{"id":185475,"date":"2021-02-22T10:14:36","date_gmt":"2021-02-22T07:14:36","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/are-clubhouse-chats-leaking-heres-what-we-know\/"},"modified":"2021-02-22T10:14:36","modified_gmt":"2021-02-22T07:14:36","slug":"are-clubhouse-chats-leaking-heres-what-we-know","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/are-clubhouse-chats-leaking-heres-what-we-know\/","title":{"rendered":"#Are Clubhouse chats leaking? Here\u2019s what we know"},"content":{"rendered":"

#Are Clubhouse chats leaking? Here\u2019s what we know<\/strong>”
\n<\/p>\n

\n Clubhouse\u2018s app<\/a>eal lies in its off-the-record nature where users can voice chat with each other candidly, in ephemeral \u2018rooms.\u2019<\/span>\u00a0But what if bad actors could\u00a0snoop upon your live conversations?<\/p>\n

A report from Bloomberg<\/a> noted that over the weekend, an unidentified user was able to crack the service and listen to conversations.\u00a0The user, believed to be based in China, made their own website to capture audio streams from the app<\/span>. The company has now banned the user and said that it has implemented new \u201csafeguards\u201d to stop future unauthorized access.<\/p>\n

\n

Some Chinese developer made an Android \/ PC compatible player for Clubhouse, put it on GitHub, and this guy is like \u201cClubhouse has been hacked & it\u2019s coming out of China.\u201d Then he goes on Clubhouse chatrooms to \u201cverify this hack.\u201d https:\/\/t.co\/7lbZDJa772<\/a><\/p>\n

\u2014 Rui Ma \u9a6c\u777f (@ruima) February 21, 2021<\/a>\n<\/p><\/blockquote>\n

This incident comes only a week after Clubhouse\u2019s announcement of tightening security measures<\/a>, including preventing the app from \u201ctransmitting pings\u201d to China-based servers and additional encryption to protect conversations.<\/p>\n

[Read: Addicted to Clubhouse? These apps will make it even better]<\/em><\/p>\n

A report prepared by the\u00a0Stanford Internet Observatory<\/a>\u00a0(SIO) noted that China-based company Agora provides the backend for Clubhouse, and it transmitted user ID numbers and chatroom IDs in plaintext. Neither Agora nor Clubhouse have commented on this partnership publically.<\/p>\n

Former Facebook<\/a> security executive Alex Stamos, who also contributed to SIO\u2019s report, said that\u00a0\u201cClubhouse cannot provide any privacy promises for conversations held anywhere around the world.\u201d\u00a0<\/span><\/p>\n

He also observed Clubhouse used previously undocumented servers run by EnjoyVC. We don\u2019t know what service this company provides to the app, and what implication it might have on users.<\/p>\n

\n

Another interesting finding was the undocumented use of servers run by “GUANGZHOU ENJOY_VC COMMUNICATION TECHNOLOGY<\/a> CO., LTD.” aka EnjoyVC.<\/p>\n

Neither Agora or EnjoyVC are listed as data sub-processors by Clubhouse.https:\/\/t.co\/g4bnLzXIKQ<\/a>https:\/\/t.co\/QKU6SBHUJu<\/a><\/p>\n

\u2014 Alex Stamos (@alexstamos) February 16, 2021<\/a>\n<\/p><\/blockquote>\n

In response to SIO\u2019s report, Clubhouse said that it doesn\u2019t have servers in China as the app hasn\u2019t been officially launched in the country. It added that some users in China found a workaround to install the app and \u201cconversations they were a part of could be transmitted via Chinese servers.\u201c<\/em><\/p>\n

Security measures taken by the audio apps seem sufficient for now, but it might want to have a wider audit to avoid a Zoom-level fiasco.<\/p>\n

Safety and privacy are a huge part of Clubhouse\u2019s appeal. Twitter<\/a> and Facebook are already exploring ways to build live audio chat products, and more security incidents might make users think of switching to other platforms.<\/p>\n<\/p><\/div>\n