Daily Management Review

Analysts warn of possible leak of Clubhouse user data to China


The US-based Internet Research Center has identified a vulnerability in social networking site Clubhouse that potentially allows Chinese authorities to access user data. The social network promised to add "additional encryption" to audio files.

The Stanford Internet Observatory (SIO) Centre for Internet Policy Studies has identified a potential vulnerability in the voice-based social network Clubhouse that allows access to raw user data by Chinese authorities. "We have examined data protection practices and identified a potential risk to mainland Chinese users," the SIO said on Twitter. 

The SIO confirmed that the "real-time voice and video interaction platform" and server infrastructure for Clubhouse is being provided by Agora Inc., a Shanghai-based startup with offices in Silicon Valley. In doing so, user IDs are transmitted in plain text over the internet, making their interception "trivial". "Any observer of internet traffic can easily match IDs in shared chats to see who is talking to whom," SIO analysts said. 

They said they were able to capture how metadata from the chat club was "relayed to servers" that are likely to be in China. "Any unencrypted data that is relayed through servers in the PRC is likely to be available to the Chinese government," the SIO report noted.

The SIO believes that Agora likely has access to users' raw audio files and could potentially provide access to them to the Chinese government, as Chinese law requires it to assist the government in detecting audio messages, which, authorities believe, threatens national security.

source: bloomberg.com