TikTok is an absolute opsec nightmare. I put together this short effort post to make sure y'all are staying safe. TikTok is a very useful tool for bringing short snippets of political theory to absolutely massive quantities of people, but like any tool, it needs to be used safely. By default, if you share a TikTok, including with link share, you are giving your handle to everyone who has the link.

But @aaro, why do I care?

By default, if someone has your tiktok handle, they can see your mutuals, your following/followed, and any linked accounts you have. This exposes (including but not limited to):

  • rough geographic location if you have IRL mutuals who have bad opsec (assume that this is the case if you have any IRL mutuals at all) - e.g. you are mutuals with 5 of your high school friends, 4 of them have their Facebook accounts linked, and 3 of them have their hometown, graduating school, or current location public on their profile, a curious party might be able to take a guess at your location from this information
  • Your political views based on your following list
  • Comments you have made if the person after your deets is persistent

From easy to do and very important to harder to do and not as important, here are steps to keep your profile and links you share safe:

  1. Profile > Upper right menu > Settings and Privacy > Privacy> Suggest your account to others > turn off People who open or send links to you. Really turn off all of these, this is the lowest of the low hanging fruit for privacy.
  2. When you share a link on Tiktok by copying link, paste it in your web browser and go to it first. The link will turn from https://www.tiktok.com/t/{9 characters}/ to https://www.tiktok.com/@{username}/video/{19 numbers}{question mark and a bunch of other shit}. Delete everything including and after the question mark and leave behind the 19 numbers. The original form is a link unique to you when you share it and it's possible (but not obvious) to trace this back to your account. Once you resolve the link and delete the extra baggage, the tiktok is now anonymized.
  3. If you don't want tiktok seeing anyone's IP address even, then take this new anonymized link, paste it into http://proxitok.herokuapp.com and set the dropdown to "TikTok URL" then hit go. The resulting link will be a truly 100% anonymized TikTok link. Think of this as https://nitter.net but for TikTok.

TikToks posted here should at least go through #2. Thanks for reading and stay safe comrades :cyber-lenin:

    • aaro [they/them, she/her]
      hexagon
      ·
      2 years ago

      It's a lot less of a factor if you're not tied to an account so any privacy you might gain is a lot more marginal and you're most likely good, but make sure you clean up links that your friends send to you before you pass them along to anyone else!

  • Bruja [she/her, love/loves]
    ·
    2 years ago

    Beyond TikTok, links for many services can be directly placed after https://farside.link/ in order to use alternative frontends. For proxitok it polls not only herokuapp but a couple others to spread load and will not server rate limited/down links.

    • https://proxitok.privacydev.net
    • https://proxitok.pussthecat.org
    • https://proxitok.herokuapp.com

    So while removing the ?and other junk in the link, prepending farside.link chooses an open source front end automatically without having to put the link in a secondary site.
    https://farside.link/https://www.tiktok.com/@{username}/video/{19 numbers}

    Also works for Imgur, YouTube, Twitter, Instagram, Wikipedia, :reddit-logo:, Google, Medium, and more. https://farside.link/ or GitHub https://github.com/benbusby/farside for more information.

    • https://farside.link/https://www.tiktok.com/@bioposadist/video/6971118344212630789
    • https://farside.link/https://reddit.com/r/Piracy/wiki/megathread/
    • https://farside.link/https://twitter.com/Flying_Hyena/status/1385990310141075458
    • https://farside.link/https://imgur.com/a/rwCMSux
    • https://farside.link/https://www.instagram.com/p/BsOGulcndj-/
    • https://farside.link/https://www.youtube.com/watch?v=dQw4w9WgXcQ
    • https://farside.link/https://en.wikipedia.org/wiki/Hexagon
    • https://farside.link/https://wilw.medium.com/my-name-is-wil-wheaton-i-live-with-chronic-depression-and-generalized-anxiety-i-am-not-ashamed-8f693f9c0af1
    • aaro [they/them, she/her]
      hexagon
      ·
      edit-2
      2 years ago

      Yo that's rad as hell

      I just confirmed that you can put the 9 character shortlink through farside (https://farside.link/https://www.tiktok.com/t/{9 characters}) and then just click "instance link" to get straight to a proxitok'd privacy link without having to bother with deleting the bit after the ?, or even click through or resolve it at all. It can come straight from the app.

      I will say that one huge factor in engagement with shared tiktoks is whether or not the recipient can engage with it on the platform itself. A https://www.tiktok.com link will open right in the app, meaning the recipient can like and follow, meaning sharing it will have more of a lasting impact, so keep this in mind when deciding whether to go to step 2 or step 3 above. Step 2 is basically all the way anonymized, the only difference between step 2 and step 3 is TikTok having your IP address and whatever trackers might be in their frontend.