Out of curiosity I browse the Snapchat scrolling feed from time to time, and since a few months ago I have been inundated with TikTok ads. 90% of them seem to be targeting teenagers, featuring pre- to early teens, dancing in front of the camera and flicking rubber bands at folded pieces of paper with Sharpied messages on them.
Something like - "to all the boys who think I'm cute..." (note 1, rubber band flick) "wait till you see..." (note 2, flick to reveal third note, which is covered up by the TikTok logo that prompts you to download to find out the rest).
It seems more likely to me that they just followed the classic "move fast and break things," gambling that no one noticed.
It doesn't boggle my mind. I'm sure very few services online would stand up to scrutiny. It's just that such few platforms are ever in that position.
Though, TikTok is a video platform with immense popularity among children. Put those two together and you're bound to be first on this sort of COPPA chopping block, so I suppose I do see how OP's mind could be boggled after all. Maybe it's "just" a fine of $5.7 million.
It seems pretty clear that userbase demographics are a factor. It's the best evidence you can have.
Funnily enough, I think it's fair for pornhub to assume their audience is 13 or older.
Porn sites used to make you affirm that you were at least 18, though. I wonder what happened to that.
“Children under the age of 13 are not allowed to create an account or otherwise use the Services.”
“If you are under age 18, you may only use the Services with the consent of your parent or legal guardian. Please be sure your parent or legal guardian has reviewed and discussed these Terms with you.”
Children would then have to ignore the terms and lie to the date of birth screen (fraud) to gain access, yet I'm sure that wouldn't stop most of them.
TikToks as a company can publish age stats from the data 'proving' they have nobody under 13, and all of the above should satisfy FTC
I don't believe the FTC would consider this compliance, since such a dialogue is designed to encourage children to lie.
>3. Can I block children under 13 from my general audience website or online service?
> Yes. COPPA does not require you to permit children under age 13 to participate in your general audience website or online service, and you may block children from participating if you so choose. By contrast, you may not block children from participating in a website or online service that is directed to children as defined by the Rule. See FAQ D.2 above.
> If you choose to block children under 13 on your general audience site or service, you should take care to design your age screen in a manner that does not encourage children to falsify their ages to gain access to your site or service. Ask age information in a neutral manner at the point at which you invite visitors to provide personal information or to create a user ID.
A bit more to the point:
> In designing a neutral age-screening mechanism, you should consider: Making sure the data entry point allows users to enter their age accurately. An example of a neutral age-screen would be a system that allows a user freely to enter month, day, and year of birth. A site that includes a drop-down menu that only permits users to enter birth years making them 13 or older, would not be considered a neutral age-screening mechanism since children cannot enter their correct ages on that site.
Out of curiosity - is that really fraud? It doesn’t sound like it hurts the company.
I bet TikTok had the same thing. But look at TikTok's attempt at complying in TFA: they didn't just make a /policy edit. They started asking birthdate upon register/login but managed to botch that, so they started asking users for scans of their government-issued ID.
If these are the sorts of measures that the FTC needs to see, then who actually is compliant under scrutiny?
You can upload selfie image/videos directly to Reddit. Wouldn't Reddit be just as incapable of deleting all content from users that were <13yo at time of upload like TikTok was ordered to do?
These are United states laws for a Chinese company...
And this is a brand (cant say which one) that has well over a hundred brands and works in almost 200 countries.
When I am of legal drinking age in Germany (16 years for beer) but visiting a micro brewery page from the US (21 years in some states, right?) - what does that mean then? :P
Couple that with that we now know how Russia (and ostensibly others) are using social media platforms for manipulation, and it just seems rather suspicious.
I'm probably just being tinfoil hat paranoid, but I feel like memes are basically vehicles for propaganda and we should be cautious with where we spend our time.
TikTok's parent company is a Chinese tech company headquartered in Beijing, so I would be astonished if it wasn't a stalking horse for some kind of PRC surveillance.
Are you sure these are bots? They might just be regular users that download these videos through the app. No matter what, when you download a video on TikTok, it downloads you a watermarked version.
Not very scientific, but it was enough at the time for me to sort of take note.
There really isn’t much reason to treat any social media company as trustworthy, or the networks themselves as inherently safe and healthy. Both Syria and Christchurch provide ample evidence for the dangers they can transmit.
PR and propaganda is essentially the same thing. It shouldn't be a surprise to anyone that private actors are engaging in the same kind of social media manipulation as state actors. Every ad you see, every business social media account and every mention of the benefits of a product or a service in a blog should be considered first as a deliberate attempt at exploiting your concern and manipulate you into wasting money or time.
So no, don't take off your tinfoil hat, but make that it shields you from the EM radiation evenly :)
of course that every government will try to abuse it, so will corporations, it is very convenient and profitable for them.
That's just spewing hate against others.
It's been years since I've worked with COPPA, but isn't it illegal both to 1. default to e.g. 1970-01-01 so that accepting implies you're of age, and 2. for your prompt to be "You must be 13+ to use this service. If you are under 13 your videos will be deleted. What is your birthday?" because you're basically encouraging kids to lie?
Also whenever you ask for a birthdate don't use a datepicker (or use one that allows selection of the year)
It's not fun dragging or scrolling the picker month by month until you get to your birthdate
>If you choose to block children under 13 on your general audience site or service, you should take care to design your age screen in a manner that does not encourage children to falsify their ages to gain access to your site or service. Ask age information in a neutral manner at the point at which you invite visitors to provide personal information or to create a user ID.
> In designing a neutral age-screening mechanism, you should consider: [...] Avoiding encouraging children to falsify their age information, for example, by stating that visitors under 13 cannot participate or should ask their parents before participating. In addition, simply including a check box stating, “I am over 12 years old” would not be considered a neutral age-screening mechanism.
My kids started on Musical.ly before other social media. Private accounts, IRL friends only.
My daughter, a TikTok user was prompted one day to enter her birthdate.
Not thinking too much about it (and without asking me), she did so. She entered her birth DAY but used the current year: 2018 (see the article). Should be an easy fix right?
Despite this obvious error (do 5 month olds really use the app?) she was now locked out.
We requested a copy of all her videos.
TikTok sent a text file to our email with a list of MP4 URLS.
I downloaded a browser extension to help auto-download this rather extensive list.
My daughter now has a new account, with a just old enough age to not get locked out again. sigh
TikTok literally built a billion dollar business on kids and are now giving them the boot.
 Sample questions here: http://allowe.com/games/larry/tips-manuals/lsl1-age-quiz.htm...
I wonder what sort of questions one would ask to implement such a age verification scheme these days. Ask, "what does AOL stand for?" or, "which one of the following audio clips is 'the dial-up tone'?". Or how about "what is a 'hanging-chad'?". Heck that last one doesn't even work anymore, there are 18 years today born after the 2000 election... I'm getting old.
Although I guess Google and widespread internet adoption has rendered this kind of age verification useless.
Even AOL, which I happen to know about is something I think few people in my country would be likely to know.
These questions strike me then as not purely relating to age but also to culture.
And even the dial-up tone question could be difficult for some people to answer. We had dialup at my child home but not everyone did.
And like you said, most questions can be Googled anyway.
I've always pondered whether this could be an effective way of tricking children into learning bits of history like trying to understand jokes from The Simpsons or the little bits of trivia that used to pop up on the loading screens in Call of Duty single player modes.
The 12 year old themselves wants to use the service. The service wants to be used. Most parents want their child to be able to do what they think is fun.
The only people against it are the people who don't want to properly supervise their children online, but also don't want them disadvantaged, so want the entire online service banned so nobody gets access.
If yes, then Im not sure what it protects except false sense of security
Interestingly with all the cameras on devices and AI/ML to recognize age and gender from a face, if this law came around nowadays they'd probably mandate face scanning to determine that you're of age...
It's all about responsibility transfer, I think.
If you've ticked some box that you should not have, then it's YOU who is responsible for whatever bad may happen.
> When a UK IP address attempts to access a website with pornographic content, the person browsing the web will have to verify themselves. It's up to each individual porn website to implement the technology that allows people to prove they're old enough to view the material.[..]
> The first [option from Yoti] is using your face. There will be the option to use the camera on a phone, tablet or computer and Yoti's "age estimation technology" will determine whether the person is old enough to access the explicit material.
[#][TikTok] 1234 is your verification code
At first I assumed these were someone accidentally or deliberately giving TikTok my phone number when registering. But if they never got the code, How could they activate the account? So why would they (or others) keep using my number? I read online that it may be a confirmation needed to delete an account. But that implies that TikTok accepted my phone number without verification. And again, if the person didn't get the code, what good did using my phone number do them?
All very dubious.
...And don't give your test suite access to the real world.
Anyhow, interesting to see the eff getting in on what it perceives as a dark UI pattern. I ran through this age check screen and had no problem.
I do not see a profound issue with creators that rushed through it having to submit gov ID. If the account is that valuable, teenagers can get ID. Frankly, they should probably have one anyway.
If they are required to "destroy" the data, how can they restore it after proving age using a government ID?
Otherwise, perhaps there was some delay on account deletion?
On a related note, TikTok is just a rebranded version of DouYin  which was originally built by a small group of young programmers called Beijing Shaking Youth . It wasn't until their recent funding  they sent up an office in the USA by which time the damage had already been done. Not only do they violate laws their app is riddled with dark patterns by US standards (all of which btw is normal in China).
If you go on LinkedIn and look up Jobs in Los Angeles you'll notice TikTok has 1200+ open positions. You'll also notice they're hiring people specifically to develop policies for each region.
I've never used tiktok, could you give a few examples?
That's startup culture in the U.S., too. It was popularized by the likes of Facebook, Uber, and Airbnb. Chinese companies also do their own version of it.
This isn't Chinese culture, this is what any capitalist willing to accept some risk does. If anything, they learned it from us.
The mistake here is their rushed implementation of the compliance.
Why do I feel like many companies, in the exact same situation, would have also messed up?
Aggressively deleting accounts of even older users due to messing up birthdate collection, with no recourse is such a bone headed move. Falling back to defensively asking for government ID can't really be counted as recourse.
Right; heaven forbid the users should learn a lesson about stuffing content into someone's walled garden.
This means if you're under 13 you can watch videos on YouTube, but you can't create an account or use notifications or subscriptions.
THis does create weird things though. Children like that notification bell, and so they use their parent's accounts. This means advertisers think the person viewing the videos is over 18, and that it's okay to show ads for alcohol or gambling.
That's not ok in the UK, and the regulator tells advertisers to be more careful when placing ads.
Why does the EFF care about this?
If you can't work a birthdate field in 2019 you should not be on the internet.
Also I'm not quite sure I buy the argument that the birth date dialog was bugged. Defaulting it to the current date is dumb, but was it really non-functional for some users? Really? Or did some users just click past it unthinking, annoyed that they were being asked something without bothering to stop and look at what they were being asked? The later seems more likely to me. These users would doubtlessly be annoyed, but what really can be done about that scenario? Those users should take it as a learning experience and be thankful TikTok is a thoroughly frivolous platform so they lost nothing of worth this time.
I don't think the problem was defaulting to the current date. No default is probably better in general for this sort of thing, and in hindsight it definitely would have been better in this case. But for a field for which you really need the user to provide a value, if you're going to set a default, that default should be obviously and universally invalid (the current date qualifies for that when you're asking for DOB), and you should have logic in place to deal with obviously invalid inputs.
Asking for a photo ID was probably easier for them than asking for a credit car though, since with the credit card method they now have to worry about PCI compliance. Getting themselves out of one regulatory shithouse by walking into another probably wasn't something they were eager to do.
They could ask the appealing user to upload a quick video of themselves requesting the appeal, and then use common sense to grant the appeal to people who reasonably appeared to be adults. That might make the FTC upset with them a second time though, since you'd doubtlessly have kids filming and uploading appeal videos, which would probably put TikTok back in violation of COPPA...
I don't think asking for a link to other social media like facebook would help, because even though Facebook is presumably in compliance with COPPA, somebody having an account on Facebook and being in compliance with COPPA doesn't necessarily mean they are >13 years old; their parent or legal guardian could have given them permission to use facebook, but not tiktok. So you can't assume that control of a facebook account means they're >13 or have parental approval to use your service.
There might be other ways out of this mess, but I can't think of any at the moment.
What matters is the result, not some technicality like whether the form worked correctly in every browser.
And the result was bad. No users were actually zero days old but they got their videos deleted just the same.
When you get bad results, don't blame the user for not understanding your system. It's always a bad design.
See also: Boeing 737 Max
Easy--never create an input field where clicking through on the default value is guaranteed to do something the user doesn't want, irreversibly. That's terrible design.
They'd go from "wtf stop asking me questions" to "you don't need to know that about me" to "wtf I'm locked out?" in about 5 seconds flat. And I don't think there is anything you can do about that. If they implemented a second chance system ("are you sure about that? input a different year or we're going to lock your account") it sounds like that would be another violation of COPPA, defeating the point of the whole ordeal.
Sorry to break it to you, but this happened to my daughter. Defaulted to 2018, she saved quickly (assuming her birth year was the default) without noticing.