Clubhouse users' metadata and conversations reach Chinese authorities

The developers of the Clubhouse audio chat app are planning to add additional encryption - after

as researchers at Stanford said they found vulnerabilities in its infrastructure.

Last week, the Chinese authorities blockedon the territory of the country developed in the Silicon Valley application Clubhouse. The reason for blocking was the fact that the application became a platform for discussing taboo topics. On the territory of the PRC, this is classified as a criminal offense. While Clubhouse was not yet blocked, users were worried about the safety of their conversations. According to experts at Stanford University, the fears were not in vain.

New Stanford Internet Observatory Report(SIO) said the backend infrastructure of Clubhouse was provided by Shanghai real-time communications software provider Agora. In addition, SIO experts found that unique user and chat room IDs were transmitted unencrypted. According to SIO representatives on Twitter, this is cause for concern for millions of users, especially from China.

SIO researchers found that metadata fromClubhouse rooms are relayed to servers located in the People's Republic of China. Agora allegedly had access to user audio, and the data was sent "to servers operated by Chinese organizations and distributed around the world." Since Agora is a Chinese company, under cybersecurity law, it will have to help the government find and store audio messages if local authorities claim they pose a threat to national security. In a statement to the US Securities and Exchange Commission, the company acknowledged that it would be required to “provide assistance and support as required by law,” including national security protection and criminal investigations.

Stanford University researchers foundat least one instance of uploading room metadata to servers in China, and uploading audio to servers operated by Chinese organizations. What's more, Clubhouse has the ability to associate a user ID with their profile.

In response, Agora informed SIO that it does not storecustom audio or metadata, except for monitoring network quality and billing your customers. As long as the audio is stored on servers in the US, the Chinese government will not be able to access the data. In addition, Agora has promised to hire an external security firm.

In turn, Alpha Exploration(the company behind the Clubhouse app) told SIO that they are going to make changes to their work, introducing additional data encryption. In theory, it will be more difficult for China to track user activity.

Clubhouse is an iOS-only app designed to listen to live audio only.

Read more

Abortion and science: what will happen to the children who will give birth

Check out the most beautiful pictures of Hubble. What has the telescope seen in 30 years?

The Brunt shelf in Antarctica is collapsing at a speed of 5 meters per day

Each room in the Clubhouse is a real-time group audio chat.