Clubhouse‘s appeal lies in its off-the-record nature where users can voice chat with each other candidly, in ephemeral ‘rooms.’ But what if bad actors could snoop upon your live conversations?
A report from Bloomberg noted that over the weekend, an unidentified user was able to crack the service and listen to conversations. The user, believed to be based in China, made their own website to capture audio streams from the app. The company has now banned the user and said that it has implemented new “safeguards” to stop future unauthorized access.
This incident comes only a week after Clubhouse’s announcement of tightening security measures, including preventing the app from “transmitting pings” to China-based servers and additional encryption to protect conversations.
[Read: Addicted to Clubhouse? These apps will make it even better]
A report prepared by the Stanford Internet Observatory (SIO) noted that China-based company Agora provides the backend for Clubhouse, and it transmitted user ID numbers and chatroom IDs in plaintext. Neither Agora nor Clubhouse have commented on this partnership publically.
Former Facebook security executive Alex Stamos, who also contributed to SIO’s report, said that “Clubhouse cannot provide any privacy promises for conversations held anywhere around the world.”
He also observed Clubhouse used previously undocumented servers run by EnjoyVC. We don’t know what service this company provides to the app, and what implication it might have on users.
In response to SIO’s report, Clubhouse said that it doesn’t have servers in China as the app hasn’t been officially launched in the country. It added that some users in China found a workaround to install the app and “conversations they were a part of could be transmitted via Chinese servers.“
Security measures taken by the audio apps seem sufficient for now, but it might want to have a wider audit to avoid a Zoom-level fiasco.
Safety and privacy are a huge part of Clubhouse’s appeal. Twitter and Facebook are already exploring ways to build live audio chat products, and more security incidents might make users think of switching to other platforms.