The developers of the social network Clubhouse, used to transmit audio messages in rooms in the application – said on Sunday (14) that they will improve the security of the service by adding another encryption system. With this, the company hopes to prevent the platform from sending ping to servers located in China.
The news comes after researchers at the Stanford Internet Observatory (SIA) claim to have found flaws in the application’s security that, according to the analyzes, allowed some important user data to be accessed by Chinese servers and, consequently, controlled by the country’s government.
According to SIA, the Chinese company Agora Inc, which is known for developing real-time engagement software, “provides back-end infrastructure for the Clubhouse application.”
In the study, SAI pointed out that each user’s unique ID numbers are stored in a simple text file and, with that, Agora could have access to the raw audio shared in the Clubhouse. That way it would be possible, for example, to combine the data of each user to have access to information about who talked to whom in the application.
The concern, according to the researchers, is that once in possession of Agora, the data collected by the company must be sent to the Chinese government if it so requests, if it is understood that there is a threat to national security.
According to the SIA study, metadata files from a Clubhouse room “being relayed to servers that we believe are hosted” were found in the People’s Republic of China, and that Clubhouse audio is sent to “servers managed by Chinese entities and distributed throughout the world.”
In defense, Agora told SIA that it does not store audio or metadata from users except to monitor the quality of the network and charge its customers. In addition, he noted that as long as the audio is stored on servers in the United States, the Chinese government will not be able to access the data.
The company declined to comment on its relationship with the Clubhouse, but stressed that it “does not have access to share or store personally identifiable personal data of the end user. Voice or video traffic from non-China based users – including users from the United States – is never routed through China. ”
As a result of these concerns, the Clubhouse has stated that it will implement changes “to include additional encryption and blocks to prevent Clubhouse customers from transmitting ping to Chinese servers.”