According to a Wall Street Journal exclusive report on Tuesday, Canadian cybersecurity firm Feroot Security found TikTok Pixel trackers in government websites across 27 states. This includes some regions which have banned the app from state networks and devices. The TikTok Pixel is a piece of code installed on websites to track TikTok ad campaigns and the performance of specific ads. Feroot’s study involved a review of 3,500 companies, organizations, and government entities. Ivan Tsarynny, Feroot’s chief executive, urged government websites and companies that collect personal data to remove the TikTok Pixel.
Concerns About TikTok’s Data Collection Practices Loom Large
The TikTok Pixel is a web beacon — a piece of code that sends information about a website visitor back to TikTok. Other popular services such as Meta and Google also use web beacons to track ad performance and other web analytics. However, it is unclear if the Chinese-owned TikTok abides by the same rules as its U.S.-based counterparts. Tsarynny told the WSJ that TikTok’s trackers “can be watching and recording you when you’re renewing your driver’s license, paying your taxes or filling out doctors’ forms.” Responding to the WSJ report on Twitter, Sen. Josh Hawley (R-Missouri) tweeted: “So TikTok is now turning state government websites into surveillance devices. Here’s an idea. Ban TikTok.” On the other hand, a TikTok spokesperson clarified that the company does not go overboard with its data collection. The data is rather limited to helping improve the effectiveness of its ad services, they said. “Our terms instruct advertisers not to share certain data with us, and we continuously work with our partners to avoid inadvertent transmission of such data,” the spokesperson stated.
TikTok Pixel Found on Utah, Maryland Government Websites
Based on Feroot’s findings, the WSJ looked into a sample of government websites and found the TikTok Pixel on two. The first was a Maryland Department of Health Covid website, and the second a Utah government site for job seekers. Previously, both Maryland and Utah issued executive orders to ban TikTok from state-owned devices and networks. The websites reportedly removed the trackers after being contacted by the WSJ. A Maryland government official said the Pixel was a remnant of a previous ad campaign and the government would investigate why it remained after the campaign. In the Utah site’s case, a government official stated that the tracker was used for an educational campaign for Utah job seekers. “We work with an advertising agency to run educational campaigns that inform Utahns about how to access programs that could help them get a better job—things like getting additional training or earning a GED,” a Utah Department of Workforce Services spokeswoman said. The U.S. government may view the concerns around TikTok’s trackers from a national security lens. However, there remains a larger concern surrounding the privacy implications of these trackers. Feroot found that, on average, the websites it studied had 13 embedded pixels. In fact, 92% of the websites had a type of embedded Google tracker. This problem is not limited to the United States. A recent report found that over 90% of Spain’s top websites violated the GDPR’s rules on web trackers. If you’re curious about how you can improve your privacy, check out our guide to anonymously browsing the internet. You can also read up about browser fingerprinting, another technique that websites deploy to track users.