Tag Archives: Cloud Server

TikTok Leak : China Repeatedly Accessed Private User Data!

Leaked audio from internal TikTok meetings show that private user data has been repeatedly accessed from China!

Here is what you need to know…

 

Privacy Promise By TikTok : Overseas Data Stored In US + Singapore

For many years now, TikTok has repeatedly assured users that all data collected from users outside of China, stays out of China and is thus, not accessible to anyone in China.

To ensure that the Chinese government has no access to the data, one of the measures they took was to store all data collected overseas in servers located in the United States, with backups in Singapore.

This was explicitly stated in their New Privacy Policy :

We store the information described in the What Information We Collect section in servers located in the United States and Singapore.

Most people may not realise this, but they also added a caveat right after that, stating that their Corporate Group (in China) may remotely access the data…

When entities in our Corporate Group need information to help us provide the Platform, they remotely access the information pursuant to authorised and secure access controls.

 

TikTok Leak : China Repeatedly Accessed Private User Data!

Buzzfeed News recently received audio recordings from more than eighty (80) internal TikTok meetings, in which employees admitted that engineers in China accessed private user data.

This was despite a TikTok executive’s sworn testimony at an October 2021 US Senate hearing at the same time period, that a “world-renowned, US-based security team” decides who gets access to the private user data.

Instead, the leaked audio revealed that US staff did not have permission or knowledge of how to access the data. Rather, it was their colleagues in China who determined how and who accessed the private user data.

The leaked tapes ultimately show that TikTok may have misled lawmakers, users, and the public by downplaying the fact that their private data is readily accessible by employees in China, and potentially, the Chinese government.

Everything Is Seen In China

Eight different employees stated in nine statements that they had to refer to their colleagues in China to make those decisions.

Everything is seen in China“, said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

In another September 2021 meeting, a TikTok director referred to a Beijing-based engineer as a “Master Admin” who “has access to everything“.

There’s Some Backdoor To Access User Data…

Fourteen of the leaked audio recordings were with, or about, a team of Booz Allen Hamilton consultants that TikTok brought in to investigate how data flows through TikTok and ByteDance’s internal tools.

In September 2021, one Booz Allen Hamilton consultant told colleagues that the tools felt like they had backdoors to access user data :

I feel like with these tools, there’s some backdoor to access user data in almost all of them, which is exhausting.

Oracle Only Providing Storage For Project Texas

TikTok has been working on what they call Project Texas – securely storing overseas data in Oracle cloud servers to comply with CFIUS (Committee on Foreign Investment in the United States).

Project Texas is limited to protecting the private information of US users, like phone numbers and birthdays – details that are not publicly visible, or have been set to private.

Such data will be stored at an Oracle datacenter in Texas – hence the name, and would only be accessible to specific US-based TikTok employees.

However, TikTok’s head of global cyber and data defense made clear that Oracle was only providing the data storage space for Project Texas. Ultimately, TikTok would be setting up the servers, and controlling everything.

It’s almost incorrect to call it Oracle Cloud, because they’re just giving us bare metal, and then we’re building our VMs [virtual machines] on top of it.

Unique IDs Not Protected Information

In one of the leaked audio recordings from a January 2022 meeting, TikTok’s head of product and user operations announced with a laugh that the Unique ID (UID) will not be amongst the protected content under the CFIUS agreement.

The conversation continues to evolve. We recently found out that UIDs are things we can have access to, which changes the game a bit.

Other Data Not Stored On Oracle Servers

The problem with Project Texas is that it only addresses US users… and only a small subset of their data.

Everything else – including private user data from non-US countries – will stay in their US and Singapore servers that remain accessible to ByteDance’s Beijing offices.

 

Response By TikTok : 100% US Data Traffic Routed To Oracle

TikTok publicly announced on the same day – June 17, 2022, that it changed the “default storage location of US user data“, and that “100% of US user traffic is being routed to Oracle Cloud Infrastructure“.

Although they “expect” to fully pivot to Oracle cloud servers located in the US, they will continue to use their existing US and Singapore servers for backup, and delete US users’ private data over time.

While this may address some of the privacy concerns for US users, it does not address the other privacy concerns revealed in the leaked audio recordings… or the privacy concerns of non-US users.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > BusinessCybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

KKM : MySejahtera Was NOT Sold To Private Company!

The Malaysia Ministry of Health has clarified that the MySejahtera app and its data was not sold to any private company.

Here is what you need to know!

 

Claim : MySejahtera Was Sold To Private Company!

Malaysian opposition leader Anwar Ibrahim claimed that MySejahtera will be sold to a private company – MySJ Sdn. Bhd. through direct negotiation.

The MySejahtera application was rolled out in April 2020, under the Malaysia Ministry of Health (KKM). It was built by KPISoft (now Entomo) as a corporate social responsibility (CSR) initiative.

According to his statement, the government appointed MySJ Sdn. Bhd. through direct negotiation to take over MySejahtera on 26 November 2021.

Then in December 2021, the Public Accounts Committee (PAC) proposed that the government should take over MySejahtera since it is now “an integral part of the national health system”.

 

KKM : MySejahtera Was NOT Be Sold To Private Company!

On 27 March 2022, the Malaysia Health Minister Khairy Jamaluddin issued a press statement, clarifying that the government did not sell MySejahtera to any private company.

Here are the key points of his statement on the claims that MySejahtera was sold to MySJ Sdn. Bhd. :

  1. On 26 November 2021, the government decided that MySejahtera is owned by the government, and the Ministry of Health (KKM) was appointed as the main owner of the application.
  2. The government did not pay KPISoft any money for the development of MySejahtera, which was carried out from 27 March 2020 until 31 March 2021.
    This was based on the company’s offer to let the government use the app for one year for free, as a Corporate Social Responsibility (CSR) initiative.
  3. After the CSR period ended on 31 March 2021, the government agreed to extend the use of MySejahtera, and work with KPISoft to expand its features.
  4. On 26 November 2021, the government ordered KKM to form a Price Negotiation Committee comprising of stakeholder agencies to negotiate the purchase and service maintenance of MySejahtera for two (2) years.
    The scope of the procurement and management of the MySejahtera app included operating MySejahtera, system development including additional modules, maintenance, datacenter management and third-party services like Google Map and Places API, as well as SMS services.
  5. On 28 February 2022, the Ministry of Finance approved KKM’s procurement of the MySejahtera app.
  6. MySejahtera data has been under KKM’s supervision from the first day it was used, and the data is processed according to KKM procedures.
  7. KKM does not share MySejahtera data with any government agency, or private companies.
  8. All data from the MySejahtera app are uploaded to a cloud server network, and can only be accessed by the MySejahtera app only.

In short, the MySejahtera app was not sold to any private company, and was purchased by the Ministry of Health with approval from the Ministry of Finance on 28 February 2022.

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Enterprise | SoftwareTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

NTT Launches Fifth Data Center In Malaysia – Cyberjaya 5!

NTT Ltd just launched their fifth data centre in Malaysia – Cyberjaya 5 (CBJ5)!

Here is a quick look at what NTT Cyberjaya 5 offers!

 

NTT Launches Fifth Data Center In Malaysia – Cyberjaya 5

On 3 February 2021, NTT Ltd announced the launch of their fifth data center in Malaysia – Cyberjaya 5 (CBJ5).

Located within the NTT Cyberjaya Campus, this new 107,000 square feet data center is designed for hyperscalers and high-end enterprises in Malaysia’s growing digital economy.

CBJ5 supports 6.5 megawatts of flexible and scalable power, and boasts a Tier IV-ready, compact and modular design, with a cooling wall system that handles up to 15 kilowatts per rack.

NTT clients will have greater access to flexible, scalable and secure infrastructure in Malaysia – a regional data center hub.

“The demand for data storage and managed hosting services is expected to grow exponentially across Malaysia. This fifth data center will meet the expanding needs of organizations to reach their digital business objectives, in particular the FSI sector, as our data center complies with the Risk Management in Technology (RMiT) guideline set by Bank Negara Malaysia. We hope to play a key role in providing the vital data capacity at a high speed to keep Malaysia’s digital ecosystems and the digital economy ticking.” said Henrick Choo, CEO, NTT Ltd. in Malaysia.

 

NTT Cyberjaya 5 : Part Of Strategic ASEAN Hub

CBJ5 is connected to the existing Asia Submarine-cable Express (ASE) and Asia Pacific Gateway (APG) cable system, and will eventually be linked to the upcoming MIST cable system.

The MIST cable system will be available by end 2022 and it is a strategic joint venture for international submarine cables in South East Asia, with Orient Link Pte. Ltd.. It will enable NTT Ltd. to expand its offerings into India and beyond, while the ASE and APG cable systems provide global connectivity from Asia to United States.

This new expansion in Malaysia is part of NTT Global Data Centres division’s growth strategy. Malaysia is a prime data centre market in the ASEAN region, due to the abundant availability of resources, and favourable government policies.

“NTT places Asia Pacific as a tactical key region, and Malaysia – a strategic hub for the submarine cables operated by NTT such as the new MIST cable system, as well as the existing Asia Submarine-cable Express (ASE) and Asia Pacific Gateway (APG). Furthermore, CBJ5 will drive business opportunities in Asia through the upcoming MIST cable system which will link all our large-scale data centers in the region. Our continued commitment to Malaysia will help position NTT as a technologically innovative leader to address the industries of the future,” said Ryuichi Matsuo, Executive Vice President for NTT Ltd.’s Global Data Centers division.

“The pandemic also illustrated the importance of effective connectivity and reliable infrastructure to ensure business continuity. NTT’s global data center platform offers flexible, scalable and secure infrastructure along with a full-stack of customizable solutions that clients can utilize to support their digital transformation needs and maintain critical applications in a comprehensive, hybrid IT environment,” he concluded.

 

Recommended Reading

Go Back To > Business | Home

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!