The application is becoming more and more popular, but there are more questions to his privacy.
In January 2021, Clubhouse began to gain popularity in the United States and Europe, and then in Russia: all over the world there are already millions of users in the Russian Federation, more than one hundred thousand. TJ says what data collects Clubhouse, where they can leave and that dangerous around privacy in the social network.
Conversations in the rooms are recorded. Official explanation - for moderation
Many are mistakenly confident that communication in Claubhouse is arranged by the same principle as the communication is live. In the social network there is even a formal ban on recording conversations. According to the rules, if you do this without the written permission of all the participants in the conversation, the service can block the account.
But the service can record conversations in the rooms and keep them for a while - this is stated in privacy policy. Application creators claim that these data are needed for security, for example, in case of terrorist threats, manifestations of the language of hostility or publication of personal data without consent. If the complaint does not arrive, then the saved audio recording is deleted, says service.
How the recording of conversations in the Clubhouse and how long the data is stored, is still unknown. In terms of confidentiality, there is a word "temporarily" - it may mean a few minutes, and several years. German and Italian regulators have already demanded public explanations about how the data transfer policies are combined with European privacy laws.
While Clubhouse is not seen in controversial cases of cooperation with those or other authorities. But everything can change: including therefore it is better not to discuss confidential information publicly.
Clubhouse scans a list of contacts. Official explanation - for distribution of invitations
One of the key features of Clubhouse is in the mechanics of invites and focus on social capital. Members of the social network can be seen including those rooms in which they are involved or telling those who are signed - there is no convenient search yet.
When installing the application, the application requests permission to access the list of contacts, and then offers to invite everyone from the address book - from colleagues at work to a long time.
I'm Into Clubhouse. What i'm not into? The Aggressive Hoovering Of My iPhone Contacts Into Its Servers.
- JoannasterN (@Joanna Stern) 1613675049.
Currently There Is No Way to Delete This. Clubhouse Told Me IT Plans to Add a Button to the app That Will Allow You to Delete This Data Soon.
https://on.wsj.com/3k10nze https://t.co/kmvcoopsu9.
The authors of the application explain the need to scan contacts issuing invites. At the same time, for the invitation of users, not the entire address book is formally needed, but only a specific number. But if you do not give social network access to the phone book, then it will not allow distributing invites.
Many in contacts have not only friends from real life, but also colleagues, bosses, personal doctors or, for example, those with whom they once went on a date. Journalists have in the phone book there are also sources of information that are probably guaranteed anonymity.
WHEN YOU JOIN CLUBHOUSE IT TELLS YOU HOW MANY PEPLE ALREADY ON CLUBHOUSE EACH OF YOUR CONTACTS KNOWS, SO NOW I KNOW HOW MANY PEOPLE DRUG DEALER, THERAPIST, LAWYER, AND HOUSE CLEANER AS ME
- IsisloveCruft (@isis Agora LoveCruft (They / Them)) 1612308971.
When the Clubhouse user opens access to the rooms, it reports to developers: it is somehow connected with specific people, and they are associated with it. It is easy to imagine how to some user the application will recommend those whom he is currently real life prefers to avoid.
Justice for the sake of social network does not show who these "common friends". But it is logical to assume that the service stores this information.
Mechanics "Greetings" are also unsafe - it follows from access to the phone book. When registering a new user Clubhouse sends the Push to his contacts and offers to create a private room for greeting.
The "Novice" himself may not even go to the "closed" chat. But if you accidentally press other users on Push-notification, they risk finding out in an awkward situation: the participants of the room may not know each other and not to have the desire to meet.
"Welcome to Clubhouse! Would You Like to Start A Room Would Women You Met On Okcupid and Told Your Name Was Mark, You Were Divorced and You Were 7 years Were Divorced and Only Found Out The Truth WHEN I GoogleD Your Phone Number? Haha !! Hello? " https://t.co /0tigocsvht.
- Caraghpoh (@caragh) 1612664050.
Clubhouse uses Chinese workers and transmits user ID in open
Perhaps most questions about Clubhouse arose when it turned out that the authors used the developments of the Chinese company Agora to transfer real-time audio. Researchers from the Stanford Internet Observatory (SiO) found this fact, however, they did not even hide him.
Experts analyzed Clubhouse Web Traffic publicly affordable utilities like Wireshark. It turned out that the data is leaving directly to the servers belonging to Agora: for example, Qos-america.agoralab.co. When joining the channel, the application generates a metadata package that transmits specifically for the backend infrastructure of the Chinese company.
This information contains data on each user, including a unique profile ID and room to which he joined. This CLUBHOUSE data transmits in an open form without encryption: anyone can actually track the movement of a particular user, "capturing" the network to which that is connected.
Agora - founded in Shanghai Startup with headquarters in the Silicon Valley. It sells other companies access to a platform for voice processing and real-time video. Thanks to this startups, it seems that Clubhouse does not need to create the basis from scratch: the team can send the strength to other tasks. The end user often may not know that the application works on the AGORA platform, because it does not say in user agreements.
Since CLUBHOUSE When processing audio real-time rely on Agora technology, researchers suggest that the Chinese company can access uncompressed audio stream. Indeed, including through its servers there are all conversations.
The main danger of using Agora's developments, according to experts from Stanford, is that the company has pledged to obey Chinese laws. If the Chinese government considers some kind of conversation dangerous for national security, the company will allow the authorities to learn entry.
Agora has already stated that they do not store user data, except for those that are needed to track network activity. The company claims that it is only a "conductor", and its clients usually encrypt the data.
In this case, the Chinese government will not be able to access Clubhouse. However, theoretically, the authorities can "invade" the network and write the necessary conversations themselves, consider it to SiO. Such an alignment is likely to affect Chinese Clabukhaus users, which, despite blocking in the country, use the application.
Outcome: Is Clubhouse safe
Considering that Clabukhaus in a key aspect of work relies on the platform of a third-party company, transmits data in an open form without encryption and writes conversations, cannot be considered secure. Much depends on where audio recordings are stored: if they are in the USA, then Chinese or any other government will not be able to access. But it does not remove risks against American users.
Representatives of Clubhouse in response to the investigation SiO said that only a small percentage of users data on Chinese servers are sent to Chinese servers - to ensure the smallest delay in conversations. The authors of the application promised to listen to the recommendations of specialists and add "additional encryption". The service promised no longer use Chinese servers and attract a third-party firm to assess the security of the code.
The Publication SiO states that information about Agora and data transmission in open form is not the only problems with the security of Clabukhaus. Researchers decided not to report other weaknesses in public until they were corrected, but transferred information to developers.
#Clubhouse # Privacy # Safety # social network
A source