Clubhouse, the popular app that allows people to create digital discussion groups, said that it is reviewing its data security practices after the Stanford Internet Observatory (SIO) found potential vulnerabilities in its infrastructure that could allow external access to users’ raw audio data.
The SIO confirmed that Agora Inc (聲網), a Shanghai-based start-up with offices in Silicon Valley, provides back-end infrastructure to Clubhouse and sells a “real-time voice and video engagement platform.”
User IDs are transmitted in plaintext over the Internet, making them “trivial to intercept,” it said.
Photo: Reuters
User IDs are like a serial number, not the username of the person. Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government, it said.
“Any observer of Internet traffic could easily match IDs on shared chatrooms to see who is talking to whom,” the SIO said in its Twitter feed about its findings. “For mainland Chinese users, this is troubling.”
SIO, a program at Stanford University that studies disinformation on the Internet and social media platforms, said it observed metadata from a Clubhouse chatroom “being relayed to servers we believe to be hosted in” China.
Analysts also saw audio being relayed “to servers managed by Chinese entities and distributed around the world,” its report said.
As a Chinese firm, Agora is subject to China’s cybersecurity laws and would be “legally required to assist the government in locating and storing” audio messages authorities said jeopardized national security, SIO said.
Agora did not immediately respond to e-mails outside regular business hours seeking comment.
“Any unencrypted data that is transmitted via servers in the PRC [People’s Republic of China] would likely be accessible to the Chinese government,” it said.
Since SIO was able to observe the transmission of metadata between servers, it believes the Chinese government would be able to collect metadata without having to access Agora’s networks.
However, SIO said Agora claims not to store user audio or metadata “except to monitor network quality and bill its clients,” which means it would not have any records of user data if Beijing were to request it.
It also said that as long as audio was stored in the US, it was unlikely that the Chinese government would be able to access it.
SIO said it chose to disclose the security issues because they were easy to uncover and because of the risk they pose to Clubhouse’s millions of users.
“SIO has discovered other security flaws that we have privately disclosed to Clubhouse and will publicly disclose when they are fixed or after a set deadline,” it said.
In a statement included in the report, Clubhouse said it would roll out changes over 72 hours to add “additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes.”
The government is aiming to recruit 1,096 foreign English teachers and teaching assistants this year, the Ministry of Education said yesterday. The foreign teachers would work closely with elementary and junior-high instructors to create and teach courses, ministry official Tsai Yi-ching (蔡宜靜) said. Together, they would create an immersive language environment, helping to motivate students while enhancing the skills of local teachers, she said. The ministry has since 2021 been recruiting foreign teachers through the Taiwan Foreign English Teacher Program, which offers placement, salary, housing and other benefits to eligible foreign teachers. Two centers serving northern and southern Taiwan assist in recruiting and training
WIDE NET: Health officials said they are considering all possibilities, such as bongkrekic acid, while the city mayor said they have not ruled out the possibility of a malicious act of poisoning Two people who dined at a restaurant in Taipei’s Far Eastern Department Store Xinyi A13 last week have died, while four are in intensive care, the Taipei Department of Health said yesterday. All of the outlets of Malaysian vegetarian restaurant franchise Polam Kopitiam have been ordered to close pending an investigation after 11 people became ill due to suspected food poisoning, city officials told a news conference in Taipei. The first fatality, a 39-year-old man who ate at the restaurant on Friday last week, died of kidney failure two days later at the city’s Mackay Memorial Hospital. A 66-year-old man who dined
RESTAURANT POISONING? Deputy Minister of Health and Welfare Victor Wang at a press conference last night said this was the first time bongkrekic acid was detected in Taiwan An autopsy discovered bongkrekic acid in a specimen collected from a person who died from food poisoning after dining at the Malaysian restaurant chain Polam Kopitiam, the Ministry of Health and Welfare said at a news conference last night. It was the first time bongkrekic acid was detected in Taiwan, Deputy Minister of Health and Welfare Victor Wang (王必勝) said. The testing conducted by forensic specialists at National Taiwan University was facilitated after a hospital voluntarily offered standard samples it had in stock that are required to test for bongkrekic acid, he said. Wang told the news conference that testing would continue despite
‘CARRIER KILLERS’: The Tuo Chiang-class corvettes’ stealth capability means they have a radar cross-section as small as the size of a fishing boat, an analyst said President Tsai Ing-wen (蔡英文) yesterday presided over a ceremony at Yilan County’s Suao Harbor (蘇澳港), where the navy took delivery of two indigenous Tuo Chiang-class corvettes. The corvettes, An Chiang (安江) and Wan Chiang (萬江), along with the introduction of the coast guard’s third and fourth 4,000-tonne cutters earlier this month, are a testament to Taiwan’s shipbuilding capability and signify the nation’s resolve to defend democracy and freedom, Tsai said. The vessels are also the last two of six Tuo Chiang-class corvettes ordered from Lungteh Shipbuilding Co (龍德造船) by the navy, Tsai said. The first Tuo Chiang-class vessel delivered was Ta Chiang (塔江)