Risk Update

Tech Risk — Tik Tok on the Ropes (LinkedIn and VPNs Next?)

Posted Dan Bressler

Biglaw Firm Wants Associates Off TikTok, Or At Least TikTok Off Their Phones” —

  • “Associates at Ropes & Gray recently received a mandate from firm leadership telling them to delete TikTok. It doesn’t matter if it is firm issued or their personal electronics — any device that has access to their firm email has to be rid of the social media app.”
  • “In an email to associates, the firm said this mandate came after at least one client request.”
  • “Last month, it was revealed that TikTok, along with a host of other apps, was snooping on anything on your device’s clipboard — which could include sensitive client information. TikTok, as well as some of the other apps, promised to do away with the practice. However, according to an Ars Technica report, at least TikTok was caught snooping even after they said they’d do away with the practice. So, now Ropes associates can’t have TikTok on their phones.”

Interestingly, another service caught up in this “monitored clipboard” issue is LinkedIn. Which begs the question if that’s to remain on the approved list: “LinkedIn sued over allegation it secretly reads Apple users’ clipboard content” —

  • “According to Apple’s website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user.”
  • “A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice.”

Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet” —

  • “A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.”
  • “This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.”
  • “UFO stated in bold in its privacy policy: “We do not track user activities outside of our site, nor do we track the website browsing or connection activities of users who are using our Services.” Yet it appears it was at least logging connections to its service – and in a system anyone could access if they could find it.”