Clubhouse: The social media newcomer that also carries privacy risks for those who do not use it

The new profession-based social network Clubhouse is a voice-based social media application where subscribers can gather in virtual rooms to listen to other users’ conversations on topics of interest and to chime in as well.

The range of topics of conversation is wide and you can talk about business, sports, literature, prayers, investment wisdom, etc. Clubhouse’s popularity in the world began to grow quickly when the well-known entrepreneur Elon Musk appeared there for a chat.

Along with the growth in the number of users, there are also growing concerns about the privacy of the service, as it also endangers the privacy of those who do not use the application themselves.

How does this affect me if I’m not a user?

The Clubhouse is currently only based on invitations, i.e. in order to join, the user must be invited by a person who is already using the application, or if interested, you can add yourself to a waiting list, from which the acceptance decisions will be made by the app itself.

If you manage to become a member, you have the right to invite two new members, and that’s where the first privacy issue begins – Clubhouse knows who your friends are even before you join the social media app.

Because the service is based on phone numbers, you will be asked for permission to access your phone contacts as a step of registering as a Clubhouse member, so that the user can connect with other members.

Meanwhile, the application uses this access to create profiles of people who have not yet joined. This is especially important to see how many members have your number in the phonebook and thus deduce your “popularity”.

Therefore, even if you don’t have any interest in joining the Clubhouse app, they may already have your name, phone number, and the number of acquaintances using the app.

Such practices are clearly in breach of European data protection requirements. This is a threat to a person’s privacy, and such activities do not fall under the exception of private use, as it does not extend to a situation where one person shares his or her acquaintances’ contacts with the company. For example, the German Supreme Court convicted Facebook in 2016 of using contacts to attract new users.

The personal data protection expert emphasized that the company is not allowed to collect data using illegal methods. The only legal way to do that would be with the consent of individuals, the collection of which is obviously impossible.

The recordings of the audio chats

In addition, the recording of the audio chats in the Clubhouse’s virtual rooms is also a concern.

The Clubhouse app is built in such a way that it is not possible to listen to conversations afterwards, which is a significant difference from a classic podcast, but the live conversation is still recorded by Clubhouse for customer support and incident resolution should it occur during the conversation. After the discussion, the recordings are deleted and the temporary recordings are encrypted.

However, this creates a situation where the company itself is a so-called “judge” who decides whether, for example, someone was abused and whether the recordings should therefore be preserved. It also reveals the fact that the recordings of conversations are not end-to-end encrypted if they can be used to investigate abuse.

The European e-privacy directive stipulates that the of content of communications between parties is confidential and may only be disclosed with the consent of all parties or by an investigative authority in accordance with precise procedural rules.

In addition, news has spread that the location of Clubhouse servers in China is associated with a number of information security issues. Clubhouse is now banned in China and the company has introduced a number of additional safeguards to increase user safety. However, their performance is still being tested today.

Before you give Clubhouse permission to use all of your phone contacts, think about whether the value involved is really high enough to pay that price.

« Back to articles
Hedman

Our memberships:
FinanceEstonia,
Teenusmajanduse Koda,
EstVCA, EstBan, FECC,
IBA & IBA European regional Forum