Appalachia Technologies Blog
A Tale of Sourdough and the TikTok Ban
Sourdough. Yes, I am starting a blog for a cybersecurity company with the 2020 hot trend of sourdough. Over Christmas break, my resistance to joining the sourdough club broke and I started down the path. I spent time consuming all the information I could – I scoured Instagram and started following creators, I watched YouTube videos on how to properly do a ‘stretch and fold,’ and I perused website after website to figure out what the heck I was doing. As a visual learner, I was thrilled when a blogger had included video for further explanation. And in many cases, the videos were embedded from TikTok.
But over this past weekend, as I turned to IG to find a new recipe, many creators were expressing their sadness over the end of TikTok. As a non-TikToker working in IT, I shrugged my shoulders and moved on. I mean, isn’t this ban a good thing? However, I couldn’t escape the seemingly endless list of creators that were distraught over the TikTok ban. Some expressed how easy it was to edit videos and how they were left to find a new tool (inconvenienced, sure), but many shared their concern over the loss of income they were facing as small, entrepreneurial businesses. Their community of consumers was gone in a flash. Fast forward less than 24 hrs and there was celebration when it returned, but we’ll get back to that…
As part of a cybersecurity company, I have heard extensively of the risk posed by TikTok on a number of levels. So as we returned to our usual workweek, I went directly to two of smartest cybersecurity minds in our organization – who happen to have polar-opposite stands on social media usage as a whole. Andy Warren is the Director of Cybersecurity for Appalachia Technologies and intentionally has little to no social media footprint. Mike Miller, on the other hand, is a LinkedIn Top Voice with over 126k followers. What follows is a series of clips from my conversation with Andy and Mike.
Ashley Louden: Is there any comment about how many are sacrificing security because they 1. enjoy the app, and 2. are making money by using it as a platform.
Andy Warren: Well, yeah we have sacrificed an enormous amount of privacy in the name of cheap, entertaining, and convenient... but that's a much bigger discussion than just TikTok. Heck, people have a dozen or more hot mics they invite into their home for convenience’s sake, and Apple has already settled their Siri abuse case earlier this year. It is literally always listening because that's what makes it convenient.
Mike Miller: I know quite a few people that make their living from TikTok. So for them, it's a sacrifice of security in order to feed their families. There are so many small businesses that really depend on it.
Andy Warren: Yes, lots of people make good livings from it. Is that worth having millions of devices literally spying on Americans for a foreign power? Seems like our national answer is yes.
Ashley Louden: Is there any “safe” platform option?
Andy Warren: If you want to go with true data privacy, you have to make a lot of sacrifices to make it worthwhile. Doing it in half-measure almost never works. It just takes one OPSEC mistakes to undo years of being careful for a given account/identity/person.
Mike Miller: I agree. I get asked all the time about my visibility. My answer is that I'm at a greater risk with no visibility or network because if I lost my job I'd have to start from scratch. The visibility for me is a "career life insurance policy" for me.
Andy Warren: It's the duality of exposure in general, honestly. So I think ultimately if you are going for a Social Media strategy in life, go all in and be thankful TikTok is back today. Just accept the surveillance as part of that (at least for another few months/years). If you really want data privacy, be ready to sacrifice a lot of the cool new(ish) conveniences that everyone around you enjoys and suffers no obvious downside from.
Ashley Louden: Are there any tips for using TT safely?
Mike Miller: Strong password, MFA, use common sense, be limited in the information you give out.
Andy Warren: The most nefarious part is the app permissions. It's literally running every single sensor even when you have the app in the background (including mic etc).
We continued into a conversation that focused on the device itself in question when it comes to security. Remember when computers didn’t have built-in camera covers and people resorted to using Post-It notes or tape to cover them? Yet we have smartphones with cameras and mics that go with us everywhere. And those smart home devices? I can ask Alexa to give me the weather forecast or play my favorite playlist – all because I gave permission to listen. That’s all happening regardless of my MFA use or password hygiene. It is another reason why layers of security are so important. The conversation continued…
Mike Miller: My opinion is, in the end, we have to remember that devices we use are milliseconds away from any person or computer around the world. We can just assume that what we are inputting into our devices has the potential of being heard, read, or seen by someone else. Use common sense.
Andy Warren: My overarching thought would be "What is your threat profile?". You can't protect against everything, so decide what parts of your digital life you want to add protection to (email, location, family, crypto wallets etc) and focus on protecting them first and foremost.
For some people, they trust the apps and companies behind them fully. In that case, don't worry about TikTok etc. Protect what you value from what you think might pose a threat to it. (e.g. at least a dedicated device or storage platform for your crypto wallets. It's always a tradeoff).
Mike Miller: Never just assume that large social apps will protect you from anything.
When it comes down to it, consumers are responsible for protecting their data and making decisions on what they’re comfortable sharing. It is a risk v. reward scenario in many cases. For those who have income based on the application, it may be time to diversify and grow their networks as well as implement any security measures they have missed.
Time for me to find that sourdough cinnamon roll recipe video…