And of course it’s open-source GitHub - PrivacySafe/sticktock: Share TikToks Safely. No Ads, No Spyware, No Phone App.
6 Likes
Moved to Tool Suggestions, since Privacy isn’t just an alternative place where tools can avoid scrutiny 
1 Like
I don’t use Tiktok so no intention to test out the tool.
However after a quick look at its Github, it appears to be a VERY new tool, so I highly doubt if @Encounter5729 was intended to “recommend” or “suggest” this tool to be included in PG. I think the OP just wanted to share this new tool he noticed, given Tiktok being sorta hot topic right now.
While I do think it would be better the OP add a few more words just to make it clear he is not actually recommending it, I also think people should seek clarification first, rather than assuming he is recommending something straight away, and then write something, in my point of view, a bit offensive, based on that assumption.
2 Likes
Why should the burden be on everyone except the original poster? @Encounter5729 posted a link to what is a tool in this context, without posting anything else. Makes sense to assume the post should be in the tool suggestions category.
Users should spend more time on their posts and not expect everyone else to ask leading questions so that they clarify what they actual meant and/or intended.
This seems to be a fork(?) of Offtiktok
Me neither, but just from opening the site it seems very limited compared to the other front-end websites Privacy Guides recommends. For example, being forced to take either a link or watch a random video, some sort of feed functionality seems pretty fundamental for a front-end like this to be useful.
The fact that they seemingly proxy all connections to TikTok is nice since your IP won’t be visible to TikTok, only the videos watched in aggregate from all StickTock users.
They also have basic, ‘privacy-friendly’ analytics by https://plausible.io/ which could be worth mentioning for a potential recommendation.
1 Like
Good catch, the files in backend seems very similar (I don’t code so I only looked at the filenames…)
However I couldn’t find the repo OP linked in the fork section, could it be a clone? 
Yep. Near the bottom of Sticktock’s README it says:
StickTock is modified from offtiktok and offtiktokapi released under the MIT/Expat License by MarsHeer.
1 Like
I am not sure if there is a good use case for a Tiktok frontend.
I understand Reddit (blocks a lot of VPN), Twitter / Facebook / Instagram / Youtube (forcing you to login), so they are sometimes very difficult (impossible) to visit without an account or exposing real IP.
However Tiktok does not block VPN, mostly does not force you to login, and does not force you to use mainstream browsers (i.e. Edge / Chrome / Safari, sorry Firefox you get into trouble sometimes so not in the list). So if I must visit Tiktok, I don’t need to pause my VPN or fire up a “mainstream” browser, or login.
While I admire the devs dedicating themselves to build privacy tools, I wonder what possible benefits are.
Have you heard about it being banned in the United States potentially as soon as Sunday?
Yes I do, but VPN should be able to get pass that, as long as you are using web version, isn’t it?
Edit: Never thought of it before, but for the frontends, if they use US IP / hosted in US then they they might not be able to operate / fetch the content, isn’t it?
Sure, but it will be hard to share links with other people. I assume that is a common use-case for people, but I don’t use TikTok myself. For example, I don’t really use xcancel.com to browse Twitter myself, but I use it to share links to Twitter all the time.
StickTock will redirect users to TikTok without any notice if they accidentally click on a user’s profile (since StickTock doesn’t support viewing profiles). This is a big red flag in my opinion and should probably be enough to disqualify them for the time being. Users shouldn’t have to take special care to not accidentally click on an element which will connect them directly to TikTok, undermining the protections of using a front-end in the first place.
1 Like
Ah, that would be a good use case then, thanks.
I shared that feedback with the people working on StickTock, who are now considering changes 
3 Likes
The Government of Canada actually already banned TikTok from government devices in February 2023, and has also ordered the wind up of the Canadian business carried on by TikTok Technology Canada, Inc.
This does not implicitly block Canadians access to the service. Canadians are encouraged to consult the guidance issued by the Communications Security Establishment’s (CSE) Canadian Centre for Cyber Security (CCCS) to assess the risks.
Fair enough. Other frontends like Redlib do change all reddit links to their redlib links.
Maybe we could discuss the TikTok ban here: TikTok Sell-or-Ban discussion?
1 Like
Hi folks! Lead dev on this project here. Thanks for your interest in the project.
-
We removed any and all tiktok .com links in the UI. A substantial portion of our test users actually want those links for discoverability, but I agree with the folks here that we shouldn’t have outbound clicks to TikTok without warning. If this app is still useful in a week, it will need substantial UI/UX work, and we’ll build in a warning screen a la DuckDuckGo’s video search when it pulls YouTube videos.
-
We use Plausible .io with a self-hosted instance at privacysafe .click for metrics. Plausible counts users without cookies. Plausible is GDPR-compliant and goes to great lengths for anonymity of HTTP requests:
Every single HTTP request sends the IP address and the User-Agent to the server so that’s what we use. We generate a daily changing identifier using the visitor’s IP address and User-Agent. To anonymize these datapoints and make them impossible to relate back to the user, we run them through a hash function with a rotating salt.
hash(daily_salt + website_domain + ip_address + user_agent)
This generates a random string of letters and numbers that is used to calculate unique visitor numbers for the day. The raw data IP address and User-Agent are never stored in our logs, databases or anywhere on disk at all.
Old salts are deleted every 24 hours to avoid the possibility of linking visitor information from one day to the next. Forgetting used salts also removes the possibility of the original IP addresses being revealed in a brute-force attack. The raw IP address and User-Agent are rendered completely inaccessible to anyone, including ourselves.
This is demonstrably better than grepping through server logs or GoAccess etc. from a privacy standpoint, and Plausible is only on our StickTock .com instance. I hope many other folks deploy the client + API server on their own instances.
StickTock .com is approaching 4K TikTok videos served today with zero logins and zero TikTok code or server contact for viewers 
5 Likes
I love it, thank you for the work done!
Off-Topic
(it doesn’t have anything to do but this reminded me of Barinsta, I hope someone comes up with something similar for Instagram, R. I. P. Barinsta)
1 Like