Tag: tiktok

Thoughts on TikTok

Thoughts on TikTok

Updated: The current attention to TikTok appears to be largely politically motivated from the Trump administration, so please fact-check all assessments on this topic.

TikTok’s sister app – Douyin – is only available within The Great Firewall of China but seems to retain a number of similarities (unconfirmed directly). However one of the key issues are such things as deep fakes propagated on the platform, prior to the evidence collected in an analysis done on the apps traffic and reverse-engineered codebase.

Love it or hate it you cannot deny that the platforms meteoric success generated massive popularity of the mobile app. Content on the app emerged from it’s lip sync-ing origins into staged comedy and more, gaining more and more popularity.

Extrapolations from the codebase are more difficult due to the obfuscation used, so some of the guesses in this area are trickier to confirm. However those inferences are backed up by behavioural analysis done on the calls made by the app in sandbox environments by Talal Bakry and Tommy Mysk.

Firstly suspicion is raised because the app checks the clipboard frequently – bear in mind that this is not a word processor or IM platform so there are very few reasons why this action could be justified.

Whilst unconfirmed there is some anecdotal evidence of concern relating to a U.S. lawsuit filed in California. The claimant in lawsuit states that TikTok created a user profile without her permission and without any action from her, alleging that the firm sent all sorts of PII back to China. Whilst this case is ongoing and there is no preliminary finding and due to the fact that TikTok has removed content offensive to the Chinese government, it appears that the platform has the capability to lock out devices belonging to those posting content it feels inappropriate.

In the case of Feroza Aziz there is a debate to be had on whether a string of previous content was appropriate – there’s too little information to make a judgement. However on balance it does appear that TikTok moderation is far more heavy-handed than US platforms such as Facebook.

That being said, we could also theorise that the current global political and economic climate – combined of course with the anti-China rhetoric from the U.S. administration – is the largest driver of the efforts to find problems with the platform.

That being said, I’ve built a mechanism to block TikTok from your network based on Debian Linux and unbound (combined with an appropriate configurations for your wireless and edge routers). The script could easily be modified for PiHole-based DNS (FTLDNS), although I suspect PiHole may add TikTok-based blocks in the near future.

You can read about that blocking mechanism here.

Blocking TikTok At Domain-Level

Blocking TikTok At Domain-Level

Firstly let me say that this is a largely personal choice, but I’ve come to enjoy malvertising-free home & office network for some years now. I’ve not seen any adverts in years and have established multiple layers of blocking.

Whilst this is partly due to the nuisance of demands to buy products we don’t need for problems we don’t have to solve, it’s also partly an architectural and technical challenge to solve.

Approach Options

I could have approached this at a network-level block, which would have been simple if the platform was purely Chinese. However they have offices and infrastructure in the U.S. and Singapore making this more complicated.

In addition to this I can see they’re using Akamai for edge and CDN which means that I would potentially be blocking traffic for non-TikTok mechanisms.

The next-best option is to target TikTok domains and block them via DNS filtration. This isn’t perfect because mobile and console apps are beginning to adopt DNS-over-TLS libraries to use their own platform-specific DNS capability (including serving adds via CNAME-ed sub-domains).

There are a number of ways to stop that involving mangling some firewalls and analysing traffic to regularly update your hostile DoT server list. However that’s not part of this particular post – maybe I’ll have time to explain the implementation in a post later this year (but don’t hold your breath ok?).

I roughly equivocate this approach to an obstinate app or service refusing to move out of your way; so you remove the floorboards from underneath their feet…They can still stand but not anywhere near your flooring.


So the LAN DNS servers here operate within configurations that span:

  • Standard DNS resolution & caching services
  • Filtration to redirect hostile DNS back to the LAN DNS servers
  • LAN, VPC and WAN domain name entries for internal kit
  • Malvertising fencing

The solution for TikTok fits into this last category and is pretty simple. A maintained GitHub repository has a pretty good list of TikTok and related domains. I’ve created a very quick script which pulls that list and transforms it into an Unbound-friendly configuration.

The idea is that this script is run on a crontab every few days to get the latest list and has been running for a few days without incident already.

I’ve created the code snippet in full on GitLab, which you’re welcome to use and abuse for your own purposes. Enjoy 🙂