A week ago, the people in charge of the popular audio chat app Clubhouse announced their intention to improve its security after a report was published that revealed that both cybercriminals and spies under government orders had the ability to access your users' conversations.
Now, a new attack has shown that it is still possible to access live audio: this weekend, an unidentified user was able to relay third party conversations from "various chat rooms" to your own website.
Can Clubhouse make promises regarding the security of its app?
The company has "permanently banned" this particular user, and ensures that the new safeguards installed will prevent this incident from happening againBut various cybersecurity researchers argue that Clubhouse may not be in a position to make such a promise.
Thus, according to the Stanford University Internet Observatory (the first entity to report Clubhouse's lack of security at the beginning of the month), users of this app must assume that all the conversations carried out through it are being recorded.
Alex Stamos, former head of Facebook security, has made the same statement in statements to Bloomberg:
"Clubhouse cannot provide any guarantee of privacy for conversations held anywhere in the world."
Additionally, Stamos and his team also confirmed that Clubhouse depends on a Chinese startup called Agora Inc, to carry out the backend work of the application (data traffic and audio production), which means that communications through it are subject to the surveillance of the Beijing regime.
Agora, for its part, insists it does not "store or share personally identifiable information" for any of its many clients.
Image | Pixabay & Alena from the Noun Project