Clubhouse's Security and Privacy Lag Behind Its Huge Growth

Clubhouse's Security and Privacy Lag Behind Its Huge Growth

Clubhouse did not respond to a request from WIRED for comment by press time about its recent security stumbles. In a statement to the Stanford Internet Observatory researchers, Clubhouse detailed specific changes it planned to make to strengthen its security, including cutting off pings to servers in China and strengthening its encryption. The company also said it would work with a third-party data security firm to help see the changes through. In response to the unauthorized website that was re-streaming Clubhouse discussions, the company told media outlets that it had permanently banned the user behind it and would add additional “safeguards" to prevent the situation from occurring again.


Though Clubhouse seems to be taking researcher feedback seriously, the company hasn't been specific about all of the security improvements it has implemented or plans to add. Additionally, given that the app doesn't appear to offer end-to-end encryption to its users, researchers say there is still a sense that Clubhouse hasn't given adequate thought to its security posture. And that's even before you grapple with some of the fundamental privacy questions the app raises.


When you start a new Clubhouse room, you can choose from three settings: An “open” room is accessible by any user on the platform, a “social” room only admits people you follow, and a “closed” room restricts access to invitees. Each comes with its own implicit level of privacy, which Clubhouse could make more explicit.    


“I think for public rooms, Clubhouse should give users the expectation that public means public to all users, since anyone can join and record, take notes, etc.” says David Thiel, chief technology officer of the Stanford Internet Observatory. "For private rooms, they can convey that as with anycommunication mechanism, an authorized member can record contents and identities, so make ..