What the Clubhouse security breach tells us about online safety today
It’s the latest craze to sweep Silicon Valley and has even been hailed as the ‘new WhatsApp’, but iPhone chatroom Clubhouse has a security crisis on its hands after a website was able to rebroadcast private conversations to a wider audience.
The app, founded last April and endorsed by Elon Musk, saw a huge rise in usage at the start of the pandemic, gaining 2 million users and a value of $1 billion in less than a year – as well as a ‘Unicorn’ status in the process. But with such an explosion in users comes higher security risks, and this latest breach has concerned industry analysts.
Best described as ‘part conference call, part Houseparty’, Clubhouse quickly became popular among the San Francisco tech and venture capitalist community thanks to two key factors: exclusivity – conversations are invite-only – and security.
So, when a user managed to broadcast private conversations to an external site known as ‘Open Clubhouse’, they broke both of those golden rules. It meant outside users could listen in to some highly confidential information in chats that have included the likes of Musk and Mark Zuckerberg in the past.
It’s not the first time that Clubhouse has received attention for security issues. The app is built on an ‘invitation-only’ basis, but users can only issue these invites once they’ve given Clubhouse access to their address book.
Clubhouse’s terms and conditions also state that they may retain conversations for ‘investigative purposes’ - meaning that conversations are not End-to-End Encrypted (e2ee) like on WhatsApp. This poses a big problem for many security-conscious consumers and even breaks key ePrivacy Directive ((2002/58/EC) in the European Union.
On top of all this, there are fears that the Chinese state has monitored the service in the past thanks to much of the audio tech being built by Chinese start-up Agora. The government recently ordered a crackdown on the app, suggesting they have been privy to conversations on there.
If Clubhouse is going to challenge WhatsApp's dominance of the online communication market, then it will need to address these security concerns urgently.
The need for online security resources
The controversy comes at a time when online security is deemed more important than ever. Users have hundreds of options when it comes to choosing ways to talk to friends, to go shopping or to play games, but this comes with the increased danger of unscrupulous agents entering the picture. It’s led to the growth of related industries that focus on protecting players and guiding them towards making the right choice.
Online gambling, for example, is one such internet industry where consumer protection is crucial. For players to deposit money, they need to be sure that the betting site or casino in question is completely trustworthy, both in terms of registering the money in the user’s balance and paying out any winnings they might achieve. Websites like Casino Guru exist for this purpose: as independent online resources dedicated to player safety. Part of their remit is to employ a team of experts to scrutinize online casinos and then recommend the safest ones to play on. Players can also try out games for free, discuss issues on an online forum and even get help with complaints procedures for bad customer service.
Such websites are part of a wider online security network that is proving its worth as internet use expands rapidly worldwide. As well as legislation such as the General Data Protection Regulation in the EU that seeks to protect private consumer data, there are several authorities that act as watchdogs. Which?, for example, is a UK-based organisation that helps consumers exercise their rights when shopping online. It offers step-by-step guides on topics like order cancellation and how to spot practices such as price-gouging. If a UK shopper has an issue with an online vendor, they contact the website for direct guidance and legal help.
Unfortunately for US users, similar frameworks are few and far between. The Government Accountability Office (GAO) found weak enforcement of privacy regulations in a 2019 report. Out of 101 violations it investigated, almost all of them resulted with the offending entity escaping a fine.
With Clubhouse not facing action for this latest security lapse, it sets a worrying precedent for its millions of users, who deserve a higher level of protection.
Improving security in the future
The Open Clubhouse controversy has shone a light on the importance of End-to-End Encryption for private online communications. It’s why WhatsApp’s commitment to the technology was such a big deal – users had peace of mind that their privacy was protected. Since then, more and more services have switched to using it, which is generally good news for consumers.
However, perhaps just as important is a focus on monitoring the behaviour of tech companies with the consumer’s safety in mind. Clubhouse’s latest issue is minor compared to Facebook and Google’s data privacy scandals over the last few years. There will always be an element of risk for internet users while powerful countries such as the USA and Russia have lax regulation which effectively allows data breaches to get away with little punishment. Until this is addressed, much bigger breaches than Clubhouse’s chat leak will always be possible.
This article does not necessarily reflect the opinions of the editors or management of EconoTimes