Skip to main content

Independent journalism powered by readers like you.

Sign Up Free

How TikTok's Project Texas Failed to Prevent American User Data Transfers to China

criticaldevelopingBy OPV Investigations||13 min read

Despite spending over $1.5 billion on Project Texas, TikTok's initiative to store American user data exclusively on U.S.-based Oracle servers, our investigation reveals that significant data continues to flow to ByteDance's servers in China. Technical analysis of TikTok's network traffic, combined with testimony from former employees, demonstrates that the app transmits device fingerprints, behavioral patterns, and content consumption data to Chinese servers under the guise of algorithm optimization. With 170 million American users, the national security implications are staggering and have led to bipartisan legislation requiring ByteDance to divest or face a nationwide ban.

The Architecture of Project Texas

Project Texas, announced in 2022, was TikTok's $1.5 billion effort to address national security concerns by migrating all American user data to Oracle Cloud Infrastructure in the United States. Under the arrangement, Oracle was supposed to serve as a trusted technology partner, inspecting TikTok's code and monitoring data flows to ensure no American user data reached ByteDance servers in China. However, our investigation reveals fundamental architectural limitations in this approach. Oracle's oversight covers only structured data stored in databases, not the real-time data streams generated by the TikTok app during normal use. These streams, which include device fingerprints, keystroke patterns, and behavioral signals, are transmitted through a separate pipeline that Oracle does not monitor or control.

The Algorithm Optimization Loophole

The most significant gap in Project Texas involves TikTok's recommendation algorithm. ByteDance retains control over the algorithm's training pipeline, which requires access to user behavior data to function. TikTok has argued that this data is anonymized and aggregated before being shared with ByteDance engineers in China. However, former engineers interviewed for this investigation describe the anonymization as superficial, noting that the behavioral data is granular enough to re-identify individual users through pattern analysis. One former machine learning engineer stated that the data shared for algorithm training includes viewing duration, scroll patterns, pause behavior, and content interaction sequences that constitute a unique digital fingerprint for each user.

National Security and Legislative Response

The national security implications of TikTok's data practices extend beyond individual privacy. Intelligence analysts have warned that the behavioral data collected by TikTok could be used for influence operations, targeting vulnerable individuals, and mapping social networks within the U.S. military and intelligence communities. The Department of Defense banned TikTok on government devices in 2023, and at least 34 states have implemented similar restrictions. The Protecting Americans from Foreign Adversary Controlled Applications Act, signed into law in April 2024, gave ByteDance until January 2025 to divest TikTok's U.S. operations or face a nationwide ban. After multiple legal challenges and extensions, the divestiture deadline remains unresolved as of late 2025.

Key Findings

  • Oracle's oversight under Project Texas covers only structured database data, not real-time behavioral data streams transmitted during app use.
  • Behavioral data shared with ByteDance for algorithm training is granular enough to re-identify individual users despite claimed anonymization.
  • TikTok collects device fingerprints, keystroke patterns, and viewing behaviors that constitute unique digital signatures for each of its 170 million U.S. users.
  • At least 34 states have banned TikTok on government devices due to national security concerns about data access by the Chinese government.

Timeline

TikTok announces Project Texas, a $1.5 billion initiative to store U.S. user data on Oracle servers.

TikTok CEO Shou Zi Chew testifies before Congress about data security practices.

President signs law requiring ByteDance to divest TikTok or face U.S. ban.

TikTok briefly goes dark in the U.S. before receiving a 90-day extension on divestiture deadline.

Affected Parties

170 million American TikTok usersU.S. national security infrastructureContent creators dependent on TikTok revenueOracle as the designated trusted technology partner

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Related Investigations

Google Ad Monopoly: DOJ Antitrust Case Exposes $200B Digital Ad EmpireMeta's Post-Cambridge Analytica Failures: $5B Fine Did Nothing to Stop Data AbuseAmazon's Secret Weapon: How Marketplace Seller Data Fuels Amazon Basics DominationApple's 30% App Store Tax: A $22B Annual Toll on Developers and ConsumersMicrosoft's $69B Activision Deal: Building a Gaming Monopoly Through AcquisitionsX Platform Brand Safety Crisis: How Musk's Moderation Cuts Cost Advertisers $4BOpenAI Safety Exodus: Why 14 Senior Researchers Quit Over GPT-5 Launch PressureDeepfake Democracy: AI-Generated Election Disinformation Reached 120M Voters in 2024AI Hiring Bias Exposed: Algorithms Reject 43% More Black Applicants at Fortune 500 CompaniesPredictive Policing AI: Algorithms That Send Cops to Black Neighborhoods 3x More

Explore Across Platforms

OPHGoogle Corporate ProfileNoizzCompare Privacy Tools

Frequently Asked Questions

What is Project Texas and has it worked?
Project Texas is TikTok's $1.5 billion initiative to store all American user data on Oracle Cloud Infrastructure in the United States, with Oracle serving as a trusted partner to monitor data flows. Our investigation found that while structured database data has been migrated to Oracle servers, real-time behavioral data streams continue to flow to ByteDance servers in China through a separate pipeline that Oracle does not monitor. The project has failed to achieve its stated goal of fully isolating American user data from Chinese access.
What kind of data does TikTok collect from users?
TikTok collects an extraordinarily comprehensive set of data from users. Beyond the obvious content consumption patterns, the app gathers device fingerprints, keystroke dynamics, location data, contact lists, clipboard contents, and detailed behavioral signals including viewing duration, scroll speed, pause patterns, and content interaction sequences. Former engineers describe this data as sufficient to create a unique digital identity for each user. The scope of collection goes well beyond what is necessary for the app's core functionality of serving short-form video content.
Will TikTok actually be banned in the United States?
The legal landscape around a potential TikTok ban remains complex. While the Protecting Americans from Foreign Adversary Controlled Applications Act requires ByteDance to divest TikTok's U.S. operations, multiple legal challenges and executive extensions have delayed enforcement. The Supreme Court upheld the constitutionality of the law in January 2025, but the divestiture process itself faces significant hurdles including Chinese government opposition to the sale of TikTok's algorithm. The most likely outcome appears to be a negotiated arrangement involving partial divestiture and enhanced security measures.

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Sources

Stay informed. Take action.

Join the community holding corporations accountable.

Join 23,000+ readers who trust OPV for independent analysis

Get SeekerPro — $15.99/moSign Up FreeExplore Trending Stories

Cancel anytime. No commitment required.

Tools We Recommend

Is your website performing?

Free AI-powered QA audit. Find and fix issues in minutes.

Run Free Audit

Automate your marketing

AI-powered content creation, scheduling, and analytics.

Try Free

AI assistant that acts

Chat, automate tasks, browse the web. Your AI agent.

Chat Now

Want the Full Story?

SeekerPro gives you comprehensive investigative intelligence across 277 tools and services.

Try SeekerPro Free for 14 Days

$15.99/mo after trial. Cancel anytime.

Get the Inside Scoop

Weekly investigative insights and corporate accountability updates.

No spam. Unsubscribe anytime.

Visit Blossend.com →

Explore the full portfolio of independent AI tools and editorial properties at blossend.com.