Clubhouse App Devs Promise Security Upgrades After Allegations Of Chinese Spying
This year, apps that let users listen or talk to live broadcasts over the internet are becoming more popular. One such app, Clubhouse, is sitting at number 6 in Social Networking on the Apple App store, and it only seems to be growing. However, just because it is popular does not mean it is safe and secure, as we are now finding out.
According to the App Store's description, "Clubhouse is a space for casual, drop-in audio conversations—with friends and other interesting people around the world." Unabated free speech is a luxury most westernized nations have; however, countries like China do not. Thus, as the Snapchat of audio, Clubhouse took off for Chinese iPhone users leading to discussions of Uighur concentration camps, Tienanmen Square protests, and other banned topics. Subsequently, Chinese censors blocked the app on February 8th.
Though the app is now gone, Stanford's Internet Observatory (SIO) researched the app and found that Agora, a "Shanghai-based provider of real-time engagement software, supplies back-end infrastructure to the Clubhouse App." As Agora is Shanghai-based, it is subject to Chinese cybersecurity law, including "protecting national security and criminal investigations."As the SIO explains, "If the Chinese government determined that an audio message jeopardized national security, Agora would be legally required to assist the government in locating and storing it."
Making things worse, the privacy that users thought they had may have only been good advertising. The SIO explained that "a user's unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users' raw audio." These issues combined could have allowed the Chinese government to access audio files and information about people speaking critically of President Jinping's regime.
It also appears that the SIO found other security issues with Clubhouse, which it has since sent to the company behind the app and will disclose after some time. The company is already making changes to how it accesses Chinese servers, which should be implemented shortly. “For example, for a small percentage of our traffic, network pings containing the user ID are sent to servers around the globe—which can include servers in China—to determine the fastest route to the client,” said the Clubhouse devs in a statement. “Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers.”