Despite its sudden success, the Clubhouse app appears to be missing some basic privacy and security features. Can you trust Clubhouse with your data? Let’s find out.
What is Clubhouse?
Clubhouse is an invite-only audio chat room app. Users can listen to live audio streams from virtual chat rooms and even join in discussions if the moderator allows it. At just over a year old and with 2 million users, including some of the world’s greatest minds, it’s easy to get caught up in the excitement. However, the app hasn’t managed to seduce privacy and security experts in quite the same way.
From Chinese servers to contact sharing, we dissect Clubhouse’s security misdemeanors to help keep you safe.
A month after the app’s release, a user was discovered streaming audio feeds and metadata from multiple rooms to another website. Admitting the “data spillage” in an interview with Bloomberg, Clubhouse said that this violated its terms of service, banned the user, and added safeguards to stop this from happening again. How safe those safeguards are is impossible to say at this stage.
Does Clubhouse access your contacts?
Clubhouse is invite-only. Once you manage to join, you can invite two other people. But there’s a catch. You have to give Clubhouse access to all your contacts to invite others.
Not everyone in your contact list is a trusted friend. It could include your previous boss, a bad ex, your hairdresser, business associates, or, if you’re a journalist, confidential sources. When you give an app access to a contact, not only are you telling the app that you’re connected to them, but you’re also telling the app that they are connected to you.
While granting an app access to your contacts isn’t big news, it poses some privacy issues:
Awkwardness: As soon as someone from your contacts joins Clubhouse, you’ll receive a “walk them in” notification. Tapping on it immediately throws you both into a private room, along with other Clubhouse users who also had them in their contacts. Wonderful if you get to reconnect with some old school friends. Weird if you get shoved in a private room with your ex and their new partner.
Blind consent: If you want to invite others, Clubhouse will pull up a list of your contacts who haven’t yet joined. Here’s the non-consensual part: Clubhouse ranks each contact based on how many people they already know on Clubhouse. This undermines people who haven’t agreed to have anything to do with Clubhouse. It’s also non-consensual if your Clubhouse contacts are revealed to someone you’ve blocked or are trying to get away from.
When you hear the words “plaintext” and “data” in one sentence, it’s rarely a good thing. Combine that with certain governments that prosecute citizens for opposing speech, and you have a recipe for disaster. Clubhouse audio messages leave no public record after the speech occurs, but the SIO discovered that users’ unique Clubhouse ID numbers and chat room IDs are transmitted in plaintext (unencrypted) to servers operated by Agora, a China-based company. What does this mean?
The Chinese government could access Clubhouse data.
Agora provides the “real-time voice engagement” part of Clubhouse. It transmits user data via Chinese servers to the rest of the world. Agora acknowledged that it would be required to support PRC law, including the oath to protect national security and aid criminal investigations by supplying user data. Since Agora claims they don’t store any user audio or metadata (except to monitor network quality), users are reassured. Partially. Given that SIO observed unencrypted room metadata being relayed to servers hosted and managed by China, the Chinese government can collect this information without even accessing Agora’s networks.
Clubhouse could violate your privacy and aid unnecessary data harvesting.
Researchers have discovered a flaw within Clubhouses’s backend infrastructure that could let hackers extract audio chat from the Agora API without having to use the Clubhouse app. Agora does not mix the audio from speakers into one track — each speaker is assigned an audio track containing metadata like their unique user ID. It’s also likely that Clubhouse IDs can be connected to user profiles, which means that your data could be harvested, including your phone number, the subjects you’re interested in, and who you’re talking to – not ideal in countries where certain speech is punishable.
Is your data safe on Clubhouse?
Is your audio data safe with Clubhouse? That depends on where it’s stored, how long it’s stored for, and whether your voice ever gets cloned.
How long is Clubhouse audio data stored for?
Clubhouse temporarily stores user audio for the purpose of trust and safety investigations (e.g. terrorist threats, hate speech, threats to children, etc.). But how long “temporarily” is, remains unknown. We are informed, however, that if no trust or safety report is filed, the audio is deleted.
Where is Clubhouse data stored?
Can your voice be cloned from Clubhouse?
Adobe’s audio manipulator, Voco, can clone anyone’s voice in seconds by inspecting audio waves. Frighteningly realistic, you’d have a hard time defending an audio deepfake from someone’s actual words. Great as a silly joke between friends — not so great if you’re the president of a country.
Voice notes are overtaking text, podcasts have the same demand as video, and forums like Reddit and comment sections are blowing up. Clubhouse is the natural next step for social media and a refreshing reprisal from a society soaked in images.
Now, you can drop into a live conversation about a new medical insight or talk to a researcher who is one of the best minds in their field. It’s great to hear that Clubhouse is operating a bug bounty program with HackerOne to weed out security holes. But what we also need from Clubhouse is a better managed outlet for discussion with tighter privacy controls. Clubhouse is still in beta mode, which is why we should demand privacy now instead of boycotting it later.