Clubhouse reviews data protection after finding flaws. a Researchers at the Standford Internet Observatory (SIO) found loopholes in data protection for the social network Clubhouse. According to them, the audio shared between users can potentially be accessed by the Chinese government.
The report reveals that the app uses the back-end infrastructure provided by China’s Agora. Featured, the users’ metadata package is not encrypted and the information can be accessed by third parties.
“In this way, an intruder can find out if two users are talking to each other, for example, and detect whether they are on the same channel,” explains the researchers.
Furthermore, it was discovered that Agora would probably have access to the Clubhouse’s raw audio traffic. Thus, if the app does not have end-to-end encryption, the Chinese company could intercept, transcribe and store the content.
The use of a Chinese provider also entails several issues, as it means that the company must comply with China’s cybersecurity law. Therefore, it is obliged to provide assistance and support to the government on matters related to national security.
“If the Chinese government determined that an audio message threatened national security, the company would be legally obliged to help the government locate and store it,” said the researchers.
Defense of Agora
A spokesman for Agora told Reuters that the company does not have access to or store personal data and that it does not route voice and video traffic generated outside of China. According to him, the company’s function is “just to monitor the quality of the network and charge customers”.
However, SIO researchers note that it is still theoretically possible for the Chinese government to access data records. Before the recent blockade, Chinese users used the social network to discuss prohibited matters in the country.
That way, Chinese authorities can still identify these people. As a result, there may be reprisals and punishments, or even veiled threats.