Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy

Clubhouse Chats Are Breached, Raising Concerns Over Security (bloomberg.com) 19

Posted by msmash from the privacy-woes dept.
A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn't be stolen by malicious hackers or spies, at least one attacker has proven the platform's live audio can be siphoned. From a report: An unidentified user was able to stream Clubhouse audio feeds this weekend from "multiple rooms" into their own third-party website, said Reema Bahnasy, a spokeswoman for Clubhouse. While the company says it's "permanently banned" that particular user and installed new "safeguards" to prevent a repeat, researchers contend the platform may not be in a position to make such promises. Users of the invitation-only iOS app should assume all conversations are being recorded, the Stanford Internet Observatory, which was first to publicly raise security concerns on Feb. 13, said late Sunday. "Clubhouse cannot provide any privacy promises for conversations held anywhere around the world," said Alex Stamos, director of the SIO and Facebook's former security chief. Stamos and his team were also able to confirm that Clubhouse relies on a Shanghai-based startup called Agora to handle much of its back-end operations. While Clubhouse is responsible for its user experience, like adding new friends and finding rooms, the platform relies on the Chinese company to process its data traffic and audio production, he said.
This discussion has been archived. No new comments can be posted.

Clubhouse Chats Are Breached, Raising Concerns Over Security More

Clubhouse Chats Are Breached, Raising Concerns Over Security

Comments Filter:

  • I can't see how this comes as a surprise. (Score:4, Insightful)

    by kalieaire ( 586092 ) on Monday February 22, 2021 @03:22PM (#61090764)

    People on Clubhouse have been stating that "yes, the company doing the DSP is in China" "no, anyone can be record a conversation"

    The easiest low tech version is getting multiple ios devices and joining several rooms. But I suppose it would be a serious issue if the user in question was joining a lot of private rooms. Regardless, it's a digital platform and your data is being sent overseas through the Great Firewall of China. It should be a simple expectation by any and all users technology users that *nothing* is private on the internet.

  • Silly article (Score:4, Insightful)

    by pherthyl ( 445706 ) on Monday February 22, 2021 @03:24PM (#61090782)

    It's audio going out the speakers of anyone that's joined the room.
    Obviously it's trivial to record any and all of it with no hack required. Join room, press record.
    Was anyone really naive enough to think that Clubhouse chats are private?

    • Was anyone really naive enough to think that Clubhouse chats are private?

      It may seem incredible to us, but many people really are that naïve. Still. And what sometimes comes from politicians' mouths...

      • I have do say though, despite shortcomings, the app's audio quality is just **cking stellar. It beats out practically everything in speed and latency. I was able to talk to my friends in South Korea from the USA and there was no discernible lag.

    • Was anyone really naive enough to think that Clubhouse chats are private?

      I wasn't aware Slashdot was reaching your galaxy, because you must not know many humans.

      • Was anyone really naive enough to think that Clubhouse chats are private?

        I wasn't aware Slashdot was reaching your galaxy, because you must not know many humans.

        In my least cynical moments, I still could do a facepalm on people thinking their audio couldn't be recorded. It could be recorded, zoomed, re-broadcast to the world. We gotta stop producing stupid people.

        the 1960's - "Science! We're going to the moon! Inventions!"

        2021 -"For the last time, the earth isn't flat!"

        • To be fair, between the person who doesn't understand technology, and the people who understands technology but ignores security, the latter are the bigger idiots. They should have known.

          • All this does really stem from people having a simple grasp on the most basic technology.
            Technology has allowed very unskilled people to use it. As a result, they have absolutely no idea how anything works, and why you couldn't simply record a conversation is beyond them.
            The barrier to entry is nonexistent now.

        • We gotta stop producing stupid people.

          Well that's the problem with fucking idiots. They're reproducing!

          • We gotta stop producing stupid people.

            Well that's the problem with fucking idiots. They're reproducing!

            There is some real truth in that. The first few minutes of idiocracy were prophetic.

    • So far the only person I've seen suggest that anyone believes these chats were private is the CEO of a company that appears to be named Internet 2.0. Just that name should disqualify anyone associated with it from being taken seriously.

      While there certainly are people out there who would be surprised at their online conversations being rebroadcast I think most of he "shock" is fake. Made up to serve some purpose, like promote some dumb company or scare people off the platform and back on to Facebook or th

    • It's audio going out the speakers of anyone that's joined the room.
      Obviously it's trivial to record any and all of it with no hack required. Join room, press record.
      Was anyone really naive enough to think that Clubhouse chats are private?

      Probably the same people who thought Snapchat messages were safe and secure because they disappear immediately after viewing or 24 hours after viewing.... unless someone does a screen capture.

      SMH

  • All the inconveniences of a walled garden ... (Score:5, Funny)

    by dasgoober ( 2882045 ) on Monday February 22, 2021 @03:40PM (#61090818)

    ... but none of the security. Where do I sign up?

  • When a company makes promises... (Score:4, Insightful)

    by HiThere ( 15173 ) <charleshixsn@@@earthlink...net> on Monday February 22, 2021 @04:39PM (#61091002)

    The first question I want to ask is "How are you standing behind it?". I'm interested in what legally binding commitments they are making. When there aren't any, I assume the promise if marketing bullshit. So HOW is Facebook standing behind this promise? (AFAIKT, they aren't.)

    P.S,: Note that when an ISP promises to deliver "up to xxx kilobyes/second" they're promising that they won't deliver better service than xxx. They aren't making any commitment about delivering worse service. That promise would be true if they never delivered more than 10 bytes/day, and possibly if they never activated the account.

    • Re: (Score:3)

      by larwe ( 858929 )
      Totally. This is why I won't sign up for the "wellness programs" that employers push. Those wellness programs take data that would be PHI if I told my doctor, and pull it out of the HIPAA-protected world and into the commercial world. As PHI, the company would be subject to massive criminal (not civil) liability PER CUSTOMER in case of a breach. As commercial data, they're able to sell it, lose it, give it away, leave it on a USB stick in a Cracker Barrel men's room - and all I can do is join a class action

  • The desperation to have the illusion of security ensures steady business, but the only way to win that game is not to play.
    Security is ephemeral at best and entities playing the long game can record what you do for later analysis.

Slashdot Top Deals

Never test for an error condition you don't know how to handle. -- Steinbach

Close