Clubhouse Says Reviewing Data Protection Practices After Report Points to Security Flaws

Clubhouse, the US audio-only social media app, said it is reviewing its data protection practices after a report from Stanford Internet Observatory said it contained security flaws that left user data vulnerable to the Chinese government access. The app said in response to the study, published by the Stanford University research group, that while it had chosen not to make the app available in China, some people had found a solution to download the app, which meant that the conversations were a part of could be transmitted through Chinese servers.

“With the help of researchers at the Stanford Internet Observatory, we have identified some areas where we can further strengthen our data protection,” the company said in a statement released by the research group on Friday. “Over the next 72 hours, we will implement changes to add additional encryption and locks to prevent Clubhouse customers from transmitting pings to Chinese servers. We also plan to engage an external data security company to review and validate these changes.”

Clubhouse did not immediately respond to a Reuters request for further comment on Saturday.

Launched in early 2020, the app saw the number of global users skyrocket earlier this month after Tesla CEO Elon Musk and Robinhood CEO Vlad Tenev held a surprise discussion on the platform.

Masses of new users joined from mainland China, participating in discussions on topics including sensitive topics such as the Xinjiang detention camps and the Hong Kong National Security Law. But their access to the app was blocked last week, prompting frustration and fears of government surveillance. The Stanford Internet Observatory said it had confirmed that Chinese technology company Agora supplied Clubhouse with back-end infrastructure, and that Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government.

He also said that he observed room metadata being transmitted to servers it believed to be hosted in China and audio to servers run by Chinese entities. However, he added that he believed the Chinese government would not be able to access the data if the audio was stored in the US.

Agora did not immediately respond to a request for comment from Reuters, while China’s Cyberspace Administration, which regulates the country’s internet, did not respond to calls for comment during China’s Lunar New Year holidays.

“SIO decided to disclose these security concerns because they are relatively easy to discover and because they pose immediate security risks for the millions of Clubhouse users, particularly those in China,” the report said.

Data analytics firm Sensor Tower said the app, which is only available on Apple’s iPhone, had about 3.6 million users worldwide as of February 2, with 1.1 million registered in all six. past days.


How will we stay sane during this Coronavirus lockdown? We talked about this on Orbital, our weekly tech podcast, which you can subscribe to via Apple podcasts or RSS, download episode, or just press the play button below.

.