Clubhouse is a privacy disaster
Clubhouse is an embedded voice chat platform that has taken the world by storm. Its simple and enticing approach to voice chat has seen Clubhouse surpass 10 million downloads, but that success has been based on a lot of compromises.
This in-depth analysis of privacy protection reports not only shows that Clubhouse is below Facebook's privacy standards, but also stores all audio messages, forces users to share their contacts, and users' personal data is ruthlessly collected, tracked, and randomly shared with other users. Advertising companies share.
Clubhouse is listening
Despite major advances in modern encryption over the past decade, Clubhouse does a poor job of protecting the confidentiality of communications. Facebook's WhatsApp first implemented end-to-end encryption in 2014 - meaning WhatsApp can't access your chats either. Shortly thereafter, several other communication platforms followed suit. Seven years later, Clubhouse has failed to take this mainstream security approach and has rapidly expanded at the expense of your privacy.
Apart from this shortcoming, Clubhouse's ownPrivacy Policy AlsoRegulation:
We will temporarily record audio content while the chat room is active for the purpose of supporting the investigation of the incident only. […] We will delete the temporary audio recording when the chat room is dismissed if there are no incidents to investigate in the chat room. [...]
This means that all conversations, including those in private chat rooms, are saved to disk. Although they do claim to delete the records once they are no longer needed, these types of claims cannot be verified by their nature and often prove to be incorrect. Facebook previously claimed to hash all passwords before storing them,But becauseInadvertently storing hundreds of millions of passwords in certain log fileswas fined $2.2 billion。
Typically, the server infrastructure of most Internet services is complex, with traffic being routed through several different reverse proxies and third-party services before reaching its final destination. During data transfer, we do not know whether these endpoints inadvertently store some personal information. The following example further illustrates this fact:
To help us meet our business operational needs and run certain services and functions, we may share personal data with vendors and service providers, including providers of hosting services, audio applications and infrastructure, cloud services [...]
Clubhouse acknowledges that your personal information passes not only through its infrastructure, but also through many other third-party applications, including applications that handle audio in chat rooms. These third parties are not obligated to delete personal data within this Privacy Policy, so while Clubhouse itself may have deleted the audio content, you still need to place trust in the reputation of the unnamed "vendors and service providers".
Their policy does state that these audio recordings are "encrypted," without detailing how. They explicitly state that if at least one user in the chat room complains about the content of their audio, then Clubhouse will listen to the recording. This requires Clubhouse to have the key to this encrypted message, as they need to decrypt it in order to listen. This is called "server-side encryption".
Suppose you were given a safe, and next to the safe was a small slip of paper with the combination to the safe, neatly placed on the desk. Is this safe? This is how server-side encryption works. In contrast, if you passEncrypted messengers like StatusSend a message, and the key to this end-to-end encryption never leaves your device, and no one but you and the intended recipient can decrypt the message.
Clubhouse is collecting your data
After joining Clubhouse, you need to provide your phone number. While this may seem commonplace in this day and age, it's not so much what information they're collecting as much as what they're doing with it. For example, while the private messaging app Signal does require a phone number, there are a number of steps that need to be taken to ensure your phone number isn't linked to any of your activity. If you want to give Signal a given number,The most they can tell youYes whether the number is a Signal user.
them
themsell your dataTo "social media platforms and other advertising partners, who will use this information to provide you with targeted advertising".
They store all collected data indefinitely according to their retention policy and do not provide any in-app way to delete accounts.
They use invisible tracking images called pixels in your emails, "these pixels allow [them] to collect your email and IP address, as well as date and time."
They claim that "commercially reasonable efforts are made to identify and support a "do not track" signal," despite the fact that it's impossible to enable this signal within the app, where the vast majority of tracking occurs.
Although Clubhouse has extensive data sharing, they also take enforcement measures to obtain this data. When you attempt to invite other users to join Clubhouse, you will be required to share your entire contact list, which will be stored indefinitely on their servers and shared with their advertising partners. Cannot invite without shared contacts. This may actually violate theApple's Policy on Protecting User Privacy。
The App Store requires all apps that request certain permissionsWhen rejected, they should "fail gracefully". That is, if your scientific calculator app asks for your exact location and you decline, everything will still work for the scientific calculator, since the calculator obviously doesn't need your location. app The only time a program might prevent the user from performing certain actions is if a core functionality requires the permission, such as a camera app asking for permission to use the camera.
As far as Clubhouse is concerned, there seems to be no valid reason to need all your contact information just to be able to invite other users. If you join Clubhouse and chat with your friends, the only data required is that particular friend's contact information. These requests by Clubhouse are subtle and user-harmful methods to collect as much personal information as possible.
An immediate use that may arise is that information from these contacts is used to build a social graph and facilitate user discovery. While this use is somewhat real, it avoids doing so. Because for nearly four years, technology has advanced to provide such a social graph without collecting or viewing any personal information. Signal first announced itsPrivate Contacts Discovery Feature, a feature that allows users to easily connect with their friends and family without revealing their contact list to the Signal service. Since then, this method has become simpler and easier to use.
protect yourself.
andNym,Aztec Networkandof ZcashA truly new and innovative project of the class is giving us our last chance to seize the privacy of the Internet. Protect yourself with encryption.
