Over the weekend, an unidentified user was able to “divert” audio from private rooms in the Clubhouse. The alleged failure to platform Clubhouse, which has been experiencing rapid growth, now raises more questions related to privacy of your users. According to Reema Bahnasy, a spokesperson for the social network, the material was broadcast on a third-party website.
Clubhouse reports that it has already banned the user in question, but that he has not yet been identified or located. THE Bloomberg, the company said it had already added protections against this type of breach but did not provide details of the action. In practice, the user was able to transmit audio feeds in private rooms to his own address. An unconfirmed number of Clubhouse users would have been affected by the failure.
On Sunday (21), signs of the stream deviation were found on GitHub. In addition to the leakage of the audios themselves, it was discovered that the metadata from the rooms was also transmitted to a third site.
Jack Cable, a researcher at the Stanford Internet Observatory (SIO), said one of the possible solutions would be to prevent the use of third-party applications to access audio from the rooms. Another would be to limit the number of rooms that a single user can enter simultaneously.
More privacy concerns
The SIO itself released a report last week that metadata from the chat rooms was relayed to servers allegedly allocated in China. Not by chance, the Chinese government blocked access to the app at the beginning of the month by requiring location information to be delivered.
"The Clubhouse cannot offer any privacy promises for conversations held anywhere in the world," said Alex Stamos, director of SIO who was once head of security at Facebook.
The platform has a contract with a Shanghai-based company called Agora Inc., which handles its back-end operations. Thus, the Clubhouse is free to focus on the user experience, while the other company deals with traffic processing and audio playback.
However, outsourcing back-end operations also raises concerns about users' privacy. Agora did not comment on the Clubhouse's security and privacy protocols, but said it did not store or share information that could identify citizens.
Because it is an exclusive social network, until then, for iOS users, the Clubhouse can also raise other security issues. Invitations to the social network have been sold on platforms such as Mercado Livre for R $ 280, in addition to other scams that can also be applied, like distributing fake apps, for example.