Your Clubhouse Chats May Not Be Secure — SIO

Popular audio chatroom app Clubhouse’s audio has been proven to be susceptible to breaching, just one week after announcing that it was taking steps to ensure the safety of user data.

Reema Bahnasy, a spokeswoman for Clubhouse confirmed that an unidentified user was able to stream Clubhouse audio feeds this weekend from multiple chatrooms into their own third-party website. 

While the company says it has already “permanently banned” that particular user and installed new “safeguards” to prevent a repeat, researchers argue that the platform may not be in a position to make such promises.

READ MORE: Ford To Sell Only Electric Cars In Europe And U.K. By 2030

The Stanford Internet Observatory, which was the first to publicly raise security concerns on February 13th, said on Sunday that users of the invitation-only iOS app should assume all conversations are being recorded. “Clubhouse cannot provide any privacy promises for conversations held anywhere around the world,” said Alex Stamos, director of the SIO and Facebook Inc.’s former security chief.
Stamos and his team were also able to substantiate that Clubhouse relies on a Shanghai-based startup called Agora Inc. to handle much of its back-end operations. He explained that while Clubhouse is responsible for its user experience, like adding new friends and finding rooms, they rely on the Chinese company to process data traffic and audio production. 

Clubhouse’s dependence on Agora raises serious privacy concerns, especially for Chinese citizens and nonconformists under the impression their conversations are beyond the reach of state surveillance, Stamos said.

A week ago, the SIO released a report saying it observed metadata from a Clubhouse chatroom “being relayed to servers we believe to be hosted” in China. Agora’s obligations to China’s cybersecurity laws mean that it would be legally required to assist in locating audio should the government contend it jeopardized national security.