Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Social Networks China Privacy

After Researchers Raise Spying Concerns, Clubhouse Promises Blocks on Transmitting to Chinese Servers (theverge.com) 31

"The developers of audio chat room app Clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China," reports The Verge, "after Stanford researchers said they found vulnerabilities in its infrastructure." In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Shanghai-based company Agora Inc., which makes real-time engagement software, "supplies back-end infrastructure to the Clubhouse App." The SIO further discovered that users' unique Clubhouse ID numbers — not usernames — and chatroom IDs are transmitted in plaintext, which would likely give Agora access to raw Clubhouse audio. So anyone observing internet traffic could match the IDs on shared chatrooms to see who's talking to each other, the SIO tweeted, noting "For mainland Chinese users, this is troubling."

The SIO researchers said they found metadata from a Clubhouse room "being relayed to servers we believe to be hosted in" the People's Republic of China, and found that audio was being sent to "to servers managed by Chinese entities and distributed around the world." Since Agora is a Chinese company, it would be legally required to assist the Chinese government locate and store audio messages if authorities there said the messages posed a national security threat, the researchers surmised...

The company told SIO that it was going to roll out changes "to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers" and said it would hire an external security firm to review and validate the updates.

This discussion has been archived. No new comments can be posted.

After Researchers Raise Spying Concerns, Clubhouse Promises Blocks on Transmitting to Chinese Servers

Comments Filter:
  • US Company? (Score:4, Insightful)

    by vlad30 ( 44644 ) on Monday February 15, 2021 @08:07AM (#61065290)
    Why would a US company route data through Chinese servers?
    • Why would a US company route data through Chinese servers?

      Where did you see a US company mentioned? It says "Shanghai-based company Agora Inc" in the article.

      Agora told the SIO it does not store user audio or metadata other than to monitor network quality and bill its clients, and as long as audio is stored on servers in the US, the Chinese government would not be able to access the data.

      Oh, that's reassuring. The servers in the US would magically be totally inaccessible to the Chinese government even though the Shanghai-based company operates them.

      • Nevermind, I get it now. Clubhouse is supposedly a US company, but their entire backend is written by Agora.
        That means nothing. The entirety of the code could have been written by the Chinese company for all we know.
  • by Gravis Zero ( 934156 ) on Monday February 15, 2021 @10:55AM (#61065650)

    One thing you should know about corporations is that promises mean nothing if they are not backed by a legal requirement under threat of jailtime. If they can "sorry we lied" their way out of it, they will do that. If there is a legal requirement but the penalty is a fine, they will hide it and when discovered pay the fine as a cost of doing business.

    The only situation where a corporation will ever tell the truth is when the executives are personally under threat of being imprisoned.

  • by BardBollocks ( 1231500 ) on Monday February 15, 2021 @11:29AM (#61065796)

    We all know that NSA siphons off ALL internet traffic in North America, and similarly the other 5 eyes members do so and share that data (plus a few other affiliated nations).

    Is this Chinese requirement less bulk interception and more service supplied data?

    Is this really about WHO gets to spy on us, rather than us being spied on?

MS-DOS must die!

Working...