SoylentNews is people
SoylentNews
TikTok plans to sue Trump administration over US ban
TikTok plans to sue the Trump administration over its executive order banning transactions between U.S. companies and the popular video-sharing app as well as its Chinese parent company, ByteDance.
"Even though we strongly disagree with the Administration's concerns, for nearly a year we have sought to engage in good faith to provide a constructive solution," a TikTok spokesperson told The Hill. "What we encountered instead was a lack of due process as the Administration paid no attention to facts and tried to insert itself into negotiations between private businesses," the spokesperson continued. "To ensure that the rule of law is not discarded and that our company and users are treated fairly, we have no choice but to challenge the Executive Order through the judicial system," the spokesperson added.
Also at NYT and Business Insider.
Previously: Bytedance: The World's Most Valuable Startup
Lawmakers Ask US Intelligence to Assess If TikTok is a Security Threat
TikTok and 53 Other iOS Apps Still Snoop Your Sensitive Clipboard Data
India Bans TikTok, WeChat, and Other Chinese-Owned Apps
President Trump Threatens TikTok Ban, Microsoft Considers Buying TikTok's U.S. Operations[Updated 2]
TikTok: Trump Will Prohibit Transactions with Bytedance Beginning September 20
(Score: 3, Interesting) by hendrikboom on Sunday August 23 2020, @05:12PM (9 children)
Then there's TikTok and 53 Other iOS Apps Still Snoop Your Sensitive Clipboard Data [soylentnews.org].
Now that's a matter for OS security.
The OS should not let random apps read the clipboard. Not unless the real, live user clicks on them in order to give them specific clipboard data. And then the data transfer should be limited to the intended data, not left open as a long-term communication channel.
Evidently iOS leaved the decision open to the app, instead of being responsible itself.
Anyone know how other OS's stack up? Windows? OS/X? Linux? Linux's assorted window managers and desktop environments? the web browsers?
If you use a password manager that transfers passwords by copy-paste, apps like Tiktok will soon be able to take over your machine.
-- hendrik
(Score: 0) by Anonymous Coward on Sunday August 23 2020, @05:42PM
I just assume all phone apps are snooping my data and location to resell.
That the China gov wanted in on that action to suppress and manipulate people is not in any way surprising.
(Score: 0) by Anonymous Coward on Sunday August 23 2020, @08:01PM (2 children)
Every Xclient has access to the full Xserver resources it's running on. That doesn't mean just accessing the contents of the clipboard, but also logging every key stroke and making screenshots of all other running apps.
(Score: 0) by Anonymous Coward on Monday August 24 2020, @04:43PM
I can easily write a program that dump your entire memory and log your keystrokes no matter what software you're using, X11 might have some lax features which can be mitigated with X11 itself, but you seem to have fallen for propanda that implies it's not possible to snoop on non-X11 procceses.
(Score: 2) by hendrikboom on Thursday August 27 2020, @12:59PM
And note that there can be many independent X clients running on different network locations for the same screen. Clients could evern enter keystrokes into others's windows.
Useful in the old days when security was not a concern. X was developed in the days when security wasn't a top consideration. In those days FSF site used to operate without passwords, free and open to anyone who could connect.
I heard that in the old days when I first started using Linux.
Since then there have been layers of restrictions applied to networking. I don't know what the situation is now; and I suspect that X's code has become sufficiently encrusted with change that even its developers can't be sure.
-- hendrik
(Score: 2) by c0lo on Monday August 24 2020, @01:02AM (4 children)
Can you imagine a copy/paste operation going through the step of "Did you really want to paste this that was copied from {app1} into {app2}? You know, it may send the data to China, or to NSA, or..., and Apple would rather not be liable for that. Read the 100 legalese-pages in the DISCLAIMER section of EULA and ack on it"?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by hendrikboom on Monday August 24 2020, @03:23AM (3 children)
I can see the clipboard contents being inaccessible to a process until the user does the paste operation.
I is a security flaw for the process trying to receive the data to be given the responsibility of deciding what user actions constitute a paste operation.
(Score: 2) by c0lo on Monday August 24 2020, @03:43AM (2 children)
Which part of the whole software stack (app, OS) decides it's a paste operation?
It's not like one pastes only a text, there are cases in which structured data (even binary) need to be transferred between applications through clipboard.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by hendrikboom on Monday August 24 2020, @04:13AM (1 child)
That is the question, isn't it. The software that does that is a trusted component.
iOS and Android are in the business of protecting apps against each other. They can't trust those apps to make this decision.
(Score: 2) by hendrikboom on Thursday August 27 2020, @12:51PM
Apple, with its fetish for draconian control of its ecosystem (dating back to the UI requirements on independent developers for the original Macintosh), should have no problems with imposing the restrictions that only the OS can make this decision.