The new social media platform Clubhouse has recently received quite some media attention and has gained quick popularity. As an audio-only application, it is like a podcast environment where users can enter a room for a discussion on a certain topic. Though this is a nice way to get in touch with and talk to people that are often outside of our reach, such as musicians, artists and politicians, the application has some serious privacy issues as well1.
The Clubhouse application is linked to a user’s phone-number, and - even when not allowing the app to access your contacts - it will allow users to find you and connect to you if they have your phone number. If they have given the app permission to access their contacts, they will get a notification that you joined the platform and opts to connect with you2.
Recent reports have added to the doubts of the platform’s privacy. A research group from the Stanford Internet Observatory showed that the app was “transmitting users' Clubhouse identifiers and chatroom identity numbers unencrypted”3, which means that a third party would have been able to track user’s actions in the app. In addition, some of Clubhouse’s data run on servers operated by a Shanghai-based firm, which might expose users to Chinese governmental surveillance. A Bloomberg article acknowledged that a third-party website was scraping and compiling audio from the platform’s discussions.
Though the company indicates they are working to make the app more secure by implementing end-to-end encryption and cutting off the transfer to China, this still seems – at first glance – like another example of a Silicon Valley tech company looking to gain a lot of new users whilst taking user's privacy lightly. With a current value of $1 billion and over 10 million users4, and still growing, this is becoming a serious concern.
Privacy concerns typically arise only after a new technology has developed and gained some ground, and this is only natural. Yet, it is vital to have safeguards in place to protect users from having their data sent to third parties, across countries, or even across continental borders. The case of Clubhouse in that sense constitutes an example of the type of data sharing we don’t want, i.e. one that neglects the privacy and security of data users.