Clubhouse could be exposing raw audio and metadata to Agora, its Chinese service provider, report says
- The Stanford Internet Observatory found that Clubhouse was transmitting unencrypted data in ways that could be visible to Chinese service provider Agora
- The audio-focused social media platform said it is reviewing its data security practices following the release of the report
Clubhouse, the popular app that allows people to create digital discussion groups, says it’s reviewing its data security practices after the Stanford Internet Observatory found potential vulnerabilities in its infrastructure that could allow external access to users’ raw audio data.
User IDs are transmitted in plaintext over the internet, making them “trivial to intercept”, the Observatory noted. User IDs are like a serial number, not the username of the person. Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government, it said.
“Any observer of internet traffic could easily match IDs on shared chat rooms to see who is talking to whom,” the SIO said in its Twitter feed about its findings. “For mainland Chinese users, this is troubling.”
SIO, a programme at Stanford University that studies disinformation on the internet and social media platforms, said it observed metadata from a Clubhouse chat room “being relayed to servers we believe to be hosted in” China. Analysts also saw audio being relayed “to servers managed by Chinese entities and distributed around the world”, their report noted.