How Safe is Clubhouse: From a Security Perspective

clubhouse

Not long ago, Elon Musk (CEO of Tesla) tagged the Kremlin’s official account on Twitter to ask if Vladimir Putin (President of Russia) wanted to join Clubhouse to join him for a conversation.

 

 

Clubhouse is an invitation-only social networking app that lets people gather in audio chat rooms to discuss various topics. Elon Musk had already chatted with the CEO of Robinhood, Vlad Tenev, on Clubhouse earlier this month and helped propel the app to the top of the startup charts. Clubhouse began to gain attention as Elon Musk asked questions about the services Robinhood app is providing in regards to Gamestop stocks and today we’re here to take a look at some of the important factors we must consider before jumping ahead of ourselves and risk our data and moreover, privacy.  

 

What is Clubhouse? 

Clubhouse started providing services around April of 2020 and expanded its influence mostly in silicon valley. The main difference between Clubhouse and other social networking apps is that it only allows real-time voice chat communications. A moderator can create a room with a specific topic and can give some or all participants in the room permission to speak. This way, the participants can speak and share real-time voice chat communications by switching between the roles of a speaker and a listener. When the room is closed, all conversations will be deleted without leaving any data or traces and the volatility is also a feature that distinguishes itself from other social networking apps. 

 

How Did Clubhouse Attract More than 6 Million Users?

First of all, famous figures like Elon Musk and Mark Zuckerberg, online influencers from Instagram and YouTube have made it much easier for Clubhouse to attract new users. Users mainly join the app to participate in or listen to live conversations organized by these influencers. However, not only influencers are taking advantage of this service – many organizations and companies have started to communicate and market their brands to users by sharing brand stories and various events. Clubhouse had 600,000 users at the end of 2020 and now has more than 6 million users. 

Second of all, users can only join the app via an invitation. When users first sign up, they can invite up to 2 friends each (iPhone users only at this stage) and when these users become active members of Clubhouse, they are granted more invitations. As a result, this has caused a certain level of social distinction between users who only use Instagram and other social networking apps. Some even say Clubhouse is the new FOMO-inducing social networking app. 

 

What Happens to User Data?

All existing social networking apps such as Facebook, Instagram, and TikTok collect and utilize user data as we know it. In particular, most of these apps make profits by using user data for advertising. Currently, Clubhouse isn’t following the existing business model which utilizes user data to make a profit – But, does this mean that Clubhouse has no data or privacy issues?

According to Clubhouse’s privacy policy, the app bans recording users’ voices or chats and does not store any of the records. However, it is stipulated that audio is temporarily recorded when a conversation is taking place in a room with a specific topic, and the data is deleted when that room gets closed. It’s stated that this is only to take actions when sanctions are required, such as when illegal acts or inappropriate conversations occur amongst users. 

“We temporarily record the audio in a room while the room is live. If a user reports a Trust and Safety violation while the room is active, we retain the audio for the purposes of investigating the incident, and then delete it when the investigation is complete.”

According to this policy, the app may use your recorded audio data to sanction or take action against you in the event of a violation of its terms of service. However, people are criticizing as they feel it’s more important to ask for consent in advance.

Additionally, another issue lies in the current ‘invitation only’ system. As mentioned earlier, the app can only be joined by receiving an invitation and it’s based on the contact information stored on an individual’s smartphone, meaning the app side-collects the contact information stored on the devices. In order to invite acquaintances, the app gains access to the user’s entire contacts list and exposes the information to the server. This system has the risk of exposing the information of a third party who has not joined the app – and can cause unnecessary personal data breaches. 

In addition, the term of service and other privacy-related terms are only provided in English, which violates German and European consumer protection laws, when even internet usage data can be collected when logged in via other social networking apps. This not only poses a threat to general data privacy but also leads to sanctions for violations of the GDPR. In fact, the German consumer association ‘vzbv’ pointed out that the app violates its privacy policy and the users should be aware of such things. 

Although the app has been finger-pointed by different groups of people and organizations, there’s no doubt that users perceive it as a game-changer in the social networking scene. It allows people to talk comfortably with different people across industries but at the same time, it’s a service that could be seen as somewhat supportive of alienation, leaving negative evaluations to coexist. 

This is mainly because the app, from a security standpoint, has various tasks to complete in order to protect personal information. As the service has obtained more than 6 million users in less than a year from launching, both excitement and concerns arose within the public. As there are still many steps to take such as launching an Android version and building different business models, it’s considered key to take care of the privacy concerns prior to any of these new projects. Above all, it’s definitely needing everyone’s attention so that improvements can be made in regards to data privacy in the future development process.