The developers of audio chat room app Clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China, after Stanford researchers said they found vulnerabilities in its infrastructure.
In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Shanghai-based company Agora Inc., which makes real-time engagement software, “supplies back-end infrastructure to the Clubhouse App.” The SIO further discovered that users’ unique Clubhouse ID numbers not usernames and chatroom IDs are transmitted in plaintext, which would likely give Agora access to raw Clubhouse audio. So anyone observing internet traffic could match the IDs on shared chatrooms to see who’s talking to each other, the SIO tweeted, noting “For mainland Chinese users, this is troubling.”
The upgrades also include “additional encryption.” Alpha Exploration expected the changes to take effect over a 72-hour period, with a third-party firm auditing the changes.
Users were concerned that Chinese officials could legally obtain any recorded conversations passing through servers in the country. While only a handful of iOS users are believed to use Clubhouse in China, they may be prime targets for spying the Chinese government has eagerly cracked down on services that could help dissidents coordinate in secret, such as VPNs.
The new measures might be crucial to Clubhouse’s growth. If it’s going to grow past its invitation-only focus and launch on other platforms, Alpha Exploration will have to persuade users that it’s truly private and secure. Any work now could pay dividends if it gives more people the confidence to join in conversations.