Clubhouse users should assume they’re being recorded, a data-privacy expert said, following a breach that sent conversations to another website

clubhouse app 1

Summary List Placement

People participating in discussions on the audio-chatroom app Clubhouse should assume they are being recorded, data-privacy expert Alex Stamos told Bloomberg.

Over the weekend — nearly a week after the app said it was working to protect user data from hackers — cybersecurity experts learned that a user was remotely sharing login information, pulling audio and metadata from Clubhouse to an external site.

The unidentified user streamed Clubhouse audio feeds from “multiple rooms” into their own third-party website, a Clubhouse spokesperson told the publication.

The company has permanently banned the user, it added.

“Clubhouse cannot provide any privacy promises for conversations held anywhere around the world,” Stamos, director of the Stanford Internet Observatory (SIO) and former Facebook security chief, told Bloomberg.

While the SIO was unable to identify the hackers, Stamos said the perpetrators used JavaScript — the same programming language used to create Clubhouse — in order to breach the system.

Insider contacted Clubhouse for comment, but did not receive a response in time for publication.

On February 12, the SIO released a report into the invite-only app which said user data may be accessible to China’s government. In response, Clubhouse said it would review its policies and roll out added encryption in the next “72 hours.” It also said it plans to hire an external data security firm to review these changes.

SIO researchers said they found some of Clubhouse’s back-end infrastructure, including its audio production and data traffic processing, had been provided by Agora, a Shanghai-based startup with an office in Silicon Valley. Some of this data was being transmitted without encryption.

  TikTok is being tapped by brands like Grammarly, which have found success through viral trends and free advertising on the app

“Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government,” the researcher said, and cited an SEC filing in which Agora said it was required to aid the Chinese government in national security and criminal investigations. Conversations about the Tiananmen protests, Xinjiang camps, or Hong Kong protests could qualify as criminal activity, the SIO said.

Agora told Bloomberg it couldn’t comment on Clubhouse’s security or privacy protocols, but said it was “committed to making our products as secure as we can.” 

A researcher at the SIO, Jack Cable, told Bloomberg that Clubhouse will likely look into restricting the rooms a user can enter at once, as well as the use of third-party applications in the chatrooms in order to prevent future data breaches.

Clubhouse users have live streamed and shared conversations on outside platforms in the past. In January, viewers hit the app’s 5,000 guests per room limit when Tesla CEO Elon Musk interviewed Robinhood CEO Vladimir Tenev on “The Good Time Show.” The group opened additional rooms, as well as streamed the conversation on YouTube in order to allow thousands to tune in.

Weeks later, an appearance by Facebook CEO Mark Zuckerberg on the same Clubhouse show caused the app to crash for some users.

The invite-only app has continued to garner public interest since it was created less than a year ago as a way to promote free speech and dynamic …read more

Source:: Businessinsider – Tech


(Visited 1 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *