- Clubhouse is a popular social media app that allows users to engage in audio chats only.
- The app has already caught the attention of bigshot players such as Tesla CEO Elon Musk and Facebook Inc.
- According to Stanford Internet Observatory, some major security flaws could allow the Chinese government access to user's data.
Clubhouse, a social media app that was launched less than a year ago, requires an invite, involves audio-only chats, and is free, for now. It has already caught the attention of bigshot players such as Tesla CEO Elon Musk and Facebook Inc.
.@KremlinRussia_E would you like join me for a conversation on Clubhouse?— Elon Musk (@elonmusk) February 13, 2021
The Chinese communist government has even gone ahead and blocked it in the country.
The iOS-only app, once you're in, lets you start or listen into conversations on a whole host of topics, and with a range of people from celebrities to thinkers and influencers. There are no posts, photos, or videos, only people's profile pictures and their voices.
However, the popular app has some serious security flaws. In a statement, the company said that "With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection,".
"Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes," reported Reuters.
Clubhouse did not immediately respond to a request from Reuters for further comment on Saturday.
The Stanford Internet Observatory (SIO) determined that the infrastructure of Clubhouse is provided by Agora, a Shanghai-based company that provides "real-time engagement software." It was also discovered the unique Clubhouse ID number of a user and their chatroom ID were transmitted in plaintext, which potentially makes users traceable.
It was also suggested that Agora was potentially able to access a user's raw audio. Monitoring of the app uncovered instances where room metadata was relayed to servers seemingly hosted in China, while audio was routed through servers managed by Chinese entities.
As a result of SIO's thorough investigation, Clubhouse is going to see some backend changes. The report ends with a statement from Alpha Exploration running through the plans. SIO disclosed the security issues as they are both "relatively easy to uncover and because they pose immediate security risks to Clubhouse's millions of users, particularly those in China," a blog post reads. Other security flaws were privately disclosed to Clubhouse.
To SIO, Agora's link to China means it has to comply with existing Chinese cybersecurity laws, and so comply with the government's data requests. While Agora claims not to store audio or data, it is still plausible for the government to tap Agora's networks and record data from the traffic.