The Stanford Internet Observatory (SIO) Centre for Internet Policy Studies has identified a potential vulnerability in the voice-based social network Clubhouse that allows access to raw user data by Chinese authorities. "We have examined data protection practices and identified a potential risk to mainland Chinese users," the SIO said on Twitter.
The SIO confirmed that the "real-time voice and video interaction platform" and server infrastructure for Clubhouse is being provided by Agora Inc., a Shanghai-based startup with offices in Silicon Valley. In doing so, user IDs are transmitted in plain text over the internet, making their interception "trivial". "Any observer of internet traffic can easily match IDs in shared chats to see who is talking to whom," SIO analysts said.
They said they were able to capture how metadata from the chat club was "relayed to servers" that are likely to be in China. "Any unencrypted data that is relayed through servers in the PRC is likely to be available to the Chinese government," the SIO report noted.
The SIO believes that Agora likely has access to users' raw audio files and could potentially provide access to them to the Chinese government, as Chinese law requires it to assist the government in detecting audio messages, which, authorities believe, threatens national security.
source: bloomberg.com
The SIO confirmed that the "real-time voice and video interaction platform" and server infrastructure for Clubhouse is being provided by Agora Inc., a Shanghai-based startup with offices in Silicon Valley. In doing so, user IDs are transmitted in plain text over the internet, making their interception "trivial". "Any observer of internet traffic can easily match IDs in shared chats to see who is talking to whom," SIO analysts said.
They said they were able to capture how metadata from the chat club was "relayed to servers" that are likely to be in China. "Any unencrypted data that is relayed through servers in the PRC is likely to be available to the Chinese government," the SIO report noted.
The SIO believes that Agora likely has access to users' raw audio files and could potentially provide access to them to the Chinese government, as Chinese law requires it to assist the government in detecting audio messages, which, authorities believe, threatens national security.
source: bloomberg.com