Clubhouse releases security update regarding Chinese data sharing concerns


Clubhouse wasn’t officially released in China and was banned just a few days ago, but the app’s developers are still nervous enough to take action.

At some point during the long US holiday weekend, developer Alpha Exploration Co. will make backend changes that will improve the service’s encryption and prevent user ID pings from being forwarded through servers in China. The clubhouse developer also promised to “have an outside data security company … review and validate these changes.”

The move follows a detailed report from the Stanford Internet Observatory (SIO) revealing the audio chat app’s previously unreported links to a technical interest in China. Agora is an “interactive video, voice and live streaming platform” that provides Clubhouse backend services – namely, hosting and forwarding the raw data of the app over the Internet.

This is of particular concern, the SIO notes, because “a user’s unique clubhouse ID number and chat room ID are transmitted in the clear and Agora would likely have access to the user’s raw audio”. Imagine a Chinese citizen hosting a chat on a provocative topic, and the related data can then connect the user and clubhouse ID to the audio of the chat.

Agora has its joint headquarters in the US and China, which means the company is subject to the latter’s restrictive cybersecurity law, which requires it to assist with criminal or national security investigations. And while Agora claims it doesn’t store any audio or user data, there are real privacy concerns when it comes to Chinese companies.

The details here get pretty technical, but Clubhouse temporarily stores user audio for trust and security investigations. That audio is stored in the US – effectively putting it out of reach of the Chinese government – but it could still be at risk if an outside partner like Agora holds the audio somewhere in China.

As a result of SIO’s thorough investigation, which you should definitely read through, Clubhouse will see some changes in the backend. The report ends with a statement from Alpha Exploration going through the plans.

“With the help of researchers from the Stanford Internet Observatory, we have identified some areas where we can further strengthen our privacy,” the statement said, which explains the changes described at the beginning of this story. “We welcome working with the security and privacy community as we continue to grow.”

As we reported earlier this week, it is not clear what Clubhouse has brought in an official ban in China. There is probably not a single reason. Although the app was never released there, as Alpha Exploration stated in its SIO statement, the people of China found workarounds that allowed them to get online.

h / t Engadget

Source link