for "re-education" on TikTok.....
(of note, there really is no such thing as a Chinese company that is not controlled or manipulated by the Chinese government)
Looks like China already has influence on what American citizens see in American theatres.
https://bleedingcool.com/movies/red-dawn-2012-remake-tainted-sony-mgm-china/
Toyman! said:
While I would love to say Ahh Haa!!!
I have no idea what any of that means.
Can we get it in layman's terms?
It means that they want to hide the code that they're running in your browser so badly that they've created a system where the browser code itself doesn't do the work directly anymore, instead it creates a hugely inefficient and insanely complex Rube Goldberg machine that receives a far greater number of arcane instructions that are vastly harder to analyze to eventually do the same thing.
In reply to GameboyRMH :
So, shenanigans.
I guess it's a good thing I don't do tiktok then.
Jerry
PowerDork
1/18/23 2:54 p.m.
SWMBO loves watching her bird videos, and a bit of political crap. She's tried to get me into it & I have resisted so far. Although I've been tempted to start an account that's just me in my stormtrooper costume doing random mundane real-life things. I wonder what the Chinese would do with that?
In reply to Jerry :
Nothing, but their terms of service give them access to pretty much everything on your phone including keystrokes. That, they can do all kinds of things with.
In reply to Jerry :
You'd be giving away the troop movements of the 501st Legion
Might also cause them to underestimate the marksmanship of American forces
(Seriously though, strongly recommend against signing up, and especially against installing the phone app)
My take on the article is:
- They're in your E36 M3
- They copy and move your E36 M3
- Not even the pros (article writer) know where your E36 M3 goes and what they do with it.
Mr_Asa
UltimaDork
5/13/23 8:42 a.m.
New lawsuit alleges Tik Tok put in a backdoor that allows CCP to access user data.
https://www.businessinsider.com/new-lawsuit-alleges-tiktok-owner-let-ccp-access-user-data-2023-5
Paywall, so here:
An explosive new lawsuit claims TikTok owner ByteDance built a “backdoor channel” in its code that allowed Chinese Communist Party members access to user data hosted in the US.
The wrongful termination suit, which was filed on Friday in San Francisco Superior Court by Yintao Yu, alleges ByteDance granted special powers to members of a unit of the Chinese Communist Party, or CCP, inside the company, referred to as the “Committee”.
The suit says the CCP “Committee,” which did not work for ByteDance, could monitor its business activities, demote content the unit viewed as unfavorable to China's interests, and even use a “death switch” to kill Chinese versions of its apps.
The complaint alleges the “Committee continued to have access” to US user data even after ByteDance walled off access for individual engineers in China.
Specifically, the suit says Yu “saw the backdoor channel in the code, which allows certain high level persons to access user data, no matter where the data is located, even if hosted by a U.S. company with servers located in the U.S. Chinese law requires the company to grant access to user data to the Chinese government.”
The complaint also claims the internal CCP group was tasked with helping ByteDance stick to “core Communist values,” at times blocking content around events like the pro-democracy protests in Hong Kong.
I cannot express the level of lack of surprise I have for this.
I don;t use tiktok, I do not even look at tiktok videos. My sister is addicted and gets all her news from it. She gets very upset and angry if you even suggest that China is using it to spy.
In reply to mad_machine :
She's a communist plant.