- Stanford Internet Observatory researchers said Clubhouse had security flaws.
- Clubhouse to include additional encryption for safeguarding user data.
- The app was launched in early 2020 and is currently limited to the iOS platform.
Clubhouse, the audio chat app currently limited to iPhone users, is reviewing its data protection practices after a report pointed out that the audio file may be exposed to China-based servers. The Stanford Internet Observatory researchers in a report said that Clubhouse users' ID numbers (not usernames) and chatroom IDs are transmitted in plaintext to Agora. This Shanghai-based company reportedly offers Clubhouse back-end infrastructure, as per researchers. This leaves a big gap in the security of Clubhouse RAW audio files that researchers claimed could be accessed by China.
The audio chat app was quick enough to acknowledge the issues reported by Stanford Internet Observatory. In a statement issued said, "With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection."
Clubhouse added that it is adding an additional encryption layer and will block Clubhouse clients from transmitting pings to Chinese servers. "We also plan to engage an external data security firm to review and validate these changes," Clubhouse said.
In a published blog post, the Stanford Internet Observatory said it chose to reveal the security issues as it was both easy to uncover and high-security risk for Clubhouse users.
"SIO chose to disclose these security issues because they are both relatively easy to uncover and because they pose immediate security risks to Clubhouse's millions of users, particularly those in China. SIO has discovered other security flaws that we have privately disclosed to Clubhouse and will publicly disclose when they are fixed or after a set deadline," wrote in the blog post.
The blog post by researchers also raise questions over Agora's handling of Clubhouse data whether to monitor network quality or to bill its client. However, it adds that the Chinese government could tap Agora's network and get the record.
"Agora claims not to store user audio or metadata, except to monitor network quality and bill its clients. If that is true, the Chinese government wouldn't be able to legally request user data from Agora — Agora would not have any records of user data. However, the Chinese government could still theoretically tap Agora's networks and record it themselves. Or Agora could be misrepresenting its data storage practices," researchers explained.
Agora in an emailed statement to The Verge defended its handling of Clubhouse data. The company said, it "[....] does not have access to, share, or store personally identifiable end-user data and voice or video traffic from non-China based users — including US users — is never routed through China."
Last week, Clubhouse was banned in China. The app was steadily getting popular among users in China, and this was one reason why the Clubhouse app got the ban. According to security researchers at Stanford Internet Observatory, people in China discussed varying topics in Clubhouse chat rooms including Uighur concentration camps in Xinjiang, the 1989 Tiananmen Square protests, and personal experiences of police interrogation.
What is the Clubhouse app, and how do you join the audio app that Elon Musk uses?
Clubhouse, the new invite-only audio chat app has shot to fame in no time and attracts people from all genres for conversations. Launched in April last year, the platform offers a space for casual drop-in audio discussions with friends and people worldwide. Much like some of the social media platforms, Clubhouse users can follow people and hop in as a listener and hear what they are talking about in a room that is titled with the topic of discussion. However, one of the app's biggest limitations is that it is available on iPhone only and has an invite-based setup, which means you need someone to invite you to the platform.
"Hey, we're still opening up, but anyone can join with an invite from an existing user! Sign up to see if you have friends on Clubhouse who can let you in," reads Clubhouse website.
Some of the renowned people who have already joined the platform include Tesla and SpaceX CEO Elon Musk, Facebook CEO Mark Zuckerberg, Robinhood CEO Vlad Tenev and more. These personalities are one big reason for the surge in the download of the Clubhouse app.
Last month, a report claimed that Clubhouse was valued at $1 billion, which means the audio chat app is already a hit considering it has gauged good investment interest.
Sensor Tower, the data analytics company, said earlier this month that Clubhouse had around 3.6 million users globally by February 2, 2021.