TikTok says it will never introduce end-to-end encryption for DMs [U]

TikTok sets itself apart from many other online messaging platforms by saying that it will not introduce end-to-end encryption to ensure the privacy of direct messages.

This means that the company will be able to read messages sent between users, which may cause concern even after its US operations are separated from its Chinese owner…

Update: Added comments from TikTok below

End-to-end encryption (E2EE)

End-to-end encryption (E2EE) means that only the recipients of the message have the ability to decrypt the content of the messages. The companies that own the apps can’t see what’s being said.

Most messaging services either use E2EE or are planning to do so. Both iMessage and FaceTime use E2EE, as well as WhatsApp, Signal, Facebook Messenger, Google Messages, and others.

Instagram is in the process of adopting it automatically. Snapchat already uses it for photos and videos and plans to roll it out to text content as well. Discord says it will soon use it for voice and video calls.

There are a few oddities. Telegram alone, as it is not automatic in E2EE, but you can enable it by switching to Private Messages. UX claims to use E2EE for DMs, but some argue that this is not necessarily true.

TikTok will not use it

However, TikTok told BBC News that it will not use E2EE, and tries to position this as a security advantage.

TikTok will not introduce end-to-end encryption – a controversial privacy feature used by almost all of its rivals – arguing that it makes users less secure. […] TikTok told the BBC that it believes the end-to-end encryption prevents police and security teams from being able to read private messages if needed. It confirmed its approach to the BBC at a security briefing at its London office – saying it wants to protect users, especially young people, from harm.

TikTok’s US operations were officially separated from its Chinese ownership earlier this year. In theory, this means that all US TikTok user data will remain within the country. However, not everyone fully trusts the system, so the company’s refusal to use E2EE leads to concerns about the possible reach of the Chinese government.

Some may be more concerned that the US government has access to the content of users’ messages.

The company told us that its position was not new and that privacy controls were in place.

Access to message content is strictly limited, subject to internal authorization controls, and available only to qualified personnel with a demonstrated need to review information as part of a security investigation, legal compliance or other limited circumstances.

9to5Mac’s Take

The benefits of E2EE always outweigh the obstacles, regardless of which government is involved. Any service whose messages can be read by a company is vulnerable to hacking and government access demands.

Photo by Mourizal Zativa on Unsplash