U.S. Markets closed

UPDATE 1-Clubhouse says reviewing data protection practices after report points to flaws

  • Oops!
    Something went wrong.
    Please try again later.
·3 min read
In this article:
  • Oops!
    Something went wrong.
    Please try again later.

(Adds comment from Agora spokesman)

SHANGHAI, Feb 13 (Reuters) - U.S. audio app Clubhouse saidit is reviewing its data protection practices, after a report bythe Stanford Internet Observatory said it contained securityflaws that left users' data vulnerable to access by the Chinesegovernment.

The app said in a response to the study, published by theresearch group at Stanford University, that while it had optednot to make the app available in China, some people had found aworkaround to download the app which meant the conversationsthey were a part of could be transmitted via Chinese servers.

"With the help of researchers at the Stanford InternetObservatory, we have identified a few areas where we can furtherstrengthen our data protection," the company said in a statementpublished https://cyber.fsi.stanford.edu/io/news/clubhouse-chinaby the research group on Friday.

"Over the next 72 hours, we are rolling out changes to addadditional encryption and blocks to prevent Clubhouse clientsfrom ever transmitting pings to Chinese servers. We also plan toengage an external data security firm to review and validatethese changes."

Clubhouse did not immediately respond to a request fromReuters for further comment on Saturday.

Launched in early 2020, the app saw global user numbers soarearlier this month after Tesla CEO Elon Musk andRobinhood CEO Vlad Tenev held a surprise discussion on theplatform.

Masses of new users joined from mainland China, taking partin discussions on topics that included sensitive issues such asXinjiang detention camps and Hong Kong's National Security Law.But their access to the app was blocked last week, triggeringfrustration and fears of government surveillance.

The Stanford Internet Observatory said that it had confirmedthat Chinese tech firm Agora Inc supplied back-endinfrastructure to Clubhouse, and that Agora would likely haveaccess to users' raw audio, potentially providing access to theChinese government.

It also said it observed room metadata relayed to servers itbelieved were hosted in China and audio to servers managed byChinese entities. It added, however, that it believed theChinese government would not be able to access the data if theaudio was stored in the United States.

An Agora spokesman said the company had no comment on anyrelationship with Clubhouse, but that Agora does not have accessto or store personal data, and does not route through Chinavoice or video traffic generated from users outside China,including U.S. users. Agora provides software that allowscustomers "to build their security and privacy infrastructure ina way that is both compliant and relevant to their end-users,"the spokesman wrote in an e-mail.

The Cyberspace Administration of China, which regulates thecountry's internet, did not respond to calls for comment madeduring China's Lunar New Year holiday.

"SIO chose to disclose these security issues because theyare both relatively easy to uncover and because they poseimmediate security risks to Clubhouse's millions of users,particularly those in China," the report said.

Data analytics firm Sensor Tower said the app, which is onlyavailable on Apple's iPhone, had about 3.6 million usersworldwide as of Feb.2, with 1.1 million registered in the priorsix days.(Reporting by Brenda GohEditing by Clelia Oziel and Diane Craft)