The developers of audio chat room app clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China. Stanford researchers said they found vulnerabilities in its infrastructure.
The Stanford Internet observatory (SIO) found that users’ unique clubhouse ID numbers — usernames, and chatroom IDs are transmitted in plaintext. So anyone observing Internet traffic could match the IDs on shared chatrooms to see who’s talking to each other, the SIO tweeted.
The SIO researchers found that audio was being sent to servers’we believe to be hosted in’. Since Agora is a Chinese company, it would be legally required to assist the Chinese government locate and store audio messages if authorities said the messages posed a national security threat.
Agora told the SIO it does not store user audio or metadata other than to monitor network quality and Bill its clients. As long as audio is stored on servers in the US, the Chinese government would not be able to access the data.
An Agora spokesperson declined to comment on the company’s relationship with clubhouse, but said it was very clear about’how we deal with user data’. The company’does not have access to, share, or store personally identifiable end-user data,’ the spokesperson said.
Developers decided not to make the app available in China’given China’s track record on privacy’. However, some users in China found a workaround to download the app.
The company said it would hire an external security firm to review and validate the updates. Clubhouse did not immediately reply to a request for comment on Sunday.
Clubhouse is an invite-only, iOS-only live-audio app that has become popular among many in Silicon Valley. Tesla CEO Elon Musk was recently valued at a reported $ 1 billion.