Google appears to have disabled Google Translate in parts of China

Google appears to have disabled access to Google Translate in parts of China, redirecting visitors to the Hong Kong domain — which isn’t accessible from the mainland. According to users on Reddit and site archives viewed by TechCrunch, Google swapped the Google Translate interface at with a generic Google Search page at some point within the last 24 hours.

The change is reportedly impacting the translation features of apps like KOReader, a document viewer, for China-based users, as well as Chrome’s built-in translation functionality. Google hasn’t responded to a request for comment; we’ll update this piece if we hear back.

Google has a long and complicated relationship with the Chinese government. In 2006, the company entered the Chinese market with a version of its search engine that was subject to government censorship rules. But after state-sponsored hacks and government-ordered blocks on Google services in response to YouTube footage showing Chinese security forces beating Tibetans, Google shut down Google Search in the mainland and briefly rerouted searches through its uncensored Hong Kong domain.

Google Translate blocked

The current Google Translate homepage in many parts of China.

Google reportedly explored relaunching Google Search in China in 2018 and 2019 as part of a project code-named Dragonfly, which would’ve censored results and recorded users’ locations as well as their internet browsing histories. But those plans were scuttled following clashes within Google led by the company’s privacy team, according to The Intercept.

In 2020, following the enactment of a national security law in Hong Kong that gave local authorities greatly expanded surveillance powers, Google said it wouldn’t directly respond to data requests from the Hong Kong law enforcement and instead would have them go through a mutual legal assistance treaty with the U.S.

Assuming it’s not a technical issue, the disabling of Google Translate in much of the mainland could be related to the upcoming National Congress of the Chinese Communist Party, which takes place October 16. The Chinese government has previously blocked Google services around major political events and politically sensitive anniversaries like that of the Tiananmen Square massacre.

Google appears to have disabled Google Translate in parts of China by Kyle Wiggers originally published on TechCrunch

Microsoft says two new Exchange zero-day bugs under active attack, but no immediate fix

Microsoft has confirmed two unpatched Exchange Server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks.

Vietnamese cybersecurity company GTSC, which first discovered the flaws part of its response to a customer’s cybersecurity incident, in August 2022, said the two zero-days have been used in attacks on their customers’ environments dating back to early-August 2022.

Microsoft’s Security Response Center (MRSC) said in a blog post late on Thursday that the two vulnerabilities were identified as CVE-2022-41040, a server-side request forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution on a vulnerable server when PowerShell is accessible to the attacker.

“At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems,” the technology giant confirmed.

Microsoft noted that an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities, which impact on-premise Microsoft Exchange Server 2013, 2016 and 2019.

Microsoft hasn’t shared any further details about the attacks and declined to answer our questions. Security firm Trend Micro gave the two vulnerabilities severity ratings of 8.8 and 6.3 out of 10.

However, GTSC reports that cybercriminals chained the two vulnerabilities to create backdoors on the victim’s system and also move laterally through the compromised network. “After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim’s system,” said GTSC.

GTSC said it suspects a Chinese threat group may be responsible for the ongoing attacks because the webshell codepage uses character encoding for simplified Chinese. The attackers have also deployed the China Chopper webshell in attacks for persistent remote access, which is a backdoor commonly used by China state sponsored hacking groups.

Security researcher Kevin Beaumont, who was among the first to discuss GTSC’s findings in a series of tweets on Thursday, said he is aware of the vulnerability being “actively exploited in the wild” and that he “can confirm significant numbers of Exchange servers have been backdoored.”

Microsoft declined to say when patches would become available, but noted in its blog post that the upcoming fix is on an “accelerated timeline.”

Until then, the company is recommending that customers follow the temporary mitigation measures shared by GTSC, which involves adding a blocking rule in IIS Manager. The company noted that Exchange Online Customers do not need to take any action at the moment because the zero-days only impact on-premise Exchange servers.

Microsoft says two new Exchange zero-day bugs under active attack, but no immediate fix by Carly Page originally published on TechCrunch

House Democrats debut new facial recognition bill

A group of House Democrats has unveiled a new bill that aims to put limits on the use of facial recognition technologies by law enforcement agencies across the United States.

Dubbed the Facial Recognition Act, the bill would compel law enforcement to obtain a judge-authorized warrant before using facial recognition. By adding the warrant requirement, law enforcement would first have to show a court it has probable cause that a person has committed a serious crime, rather than allowing largely unrestricted use of facial recognition under the existing legal regime.

The bill also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone’s arrest.

If passed, the bill would also require law enforcement to annually test and audit their facial recognition systems, and provide detailed reports of how facial recognition systems are used in prosecutions. It would also require police departments and agencies to purge databases of photos of children who were subsequently released without charge, whose charges were dismissed or were acquitted.

Facial recognition largely refers to a range of technologies that allow law enforcement, federal agencies and private and commercial customers to track people using a snapshot or photo of their faces. The use of facial recognition has grown in recent years, despite fears that the technology is flawed, disproportionately misidentifies people of color (which has led to wrongful arrests) and harms civil liberties, but is still deployed against protesters, for investigating minor crimes and used to justify arrests of individuals from a single face match.

Some cities, states and police departments have limited their use of facial recognition in recent years. San Francisco became the first city to ban the use of facial recognition by its own agencies, and Maine and Massachusetts have both passed laws curbing their powers — though all have carved out exemptions of varying degrees for law enforcement or prosecutorial purposes.

But the current patchwork of laws across the U.S. still leaves hundreds of millions of citizens without any protections at all.

“Protecting the privacy of Americans — especially against a flawed, unregulated, and at times discriminatory technology — is my chief goal with this legislation,” said Rep. Ted Lieu (D-CA, 33rd District) in a statement announcing the bill alongside colleagues Sheila Jackson Lee (D-TX, 18th District), Yvette Clarke (D-NY, 9th District) and Jimmy Gomez (D-CA, 34th District).

“Our bill is a workable solution that limits law enforcement use of [facial recognition technology] to situations where a warrant is obtained showing probable cause that an individual committed a serious violent felony,” Lieu added.

Gomez, who was one of 28 members of Congress misidentified as criminals in a mugshot database by Amazon’s facial recognition software in 2018, said that there is “no doubt that, left unchecked, the racial and gender biases which exist in FRT will endanger millions of Americans across our country and in particular, communities of color.”

The bill has so far received glowing support from privacy advocates, rights groups and law enforcement-adjacent groups and organizations alike. Woodrow Hartzog, a law professor at Boston University, praised the bill for strengthening baseline rules and protections across the U.S. “without preempting more stringent limitations elsewhere.”

House Democrats debut new facial recognition bill by Zack Whittaker originally published on TechCrunch

Ox Security lands $34M in seed funding to strengthen software supply chains

The rise in software supply chain attacks, like the SolarWinds hack, prompted last year’s executive order from the Biden Administration requiring vendors to provide a software bill of materials (SBOM). SBOMs can help security teams understand if a newly disclosed vulnerability impacts them — in theory. But industry experts caution that they aren’t always comprehensive enough to prevent attacks or address the challenges of securing supply chains.

One startup, Ox Security, is forging ahead with an alternative to SBOMs it’s calling Pipeline Bill of Materials (PBOM), which Ox claims goes further by covering not only the code in final software products but also the procedures and processes that impacted the software throughout its development. PBOM seems to be gaining traction. Despite being founded less than a year ago, Ox has raised $34 million in seed funding — a fact that it disclosed today — and has 30 customers including FICO, Kaltura and Marqeta.

Investors to date include Evolution Equity Partners, Team8, Rain Capital and M12, Microsoft’s venture fund.

“When the infamous SolarWinds attack took place, I recall the amount of stress that was felt across the industry,” CEO Neatsun Ziv, a former Check Point executive, told TechCrunch in an email interview. “When brainstorming on ideas with my co-founder Lior Arzi, we talked about the need for an end-to-end supply chain solution — something that doesn’t only look at the code that goes into the end product but also at all of the procedures and processes that could have impacted the software throughout the whole development lifecycle. At the end of 2021, we founded Ox Security to build this solution.”

In developing PBOM, Ziv claims that Ox undertook “extensive” research on the root causes of more than 70 attacks from the past year. PBOM was designed to contain information that might’ve prevented the attacks had it been readily available at the time, he says, and to be shared with stakeholders so that they can verify that the software they’re using is derived from a trusted, secure build.

Ox Security

Image Credits: Ox Security

Ox’s platform, leveraging PBOM, integrates with existing software development tools and infrastructure to record actions affecting software throughout the development lifecycle. It connects to an organization’s code repository and performs a scan of the environment from “code to cloud,” producing a map of detectable assets, apps and pipelines.

Ox also attempts to identify which security tools are in use, verify that they’re operational, and determine if additional tools are needed. Then, the platform highlights any security issues it found, prioritized by their business impact alongside automated fixes and recommendations.

“Most IT departments are understaffed, lack visibility and are struggling to prioritize security projects across engineering and DevOps. This results in ‘shadow dev’ and DevOps — where software development tools and processes are outside of the control and ownership of the security teams,” Ziv continued. “There is also a severe lack of automation that results in manual work and causes a high attrition rate for people in these roles. The Ox platform solves these issues by providing continuous visibility, prioritizing risks, automating manual workflows and securing the posture of [software development] elements like GitLab, Jenkins, artifact registry and production.”

PBOM is — at least at present — a voluntary spec. And Ox competes with vendors like Legit Security, Cycode, and Apiiro, the last of which Palo Alto Networks is reportedly close to acquiring for $550 million. But Ziv asserts that OX is gaining mindshare, pointing to the startup’s client base of just over 30 brands.

“We are fully focused on building the company and scaling the number of customers we serve. So far we only see an increase in demand due to the increasing number of attacks,” Ziv said. “If you look at previous downturns, there were very successful companies that got started in each one of them. So we try to obsess about solving the security risk, rather than what could happen with the market. We are going on this journey with strong partners who want to see this vision come to life.”

Added M12 managing partner Mony Hassid in an emailed statement: “Supply chain attacks are on the rise, and the attack surface is growing. When it comes to software security and integrity, you have to look beyond which components were used and consider the overall security posture throughout the development process. Ox is pioneering a standard that will be transformative for supply chain security. We’re proud to work with OX to improve software security.”

With the proceeds from the seed round, Ox plans to double its 30-employee headcount by the end of 2023.

Ox Security lands $34M in seed funding to strengthen software supply chains by Kyle Wiggers originally published on TechCrunch

Detectify secures $10M more to expand its ethical hacking platform

Detectify, a security platform that employs ethical hackers to conduct attacks designed to highlight vulnerabilities in corporate systems, today announced that it raised $10 million in follow-on funding led by Insight Partners. CEO Richard Carlsson says that the new cash, which brings Detectify’s total raised to $42 million, will be put toward product development and improving the overall user experience.

Detectify was founded by four ethical hackers from Stockholm, including Carlsson, who realized the business potential in combining security research with automation. In an interview with TechCrunch, Carlsson pointed out that product development workflows have changed dramatically over the past few years, with new teams within organizations spinning up internet-facing apps and adding potentially vulnerable assets to their employer’s environment. The trend toward low- and no-code tools has lowered the app development barrier to entry, but it’s also made the jobs of security specialists that much harder.

Illustrating the challenges, a recent Dark Reading survey found that 26% of IT and security experts don’t trust the platforms used to create low- and no-code apps. Roughly as many — 25% — said that they don’t even know which apps within their companies are being created by these tools.

“While companies should integrate security best practices earlier in their development cycle and try to catch vulnerabilities in development, production is what truly matters,” Carlsson added via email. “Unless you have a completely linear development process, which no company actually has, you will never catch everything. And this legacy mindset and over-reliance on ‘shifting left’ instills a sense of false confidence in organizations that actually increases their risk level.”


Image Credits: Detectify

Detectify’s approach crowdsources real payloads — pieces of code that execute when hacker exploits a vulnerability — from a private community of ethical hackers and uses these contributions for payload-based tests. Carlsson claims that Detectify tests customers’ entire attack surfaces, exposing how malicious attackers might exploit internet-facing apps in production. 

In the near future, Detectify plans to roll out new functionality that’ll give security teams the ability to create custom alert policies. Teams will be notified if attacks on vectors like hosts, domains or DNS records are detected, Carlsson says. 

“With Detectify, organizations can maintain an external point-of-view of exactly how attackers would exploit their attack surface, manage exposure, and prioritize their remediation efforts,” Carlsson said.

Detectify currently has 2,000 customers, including “large government digital services” in Europe, and a user base exceeding 10,000. Carlsson asserts that demand remains robust in the face of competition like Cycognito, Crowdstrike’s Reposify, IBM’s Randori, Google’s Mandiant and Microsoft’s RiskIQ, driven by digital transformation efforts around the pandemic. 

To put it simply, the external attack surface has never been more complicated and harder to defend. This insulates Detectify against market headwinds,” he added. “While no company is immune to market trends, in cybersecurity, the pressure to reduce spend is pitted against cybersecurity teams’ need for best-of-breed solutions to protect the business against nation-state-level attacks.”

Detectify secures $10M more to expand its ethical hacking platform by Kyle Wiggers originally published on TechCrunch

US senators aim to amend cybersecurity bill to include crypto

As regulators around the world try to provide frameworks for the digital asset industry, two U.S. senators have introduced a bill to help crypto companies report cybersecurity threats.

U.S. Senators Marsha Blackburn, Republican of Tennessee, and Cynthia Lummis, Republican of Wyoming, exclusively shared with TechCrunch the reformed legislation, the Cryptocurrency Cybersecurity Information Sharing Act, which would amend the Cybersecurity Information Sharing Act of 2015 to include cryptocurrency firms. The bill is endorsed by the Electronic Transactions Association.

“Some bad actors have used cryptocurrency as a way to hide their illegal practices and avoid accountability,” Blackburn said in a statement to TechCrunch. “The Cryptocurrency Cybersecurity Information Sharing Act will update existing regulations to address this misuse directly. It will provide a voluntary mechanism for crypto companies to report bad actors and protect cryptocurrency from dangerous practices.”

The bill aims to mitigate losses from a number of cyber-related incidents, including data breaches, ransomware attacks, business interruption and network damage, it stated.

During the second quarter of this year, there was a significant rise in crypto-focused phishing attacks, according to a report by CertiK. In the first half of this year, over $2 billion was lost to hacks and exploits — racking up an amount larger than the entirety of 2021 in half the time, the report stated.

In general, Lummis has been a vocal supporter of the crypto industry and has sponsored and proposed new bills focused on the crypto industry in recent months.

In June, Lummis proposed a bipartisan crypto bill alongside Senator Kirsten Gillibrand, Democrat of New York, with a goal of installing guide rails around the digital asset sector. The 69-page bill covered a broad range of crypto market subsectors from how to tax crypto transactions to guidelines for backing stablecoins.

While some find regulation to be a bad thing for innovation and the decentralized nature of crypto, others disagree. As the crypto industry continues to grow in the public light, many market players and regulators say there’s a need for greater transparency and frameworks on how the digital assets could be monitored.

US senators aim to amend cybersecurity bill to include crypto by Jacquelyn Melinek originally published on TechCrunch

Amazon sheds some light on your would-be intruders with Blink Floodlight

Weighing in at $100, Amazon’s new the new Blink Floodlight camera brings more brightness and smarts to its camera line. The company also launched a brand new $30 Blink Mini Pan Tilt mount, giving security-conscious customers the ability to look around a bit more than before.

The two new additions to the Blink family were launched at Amazon’s Fall event today – you can see our full coverage from the event here!

Blink Wired Floodlight camera

Who goes there? Image Credit: Amazon

The Blink Wired Floodlight camera adds powerful LED lighting and Amazon’s own AZ2 processors to process video footage locally without having to stream the video to the cloud to get AI smarts.

“The Blink Wired Floodlight Camera is our first wired floodlight device, and it adds to the existing lineup of easy-to-use, reliable, and affordable security devices that help customers keep an eye on their homes,” said Mike Harris, COO at Blink. “With an all-in-one security and lighting design, and a price below $100, it offers a mix of performance and value that’s hard to beat. Plus, it leverages the intelligence of Amazon silicon, enabling us to offer features such as computer vision and local video processing for the first time.”

At $100, the Blink Wired Floodlight camera is a competitively-priced camera solution. It includes the features you’re used to from other smart camera providers, including ‘preferred motion detection’ zones, and person detection, so cats, badgers, and butterflies don’t send notifications to your phone needlessly.

The LED lights throw out 2,600 lumens of light, and the camera can record in 1080p, with high-definiton live view available. The camera has the ability to store video clips locally, using the optional USB flash drive and a ‘Sync Module 2’. Using a Blink subscription plan, you can keep your videos and photos in the cloud for later inspection, too.

Blink Mini Pan Tilt

I get this feeling, someone’s watching me. Image Credit: Amazon

The Blink Mini Pan Tilt mount is the best friend of the Mlink Mini camera, giving it the power to pan and tilt so you can look around, following your pets, kids, and burglars around your house.

Amazon’s Blink Mini is the company’s entry-level, $35 camera. The new Mini Pan Tilt mount costs $30 and can be added to an existing camera by simply plugging the camera in with the included USB-C cable. If you want a brand new bundle, it can be bought bundled with a camera for $60. It gives users the ability to pan (look from side-to-side) and tilt (up and down) using the Blink app. The mount gives you full 360-degree coverage of the room.

Blink Wired Floodlight Camera will be available in the coming months in the U.S. for $99.99, while Blink Mini Pan Tilt is available for pre-order today in the U.S. and Canada. Both devices can be found on Amazon’s Blink microsite.

Story was updated with additional info and pictures from Blink. 

read more about Amazon's fall event, September 28, 2022

Amazon sheds some light on your would-be intruders with Blink Floodlight by Haje Jan Kamps originally published on TechCrunch

Amazon’s Ring announces plan to use a robot for security patrols alongside new home security devices

Alongside news of new Alexa devices, Amazon today unveiled a refresh of its Ring lineup including new cameras, alarms and more. The flagship addition for consumers is a new “pro-tier” security camera joining Ring’s radar-powered lineup, the Spotlight Cam Pro. However, the more interesting (or creepy?) news is Amazon’s plan to integrate its Ring Virtual Security Guard subscription service for third-party monitoring with its Amazon Astro robot.

Originally designed as a home helper, Amazon hadn’t been quite sure which direction it wanted to take its new robot. Now, it seems the company is testing out whether or not Astro could be used for security monitoring purposes.

The company says the new solution could make sense for those businesses that can’t afford an on-site security patrol but still want to keep an eye on their business after hours. Longer term, Amazon envisions a world where robots could complement or even take the place of security guards.

The integration as it stands today, however, will tie into Ring Alarm or Alarm Pro devices. When an alarm is triggered, the Astro robot could go investigate and observe the scene using its onboard camera. It can also be set to autonomously patrol a property when the Ring Alarm is set to “Away” mode. As a part of the Ring Virtual Security Guard service, the agents would also be able to remotely operate the robot when an alarm is triggered, allowing them to get a closer look at the scene, as well as use the Two-Way Talk feature to alert an intruder that the authorities have been called.

This seems like a far-fetched use case, to be sure — anyone daring to break into a property will not likely be scared off by the adorable Astro, though it could certainly catch them off guard momentarily. Amazon says it will begin testing this integration with a select group of small business customers in the coming months and will gather feedback.

Image Credits: Amazon

Among the more typical updates, the company also announced a new camera, with the Spotlight Cam Pro. The camera employs radar to measure the distance and angle of an object moving in front of the camera. Its ability to detect motion three-dimensionally leads to more refined and accurate alerts, Amazon claims. Radar also helps to power a “Bird’s Eye View” feature that provides an aerial map of movement across a property, to give the full picture of a motion event. A similar “Bird’s Evey Zones” feature was also recently added to Ring Video Doorbell Pro 2 and Floodlight Cam Wired Pro, the company noted.

Image Credits: Amazon

Users can set their own 3D Motion Detection thresholds on the Spotlight Cam Pro, as well as customizable Motion Zones to trigger recordings and Privacy Zones to exclude areas.

It will be available for pre-order today in battery and plug-in configurations for $229.99. The solar-powered version is $249.99. The wired version isn’t yet available.

Amazon is also updating its Spotlight Cam Plus ($199.99) which now has a new look at is available with multiple power options including wired, plug-in, solar and battery.

Image Credits: Amazon

And it’s releasing the second generation of its Ring Alarm Panic Button ($29.99), designed to be either wall-mounted or placed on a flat surface, enabling customers to call for help, including medical or fire assistance.


Image Credits: Amazon

Amazon’s other home security division, Blink, also announced new devices today, including the new Blink Mini Pan Tilt, an accessory for the Blink Mini security camera. This offers additional functionality with a 360-degree view of the room for $29.99. It’s also launching a smart floodlight, the Blink Wired Floodlight Camera, offering Privacy and Activity Zones, for $99.99. It will be available later this year.

Amazon’s Ring announces plan to use a robot for security patrols alongside new home security devices by Sarah Perez originally published on TechCrunch

Iranian tech activists detail how tech industry could unlock Internet access to aid anti-regime protests

While Iranians struggle to access the Internet as civil protests continue to grow against the regime, TechCrunch has spoken to a tech entrepreneur inside the country to get a picture of how a small group of activists is working to get internet access working again inside the country after it was debilitated by the government, in order to spread information about the demonstrations.

He told me that getting access has become a “game of cat” and mouse with authorities, but that the Tor Project, which uses free and open-source software for enabling anonymous communication, has become a vital way around these problems. Indeed, Tor has released details regarding the use of Snowflake, which has also aided in internet access in Iran.

“VPN services provide a free service for Iranians. The TOR Project is adding bridges, but few of these will work,” he said.

“The government has blocked access to most non-Iranian IP addresses on residential connections (essentially a whitelist with throttled speed) and to all non-Iranian IP addresses on mobile 3G/4G data (and most people are connected to the internet through mobile data). All these services (VPNs/TOR/etc) have servers outside Iran, which is not useful. People cannot connect to them,” he told me.

However, he said, there is a way around this: “Servers within Iranian data centers have a full speed connection to the internet.”

Thus, he and a few others are now acquiring servers in these Iranian data centers, setting up a VPN server on them, and making sure that all the incoming traffic is ‘tunneled’ to another server outside Iran.

“Then the Iranian VPN server connection info is shared with the people who can connect to them from any device at any time of the day (the internet is almost shut down at nights when the protests are most intense, but connections to servers within Iran still works),” he told me via a secure communication method.

However, using this method is not scalable. Iranian tech companies themselves can’t buy many servers in the Iranian data centers as it raises too many red flags with the regime’s authorities.

“And we can’t share the connection information publicly because the connection info includes the server IP address which can be easily used by the government to identify the person who purchased it, and they can then come after us,” he explained.

Instead, Iranian engineers have been in contact with the Tor Project to help set up bridges inside Iran.

In order to achieve this, he and others have worked on a Github document titled “InternetForIran”.

This details how machines located inside Iranian data centers could be used to connect to websites and servers carrying information on the protests inside Iran, since the government has not yet blocked Internet access to these internal servers, and may not do so in fear of debilitating its own access.

The activists are now calling the tech industry outside Iran – especially the Iranian diaspora – to assist by legitimately purchasing a server inside Iran.

The document outlines how supporters could send activists the IP address and SSH credentials by emailing “We will set up the server and send the VPN details back to you to share with your friends and family inside Iran,” it says.

However, activists say anyone inside Iran should not follow this procedure as the action would be too risky. Furthermore, there are also details on how hacker groups can assist activists.

TechCrunch understands that some inside the Tor project consider the above procedure potentially unsafe. “I don’t know how safe it is to do this and what could happen if they are caught,” one source told me.

Plus, the issue is being discussed on Tor chat servers.

My contact told me that this method could be crucial to aiding the protests against the dictatorial regime: “People inside Iran are not seeing the videos and information about the protests. All they see is the government propaganda. We can give them access, but we need help.”

Iranian tech activists detail how tech industry could unlock Internet access to aid anti-regime protests by Mike Butcher originally published on TechCrunch

TikTok says fake account removal increased 61% to 33.6M in Q2 2022

TikTok is continuing its PR offensive to convince the world that it takes its content moderator responsibilities seriously, as the Bytedance-owned social video platform today published its latest Community Guidelines Enforcement Report.

Covering the period from April 1 to June 30 this year, the report spans a wide gamut of self-reported data points around video and account takedowns, arguably most notable among them relating to that of fake accounts. TikTok reports that it removed 33.6 million fake accounts for the quarter, representing a 61% increase on the 20.8 million accounts it removed in the previous quarter. Looking further back to the corresponding second quarter last year shows that TikTok fake account removal rate has grown by more than 2,000% over 12 months.

The definition of a fake account varies, but it generally refers to any account that purports to be someone or something that it’s not — this could mean a celebrity, political figure, brand, or some other scammer with nefarious intentions.

TikTok: Total account removal, by quarter and reason Image Credits: TikTok

What’s perhaps most interesting here is that while its fake account removals has apparently increased, the number of spam accounts blocked at the sign-up stage decreased dramatically, dropping from around 202 million during the first quarter to some 75 million. This is no coincidence, according to TikTok, which says that it has implemented measures to “hide enforcement actions from malicious actors,” essentially to prevent them from gaining insights into TikTok’s detection capabilities.

In short, it seems as though TikTok has allowed more spammy / fake accounts onto the platform, but ultimately removed more once they’re on.

Elsewhere in the report, TikTok said its proactive video removals (where it removes content before it’s reported) rose from 83.6% in Q1 to 89.1% in Q2, while videos removed in under 24 hours (from when a report is received) increased from 71.9% to 83.9%.


TikTok’s rise over the past few years has been fairly rapid, with the company reporting 1 billion active users last year, leading Google to invest in a rival service called YouTube Shorts. And just as the other tech heavyweights have been forced to become content moderators to prevent everything from political chicanery to vaccine misinformation, TikTok has had to fall in line too.

While TikTok has long tried to enhance its credentials by banning deep-fake videos and removing misinformation, with the midterm elections coming up in the U.S., some politicians have voiced concerns about potential interference, either from China (where TikTok’s parent company hails) or elsewhere. Indeed, TikTok recently launched an in-app midterms Elections Center, and shared further plans on how it planned to fight misinformation.

Elsewhere, TikTok has battles on multiple fronts, with news emerging from the U.K. this week that the company is facing a $29 million fine for “failing to protect children’s privacy,” with the Information Commissioner’s Office (ICO) provisionally finding that the company “may have” processed data of children under the age of 13 without parental consent. This followed a planned privacy policy switch in Europe, which TikTok eventually had to pause following regulatory scrutiny.

TikTok says fake account removal increased 61% to 33.6M in Q2 2022 by Paul Sawers originally published on TechCrunch