It seems like Clubhouse, a popular invite-only audio chat app, ran into serious pressure after researchers from Stanford University warned that the app is possibly leaking users’ audio data to the Chinese government. It is suspected that the backend software “Agora” used in the Clubhouse app is exposing users’ information to a third-party without users’ consent.
The Clubhouse app is based on audio-chat, which is part talkback radio and part conference call. The audio of the calls is not recorded by the app and not stored on servers; it cannot be shared. So, what is at risk here is the user ID and meta data.
Currently, Clubhouse is only available on iOS and can be accessed through joinclubhouse.com. However, users need an invitation to join a room.
Agora: The Culprit?
The Stanford Internet Observatory (SIO) stated that Agora, a Shanghai-based provider of real-time engagement software, provides back-end infrastructure to the Clubhouse app. According to SIO, Agora might have access to the user’s unique Clubhouse ID number and chatroom ID transmitted in plaintext and sending them to the Chinese government.
The SIO claimed that Agora is allegedly sending users’ metadata over the internet in plaintext unencrypted, allowing any third-party with access to a user’s network traffic to exploit.
“In this manner, an eavesdropper might learn whether two users are talking to each other, for instance, by detecting whether those users are joining the same channel. It is also likely possible to connect Clubhouse IDs with user profiles,” SIO researchers said.
“Although last week Clubhouse had not yet been blocked by the Great Firewall, some mainland users worried the government could eavesdrop on the conversation, leading to reprisals. Clubhouse app’s audio messages, unlike Twitter posts, leave no public record after speech occurs, potentially complicating Chinese government monitoring efforts,” SIO researchers added.
Ironically, the Chinese government recently blocked the Clubhouse app citing that it involves Chinese users in cross-border discussions on political and human rights subjects.
The Sudden Rise of Clubhouse
Developed by entrepreneur Paul Davison and ex-Google employee Rohan Seth, the Clubhouse app took social media by storm recently. Clubhouse received huge attention when Elon Musk tweeted about his chat with rapper Kanye West on Clubhouse.
Just agree to do Clubhouse with @kanyewest
— Elon Musk (@elonmusk) February 10, 2021
Things got more interesting when Musk invited Russian President Vladimir Putin.
.@KremlinRussia_E would you like join me for a conversation on Clubhouse?
— Elon Musk (@elonmusk) February 13, 2021
What Clubhouse says…
Responding to the allegations, Clubhouse said, “With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection. Over the next 72 hours, we are rolling out changes to add additional encryption, and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes.”