Is the Clubhouse App Leaking Its Users’ Data to Chinese Govt?

The audio-based platform Clubhouse said that it is reviewing its privacy policy after a report published by Stanford Internet Observatory (SIO) alleged that the app consists of serious security flaws which have reportedly left its users' data in the hands of the Chinese government.

The invite-only social media networking app, co-founded by Rohan Seth, has soared in popularity after Billionaire and SpaceX founder Elon Musk used the application a few weeks ago and hosted a podcast with Robinhood CEO.

"SIO has determined that a user's unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users' raw audio, potentially providing access to the Chinese government," read a statement published by SIO on its website.

Why Does Hosting of Clubhouse App by a Chinese Service Matters?

SIO, in its report, claims that since Agora is jointly based in China and the US, it is subject to follow cyber security law of the Chinese government as well. This means that if the Chinese government determines that Clubhouse is used to jeopardise national security, then Agora would legally be required to assist the government about the data the app holds.

Researchers at SIO gave an example about the Tiananmen protests, Xinjiang camps, or Hong Kong protests and said that talking about these can qualify as criminal activity in China.

Key Findings of the Research

Here are some key findings of the research conducted by Stanford Internet Observatory:

• Clubhouse stores all the audio data of its users for safety investigations. This data is stored in the US servers but with the Chinese partnership, the data could still be at the risk of being held by the Chinese government.
• Agora, might have access to encryption keys. This means that the service provider might easily get hold of the data.
• Some of the data that Agora might have is: user's unique Clubhouse ID number chatroom ID, and the audio stored as well.

Responding to allegation, the company said, "With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection. Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes."

Meanwhile, Agora responded to SIO stating that it does not store any audio file or metadata, but it does monitor network quality and all the data is stored on servers based in the US, so it is not possible for the Chinese government to get hold of the data.

Earlier, security researcher Alexander Hanff, co-founder of SynData, said in a LinkedIn post, that the app collects information about its users, accounts, groups you're connected to and how you interact within the groups. Also, the app doesn't specify how the information collected is used.

Clubhouse App Blocked in China

The Chinese government blocked the audio-based platform stating that it attracted millions of Chinese users to “uncensored, cross-border discussions on political and human rights subjects.”

“We designed the service to be a place where people around the world can come together to talk, listen and learn from each other. Given China’s track record on data privacy, we made the difficult decision when we launched Clubhouse on the Appstore to make it available in every country around the world, with the exception of China. Some people in China found a workaround to download the app, which meant that –until the app was blocked by China earlier this week – the conversations they were a part of could be transmitted via Chinese servers,” said Clubhouse app in a statement to the SIO team.