It was a Sunday night in late January when audio-only social network Clubhouse burst into the mainstream. An interview with Elon Musk, founder of Tesla and SpaceX, took a turn when Robinhood CEO Vlad Tenev was brought onto the virtual stage.
As Musk turned interviewer, asking Tenev about the real story behind Wall Street Bets, the room stretched beyond Clubhouse’s 5,000 person limit. The audio was streamed live on YouTube – against Clubhouse’s terms of service – fuelling the app’s rise to the top of the start-up charts as an influx of people scrambled to source an invite.
Founded by Silicon Valley entrepreneurs Paul Davison and Rohan Seth in March 2020, Clubhouse now has more than two million users and is valued at around $1 billion. It’s currently only available via an iOS app, but an Android version is apparently in the making. Clubhouse is invite only: Each new sign-up can invite two people to join the app.
Clubhouse’s exclusivity has wide appeal, attracting celebrities such as Kanye West, Jared Leto, Kevin Hart and Oprah Winfrey. For others, the excitement comes from listening in to live audio streams from virtual ‘rooms’, with the possibility of joining discussions if the moderator allows it.
But as with many startups, an increase in popularity has brought more scrutiny. In recent weeks, Clubhouse’s reputation has taken a battering over privacy and security. So just how safe is the app?
Data collection issues
One of the biggest issues with Clubhouse is the fact that anyone can potentially record a room and stream the content elsewhere. In early February, the Stanford Internet Observatory (SIO) discovered a user was streaming audio feeds and metadata from multiple rooms to another website. Confirming the data “spillage” to Bloomberg, Clubhouse said this violated its terms of service. It banned the user from the platform and without providing specific details, said it had added “safeguards” to prevent this from happening again.
But it was just the tip of the iceberg. A week later, the SIO detailed multiple security and privacy issues, including the fact that users’ unique Clubhouse ID number and chatroom ID are transmitted in plaintext. Another major concern, according to the SIO, is the China-based company that provides Clubhouse’s back end infrastructure, Agora, which could potentially allow government access to raw audio on the platform.
Jane Manchun Wong, a security researcher known for discovering new software features via reverse engineering, says “a flaw” in Clubhouse’s backend design allows users to programmatically stream audio data out of the Agora API without necessarily using the Clubhouse app itself. At the time of her research into the app, it was possible to listen to multiple rooms simultaneously. In addition, in a Clubhouse room, each speaker is assigned their own audio track; Agora does not mix the audio from speakers into one. This could facilitate unnecessary data collection.
“The audio tracks from each speaker are streamed to the user’s phone via Agora and they are played simultaneously,” Wong says. “Each of the audio tracks contains metadata including the corresponding user ID: this makes harvesting and processing the voice data of each individual easier.”
Clubhouse says it is “deeply committed to data protection and user privacy”. But a spokesperson admits the app has “identified a few areas where we can further strengthen our data protection”.
“We have addressed the flaws identified by the SIO and rolled out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers,” the spokesperson says, highlighting the firm’s bug bounty program in partnership with HackerOne.
Meanwhile, Agora says it “cannot confirm any engagement with Clubhouse or speak to Clubhouse’s security and privacy protocols for its own application”. The company adds it doesn’t store or share personally identifiable information from any of its customers applications. “That information is managed by Agora’s customers, within their own applications.”
Moderation and user control
Clubhouse has been criticised for lacking adequate moderation controls to keep its users safe. Tamara Littleton, CEO and founder of marketing agency The Social Element, joined Clubhouse in January and co-moderates a regular room. Among the issues with the platform, Littleton says: “There is no way of controlling what people say. As moderator you can remove and report them, but anyone can set up a room that, for example, spreads conspiracy theories.”
Wong has encountered trolling incidents in Cantonese-speaking rooms. “Someone managed to come on stage and speak gibberish mocking our language, telling us to speak English, bringing up politically sensitive topics that were irrelevant to what was being discussed. We can report them afterwards, but these trolling incidents interrupt the flow of our discussion. I am not sure how this can be prevented without compromising the visibility of the room.”
Another issue is the number of languages spoken by Clubhouse’s moderation team as the app grows internationally. But Clubhouse founder Davison says the social network is expanding its moderation team so it will be able to understand more languages.
Clubhouse records all audio until every person has left the room, which it says is for safety purposes. Its community guidelines state that temporary audio recording is performed “solely for the purpose of supporting incident investigations” while “the room is live”.
If a user reports a violation while the room is active, Clubhouse retains the audio “for the purposes of investigating the incident” and deletes it when this is complete. If no incident is reported, Clubhouse says it deletes the temporary audio recording when the room ends. “Audio from muted speakers and audience members is never captured, and all temporary audio recordings are encrypted.”
But there are potential security concerns about this practice. Because the audio is not encrypted end-to-end, it is potentially accessible. At the same time, conversations are recorded for as long as a room is occupied, so your microphone stays active if you switch to another app without actually leaving the room, says Alexander Hanff co-founder and CEO at Think Privacy. “Clubhouse continues to record any non-muted microphones and retains all recordings until every person actually leaves the room.”
Littleton points out that audio recording isn’t unusual: it’s used in online gaming, for example, to control toxic behaviour. “For me, you can’t have it both ways. Either it is live and you rely on human behaviour, or there is a delay like in broadcast TV.” Yet she thinks Clubhouse’s moderation tools could be enhanced to give more control to users. “There needs to be more action around reporting. Room moderators could see if the person has a history if there was an Uber-style rating system to identify bad behaviour.”
According to data protection experts, Clubhouse may lack some basic privacy safeguards needed for the EU’s General Data Protection Regulation (GDPR). For example, if you want to invite friends to use the app, you have to give up your entire contact list; an issue that has already attracted the interest of regulators in Germany.
Crucially, the app does not take into account privacy by design, says Pia Tesdorf, a data privacy speaker and educator. “It’s ok to share your data, but it should be opt-in. That’s what GDPR is about.”
Clubhouse argues that this feature is opt-in only and not required in order to use the app. “People may choose to optionally grant access to their phone contacts so they can see which of their friends are on the app” says the spokesperson, adding that users can revoke contacts access from their iOS settings, and “contact Clubhouse support to delete any previous data”.
Clubhouse is a new app, and like others – such as Zoom – it has scaled quickly as demand surges and been found not to have the best security and privacy setup available to its users.
There are some straightforward fixes it can make, Wong says. Clubhouse could make itself more secure by ensuring users can only listen to one room and log in on one device at a time. “It could also consider hashing the phone numbers before uploading them to the server to ensure the app doesn’t collect more data than it needs. Better yet, rework the invitation system so it doesn’t need contact book data at all.”
More great stories from WIRED
🌍 Bill Gates has a plan to save the world. Will the world listen?
🇦🇺 Facebook did the right thing. Here’s what its fight with Australia is really about
🖥️ Working from home? These are thebest computer monitors you can buy
🔊 Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday