Audio-based social media app Clubhouse said it would make privacy changes after US researchers based at Stanford University revealed the app’s potential vulnerability to spying by the Chinese government. The app was recently blocked by China, but Clubhouse officials conceded that conversations involving China nationals that took place before then could go through Chinese servers.
In a statement provided to the Stanford Internet Observatory (SIO), Clubhouse admitted that the pings that the company sent to servers all over the world do contain user’s ID. Even though this only applies to a small part of its traffic, these servers might be located in China as well.
Hence, it will now increase the encryption and blocks within the Clubhouse app to stop it from pinging Chinese servers. The company has also planned to have these new changes to be audited and verified by an external security company.
📢 New work out today from our Tech team & China research team: @joinClubhouse app recently became popular in 🇨🇳. We looked at its data security practices & found a potential risk to mainland Chinese users.
Here are our key findings 👋🧵⤵️
— Stanford Internet Observatory (@stanfordio) February 13, 2021
Earlier, SIO researchers raised concerns that Agora, who provides back-end infrastructure to Clubhouse, might have access to users’ raw audio. SIO surmised that since Agora is subject to China’s cybersecurity laws, the company must turn over recordings to Beijing if requested to do so under national security grounds.
For its part, Agora told The Verge that it does not have access to identifiable user data. The Shanghai-based company also insists that voice and video traffic from non-China users does not go through China.
Beijing blocked Clubhouse last week after Chinese users began using it to discuss taboo topics such as China-Taiwan relations, the ill-treatment of Uighur Muslims in China’s Xinjiang province, and the 1989 Tiananmen Square crackdown.