Server in China, gestohlene Talks
Clubhouse wanted to solve problems and just kept getting new ones
The audio network Clubhouse shot out of nowhere to the top of the app store just under a month ago. And quickly drew criticism. But the promised solutions to problems are a long time coming. Instead, new ones are constantly being added.
Elon Musk has already done it, Thomas Gottschalk a lot more often and Dunja Hayali anyway: Millions of people chat on the hype app Clubhouse, including lots of celebrities. But the network with its mixture of talk show, podcast and private chat has been criticized for weeks. And always attracts new trouble.
The latest scandal: Several private conversations by users could be listened to completely freely on the Internet. The supposed intimacy of the conversations – the clubhouse can only be used by invitation, every listener is clearly displayed under the conversation – was gone. A not publicly named user succeeded in embedding his account on his website at the weekend and thus making the conversations he joined audible for everyone, Clubhouse confirmed to the “Los Angeles Times”. The users of the app have been permanently blocked and new security measures have been implemented to prevent such abuse.
Stream to China
Security experts doubt whether this is even possible. One should expect that every conversation will be recorded on the platform, the researchers from the Standford Internet Observatory (SIO) found. “Clubhouse cannot make any serious privacy promises for any discussions around the globe,” said director Alex Stamos on the weekend about the measures.
Stamos, who used to be responsible for security at the social media giant Facebook, and his colleagues had made an even more irritating discovery just a week earlier. Clubhouse itself is only responsible for the user experience and use of the app. For the processes in the background, the operation of the server and thus the streams and the storage of the data, help was obtained from the start-up Agora – based in Shanghai.
This has far-reaching consequences for user privacy. Not just for Chinese dissidents who may feel safe on the platform, as Stamos emphasizes. The entire audio data ran accordingly via Chinese servers. According to SIO, Agora, like other Chinese companies, is obliged to share data with the government on request, reports “ The Verge”. In plain language this would mean: If China were to request recordings of the conversations, Agora would have to deliver them.
Who is recording when?
The activists of “Zerforschung” showed that things can also turn out differently. In a series of tweets at the end of January, they revealed that with a jailbroken iPhone and the right commands, you also have the option of recording conversations as a guest – even if you are not displayed as a listener to the other participants . And: Because every user is assigned a unique ID, you can not only clearly assign a contribution to a conversation to an account, but also specifically record the sound of individual people. The fault is the functionality of the Agora program kit (SDK), on which Clubhouse ultimately runs.
Much trouble about privacy
For Clubhouse, the two discoveries are just another in a long line of privacy problems. Since the start of the hype in January, the network had been worried about handling contact details. In order to be able to invite friends to the network, you have to give them access to the entire contact book. The fact that Clubhouse processes the data found there can be seen immediately: If you suggest who you can invite, it is also shown how many other members this person is already networked with. Clubhouse creates detailed contact databases even for people who are not registered there. In the case of professional use, this could even violate the GDPR, said lawyer Christian Solmecke to “Netzwelt”.
No wonder that data and consumer advocates quickly ran storm against the app. The company’s statements on data processing showed “no relevant restrictions and largely opened up all options for the operating company,” complained the Hamburg data protection officer, Johannes Caspa, to “Onlinemarketing.de” the missing imprint – and promptly warned Clubhouse.
Focus on growth
The reason that the app is currently only stumbling from one problem to the next is likely to have a simple reason: The company was simply overrun by the sudden hype surrounding the app, which has actually been in existence for two years and still has very few employees. And they are currently relying fully on stable servers and new features such as a larger number of users in rooms and a version for Android smartphones.
The situation at Clubhouse is unlikely to have been made any more relaxed by public attention. Because it arouses desires. With Spaces, competitor Twitter has already presented a similar product, Facebook is reportedly working flat out on its own version of the app. Clubhouse’s problems are likely to increase in the near future.