NewsNation

Clubhouse says its reviewing data protection practices after report points to flaws

An illustration photo taken on January 25, 2021 shows the application Clubhouse on a smartphone in Berlin, after Thuringia's state premier Bodo Ramelow admitted on the chat app to playing Candy Crush on his phone during online pandemic response meetings with German Chancellor Angela Merkel. - Bodo Ramelow, head of the eastern Thuringia state, made the confession during what he thought was a closed meeting on the invitation-only audio chatroom app Clubhouse at the weekend. (Photo by Odd ANDERSEN / AFP) (Photo by ODD ANDERSEN/AFP via Getty Images)

SHANGHAI (Reuters) — U.S. audio app Clubhouse said it is reviewing its data protection practices, after a report by the Stanford Internet Observatory said it contained security flaws that left users’ data vulnerable to access by the Chinese government.

The app said in a response to the study, published by the research group at Stanford University, that while it had opted not to make the app available in China, some people had found a workaround to download the app which meant the conversations they were a part of could be transmitted via Chinese servers.


“With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection,” the company said in a statement published by the research group on Friday.

“Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes.”

Clubhouse did not immediately respond to a request from Reuters for further comment on Saturday.

Launched in early 2020, the app saw global user numbers soar earlier this month after Tesla CEO Elon Musk and Robinhood CEO Vlad Tenev held a surprise discussion on the platform.

Masses of new users joined from mainland China, taking part in discussions on topics that included sensitive issues such as Xinjiang detention camps and Hong Kong’s National Security Law. But their access to the app was blocked last week, triggering frustration and fears of government surveillance.

The Stanford Internet Observatory said that it had confirmed that Chinese tech firm Agora Inc supplied back-end infrastructure to Clubhouse and that Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government.

It also said it observed room metadata relayed to servers it believed were hosted in China and audio to servers managed by Chinese entities. It added, however, that it believed the Chinese government would not be able to access the data if the audio was stored in the United States.

An Agora spokesman said the company had no comment on any relationship with Clubhouse, but that Agora does not have access to or store personal data and does not route through China voice or video traffic generated from users outside China, including U.S. users. Agora provides software that allows customers “to build their security and privacy infrastructure in a way that is both compliant and relevant to their end-users,” the spokesman wrote in an e-mail.

The Cyberspace Administration of China, which regulates the country’s internet, did not respond to calls for comment made during China’s Lunar New Year holiday.

“SIO chose to disclose these security issues because they are both relatively easy to uncover and because they pose immediate security risks to Clubhouse’s millions of users, particularly those in China,” the report said.

Data analytics firm Sensor Tower said the app, which is only available on Apple’s iPhone, had about 3.6 million users worldwide as of Feb.2, with 1.1 million registered in the prior six days.

Reporting by Brenda Goh Editing by Clelia Oziel and Diane Craft