The headline makes it sound uniquely sinister, but most of what's described here is just the modern adtech stack doing what it's been doing for a decade. The real tension is that advertisers want attribution, sites want revenue, and users want privacy and the current system optimizes almost entirely for the first two
what does coordination mean, exactly? is the expectation that a small group of users will band together and somehow lobby more effectively than FAANGs?
Coordination means a movement or organization with some kind of actual leadership and alignment. It could be an advocacy group, union, political organization. There has to be something, likely several somethings, for people to throw their lot in with. Otherwise people with grievances will just simmer and complain impotently.
It can start small, but group membership will eventually have to be large if you want to outgun FAANG. We do have numbers on our side though, they're just scattered.
> users need to act for themselves and optimize their own privacy.
> You need coordination if you want to see the balance changed.
Which is, actually, what the BBC author of TFA is doing, by writing an article as a user, to inform other users so they too can act to protect their privacy.
Seems like industry insiders passing responsibility for their bad practices on to consumers really means they want consumers to stay divided.
> Seems like industry insiders passing responsibility for their bad practices on to consumers really means they want consumers to stay divided.
I think this is why they also encourage the old trope of "It's not just <X>".
It's a truth, but used in a way that makes people feel powerless. Like the war is already lost. It makes people apathetic, because it makes people overwhelmed. It causes the evangelists to quiet themselves as they become exhausted. It normalizes the behavior. It just becomes another one of the many things we're powerless to fight against, so why even try.
I'm not accusing the OP of doing this, but I do want to point out that it is a strategy being used. Not misinformation, not disinformation, but malinformation. Truths used in a specific way, often lacking context. It is the same way people dog whistle, hiding their true intent in normalized speech (it's not a dog whistle if everyone can hear it, that's just a whistle).
> users need to act for themselves and optimize their own privacy.
In some sense I agree, but I also think you've oversimplified things.
Even when you're highly technically skilled it can be extremely difficult to impossible to regain the level of privacy the average person had just 50 years ago (probably even just 20). This is a bar too high. One should not need years or decades of expertise to take back what is a broad/universal desire.
It comes down to consent. The users aren't technologically sophisticated enough to know how their data is being weaponized against them. Let's be honest here, even on places like HN we often see claims about "ads don't affect me" and "I don't care if they want to sell me a better product". As if 1) you aren't affected, 2) it doesn't matter if your friends/family/peers are affected, and 3) that ads are just there to sell you products and exclusively ones that make your life better. How the information is being leveraged is too abstract for most people and it takes time to process it.
The advertisers literally take advantage of this fact.
But where I do agree is that we need to make our voices heard. The barrier is too high for most to achieve. "Install a pihole" may be acceptable on HN[0] but not for the broader public and certainly is far from being a strong defense alone[1].
Where I do agree is that we as developers need to make these tools easier to use and help lead those conversations and help educate people.
But if you are saying the solution is "git gud, protect yourself" then I think you are on the wrong side and even harming yourself. Unfortunately internet privacy is like vaccinations, we require herd immunity. Without those around you protecting their privacy, your privacy is at risk. It is not a personal decision, it is a social one.
[0] And is the average HN user actually going to implement encrypted DNS and know how to pick better DNS servers? Or are we just going to argue about the trustworthyness of 1.1.1.1 vs 9.9.9.9? Are we even going to talk about things like 1.1.1.2 or base.dns.mullvad.net? These are still the basics!
[1] How many people know you need to change your browser settings? That your browser is likely picking a DNS server for you.
The modern adtech stack is uniquely sinister, especially compared to its antecedents in society. TikTok is not only one of a select few big tech companies that dominate it, but (according to the article), it's becoming increasingly invasive "in unusual ways compared to its competitors".
(I have no idea whether that second part is true, as most of the article seems to be spent explaining the concept of the tracking pixel for non-technical readers.)
You point to the market but these market giants gain a lot of their stature from the free and open work done by others. The market is not the decider of the value of utility. If it was we'd not hear about donation campaigns for FOSS. We wouldn't hear stories of how there's a single developer working on critical software on nights and weekends. We wouldn't hear about yet another FFMPEG wrapper making millions while trying to demand free work from FFMPEG. We wouldn't hear that stuff because the market would be compensating them.
While there are some things where there is no alternative, you can get pretty far with FOSS, if you know where to look. I'm not trying to say people shouldn't be paid, but I am saying that just pointing to the market is too simplistic of an answer.
Framed another way: The market rejects the product at the price it would cost to provide, so companies have turned to addictive designs, skeevy tracking, and information asymmetry/user ignorance to recoup their investment.
> The headline makes it sound uniquely sinister, but [it's not]
Does this matter?
TikTok is one of the, if not the, most popular apps in the US and the world[0]. It makes sense to talk about the biggest offenders.
You're right that the problems are more systemic and TikTok is far from alone, but at the end of the day, if this is the gateway to having the broader conversation, I would not dismiss it[4]. Laws that reduce the harm that TikTok is doing applies much more broadly than to TikTok. That is a win for us. It is difficult to write laws to specifically target a single company, and whenever that happens they serve as leverage to go after others too.
Treating TikTok as the face does not absolve others of their actions. It may shift focus off of others, but frankly, we're living in a time where focus is incredibly difficult to achieve.
I don't think you're wrong, but we've been trying to have the more nuanced conversation for over a decade and it doesn't catch people. So I'm personally okay with targeting an extremely popular platform like TikTok or Meta and using them as the gateway to the more nuanced conversations. IME if you just start by talking about "Surveillance Capitalism" it is common for people's eyes glaze over or they throw up their arms as the problem seems so large it is insurmountable. IME being more specific, talking about specific companies and specific actions[5] is the right gateway. It enables the deeper conversations without overloading people. Remember, you've had years to process all this and they're still new. Give them time.
--
[0] In the US looks like >136M adult users[1], which looks to be about half of all adult Americans[2], or 66% of Americans between 18 and 65[3]
[3] Intended as upper bound as certainty there are some seniors on TikTok.
[4] Unfortunately I think it is easy for bad actors to use whataboutism and that while I don't think you're doing this, bad actors try to snake in through claims like yours. Using the legitimacy of your claim to control the conversation and shift focus (the same way dog whistles are only intended to be heard by dogs).
[5] DO NOT start with the most egregious, as that's too abstract and leads people to believe you're a conspiracy nut. Same shit as when talking about Snowden, it doesn't matter if you can show them the evidence, the claims appear more like that out of a movie than reality and it doesn't feel like we live in the dystopia where we see this kind of tech on screen.
"TikTok" in the headline for views but every ad system is sucking up as much data as it possibly can: cross-site tracking pixels, cookies, device ids, fingerprinting, app snooping, extension snooping, etc.
> "TikTok empowers users with transparent information about its privacy practices and gives them multiple tools to customise their experience," a TikTok spokesperson says. "Advertising pixels are industry standard and used widely across social and media platforms"
Such Doublespeak—the word empower really means enfeeble and privacy its opposite.
There should be digital riots, where people team up to fight such abusive practices.
Thinking of AdNauseam extension, but next level. Surely there should be a very simple and effective way to disrupt such practices when people organize. Is there any precedent for such thing?
Truthfully, things like uBlock are digital protests. They look different than people marching in a street but they are organized and pushing back against the oppression. But it does look different and isn't as extreme as a riot.
I don't understand why such obvious bullshit serves any function whatsoever. If everyone knows it's bullshit, why is this better than saying "we violate your privacy as much as is legally possible, and sometimes more than that."
> Why are they still spending hundreds of millions on ads with athletes and other things that provoke a healthy image?
Because they are foolish enough to believe that advertising actually works to influence people's behavior. Or because they are afraid that their bosses are similarly foolish, so they will get punished if they try to do Coca-Cola the favor of cutting that extreme waste from the budget.
And if I choose to drink a Coke, then so be it. I'm not forced to, and I'm aware of the fact that I am consenting to whatever ill effects I might get by purchasing and consuming it.
These pixels are a horse of a different color. They grab my info with no consent given (hiding behind "But the site we have the pixel on has to inform you, not us!" is a complete and utter cop out) and then make a profit selling or using it.
Totally different circumstances, and this shouldn't be ok.
Sir, this thread is about corporate PR phrasing/excusing /marketing when everyone knows something is the opposite. You might've replied to the wrong thread here.
There's plenty of evidence that many people are not making rational and informed decisions due to advertising practices. That is absolutely being forced into things
> TikTok empowers users with transparent information about its privacy practices and gives them multiple tools to customise their experience," a TikTok spokesperson says. "Advertising pixels are industry standard and used widely across social and media platforms"
- Are we really empowered to stop being surveilled?
- Does the customization of my experience have any bearing with the actual allegation of tracking non-users on the internet?
- Are advertising pixels transparently shown to those who never have been on TikTok but are monitored all the same?
(edit: To be clear, Doublespeak isn't about a lie as much as words losing their entire meaning and being used to hide truth with comfortable phrasinggs)
If it's not a lie, it is still an immoral practice.
The article details how Tiktok is using the tracking to collect data on non-tiktok users to build profiles of people without their consent, and trying to say that people consent to it in their "downflow" usage of sites that have tiktok embeds.
Again, even if others are doing it, it's shitty and unethical.
Lots to blame Tiktok for but I believe this is completely ubiquitous across the internet. Every major brand with a digital marketing department does this.
Most popular platforms are tracking and spying on you. My friends and I also believe Slack private DMs are compromised as we often times see ads directly pertaining to oddball discussions we don't have outside of Slack.
Most people here probably know this already, but you can minimize some of this by using privacy browser extensions [1], containerized browsing [2], a good VPN [3], and/or Pihole [4].
I'm curious about the Slack thing. I wonder if there could be third parties doing something (browser plugins, third party keyboards for Android, edit: someone using a TV as a computer monitor.)
One thing is for certain, if ad targeting is not being done in ways it shouldn't be, there isn't anything technically preventing it.
It could be as simple as links. People drop links in the slack discussions, other people from Geolocated IP addresses (or same) click on them. Google analytics et. al. hovers a lot of data.
This wasn't a problem until it was done by a Chinese company, when American companies (Meta, X, Google, etc.) spied on us we saw it as a triumph of entrepreneurism.
> TikTok's pixel is years old, but it just shifted in some major ways. On 22 January 2026, when TikTok's US operation officially changed hands, users had to agree to a new set of data collection practices. That includes a new advertising network that TikTok will use to show targeted ads on other people's websites. To facilitate that new advertising system, TikTok updated its pixel.
> In the past, TikTok's pixel basically just told companies if their ads were generating sales in the app itself. Now, the pixel will help companies follow users who see an ad when they leave TikTok and make a purchase elsewhere.
So what you've said is not only wrong, it's the total opposite of what's happened. Under Chinese control, it was less invasive than it is now.
Me too. I'm a privacy warrior like yourself. But they do have a point. The Facebook pixel is decades old. This seems to be getting more traction than that did.
I think the FB pixel caused significant industry change, though. For instance, ad blockers became, well, not ubiquitous but incredibly common. Safari started doing great stuff with limiting third party cookies. Email apps started letting you opt out of loading images. A cottage industry of things like Pi-Hole popped up deter tracking at the LAN level. As a whole, tech added a gazillion ways to make Facebook’s tracking less effective.
I hadn't read that Paul Graham article before, but it was extremely accurate at the time.
My degree is in Public Relations and I worked in political PR for a bit before moving to newspapers. The PR office worked so hard to word things in a way where news editors could lift our copy directly into print. It was a delicate balance to sell a point of view without sounding like a sales pitch.
Later, at the newspapers, I was shocked to learn how desperately editors would snag any text to fill the space between paid-for ads on a page. A minimal amount of actual journalism occurred above the fold. Past that we would publish absolutely anything in the English language without filtering.
This was all 20+ years ago. Now we've cut out the middle man, automatically publishing AI generated slop directly as if it were human-produced news. It's all very discouraging.
Paul Graham cherry picks examples of history where humans are comically misguided as an argument for why virtually all humans are copying each others morals. Graham somehow argues that stopping the Nazis in WW2 or protecting children by socializing them against risky activities is unthinking hive mind and hand waives all of the nuance and human integrity. Weak argument and reads like propaganda from Steve Bannon.
It's this sort of thing that makes me run a home DNS server with a blocklist. It even works when I leave the house thanks to Android's PrivateDNS function, I don't need to turn on a VPN, all DNS requests even on mobile hit my AdGuardHome. I use quite a conservative DNS blocklist (oisd.nl) but it means I don't have the family complain various sites are broken.
Tiktok is also running web scrapers for some reason. I guess ML stuff. Their bot is hitting URLs on my server that haven't ever been linked elsewhere on the web and haven't been valid for years. Nobody else is still trying to get to them since I retired that subdomain.
Nothing new here. This is why they eventually rolled back Chrome's initiative to automatically reject third-party cookies. Industry backlash was that the analytics of too many sites would break. Best thing to do is to switch to a privacy centric browser.
This kind of tracking is insane. I built a self-hosted analytics setup so I can see how my sites are performing without sending anything to ad-tech companies [0].
Keeps the data on my server, gives real insights, and doesn’t contribute to the surveillance ecosystem [0].
the thing that struck me building a mobile app is how much access you could technically request without most users noticing. we use the camera as a core feature and even that single permission makes some users nervous, which is totally reasonable.
the real problem isn't any single app though, it's that the permission model on mobile is still too binary: you either grant access or you don't. there's no "allow camera but only while i'm actively in the app and don't cache any metadata." ios has gotten better with the location permission tiers but for most other permissions it's still all or nothing.
the scarier part of the article imo isn't even the tracking pixels, it's the sdk integrations. when you add a third party sdk for analytics or ads, you're trusting that company with whatever permissions your app already has. most indie devs don't audit those sdks line by line, and the big ones are basically black boxes.
The SDK thing is the real story here. Pixels at least show up in network traffic if you bother to look. SDKs run inside your app with whatever permissions you already granted and most teams never audit them past the initial integration. You're trusting a third party's code with your users' data and hoping they play nice.
TikTok, more than any other app, seems to be aware of things that I talk about. I'm not big on conspiracy theories (well until the past six months or so), but I really wonder if TikTok has figured out a way to listen with the microphone on my phone. I will be chatting about the most random thing -- needing a new washing machine -- and then I'll suddenly get some washing machine add in the next hour. Or someone will mention a movie being snubbed for the Oscar's, and then an edit for that movie pops up.
I never did a search or anything else on any app on any devices related to these things, but somehow TikTok seemed to know. Maybe coincidence that I have heightened awareness of... but it does seem different.
(b) display images. If images are optional, then the option must be enabled, e.g., by default
For example,
I often fail these requirements as I manually retrieve information without a browser. For example, I read the information from the BBC website without meeting the software requirements for social media pixel tracking
I also use a text-only browser to read HTML offline. This browser fails the software requirements as it does not auto-load resources. Further, I compile it without support for images
In addition to the software requirements there is also a requirement for access to remote DNS controlled by a third party
If you do not use the TikTok website, then your browser has no need to retrieve DNS data for tiktok.com or other domains registered to or used by TikTok
Unless you delegate lookups to a third party DNS provider such as an ISP, Cloudflare, Google, Quad9, etc. or run a local resolver that accesses remote authoritative servers then the required web browser specified above will not be able to retrieve DNS data for tiktok.com or whatever domains are used for the tracking pixel
For example, I use only locally-stored DNS data served from local authoritative DNS servers and localhost forward proxy memory. There is no DNS data for tiktok.com or other domains used for TikTok's tracking pixel
NB. The subject of this comment is (c) software and DNS requirements for pixel tracking. A different subject is (d) how many users may or may not meet such requirements, e.g., high numbers versus low numbers, "average" users versus non-"average" users, and so on. HN replies often attempt to change the subject to (d)
Facebook was doing tracking pixels in the 00s. It probably worked even better then because stuff that's currently in apps was on the web back then and fewer people ran adblockers.
Every party in the advertising ecosystem should be assumed to be doing this (and your adblocker should be trying its best to block it).
I even read that TikTok has its app listen to a port on localhost, and have websites run code that exfiltrates data this way (effectively bypassing privacy protections of your browser).
Which is worse is moot. Which is more likely to harm or immiserate you is the relevant question and unless you're chinese the answer is almost certainly ellison.
TikTok is now a Zionist operation being run by (former?) members of Mossad's Unit 8200, which is like the NSA's cybersecurity group. So monitoring everyone is literally the point of TikTok now. Meta, Google, Apple, and others are also participating in it. Silicon Valley not actively mobilizing against this shows how geeks are complicit with genocide and the systems that drive it.
The article says in the title how that won't solve the problem. Their chief solution is guarding against invisible tracking pixels all over the web, and how using a properly equipped browser and extensions can hopefully mitigate them. I found the article's recommendation of suitable browsers to be quite poor: a brush off to Firefox and no mention of LibreWolf, IronFox, etc al.
reply