- Early Monday, TikTok announced that it would be leaving the Hong Kong market over fears regarding China’s new national security law, which would require the company to hand over user data.
- Later in the day, U.S. Secretary of State Mike Pompeo told Fox News that the U.S. is “looking at” banning Chinese social media apps, including TikTok.
- The Chinese-owned app has long been accused of giving data to the Chinese Communist Party, which it has repeatedly denied.
- If put in place, an American ban would just be the latest national-restriction against TikTok. India banned the app on July 1 over similar fears that it gave away user data to Chinese authorities.
Could TikTok Face an American Ban?
Secretary of State Mike Pompeo told Fox News Monday night that the United States was “looking at” banning Chinese social media apps, including the popular video-sharing app TikTok.
When speaking to host Laura Ingraham about potential plans to restrict the app, Pompeo said, “We’re taking this very seriously, but we’re certainly looking at it. We’ve worked on this very issue for a long time.”
“With respect to Chinese apps on people’s cellphones, I can assure you the United States will get this one right too,” he added.
Despite his claims, there haven’t been any concrete efforts made public yet. Still, when asked if he’d recommend for people to download TikTok, the Secretary of State replied, “Only if you want your private information in the hands of the Chinese Communist Party.”
TikTok has adamantly claimed that despite its parent company ByteDance being based in China, TikTok itself isn’t controlled by the Chinese Communist Party, nor does it have deep ties with the party.
The app claims that the executives and managers who actually make decisions about its business and make its content rules are all outside of China. The company also states that Chinese authorities have no say in what is and isn’t allowed on the app, and lastly, that user data isn’t stored in China.
American authorities doubt these claims, as the company is owned by ByteDance, which is based in China and like most large Chinese companies, is thought to have close ties to the ruling Communist Party. Adding to the fuel that TikTok complies with Chinese authorities is the fact that ByteDance also owns its sister company, Douyin, which is essentially a Chinese version of TikTok.
A U.S. ban would be a massive loss for the company, which is home to some of its biggest creators. The app has also faced hurdles in India, where a ban went into effect on July 1 that blocked TikTok and 58 other Chinese apps. The nation of over 1 billion is among its largest markets.
Australia has also floated the idea of banning the platform over concerns it inappropriately shares data with the Chinese government.
Pulling Out of Hong Kong
Aside from promising that it isn’t controlled by Chinese authorities, TikTok has also made recent moves to distance itself from the country. Hours before Pompeo spoke to Fox News, TikTok announced that it would be pulling out of the Hong Kong market over fears about a sweeping national security law imposed on the city by China on June 29.
According to TikTok, the app would be inoperable within Hong Kong in a few days. Additionally, it wouldn’t process data requests from China or Hong Kong police, although some current residents already say they can’t download the app.
Hong Kong authorities used the new national security law to release strict new rules regarding online posts. If police suspect an “electronic message” endangers “national security,” they can ask the publisher, platform, host, or network provider to remove or restrict access to it. Those who publish messages and don’t comply face a $100,000 fine and upwards of six months in jail.
Users who actually make the posts face a similar fine and up to a year in jail.
According to multiple reports, the rules explicitly allow authorities to jail employees at internet companies that don’t reply, regardless if they’re based in Hong Kong or not. It should be noted that punishment would only be applicable if one was to actually travel to Hong Kong or China, as most nations wouldn’t comply with another country claiming extraterritorial authority.
However, it still puts companies in an awkward position; comply with Chinese authorities and face backlash for caving on free speech, or disregard the rules and potentially risk employee safety and losing market access.
It wasn’t just TikTok that responded to the new rules, other tech giants like Facebook, Google, and Twitter all said they would temporarily halt data requests from Hong Kong authorities as they decide what to do in the long run. All three had spokespeople and statements that were remarkably similar.
A Facebook spokesperson told Reuters, “We are pausing the review of government requests for user data from Hong Kong pending further assessment of the National Security Law, including formal human rights due diligence and consultations with international human rights experts.”
“We believe freedom of expression is a fundamental human right and support the right of people to express themselves without fear for their safety or other repercussions,” the statement continued.
Even though at face value it may seem like a hollow gesture, considering the fact that these companies are banned in China, it’s actually a big risk to a massive revenue stream. All three of those companies have major advertiser programs in China.
While they debate whether to comply with the law or not, it’s interesting to note that TikTok went further than the rest by actually pulling services out of the city. That might be because Hong Kong wasn’t a huge market for the company.
It consistently lost them money and only about 150,000 Hong Kongers used the app. Another facet that may limit the impact of “losing” Hong Kong is that TikTok’s sister app, Douyin, is still usable and popular in Hong Kong, despite not officially being available in the city.
See what others are saying: (Wall Street Journal) (The New York Times) (CNN)
Hackers Hit Twitch Again, This Time Replacing Backgrounds With Image of Jeff Bezos
The hack appears to be a form of trolling, though it’s possible that the infiltrators were able to uncover a security flaw while reviewing Twitch’s newly-leaked source code.
Hackers targeted Twitch for a second time this week, but rather than leaking sensitive information, the infiltrators chose to deface the platform on Friday by swapping multiple background images with a photo of former Amazon CEO Jeff Bezos.
According to those who saw the replaced images firsthand, the hack appears to have mostly — and possibly only — affected game directory headers. Though the incident appears to be nothing more than a surface-level prank, as Amazon owns Twitch, it could potentially signal greater security flaws.
For example, it’s possible the hackers could have used leaked internal security data from earlier this week to discover a network vulnerability and sneak into the platform.
The latest jab at the platforms came after Twitch assured its users it has seen “no indication” that their login credentials were stolen during the first hack. Still, concerns have remained regarding the potential for others to now spot cracks in Twitch’s security systems.
It’s also possible the Bezos hack resulted from what’s known as “cache poisoning,” which, in this case, would refer to a more limited form of hacking that allowed the infiltrators to manipulate similar images all at once. If true, the hackers likely would not have been able to access Twitch’s back end.
The photo changes only lasted several hours before being returned to their previous conditions.
First Twitch Hack
Despite suspicions and concerns, it’s unclear whether the Bezos hack is related to the major leak of Twitch’s internal data that was posted to 4chan on Wednesday.
That leak exposed Twitch’s full source code — including its security tools — as well as data on how much Twitch has individually paid every single streamer on the platform since August 2019.
It also revealed Amazon’s at least partially developed plans for a cloud-based gaming library, codenamed Vapor, which would directly compete with the massively popular library known as Steam.
Even though Twitch has said its login credentials appear to be secure, it announced Thursday that it has reset all stream keys “out of an abundance of caution.” Users are still being urged to change their passwords and update or implement two-factor authentication if they haven’t already.
Twitch Blames Server Configuration Error for Hack, Says There’s No Indication That Login Info Leaked
The platform also said full credit card numbers were not reaped by hackers, as that data is stored externally.
Login and Credit Card Info Secure
Twitch released a security update late Wednesday claiming it had seen “no indication” that users’ login credentials were stolen by hackers who leaked the entire platform’s source code earlier in the day.
“Full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” the company added in its announcement.
The leaked data, uploaded to 4chan, includes code related to the platform’s security tools, as well as exact totals of how much it has individually paid every single streamer on the platform since August 2019.
Early Thursday, Twitch also announced that it has now reset all stream keys “out of an abundance of caution.” Streamers looking for their new keys can visit a dashboard set up by the platform, though users may need to manually update their software with the new key before being able to stream again depending on what kind of software they use.
As far as what led to the hackers being able to steal the data, Twitch blamed an error in a “server configuration change that was subsequently accessed by a malicious third party,” confirming that the leak was not the work of a current employee who used internal tools.
Will Users Go to Other Streaming Platforms?
While no major creators have said they are leaving Twitch for a different streaming platform because of the hack, many small users have either announced their intention to leave Twitch or have said they are considering such a move.
It’s unclear if the leak, coupled with other ongoing Twitch controversies, will ultimately lead to a significant user exodus, but there’s little doubt that other platforms are ready and willing to leverage this hack in the hopes of attracting new users.
At least one big-name streamer has already done as much, even if largely only presenting the idea as a playful jab rather than with serious intention.
“Pretty crazy day today,” YouTube’s Valkyrae said on a stream Wednesday while referencing a tweet she wrote earlier the day.
“YouTube is looking to sign more streamers,” that tweet reads.
“I mean, they are! … No shade to Twitch… Ah! Well…” Valkyrae said on stream before interrupting herself to note that she was not being paid by YouTube to make her comments.
The Entirety of Twitch Has Been Leaked Online, Including How Much Top Creators Earn
The data dump, which could be useful for some of Twitch’s biggest competitors, could signify one of the most encompassing platform leaks ever.
Massive Collection of Data Leaked
Twitch’s full source code was uploaded to 4chan Wednesday morning after it was obtained by hackers.
Among the 125 GB of stolen data is information revealing that Amazon, which owns Twitch, has at least partially developed plans for a cloud-based gaming library. That library, codenamed Vapor, would directly compete with the massively popular library known as Steam.
With Amazon being the all-encompassing giant that it is, it’s not too surprising that it would try to develop a Steam rival, but it’s eyecatching news nonetheless considering how much the release of Vapor could shake up the market.
The leaked data also showcased exactly how much Twitch has paid its creators, including the platform’s top accounts, such as the group CriticalRole, as well as steamers xQcOW, Tfue, Ludwig, Moistcr1tikal, Shroud, HasanAbi, Sykkuno, Pokimane, Ninja, and Amouranth.
These figures only represent payouts directly from Twitch. Each creator mentioned has made additional money through donations, sponsorships, and other off-platform ventures. Sill, the information could be massively useful for competitors like YouTube Gaming, which is shelling out big bucks to ink deals with creators.
Data related to Twitch’s internal security tools, as well as code related to software development kits and its use of Amazon Web Services, was also released with the hack. In fact, so much data was made public that it could constitute one of the most encompassing platform dumps ever.
Streamer CDawgVA, who has just under 500,000 subscribers on Twitch, tweeted about the severity of the data breach on Wednesday.
“I feel like calling what Twitch just experienced as “leak” is similar to me shitting myself in public and trying to call it a minor inconvenience,” he wrote. “It really doesn’t do the situation justice.”
Despite that, many of the platform’s top streamers have been quite casual about the situation.
“Hey, @twitch EXPLAIN?”xQc tweeted. Amouranth replied with a laughing emoji and the text, “This is our version of the Pandora papers.”
Meanwhile, Pokimane tweeted, “at least people can’t over-exaggerate me ‘making millions a month off my viewers’ anymore.”
Others, such as Moistcr1tikal and HasanAbi argued that their Twitch earning are already public information given that they can be easily determined with simple calculations.
Could More Data Come Out?
This may not be the end of the leak, which was labeled as “part one.” If true, there’s no reason to think that the leakers wouldn’t publish a part two.
For example, they don’t seem to be too fond of Twitch and said they hope this data dump “foster[s] more disruption and competition in the online video streaming space.”
They added that the platform is a “disgusting toxic cesspool” and included the hashtag #DoBetterTwitch, which has been used in recent weeks to drive boycotts against the platform as smaller creators protest the ease at which trolls can use bots to spam their chats with racist, sexist, and homophobic messages.
Still, this leak does appear to lack one notable set of data: password and address information of Twitch users.
That doesn’t necessarily mean the leakers don’t have it. It could just mean they are only currently interested in sharing Twitch’s big secrets.
Regardless, Twitch users and creators are being strongly urged to change their passwords as soon as possible and enable two-factor authentication.