Clubhouse Reviews Security Practices Amid China Spying Concerns

(Photo illustration by Jakub Porzycki/NurPhoto via Getty Images)

Audio-chat platform Clubhouse is reviewing its data protection policies after a report claimed it left user data open to access by the Chinese government.

The Stanford Internet Observatory (SIO) on Friday published a blog post suggesting Shanghai-based, Silicon Valley-headquartered startup Agora supplies back-end support to Clubhouse. In a Twitter thread, the team revealed that Clubhouse user and chatroom IDs are transmitted in plaintext over the internet, making them “trivial to intercept.” “Any observer of internet traffic could easily match IDs on shared chatrooms to see who is talking to whom,” SIO wrote. “For mainland Chinese users, this is troubling.”

“SIO chose to disclose these security issues because they are both relatively easy to uncover and because they pose immediate security risks to Clubhouse’s millions of users, particularly those in China,” the blog said. Additional flaws, privately disclosed to Clubhouse by SIO, will be publicly announced once they are fixed or after a set deadline.

An Agora spokesperson, meanwhile, told Reuters that the software provider does not have access to or store personal data, and does not route through China voice or video traffic generated from users outside the country.

“We designed the service to be a place where people around the world can come together to talk, listen, and learn from each other,” Clubhouse said in a statement published by SIO. “With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection.” That includes additional encryption and blocks to prevent clients from transmitting pings to Chinese servers, as well as plans to engage an external security firm to review and validate these changes. “We welcome collaboration with the security and privacy community as we continue to grow,” the firm said.

Launched on iOS in April, Clubhouse quickly gained popularity during the COVID-19 pandemic; by December, the invitation-only platform counted 600,000 registered users—including Elon Musk. It also attracted a number of Chinese netizens, eager to speak freely on a rare social network that didn’t comply with the country’s strict online censorship rules. Clubhouse made the conscious decision not to distribute in the country. Yet folks still found a way to download the app, transmitting conversations across Chinese servers. China officially banned Clubhouse last week, cutting off users from the unfiltered source of news and discussion.

Source