The developers of the clubhouse app Clubhouse plan to add additional coding to prevent it from transmitting pings to servers in China, after Stanford researchers said they found vulnerabilities in the infrastructure.
In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Agora Inc., based in Shanghai, which manufactures real-time engagement software, “provides back-end infrastructure to the Clubhouse App.” The SIO has further discovered that users’ unique clubhouse ID numbers – not usernames – and chat room IDs are sent in plain text, which is likely to give Agora access to raw clubhouse audio. Anyone who observes internet traffic can match the credentials in shared chat rooms to see who is talking to each other SIO tweetedand notes: “For Chinese users on the mainland, this is a concern.”
The SIO researchers said they found metadata from a clubhouse room “transmitted to servers we believe are housed in the” People’s Republic of China, and found that audio was sent to “servers run by Chinese institutions and around the world As Agora is a Chinese company, it will be legally obliged to help the Chinese government detect and store audio messages if the authorities there say the messages pose a threat to national security. the researchers suspect.
Agora told the SIO that it does not store audio or metadata from users, except to monitor the quality of the network and bill its customers, and as long as audio is stored on servers in the US, the Chinese government would not have access to could not get the data.
Agora did not immediately respond to a request for comment on Sunday, but said Bloomberg in a statement that it “does not have access to the sharing or storage of personally identifiable end-user data. Voice or video traffic from non-Chinese users – including US users – is never directed by China.” company declined to comment on its relationship with Clubhouse.
Clubhouse said in a statement to the researchers that with the launch of the app, developers decided not to make it available in China “given China’s history of privacy.” However, some users in China found a solution to download the app, the company said, “which meant that – until the app was blocked by China earlier this week – the conversations from which they participated could be transmitted via Chinese servers. . “
The company told SIO it was going to introduce changes “to add additional coding and blocks to prevent Clubhouse customers from ever sending pings to Chinese servers” and would hire an external security firm to review and validate the updates. Clubhouse did not immediately respond to a request for comment Sunday.
Clubhouse is an iOS-only live audio app that has become popular with many people in Silicon Valley, including Tesla CEO Elon Musk, whose debut at Clubhouse attracted thousands of simultaneous listeners earlier this month. The company was recently valued at $ 1 billion.