Right, but on Android at least, you can either have the whole device be under MDM (#2) or just a work profile (#3). In the latter, if your sysadmin decides to wipe your device, it only wipes your Work profile and not your entire phone, from my understanding. Is that not correct?
My assumption was that any apps installed on the personal partition were off limit for the MDM.
We use MDM for a lot more than that, though we don't block any apps. And it isn't all about security either.
Some of the things
- Auto app installs: We have a lot of apps people need for work, like the VPN, Outlook, Teams etc. And apps they need for their specific location or job role. The MDM takes care of installing those so the user doesn't have to figure all this out.
- Autoconfiguration: There's a facility called AppConfig where you can push config settings to apps that support it, making things easier on the end user.
- Network (and other settings) configuration: Pushing all the certs people need to connect to our wifi. And we push Per-app-vpn settings for the apps that need it.
- Security validation: Do people not have outdated company apps or OS? Do they have the security app (Lookout)?
- Security settings management: Make sure people have their phone encrypted and a pincode set so important data is not lost in a taxi.
In fact wiping is one of the things that happens very rarely. Especially as we enforce encryption and a decent PIN, it's not as much of an issue anymore to wipe a phone as soon as we can. A lot of users get hung up over our ability to do this, but on Android we can only wipe the work profile anyway (and even on Apple we don't normally wipe the whole device, just the company apps). Unless they call us and ask us to wipe it because they lost it :P But a lot of them seem to think we're just sitting there all day wiping phones for fun.
Cisco had their Meraki MDM free for small numbers of devices - but that was a while ago and I'm not sure if they still offer it. Was only compatible with I believe Samsung phones as they had the best hardware security built in (KNOX?). Apple phones required (still do?) a Mac in order to deploy specific certificates to devices to enroll in MDM as well.
In the 'old' days, there was an app called device admin which would control the phone. This app would be supplied by the MDM vendor. This could leverage APIs from various vendors. Samsung had Knox but almost every phone vendor had their own plugin.
This was a huge PITA because each MDM feature only worked on manufacturers A and B and very often was limited to OS versions Y and Z. It meant we had to validate each phone and OS version and have a long list of what phones people could and couldn't use. It was a nightmare as an admin. Users hated it because they often only found out after they'd bought the phone. Samsung was indeed one of the best here, I have to agree.
Since then Google has thrown this overboard and started afresh with Android Enterprise. Controlled only by Google, and offering new ways of management like the work profile which is basically a kind of "phone inside a phone". Have your work profile managed by work and the rest of your phone to yourself.
For company-owned phones they also still have more comprehensive management options like COBO and COPE. But as long as the phone supports Android Enterprise, it supports everything.
Sadly some vendors in particular Samsung are fighting this approach because they feel they have invested too much in the old method. For example Samsung won't support Google Zero Touch auto-enrolment, having instead their own alternative Knox Mobile Enrolment. This is again making things more difficult for admins. But because Samsung is such a big party, and KME is free, we have gone for it anyway (Also Google Zero Touch is not available very widely yet, each reseller has to support it)
As an Admin I'm glad to see the end of the old management model. It's deprecated as of Android 11 (and already severely limited in 10) but we've already dropped it altogether.
And no, for managing Apple phones you don't need a Mac. You just need this for manual installation of management profiles, if you use an MDM you don't need it.
However if you want to manually supervise phones (instead of using Apple DEP / or Automated Device Enrolment as they call it now), you do need one. But this is really rare now.
For iOS you can use Apple Configurator for profile-based M2M. For remote management you need a server-based solution and I believe there's an open-source implementation of that out there.
I've been using Intune at home because I use it at work too and I already had a personal O365 setup. It was nice to have a fully owned instance when I was learning it, but I'm trying to scale back my costs now so something like this might just suffice.
Is this any different from the Find My Apple Stuff feature on modern iDevices? One of the options is remote wiping. I assume android as a similar feature.
A lot of companies with MDM have it just because they need to check a box saying they have it, and so that they can remote wipe and make sure users put a PIN on their device at least. Extra capabilities like authorized software lists, URL filtering, etc add admin overhead and are just not worth it for the company to get into.
I don't get why people are OK with a company being able to wipe a personal device on a whim. If you want full control of my mobile, then provide a mobile.
In Work Profile mode they absolutely can't do that. They can only remove the work profile side and all apps and data contained therein. Not the personal side.
Of course most companies provide phones, but many users prefer to use their own, both for the benefit of having to carry only one, and because they have more choice.
Another big benefit of work profile is that you can switch all work stuff and notifications off with one click! I really like it overall, it gives great separation.
Many companies make MDM mandatory and refuse to pay for a phone. Most people will just comply rather than have _no mobile access_ to their work email at all (which will cause conflict with managers, and may even lose you a job)
Many companies do provide a mobile, but then your choice is to carry 2 devices, or let your company control the only device you carry and use all day for personal communication. I chose the former but even that’s not ideal
In other modes (COBO, COPE) it's not but those are much more difficult to enrol, as you have to do it from the setup wizard on a new phone or after a factory reset. So you don't happen to get into this mode by accident. They're only used for company owned phones (this is what the CO part stands for).
Everything on my phone is automatically backed up. Whether I would accept the tradeoff of them being able to remotely wipe my phone or wanting to carry two devices is up in the air.
I keep seeing that Reddit thread linked (even the NYT is citing it now?) but still cannot for the life of me figure out what substantially TikTok does that is a concern compared to other popular apps? The guy has like 10 paragraphs of stories but no actual evidence? What is TikTok doing that somehow is flying under the app store guidelines of both Google and Apple but still a "national security concern"? Why is the only actual "evidence" that can seemingly be found, a comment from some rando on Reddit, not peer-reviewed, reproducible work from legit cybersecurity researchers? This reeks of the same scent that Bloomberg's "omg they're hackz0ring our chips!" story gave off.
If you’re using a password-manager (like we’re supposed to!) and use it to copy passwords (say, your Amazon employee internal credentials...) while you have TikTok open, the TikTok app would see it and could upload it somewhere.
...and we only know about this issue now because iOS 14 adds clipboard snooping notifications - and that was only a month ago! Think about the stuff that the app could be doing that we don’t yet know about.
There’s too many bloody-obvious security vulnerabilities that are decades old but don’t get fixed until they either become a meme (like SQL Injection) or the platform vendor does something about it (iOS 14 clipboard notifications) - and don’t forget that the SIGINT community is sitting on millions of dollars worth of zero-days that they won’t disclose to vendors unless they feel like it - so I fully expect there to be more surprises in TikTok - and other apps - in the years to come - probably indefinitely.
For one, the clipboard snooping problem.
If you’re using a password-manager (like we’re supposed to!) and use it to copy passwords (say, your Amazon employee internal credentials...) while you have TikTok open, the TikTok app would see it and could upload it somewhere.
Your password should never be in your clipboard at least with iOS. If you’re using either the native password manager or a third party password manager, the password manager is directly integrated with the keyboard and would auto fill into your app.
I use the native password manager–iCloud Keychain. Sometimes I need to copy passwords out of Settings for the handful of circumstances that it doesn't work.
Android does this too. On neither platform does it work 100% of the time, especially in browsers. That's why almost all clipboard managers also have a "copy to clipboard" feature from the autofill view.
It rarely fails for me in the browser, but it fails on me regularly for apps.
The ones that particularly annoy me are the ones that haven't updated to the new Android biometric API versus just supporting the old fingerprint API. I'm looking at you Chase mobile app.
It's usually a result of the webpage doing stupid stuff to try to explicitly block password managers. There's a lot of banking and government websites that believe this makes things more secure somehow.
Several years ago I tried to register for a website that refused to accept a change of more than one character at a time, using onkeyup and other events to ensure you couldn't fill it in any way other than one letter at a time (fortunately this was only on the asking setup page; it works fine with logging in). After every change in value, it compared the current length to the previous length, and rejected it if the difference was more than one.
It works maybe 90% of the time for me. It seems like a lot of websites don't configure their forms correctly and neither apple password manager nor 1pass detect the field as a password field.
So, like LinkedIn and Reddit? (the site that the "researcher" behind these NYT-cited claims is using) [1] You could run through the toplist of apps and find hundreds that exhibit the same behavior.
Not trying to derail this via whataboutism, I just feel like the core HN ethos is lost when we mindlessly repeat the obvious geopolitically-driven narrative here without any critical thinking.
What I definitely do understand is Amazon's concerns with just the base level of data collection that's seemingly the norm in our industry. Which prompts the quesiton, why are we comfortable as a society with this sort of collection, by anyone?
TikTok specifically has ties to the Chinese state apparatus that are concerning, similarly to Huawei. This isn't a blanket statement about Chinese companies in general - just those companies in particular. Specifically, this means these companies' products are likely to be tools of PRC state intelligence and the PRC's foreign-policy directives. The same cannot be said about other Chinese companies and similarly positioned companies in other countries.
This wouldn't be as big an issue if the PRC was a NATO ally, or least had a reputation for government transparency and accountability - and wasn't asserting ridiculous territorial claims - and didn't have an egregious human-rights record - and wasn't actively suppressing freedom-of-expression - and so on. Take away a couple of these issues and TikTok's suspicious business conduct over the past few years would be about the same level as scummy American Freemium game makers. I stress that (and despite appearances) I'm trying not to make a Sinophobic argument.
At the same time, I recognize that companies in China need to integrate themselves with the CCP/PLA/etc in order to succeed in that market.
"The same cannot be said about other Chinese companies and similarly positioned companies in other countries.
"
What are other companies? Those that doesn't pose a threat? like those ones only produce cheap toys and clothes?.
I think as long as Chinese government remain as independent and "different", anything comes out of there that really challenges current status quo would receive similar criticism like yours, regardless what or how those company behaves. Curious how do you recognize those companies "need to integrate themselves with the CCP/PLA/etc"?
TikTok has been caught slurping data on a level that’s an order of magnitude worse than Facebook, etc. Add its close ties to the enormously corrupt and evil CCP, and I find it easy to see why Westerners are unnerved by the app. Perhaps Tiktok could open-source its tracking library as a token of good faith.
That the others are doing it too doesn't make it right.
Really Apple should take a stand and give all of them 30 days to fix their apps or get banned.
But TikTok annoyed me in particular for a long time. Nothing to do with geopolitics, I already hated it before I knew it was owned by China and everyone started banning it.
It was just that for the past months every time someone forwarded me a stupid video I was supposed to like, it had a TikTok logo on it. So in my view this became the source of "stupid videos people bother me with". Not exactly a charming quality.
Especially with the lockdown it became extra annoying, every day I got multiple stupid lockdown videos and the ones with people doing stupid stuff and then the coffin dancers thing.
So that's my personal reason for hating on TikTok. The privacy revelations just sealed the deal. Not saying it's a valid reason for everybody but it's my reason :P
> It was just that for the past months every time someone forwarded me a stupid video I was supposed to like, it had a TikTok logo on it. So in my view this became the source of "stupid videos people bother me with". Not exactly a charming quality.
This quote comes to mind:
> I used to be with ‘it’, but then they changed what ‘it’ was. Now what I’m with isn’t ‘it’ anymore and what’s ‘it’ seems weird and scary. It’ll happen to you!
I never liked TikTok or this kind of random videos or pics people share. No matter where they came from (it used to be a site called "Dumpert" in the Netherlands before which is also on my "highly annoying" list). I'm just too polite to tell them to piss off with their videos :P That's really the core problem here.
But TikTok associates itself by putting their logo on the videos which is something I haven't seen before.
> But TikTok associates itself by putting their logo on the videos which is something I haven't seen before.
It's just content watermarking.
Watermarking is essential to preserve your brand online. I assume you remember eBaumsWorld - and how they put their watermark and footer on all image-content that they rehosted: because those images would appear verbatim in FW:FW:FW... chain emails and shared over AIM,YIM,MSN,IRC, etc.
Back in the day, eBaumsWorld and others were criticized for putting their watermark on content that they rehosted, especially when they didn't own, produce, or commission that content. At least the vast majority of the content on TikTok was directly uploaded to it, and TikTok's watermark includes the username of the relevant account.
Their animated logo is obnoxious and distracting - but when I compare it to the DOGs on American TV news channels it isn't so bad, it's actually unobtrusive in comparison.
For amazon if Tiktok does it , it is state funded corporate espionage. Amazon is not in position to sue and win over a Chinese company in China if they copy their IP. If LinkedIn does it and MS launches something copying their tech , amazon can sure use in US court and likely win so they are not concerned at the same level
Well for one, the fact that they do all these things. Some apps do some of these but rarely all of them.
The other is the way they hide what they're doing so elaborately.
I wouldn't call it a national security concern, no. Someone who works with critical or military infrastructure should have a locked-down phone anyway for work stuff.
But really I wonder how this kind of stuff is OK in the eyes of Apple with their self-proclaimed privacy focus. I'm pretty sure if I were to submit an app that does all this, it'll be rejected right away. Popularity seems to overrule that.
We found out other apps too (like LinkedIn) constantly check the clipboard, and one HN commenter here said it was due to a text editing library, nothing intentional.
Literally the only fact is that it's a Chinese company.
And it's not like there's even much it seems like they could do, with how sandboxed phone apps are. I'm not saying iOS or Android are perfectly secure, but it't totally different from installing something on your desktop with root permissions.
Either it's just generic hate for China that's bizarrely gone viral, or else it's a story intentionally being pushed by the US government for god-only-knows what political reason, like leverage in trade negotiations or something.
But it's completely weird, and nobody should be taking it at face value.
Things they found - Excessive data collection - Privacy policies that allow distribution of said data - Execution of OS commands - Insecure cryptography usage - Potential SQL injection code from user defined variables - Storing of API tokens - Webview enabled by default along with insecure webview enabled
But are these things any worse than what other major apps do?
Other social networking and entertainment apps are crammed full of tracking code, analytics, advertising networks, that all collect excessive user data, don't put it in their privacy policies, etc. And similarly, we hear about bad use of cryptography and SQL all the time.
Apps can be pretty bad in general with these things.
Now obviously, apps and code in general should be improved.
But the question here is, is TikTok really that much worse? That it's such a worse threat than others, that it needs to be banned? Because that's what I still don't see evidence of.
All Chinese Internet companies are compelled by the country’s National Intelligence Law to turn over any and all data that the government demands, and that power is not limited by China’s borders. Moreover, this requisition of data is not subject to warrants or courts, as is the case with U.S. government requests for data from Facebook or any other entity;
There is certainly ‘actual’ evidence linked in the reddit post. I’ve never seen the thread before, looks like they have edited/ added information. Here’s a report from cyber security researchers
Things they found
- Excessive data collection
- Privacy policies that allow distribution of said data
- Execution of OS commands
- Insecure cryptography usage
- Potential SQL injection code from user defined variables
- Storing of API tokens
- Webview enabled by default along with insecure webview enabled
- App copies data to clipboard. Sensitive data should not be copied to clipboard as other applications can access it.
- Files may contain hardcoded informations like usernames, passwords, keys etc.
Could be some over zealous employees inspired by recent Indian-China conflicts and TikTok ban and decided within their own org to do it without realizing how big of a news it would be.
Ok, I guess we'll change the title to that since the submitted title ("The TikTok app is no longer permitted on mobile devices that access Amazon email") has become misleading.
From WSJ: Amazon Says Email Ordering Employees to Delete TikTok Was Sent in Error.
I suspect Amazon realized late what a legal mess it is to ban an app on their employee's cell phone when they have no clear legal basis or governmental guidance. They banned employee using Huawei phones when I was working there, for some things -- don't remember exactly. But in that case, US government already banned it for its employees, so there is precedence Amazon can claim as legal basis.
Why do you think Amazon doesn't have a clear legal basis to decide which devices are allowed to connect to their internal network services? Or, for that matter, to decide which devices ca be taken into non-public, secured parts of Amazon buildings?
They probably got informed that since phones are personal devices and not company provided, this level of restriction might land them in the parts of BYOD laws that require employers to compensate for personal device use for work.
Amazon probably decided most employees don't have anything too sensitive and it's not worth buying everyone a phone.
For the context, as an Amazon employee I’m not required to access email from my mobile. The only app that I need to have is virtual pager and it doesn’t require allowing Amazon to administer my phone. Physical pagers are also an option.
Are they using work profiles on Android phones of employees that need mobile email access? It is a very good solution that lets the employer administer only a separate identity and gives them no access to personal stuff. The only global thing that the employer can do is enforce a certain level of security (for example requiring a PIN on the lock screen and data encryption).
So in theory they should have no control on the apps you install on the personal side. Is this just moral obligation, or are they requiring full control of the phone even outside the work profile?
I manage phones for a big corp. Just want to clarify what's possible. Google highly limits what you can do in Work Profile mode, you can't control much outside the work profile.
We can't see the app list on the personal side in work profile mode, BUT we can specify some that are a no-go. I'll show up as a compliance violation. But we can't view the list anymore like we could do with the pre-work profile Android Device Admin management (and still can with Apple).
We're not blocking any apps ourselves right now but it is possible. We do grant all BYOD phones access to our network, so for that reason we would want the capability to block any known threats if they are around.
We can also control some minor things on the personal side, like a pincode requirement and forbidding of sideloading and rooting. But in general we have very little visibility and control, which is the way I (as an admin) like it too. I only want to know what I really need to know especially on the personal side. We can (and do) also block copy/paste from work profile to personal, as data loss prevention, but we allow it the other way around.
In general users complain a lot about the work profile being separate, and not being able to integrate their personal and work calendars.. But for personal privacy it's a big win IMO. Apple has something similar since iOS 13 (called User Enrolment) but it's still a bit too limited to be sufficient for us. And it requires Apple federated accounts which have some requirements that are impossible for us to meet :(
Oh, that's very interesting! I knew about the PIN requirement as an example of control outside the work profile, but I didn't know this was possible. It makes sense though.
But roots can be defected and labeled as a compliance violation. They could then revoke your accsess to emails or other network services, or issue you a warning or more
As a developer, I don't see why I need to be constantly alerted to emails. I check about once or twice per day for items that need to put on calendar but every/anything urgent is for the pager.
Unfortunately, middle managers gotta middle manage. And they don't get the adrenaline rush of having people under them unless they can tabulate those people.
Which is why a lowly web dev like myself is expected to carry around a company-issued phone even in my off hours. In four years I've never needed it.
Are there any pager networks left in the US? I've always been interested in them out of historical curiosity because I was too young to use them when they were actually a thing, but from what I understood, pagers are pretty much not a thing anymore.
I wouldn’t expect a modern pager to operate on the same technology as older pager. Pagers are a thing and they have there uses. I’ve heard of a physical pager being used to symbolize who is “on call”, and a team of engineers will pass the pager between themselves. I’ve seen restaurants pass out pagers to people waiting for tables. I’ve heard talk about some medical/emergency personal still using pagers.
I imagine pagers are probably used in highly secure communications (military, statecraft), because the thing being paged doesn’t have to give away it’s location, or even the fact that it received the message.
Yes, modern pagers do operate on the same tech (pocsag/flex) for the last few decades. And for the most part, are clear text. There are posts on HN about this in the last year.
Hospitals still often use pagers - they're deemed more reliable than cell phone networks. I don't know if that's actually true or not but there you go.
Nobody that I know carries a physical pager anymore. You have the option of specifying an arbitrary number of pageable devices that are either
* the paging app
* sms-based text
* phone call
as well as what order and with what delay you want them to attempt to engage you. iirc you need at least two options such that in the event of an issue with one network/application they have an alternative means of potentially reaching you.
Jeff Bezos, Amazon CEO, got his phone hacked and embarrassing text messages stolen off it from a vulnerability in the video parsing library in WhatsApp in a message sent to him by Saudi Crown Prince Mohammed bin Salman in 2018. So Amazon as a company is now very sensitive to what applications are installed on staff devices and how data on those devices can be extracted from vulnerabilities in other installed apps. This may be an outcome of that.
Sure, the blog post below covers it, and the vulnerability was probably CVE-2019-11931. You can do an awful lot with a buffer overflow if you're clever.
With a buffer overflow, you can write your own code into a chunk of memory that ends up being run by the application. In this case, since WhatsApp already had SMS read privileges as part of the signup auth flow, the attacker also had those privileges.
The article has some detail about the remote code execution part of this exploit.
“What this means is that there was a software flaw in the WhatsApp code for handling MP4 media files. If an attacker triggered the flaw, the function in question would crash in a way that could allow a potential attacker to gain “RCE” or Remote Code Execution.
In layman's terms, this means the attacker could inject his own code into the application and, by triggering the flaw, make the application to run with all the privileges and access of the WhatsApp application itself.”
> With a buffer overflow, you can write your own code into a chunk of memory that ends up being run by the application.
This is usually no longer the case in modern applications. So attackers instead string together short snippets of code from the application itself and jump around between them to basically do what they want.
So the payload would be some corrupted video file sent to Bezo's phone. Would the attack look something like:
1) Discover/buy/steal Bezo's Whatsapp number (how did they do that...)
2) Discover/buy/steal a 0-day bug in Whatsapp.
3) Write and compile a program that reads SMS from the OS and beacons it to some server you control.
4) Create a corrupted video file that would trigger the video parsing bug, and within that video file place the compiled program from the previous step in the correct place so that it gets executed.
Yes, that seems like a reasonable summary. (3) is the kind of thing that exploit developers will have "off the shelf"; (1) is probably available in a dump of private information somewhere.
And yes, arbitrary code execution is a common goal of these exploits, though it may not always be possible--sometimes you only get a DoS attack or such.
The classic buffer overflow has the buffer on the stack, near the return address, so you can just write a new return address and jump into the code you put in the buffer.
It's become more complex due to mitigation, but the general principle is the same.
It's even harder to imagine how someone could rewrite the code to Super Mario World on an unmodified SNES to play Flappy Bird just using regular controllers, yet it's possible: https://www.youtube.com/watch?v=hB6eY73sLV0
Exactly, parsers are complicated, generally involve a lot of manipulation of memory buffers, and for performance reasons are usually written in a language without memory safety (though this is starting to change with languages like https://github.com/p-org/P and rust).
Actually their pretty common. They are complex and generally fairly old interpreters that generally have system level access. Android have had a ton of them, but they are pretty universally common.
is the jury still out on whether MBS knowingly sent him that hack? that is, not to put too fine a point on it, a fast path to becoming even more of an international pariah than he already is
The jury is still out on whether there was even a hack to begin with. The analysis team claimed they couldn't decrypt WhatsApp messages, so they never actually analyzed any malware at all. HN called them out on that failure:
Tricking a [EDIT: thanks 'spyspy!] WaPo journalist into visiting a consulate and then chopping him into pieces with a saw while he screamed and cursed you? Dropping bombs to kill hundreds of thousands of Yemeni children? Making the people of Saudi Arabia somehow less free? Those things were pretty bad sir! But now you've gone too far! How dare you peep on our first trillionaire while he's courting outside his marriage?!? At long last, have you no shame?!??
You're going to have to spell this one out for me. To my (admittedly poor) judgment, the above comment does not violate the guidelines. I provide relevant examples of behavior that reasonable people would consider far worse than hacking some rich dude's iPhone.
Sure. To the first point, I think it's pretty evident the comment is snarky (even if it has a good point in there). I'm guilty of that too, more often than I'd like and I do get called out on it occasionally. And I don't think that alone is an excuse to just flippantly toss the guidelines at someone, which admittedly is basically what I did.
To the second point, however, I do think you took the worst possible interpretation of swyx's comment, which was basically "nobody cares that the person in question is a murderous tyrant, but he hacked Bezos's phone and so is a bad person now." I don't think that's what he was saying at all, especially given the end about "more than he already is." Whether we like it or not, one of the primary reasons that Saudi Arabia is tolerated in the West is their economic importance, and their connections to the elite, almost entirely because of their wealth. That starts to crack if they go after the elites directly. So I took the comment as basically saying that it didn't seem to serve MBS at all to hack Bezos directly, as it would only (further) delegitimize him interntionally.
I'm glad that some light snarking is still somewhat tolerated. It's one of the things that makes life bearable for me.
To more seriously address the various possible interpretations of the comment in question... yours is a reasonable interpretation, but I don't think I was unresponsive to that interpretation. Of course ethical people object to MbS's previous evil deeds. Still, those are his deeds. If global opprobrium didn't sway him before, there's no reason to believe it did so more recently. If there is evidence that some electronic communication that appeared to come from MbS contained malware, that evidence should be analyzed in itself. It shouldn't be dismissed by vague unsupported perceptions of MbS's interests and motivations. It's not as though Bezos is universally adored, even among other satanically wealthy reptiles.
That's exactly the same hypocrisy the OP is complaining about, just from the other direction. One faction of the West ignores Saudi's role in killing Yemenis; The other faction ignores Iran's role in killing Syrians. One faction ignores domestic repression in Saudi Arabia; the other ignores domestic repression in Iran. One ignores theocracy in Saudi, the other ignores theocracy in Iran.
Both countries and both rulers of said countries should be international pariahs.
Assuming I'm "OP" to whom you refer... I reject this false equivalence. That isn't to say that the government of Iran is perfect; no government is. However, it is entirely the fault of USA that Iran's government takes the form that it does currently. We should have left Mosaddegh alone. We shouldn't have helped the Shah kill religious and democracy protesters. We should not have sold Saddam weapons of mass destruction (and lots of other weapons too) with which to war with Iran. We should not shoot down their civilian airliners. We should abide by our treaties with Iran. We should not assassinate their diplomats while those diplomats are on diplomatic missions to nations we claim as allies. We especially shouldn't do that when the diplomat in question was the single human being most responsible for defeating ISIS, which was the actual threat to Syrian people.
Iranian women have never lost their rights to drive, to appear in public, to have lives of their own. Iranian women and men both vote in elections to select their leaders. Iran has only fought defensive wars with its neighbors. Kingdom of Saudi compares very poorly in all these categories.
Iranian women can't go out without mandatory hijab, and those that do often get arrested or acid in their face. There are 'elections', but only approved (i.e. regime-supporting) candidates are allowed to run and no position with actual authority is elected - all actual authority is with the Supreme Leader and the IRGC - and people who protest are killed ('only a couple hundred' claimed FM Zarif recently).
Iran is running a massive offensive ethnic cleansing in Syria and has been declaring its intent to do the same in Israel for years. This was headed by a general (not 'diplomat') who was on both the EU and US terrorist lists. Its foreign policy is support of nearly every tyrant and terrorist organization out there.
Of course, there's some flimsy excuses (the US once upon a time supported overthrowing someone the Islamists also helped overthrow, and there was a brutal 'security service' which the Islamists retained in full, adding a single letter to the name), but they're not very interesting. I could have run the same list of excuses for Saudi with different names and places, and it'd be the same apologia for a dictatorial theocracy which spreads fanaticism for ideological and domestic reasons.
Iran is running a massive offensive ethnic cleansing in Syria and has been declaring its intent to do the same in Israel for years.
Iran has helped the internationally-recognized government of Syria battle the internationally-recognized terrorist group ISIS, whom USA created and supported throughout its existence. This happened very recently: how is it that you've forgotten? Perhaps you were distracted by the by-now-obviously-false-flag "gas attacks"? The timing was just so convenient! [0] Tell that "ethnic cleansing" bullshit to the Yazidis and Kurds. Those few who weren't butchered by ISIS are glad to see the internationally-recognized government of Syria in control again.
This was headed by a general (not 'diplomat') who was on both the EU and US terrorist lists. Its foreign policy is support of nearly every tyrant and terrorist organization out there.
Potayto, potahto. What did we call Colin Powell back when he was circling the globe lying about WMDs? (He was good at it, because he had practice from lying about My Lai.) What do we call Pompeo now that he's circling the globe lying with his every breath? Pompeo was so sad his pet project ISIS went belly up, he forgot what business he's in. I wonder how many meetings he has on tarmacs in the Middle East?
...not very interesting...
This is projection. Regurgitating 4yo propaganda that even USA war media has by now retracted convinces no one. By any measure, the Sauds are worse than the elected Iranian government. The reason we still menace the Middle East is not because some person did so and so to some other person in some place no one can find on a map. The reason is, we don't have democracy in USA, so we citizens can't force our government to bring the troops home.
The 'internationally-recognized government of Syria' has run an internationally recognized ethnic cleansing campaign against the country's Sunni population, the vast majority of it hasn't been a part of ISIS (Maybe you have a problem with the map, but the Yazidi genocide happened in Iraq). Speaking of ISIS, maybe if Assad didn't intentionally release jihadis from Sednaya, or didn't support their previous incarnation in Iraq, we wouldn't have these problems. That's why there are complete sanctions on Assad, which will not be removed until he falls.
As for the gas massacres, the conspiracy theories just get madder and madder. Obviously, the rebels are supposed to have attacked themselves for the XX time after seeing all the previous gas attacks led to no reaction? While never ever using them against Assad troops? The Assad regime being the only one in theater with the equipment and capability of staging a gas attack? Some people are just shilling for mass-murder.
The Iranian government isn't elected. Everything is controlled by the Supreme Leader and IRGC, and the 'elected' offices have no power. The 'elected' offices where the only people who are allowed to be elected are those that support the regime[0], and protesters are killed[1].
You're right about one thing - the Saudis are not much better. Then again, they didn't support a WMD attack and deny it later, like Iran apologists do. Nor do they officially have genocide aims against other countries. Maybe the apologists secret admire the Mullah's aims, and that's why they defend the regime.
Haha we have sanctions on Cuba for Pete's sake. Sanctions don't imply anything. They do kill thousands of people a month in Venezuela alone [0], with corresponding numbers in a dozen other nations so good job I guess.
There was no "gas attack". Some murderous slaving ISIS criminals took a sledgehammer up on the roof, knocked out some holes, and shoved some empty canisters into them. Then they mixed some bleach with some muriatic acid and left the scene. Later, there was of course some chlorine residue. But simple physics proved that full canisters of poison gas hadn't been "dropped out of helicopters": the roof wouldn't have stopped so many of them. [1] Actual gas bombs of the sort that USA sold to Saddam for use against Iran are carefully constructed devices that can actually be dropped from aircraft and expected to distribute poison gas. Dropping bare storage cylinders only works in the movies. The real conspiracy theory is that the internationally-recognized government of Syria had anything to do with those attacks. They had neither means nor motive. The "moderate rebels" (really ISIS) that USA had been supporting had both.
Of course you don't care about details. Even your pose of criticism of Saudi is cynical. You want to sell the Saudis bombs to kill Yemeni children right up until they don't want to buy them anymore, at which time you'll want to start bombing KSA. Mostly you just support status quo USA policy for the last 70 years. That is, we kill lots of brown and black people so that the public can be buffaloed into giving armaments manufacturers obscene amounts of money. The public would prefer to spend that money on literally anything else; you disagree. You'll probably make a show of declaring that you're actually more against war than I am, but your religious devotion to every lie that the war media has ever tossed off shows where your heart is. Pacifists oppose killing innocents, both through sanctions and through the wars for which sanctions are pretexts. The Middle East is broken for the same reason that Latin America is broken and Southeast Asia was broken for a long time: USA broke it. The best thing we can do for them is the best thing we could have done for them in the 1950s: stop interfering with their governments, stop providing armaments to various parties, and stop killing them.
The US alone has sanctions on Cuba, nearly the entire world (except Putin and Iran and China) has sanctions on Assad. It's a bit different, you see?
Nobody believes the lies regarding the WMD massacres, we know Assad did these (and so much more). It required rebels with no advanced weapons, much less chemical weapons, to attack themselves over and over, while never ever attacking Assad. The Douma massacre in particular wasn't bleach, it was a different chemical agent[0]. The nature of Assad's attacks is well documented[1].
There's nothing 'pacifist' about shilling for mass murder. It's like those 'pacifists' Orwell attacked during WW2 because they were equating the Allies with the Nazis, that is, being 'objectively pro-fascist'.
That's a very cynical position, despite your alleged criticism of Saudi. I bet that as soon as Saudi ignores US and buys weapons from Russia we'll hear a different tune from your likes.
Haha "bellingcat" that's rich. No one conscious pays attention to that spook show. Grayzone has had their number for a long time. [0] They do have good SEO; it's not surprising that a naive google on these topics pulls their emissions out of the bog. And Eliot Higgins is an inspiration! From unemployed college dropout to widely-cited international aviation and weapons expert, through a personally-developed, diligent regimen of playing video games. [1] The joke is certainly on Theodore Postol: he wasted a fifty-year career studying physics, nuclear technology, and weapons systems at Pentagon, Argonne National Labs, and Stanford, only to be overruled by this pasty neckbeard. It's almost as if the way to get quoted in the war media is to say just what the war pigs want said...
Postol ended up a loon, denying obvious camera footage (when it comes to Iron dome), and ignoring basic chemistry (regarding the Assad massacres) in favour of conspiracy thoeries. So much of a loon he was resigned from his journal membership once peer review found no basis for his assertions[0]. Ultimately, there's no moral difference between the 'anti-imperialist' US far Left and the caricature they chase. Except this: Even when the US acts badly, it's done by people who were elected to do this, and have to maneuver in the world - the 'anti-imperialist' Left does the supporting genocide biz without being elected, without any consequences, without any scruples and with the approval of their conscience (inasmuch they have one). The C.S. Lewis quote about Robber Barons applies in full here.
Another no-name website quoting bellingcat does not convince anyone to believe bellingcat. It's easy to falsely malign an old man (who doesn't employ a PR firm) online (and especially in wikipedia). Postol's five decades of experience still stacks up pretty well against Higgins's several years playing video games on the basement couch. (British unemployment benefits might be more generous than ours?) It is interesting that he is the authority who will put his name to these zany conspiracy theories. OPCW have enough whistleblowers to form a band, as one can read at Grayzone linked above or from the original sources. [0]
One less charitable than I would wonder just why you're so committed to this exhaustive parroting of trivial military-industrial complex dogma, to the extent that you'd accuse a random pacifist (not "Leftist") of secretly (so secretly he doesn't himself know it!) supporting genocide. USA doesn't fight in wars in order to "stop genocides". (Again, we were ISIS allies in Syria and even sometimes in Iraq. That is not to mention the hell-world we created in Libya; a less powerful nation would certainly have been called before the Hague for that pile of atrocities.) We fight in wars in order to transfer public assets to armaments manufacturers and to their puppets in government and media, and those puppets will employ any pretext in pursuit of that goal. We gave the publicly-admitted portion of our military $750B this year. The citizens of USA (and everyone else) would be safer if we spent a third of that.
This debate is stupid. No one understands what is going on in modern geopolitics of the middle east -- including policy czars, and especially your or I. Probably not even the US government. These are gigantic state sponsored operations with foreign governments (e.g Russia), militant organizations.
As an example -- consider that ISIS was shipping ~$160 million in crude oil via smuggling routes to China. Even with all our power, it is not trivial to track such things.
What I am saying is that there are interests here that are enormous and impossible to understand.. some not even based upon nation-state and totally a-political.
The fact that you believe you have a definitive assessment regarding the gas attacks reveals your naivete.
Take a look at the history of the Assad regime and how we destabilized the region by funding his opposition. Take a look at the history of Egypt or Libya over the past 40 years. One day Gadaffi was an American hero, the next day we are cheering for his downfall. Sensationalist stories of rape/murder/torture being spread through the media. The truth is probably somewhere in the middle.
This is all to say -- neither of us really knows what we are talking about. But you seem to have a very "good vs. evil" approach to the world that is naive at best.
No one understands what is going on in modern geopolitics of the middle east...
We in USA don't actually have to understand conditions in other nations. We just have to pay attention to our government and media, and remember what they've done even after they've stopped talking about it. They lied us into war with Spain, which led to decades of murder and oppression of Puerto Ricans and (especially) Filipinos. They lied us into WWI, which led to the Nazis. They lied us into Vietnam, which caused millions of deaths in southeast Asia. They lied us into Kuwait, which caused 9/11. They lied us into Afghanistan, in which USA soldiers are now dying who weren't yet born when the lies were told. They lied us into Iraq, which has seen horrific loss of life oh and also the creation of ISIS. They lied us into Libya, which peaceful prosperous nation was replaced in six months by a smoldering hellscape, complete with slave markets. They lied us somewhat into Syria, where we and our ISIS allies were (thank God) defeated. They tried to lie us into Iran...
(This is not even to mention the dozens of nations whose elected governments we've deposed in favor of authoritarians in spooky ways, at least as long ago as 1953 in Iran, as murderously as 1965-7 in Indonesia, and as recently as last year in Bolivia.)
Gosh, what can we conclude from this fairly consistent history? I submit that when we're fed some pretext for war, we should assume it's a lie and oppose the war for which it is told. If we're ever able to do so consistently (and perhaps the last two entries in the list above are cause for hope?), it will result in a greater global flowering of peace and prosperity than we've ever seen before.
I know there's plenty of political implications and a lot of discussion here is on that (which is interesting in its own right), but I wonder if there's opportunity here for a potential competitor.
Isn't this a space (short social video sharing) that has been filled by a near infinite succession of short-lived dominant offerings and that's pretty much always ready for a new, slightly different flavor of season?
TikTok parent, ByteDance, already owns DouYin, which is the original APP that TikTok was based on, with significant ingestion from Musically. As a matter of fact, TikTok's previous CEO was Musical.ly's founding CEO.
Although it seems the online records are disappearing fast. I could not find a good source of the TikTok history and key figures any more...
I think it might be a smart move by facebook to buy something similar and put it under their umbrella of companies while TikTok fades. Clearly it can be popular with the crowd that they're losing in droves.
Tiktok isn't imploding, its broadly a bunch of old men (senators, CEOs) afraid of china. The userbase of tiktok is tweens and teens.
The best thing those old men could do is legislate system level privacy protections onto IOS and Android so an app can never get the level of info they're worried about.
The US has approx 9x overall GDP as India, despite approx .25 the population, for 36x the spending power on a dollar basis. On a PPP basis per capita, its still 9x. In the very long run I'd certainly not bet against that GDP difference getting down to near 4x, but thats certainly multiple lifetimes away in terms of Social Networks
You don't seem to understand what exponential growth rate is like, just look at last 20 years of growth and the difference that was overcome by both China and India against US.
He definitely made a ton of money, probably most of the money Mixer was investing in their entire launch, and now he's completely free to triumphantly return to Twitch (or take another deal).
I'm not sure how going to Mixer is a knock on him.
its broadly a bunch of old men (senators, CEOs) afraid of china
If your entire worldview is ageist, works strictly on stereotypes, and encompasses only the United States, that might be true. But there are companies, organizations, and governments around the world locking out TikTok.
Yes there are companies organizations and governments locking out tiktok - and thus far there's not much evidence that tiktok does anything more than linkedin, facebook, or any number of other social networks, because of the permissiveness and leakiness of the platforms that everyone's mobile devices run on.
Tiktok is not some extra special danger, except to those who have extra fear of a Chinese owned company. India has banned Tiktok, around the same time they've had border skirmishes with China and are running a big nationalist government.
China has shown has had a track record of mining data and corporate espionage, so it's not just a "bunch of old men". It's a serious concern. There is no reason for them to be prying into citizens' information like they've been doing.
It's the same argument against allowing Congress or the Supreme Court from legislating/ruling on new tech when they don't know how it's used because they don't use it themselves. Age cohorts do actually matter in apps that live or die based on network effects.
I'm not so sure. Reddit skews young, yet the narrative there is that TikTok and the Chinese gov are just shy of evil. The iOS clipboard bug in particular has startled reddit into a wave of self-reinforcing "TikTok is spyware" stories and comments. A story like this one just reinforces that narrative, and I'm not sure there's any way TikTok is coming back from it.
I'd guesstimate the average redditor is somewhere in their late 20s to mid 30s. Compared to Congress, that's certainly young. But that's about twice the age of what I imagine the average tiktok user to be (teens.)
> TikTok has a reputation for being popular with teens. And it is: 27% of its users are between 13-17 years old. But internal data from March 2019 shows that its largest age demographic (42%) is the young adult crowd.
My understanding was that TikTok was basically the Chinese response to periscope and vine, which was popular, but couldn't make money. TikTok's scheme is to be spyware that even puts Facebook to shame, in a way that I'm not convinced isn't just government spyware disguised as social media where the point isn't to make a profit to begin with. If similar attempts have failed because of monetization struggles, I don't see an identical competitor emerging. We alrealy have many close substitutes.
They are/were planning to IPO, and their financial will be published so I doubt the conspiracy theory. I've used the original TikTok(Dou Yin), it is super addictive, even my parents fall into that. They do a very good job in terms of engaging both the viewer and content producer(profit cutting etc.)
In my opinion, are still "evil" in terms of hijacking our brain, but I am a bit fed up with those prevailing political prejudice nowadays for anything related to China.
This turned out to be fake. The commentor later said they couldn't provide evidence because the hard drive on their MacBook died and it was too much work to reverse engineer the app again.
Vine was different. I just posted this on another thread couple of days ago.
>
Vine was 6 second long video clips. Comparing Vine to TikTok is somewhat like comparing TikTok to YouTube videos. They are different.
Lot of TikTok popularity has come from offering songs/lip syncing functionality (done better by their acquisition of musica.ly). That wouldn't have worked on 6 second Vines.
> Vine was 6 second long video clips. Comparing Vine to TikTok is somewhat like comparing TikTok to YouTube videos. They are different.
As an aside, it's insane to me that the differentiating feature of an entirely new video hosting platform can simply be the length of the content it supports.
The world of tech companies is truly bizarre. Why doesn't Google launch dozens of Youtube variants under their own branding with their own slightly different length restrictions to just dominate the market?
It's more than just the length. TikTok has some pretty good and simple video editing features that make it very easy to quickly produce decent quality content on your phone.
The music integration was the biggest example of this, and probably why the lip-syncing/dancing videos became so popular on the platform.
For the rest of us that don't follow social media systems closely (just looked up, I'm trusting my search results):
TikTok allows 15 second videos (only 2.5x the length of Vine videos) but also has a way to string multiple videos together for 60 seconds of play time (10x longer than Vine had).
So this is actually a pretty fair comparison (old Twitter @ 140 vs new Twitter @ 280) if you ignore stringing them together.
My sister, who uses TikTok quite a lot, referred to TikTok earlier today as "The New Vine", leading me to suspect some portion of the user base is there for similar reasons/content and that there's enough overlap for it to not be a wholly useless comparison.
Sure its just another algorithmic-based feed. But in my experience (and from talking to a few ppl who enjoy TikTok), the For You page is a differentiator. It's like a combination of what's trending, what's recent (time wise), and what you've spent time interacting (watching, liking, commenting) with previously.
Again all platforms do some form of this, but just saying TikTok does it in a pretty addicting way.
Also combine that with the fact that TikTok videos are so incredibly short that by the time they're over, you haven't even decided whether or not you liked it (no doubt by design), which means you can endlessly consume content.
Also, I've heard that TikTok has better (read: better for comedy-style content) tools to edit videos in the app
I seem to be the only person here who actually uses tiktok. What makes tiktok different is the musical background (somehow people never mention this when comparing it to vine), the fyp algorithm being incredibly good, and the various communities built around certain niches. It's night and day compared to other apps.
idk whenever and whomsoever's phone i look at it's always just pushing videos of scantily clad underage gals dancing to whatever song is popular att. you have to actively hide that stuff/follow creators and hit "only people i follow" to see any actually creative|interesting stuff.
surprised there hasn't been any controversy about that - tiktok is a predator's paradise.
The discovery tab (For You) is awesome. Its the first social app where the discovery tab is better than your feed, so much more that you can actually use it without following anyone. It's quite addictive too, you can easily spend half an hour watching videos.
The way the discovery tab works also created a meta game: Alt TikTok, Deep TikTok, Elite TikTok, ...
The exclusivity aspect is there too, very few users are over 30, but it's not the driver.
alt tiktok is mostly some counter culture users between the ages of 16 and 30. dyed hair, 90s influences, and lqbtq+ supportive. It's a whole aesthetic and rallies against "straight tiktok". You dont want to get stuck on a straight tiktok algorthmic FYP (for you page) feed. Other popular mini tiktok areas include frogtiktok and the holy grail, prison tiktok.
deep tiktok is weird video effect stuff, deep fried meme kinda stuff... I dont want it.
TikTok seems to be more specialized on addictiveness: auto-play unlimited stream of short videos. It's all about removing friction, and TikTok has a good recommendation system.
Besides recommendations that actually work like everyone else is saying, the "sound sharing" / "original sound" feature (don't know what it's officially called) is pretty unique, and it both encourages creation of new videos and leads to virality. If you want to make tiktoks and don't know what else to do, you can just do a dance that someone else started or re-act an existing tiktok with the same audio, perhaps putting your own spin or personality onto it. And from the other direction, if you see a funny or interesting tiktok, it's one button to see all videos made with the same audio. Also, it works -- everything in the UI is snappy, videos load even faster than YouTube, particularly on bad connections.
Practically I think it's more diverse content and easier access to other people/fame/glamour for kids than Instagram, Snapchat, or even YouTube/Twitch/etc, since those platforms have been cornered by an existing group of "influencers."
It's probably just a different kind of dopamine hit that kids can't get elsewhere.
Technically, TikTok is better at loading video than any other app I’ve used. Seeing a loading state on a video is so rare it makes me think something is wrong when I see it. And its recommendation engine (for you page) blows everyone else out of the water.
Everywhere I go I see this comment. Competitors are literally being made daily. Hell, even instagram has one now. The problem is money and technology can never buy a community and that's really why vine and tiktok were so successful.
Talking about countries versus companies is a different argument depending on whether you are inside or outside Chinese borders.
I'm not at all in favor of the US government banning apps unless the US government publicly and transparently shows the proof of security risk first. Anything short of that just appears to be politics and is likely to just be a negotiation tactic.
I prefer more privacy controls and transparency (which gives consumers / Attorneys General the ability to sue the app company), but I don't want my government to see the Chinese government's policies as the thing we need to compete with.
good point, if anything we need to inspire other countries about the benefits of democracy. A lot of my coworkers here in the US still think that China is doing good stuff.
> if anything we need to inspire other countries about the benefits of democracy.
I think the US needs to look outward to functional democracies before we try to "inspire" other countries with our broken corruption. What the USA calls lobbying other OECD countries is criminal bribery and all other political dysfunction in the US rolls downhill from there.
I'm not blinded to think "China is doing good stuff", but I'm highly suspicious that we should see ourselves as any better than them right now. We are completely unable to address lots of our own {civil, legal, justice, health, economics, ethics, etc} issues.
Tell me a single good social app from Google. I'll wait. It's not like they didn't try, but all of them seem to suffer from the design by committee syndrome.
Every content creator who gets a major voice on the platform laments the absence of a competing platform to move to.
Youtube is successful coz of google infrastructure not google decisions/methodology.
Now Google is trying to move Youtube into becoming a hollywood-lite experience and providing major support to entrenched hollywood celebs like will smith/brie larson(they even bypassed monetization policies for larson - her first video launched with full monetisation in play)
I'm still convinced that what was the true killer of G+ was the slow rollout.
It's like Google forgot that a social network needs to be social. Limiting how many people could get on G+ created hype for sure, but whenever someone got a invite, they realized none (or very few) of their friends were on it, and quickly forgot about it.
The slow rollout approach worked for GMail because your friends didn't need GMail for it to work for you.
google settled a lawsuit with affinity engines after the engineer came over to google and misappropriated trade secrets. lol the irony.. Google bought youtube..
Google is completely incapable of coming up with their own successful social network.
Gen Z was addicted to Vine before it. And it will be addicted to anything else that comes after it. No addiction is greater than national security. And the US Government is not obligated to TikTok in any way, shape or form. It can ban without any consideration to the number of people "addicted" to the platform.
I'm tired of "national security" being thrown around willy nilly. If the US government has proof that this is a security risk, they need to be public and transparent with their proof. Anything short of that and I'm not on board with "a ban".
That said, I agree that young kids and those who compulsively use social networks are fickle and are likely to move onto another network when the current one ceases to keep their attention.
> If the US government has proof that this is a security risk, they need to be public and transparent with their proof. Anything short of that and I'm not on board with "a ban".
You don't need proof when the CCP is itself giving you so much evidence. Infact I should be asking Americans as to what is wrong with you guys that you are supporting a totalitarian government? The CCP passed a new cyber security law in January of this year (called the MLPS 2.0) where it has given itself full power to have unrestricted access to any data transmitted or stored within CCP.
“There will be no secrets,” writes Steve Dickinson on the China Law Blog. “No VPNs. No private or encrypted messages. No anonymous online accounts. No confidential data. Any and all data will be available and open to the Chinese government….there will be no place for foreign-owned companies to hide.” [1]
What about foreign investors? It gets even worse!
"It’s exactly as bad as it sounds, and it gets worse. The MLPS 2.0 is supported by two additional pieces of legislation, both of which strip away any protections, safeguards, and loopholes that might once have been used to maintain the sanctity of corporate data. Both went into effect at the beginning of this month.
The first is a new Foreign Investment Law which, as Dickinson notes, treats foreign investors exactly the same as Chinese investors. Although this has been billed as a means of simplifying the investment process, in practice it strips foreign investors of many of the rights they previously enjoyed. Areas of the market previously closed to foreign companies will remain closed.
The second, as reported by Engadget, establishes a new set of guidelines surrounding encryption. Again, on the surface, these seem like they were proposed with the common good in mind. It’s only on closer examination that cracks start to appear." [1]
And you are telling me here that this isn't a threat to the National Security? TikTok is obligated to share your data without even being asked for because of this Chinese law. And before you say that TikTok operates in US and not in China, its parent company ByteDance is a Chinese company. You cannot form a Chinese company without adhering to these laws! Do you really want the US Government to come out and confirm this when China has itself passed such a law?
You completely missed the point of what I was saying.
The US government should not ban me from choosing to use a crappy entertainment app. Yes, I realize that an app which is owned by a Chinese company who stores its servers and data in China is governed by Chinese laws.
> what is wrong with you guys that you are supporting a totalitarian government?
I'm not. I'm just saying that anything short of a blanket ban on an entertainment product is not tantamount to "supporting a totalitarian government". You are missing all of the shades of gray. You can't post to HackerNews without using {a phone, a computer, and internet connection, etc} which provided revenue to a company in China, which according to your logic "supports the totalitarian government".
Also there is a philosophy called accelerationism[1] which is the inverse of what you propose, but which may get to the end point (freedom from the CCP) faster than your proposed solution.
I'm more surprised Amazon (or any company, really) employees using an employer-managed device would have TikTok on them to start with, to be honest.
As the follow-up tweet says: "Completely independent of the specifics in this instance: get a second device before installing an employer's config profile on your personal device"
Does Amazon provide company phones or just install an MDM profile on your personal phone? I have TikTok installed on my phone, and if my employer said I had to remove it to access my work email, I'd ask them to buy me a work phone. It seems a bit ridiculous that they'd want to control what apps you download on your personal device without providing an alternative.
No, they are controlling the environment under which their company emails can be accessed.
If you, as an employee, don't want to remove TikTok I believe you will have that right, it's just that you won't be able to access company emails from that device.
Now, whether or not that leads to a company phone or you having to look for another job, depends on the individual and how important that individual is to the company.
If any company expects me to access my work email while mobile, they have to provide a phone. I never mix work and personal. I've also never had a company say no to that.
Adding another anecdote, when I said I did not want to let work control my mobile phone, my boss told me I could figure out whether I wanted to keep the job or not
Perhaps when I was younger I would, and did, switch jobs immediately when something like that came up. I've gotten older and the cost of switching jobs is not zero for me anymore
I agree with my co-commenter. At least in Germany your employer isn't allowed to do this. They must provide the means to do your work, if they have specific requirements (having a mobile phone, being reachable, accessing company email and so on).
Well I am commenting from America and there is very little they cant do unless they go out of their way to officially state they are doing it for an illegal reason
Depends on the jurisdiction. In Germany they do. Labor rights explicitly says that your employer needs to provide the means for you to do your work. And that includes mobile phones if they want you to access your work email (or whatever) from a mobile device.
Yes they do... The problem is some users in Germany actually prefer to use their personal one so they don't have to carry two.. But due to this mindset they can't.
I don't think the German approach is always the best.
Sorry for the late reply. I use only one. I have a dual SIM phone with a clear separation.
So I call private contacts from private SIM, business contacts from business SIM. I have Apps separated into business and private and the respective profiles are in place. Business partition (so to speak) is managed by employer. Private partition is MDMed by myself.
So I have both worlds - in one device. If my employer decides to delete the business partition. I have exactly no problem with that (we tested it and it worked like a charm - private data wasn't affected. We also tested access to private data being nil).
That framing is the exact point. I'm in the same boat. If my employer mandated that I not be able to use a personal device the way i want, a device I bought with wages i earned from working with my employer, the employer really SHOULD provide a cost free alternative.
It falls under the category of providing your own resources to do your job, and that territory enters socioeconomic discrimination territory real quick.
I might be with you if Uber, say, is requiring its drivers to install MDM--which I'm guessing would be a really bad idea for their drivers-not-employees position.
But for engineers and other office workers at tech companies?
As a practical matter, people have to buy lots of things to do professional jobs that they wouldn't need to buy without those jobs. In this day and age, if you want a second phone, buying a few year old phone is cheap as is adding another phone to your existing cellular account in most cases.
Wasnt there a recent supreme court ruling regarding the Native Americans of Oklahoma that said something to the effect of 'just because you keep doing an evil, doesnt make it right, and letting it be right is an injustice to those in the right'?
You have to dress into the office—albeit many don’t wear suits any longer. Many have to drive. Those who travel a lot need many accessories for the purpose. The ideas that well-paid professionals should have all these things covered by a company seems... unreasonable.
And, seriously, complaining about having to spend a few bucks for something you need at work is equivalent to circumstances around Indian treaties in the US?
It's rude to ridicule another's opinion online when they are discussing in good faith. Present data, differ in opinion, but don't ridicule. It's below you.
There's also no requirement to have your business email on your phone, at least in my organization in Amazon. I'm happy to leave it off and not worry about any issues like this.
Of course I do have other apps directly related to work... I guess those aren't an issue if I had TikTok?
When I worked at Google over 5 years ago, mobile device options for accessing company accounts were a company-provided and company-owned device with a company-paid phone bill, a personal device with company-provided mobile device management (and sometimes cell phone bill expensing if you for example had on-call duties), a personal device with only limited browser-based work account access, and no account access via mobile.
The first of these could sometimes have implications for ownership of personal projects created using the device, which was one of many reasons I picked the second option, but it was absolutely permitted at least for any case where the company cared about you having mobile account access.
The third option - accessing only browser sites - is under appreciated. I never needed to install Google's MDM on my mobile devices, I just used mobile web gmail and so forth. It's great, honestly, and the mobile web Calendar has the advantage that it doesn't destroy your battery life like the Calendar app will.
I even saw a guy using the code review site on his mobile, on BART. That was dumb from the standpoint of infosec, usability, and mental health, but shows how much is possible in the browser.
Part of me thinks that MDM on employee phones has become a something of a checkbox item because customers ask for it but it's not clear to what extent it really protects sensitive customer data (which is what they're concerned about).
Like most normal people I have no idea what PCI DSS requires. All I know is what the PCI compliance inquisitor says it says, or really what my risk management guy says the compliance guy says it says. And what’s the difference? If he says he says it says we have to have MDM on BYOD, it’s not like I’m going to write a first-principles rebuttal.
Having the code review app available outside of the corp network / VPN is pretty unusual, at least for shops who aren't just using SaaS services that are available publicly anyway (github, gitlab.com, etc).
Nowadays, at least on Android (though I think iOS has something similar now?), one can have a work profile, and the employer can only control activity in / monitor / wipe that profile. Most employers have switched to that for personal devices.
With all the security implications there could be, I would just refuse to use or own a smartphone in any capacity if it's related to work, unless there was no camera, mic, or GPS sensor (or they could provide hardware switches).
Seriously, they could be logging your exact location, remotely activating the camera or doing any number of disgusting things.
Requiring the use of a spy should not be a factor in an employment setting, of course we're seeing this is the case and it is very offputting.
Thankfully not something I need to worry about though.
Apples iOS MDM framework is exemplary in that regard. Access to the camera is not possible. Access to GPS is only possible if the device is marked as lost, which will visibly change the lock screen. Even when lost mode is deactivated, GPS access that happened during lost mode is highly visibly marked on the lock screen.
Installing an app that relays GPS and camera may be possible, but permissions need to be granted by the user explicitly- the MDM server cannot grant those permissions.
I don't think Apple is the best at this. Yes they limit the things you mention, but they don't limit visibility to things like the app list... This can already be quite revealing in some cases.
Google has in my opinion the better approach with work profile. Only give the MDM control and visibility over the work area and nothing else.
Apple has started heading into this direction with User Enrolment but it's not sufficient for most companies as it only allows built-in apps to be used for both work and personal data. And it requires Apple account federation which is problematic.
Amazon has MDM (Airwatch). AFAIK there are not generally company phones or phone plans. Monthly limit on reimbursement for phone business expenditures in the US is $50, although I think you can also expense the device itself.
> Does Amazon provide company phones or just install an MDM profile on your personal phone?
> Microsoft does the latter, so it wouldn't surprise me if Amazon does likewise.
Not true (source: current MSFT employee). More detailed explanation below, as neither former nor latter describes MSFT accurately.
So, for most teams and positions (there are many exceptions), you don't get a dedicated work phone. So yeah, if you want to access work stuff on a mobile device, you need to install MSFT MDM on your personal phone, and they will, allegedly, be able to control stuff on it (depending on the device itself and how MDM is configured).
However, there are no requirements to do it. You can simply not install any work-related stuff on your phone, so you won't need an MDM. I simply don't access any work resources on my personal phone. If I need to do work, i open my work laptop. If they want me to use work apps on mobile and be accessible, they should provide a company phone for this.
There have been zero conflicts around it on my end, even after multiple years of working there on multiple different teams. Not once have I even got an implied request from anyone (managers, colleagues, etc.) to be accessible on mobile (except for when I am on-call, but for that, they just need my phone number, not any specific apps installed on my phone, and everyone knows it) or any questions about it. Everyone is totally cool with people not being glued to their work apps on their phones on their own free time.
But you are correct, those who choose to use work apps have to give MDM permissions to their personal devices or buy a dedicated device for that (exceptions apply, because there are some teams that provide dedicated work phones). However, unless it is required for the job to be able to use work apps on your mobile device, I think it is fair if they don't provide a work phone. Makes it easier for me to not check on any work stuff during the weekend.
Yes, you're correct, and I didn't mean to imply that MSFT forces employees to install their MDM on personal devices. It was optional for me as well, with a large full-disclosure prompt stating that they can remotely wipe your device if you proceed with mobile setup.
At my company, you have to provide your own device, but the phone number/plan is either (a) paid for by the company, or (b) you get a $40/mo stipend for cell service.
It turns out that I can use our 2FA app without MDM, on my personal. And nowadays, I rarely use slack or email from mobile, and I don't get calls.
I am pretty strong in the "don't put company stuff on personal devices" camp. Even if they don't control your phone by policy, they do technically. They put root certs on the device, and though they can't see individual app data (depending on config) they can see a list of installed apps, and enforce certain baselines.
Most companies I've worked for wouldn't provide a work phone and there's no explicit expectation that you read or answer work e-mails on your phone. But like everything else, if you don't read/reply to work e-mails on your phone, and your colleagues do, good luck getting that promotion/raise/bonus.
> I'm more surprised Amazon (or any company, really) employees using an employer-managed device would have TikTok on them to start with, to be honest.
I am too. Many years ago at my employer, someone fat-fingered a command and wiped every single iPhone/iPad that an employee had configured to connect the company email system. Even after restoring a backup, the devices would just wipe themselves again unless the owner managed to remove the MDM profile before it reconnected to the internet. A good fraction of my coworkers were affected.
I'm not giving anyone access to do that to my personal data.
Not exactly the same, but where I used to work someone had turned on "wipe the phone after x incorrect pins" without notifying anyone. Lots of people with kids got their phone remotely deleted.
After that I've never allowed an employer to control my personal devices. Not that I actually did before, didn't know activating that stuff had so bug implications. I just wanted the calendar on my phone.
With Android work profiles the employer can require you to allow remotely wiping the work profile, but that would not allow them to touch your personal profile.
I'd rather be able to blame myself for my stupid mistakes - not be beholden to Amazon's (or whoever's) MDM profile. Especially when companies don't make it clear that "if you log into your email on your phone using this app, we install MDM, root certificates, have the ability to remote wipe, etc. etc. etc."
I saw that warning when I started to set up my phone and I immediately stopped. If anyone needs to contact me about something urgent they can do it using the work approved IM client that doesn’t require a profile to be installed.
If it does get to the point where I need to have access to my company email, I will have a separate device.
That being said, if my phone was erased, it would only be a slight inconvenience, I can restore from backup.
My dad worked in construction, and from the late 80's and throughout all of the 90's his company kept offering him a company phone (I think car-phone first).
He never got one, because as he said, if they have your number they'll call you, if they don't then they'll solve their own problem. Looking back on it now, it was prescient advice.
I don't really agree... I like the flexibility. Sometimes someone from the US calls me with an urgent problem in the evening (I'm in Europe so not much overlap in work hours).
So what... Sometimes I go to the shop or bank during the day. Or even a walk to the beach if it's not so busy. They're paying me to do a (global) job, not to sit at my desk between 9:00 and 17:00.
Personally I love this flexibility. And I don't feel like I work more than 40 hours, I don't even count them but I doubt I do, especially if I omit the time I spend during "working hours" reading hacker news or other stuff. My work is my hobby anyway.
I do think people who like having fixed work times should have the opportunity to have them. But I also think people like me should be able to work like this without it being considered a bad thing.
Not everyone can afford 2 phones, but their employers expect them to be online all the time anyway. This is particularly true of people who work in US hospitals.
Why would you need to be able to afford 2 phones if your employer is requiring you to have a mobile phone for work? That's a situation in which the employer should provide the phone. I've been on-call or mobile-connected for over a decade, I have never had an employer even suggest that I should foot the bill for a work device. Either they've provided me a phone fully paid for work to be returned if I exit, or have covered the cost of my phone bill for my personal device in return for accessibility outside business hours.
There's no good explanation except that US healthcare orgs tend to misuse staff and clinical providers. Super-specialized doctor with untold postdoc training in faculty at my academic medical center? You've got to encrypt your personal phone to standard and install several required apps. No it is not expensed.
Apropos of the rightness or otherwise of this stance, I don't think "specialist physicians" typically fall into the category of people who "cannot afford 2 phones".
I agree. Neither do top industry execs, top sales personnel, etc. It seems from most of the comments that even in lieu of a work phone, compensation for a mobile plan is normal and expected most places. I may be mistaken, but the culture of large healthcare orgs does seem to promote an expectation that the employees be more altruistic then would be expected elsewhere, even within the employer-employee relationship.
I worked in a hospital and was oncall. My employer provided the phone. And the pager. To do anything else would be like asking an employee to provide a laptop, or a desk.
https://www.theverge.com/2020/7/10/21320196/amazon-employees...
https://www.nytimes.com/2020/07/10/technology/tiktok-amazon-...