Clubhouse has a problem with data storage

Clubhouse has a problem with data storage

Some Stanford researchers discover a vulnerability that exposes the identities of the users of some rooms to China

Clubhouse increases encryption to not share data with China (image: Gabriele Porro / Wired Italia) The developers of the social network Clubhouse will increase room protections, after a study highlighted how a security breach could allow China to identify users who participate in a conversation.

As already happened with TikTok also on Clubhouse stands out l shadow of Beijing's espionage. This time, however, the company that provides the application's backend infrastructure, Agora, based in Shanghai, has been targeted. According to a report released by the Stanford Internet Observatory (Sio) Clubhouse has so far transmitted in clear the numbers of the unique Ids of its users and the Ids of the chat rooms, thus offering Agora access to the metadata of the conversations. The researchers found that the audio tracks and IDs of the users of the rooms studied were being transmitted in the clear in China.

This passage of unencrypted metadata would expose users to risks because anyone could match the unique ID numbers present in the chats with the real names of the users, managing to identify the participants. In addition, the researchers write, "since Agora is a Chinese company, it would be legally required to help the Chinese government locate and archive audio messages if local authorities claimed that the messages pose a threat to national security." In short, there is a risk of espionage.

Any observer of internet traffic could easily match IDs on shared chatrooms to see who is talking to whom. For mainland Chinese users, this is troubling

(4/8)

- Stanford Internet Observatory (@stanfordio) February 13, 2021



After the study was published, an Agora spokesperson immediately specified to The Verge that the company "does not have access to, share or store personal data of end users". Clubhouse for its part has assured that it will take steps "to add encryption and additional blocks". In addition, the social network has committed to hiring an external security company to review and validate the updates.





Powered by Blogger.