June 22, 2021

SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

, SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

Clubhouse: The Hot New Social Network Has Big Privacy Problems

Share This :
, SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs
, SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

It’s the invite-only social network that people are clamoring to join at the start of 2021, but Clubhouse is already raising privacy concerns – even for those who haven’t joined!

For the uninitiated, Clubhouse is an audio-only social network where members can gather in virtual rooms and listen to one another speak. It’s being used for business pitches, talking about sports games, poetry recitals and prayer sessions, amongst many other things.

However, there are serious questions being asked about its privacy protections.

Profiles of non-members

Clubhouse is currently in an invite-only phase, where new members have to either be invited by a friend or reach the top of the waiting list Clubhouse is operating.

When you’re accepted as a member, you have a chance to invite two others – and this is where the first of the privacy concerns emerges.

As part of the sign-up process, you’re urged to give Clubhouse access to your phone’s contacts, so you can connect with other users of the social network.

However, it seems Clubhouse is using that information to build profiles of people who aren’t yet members. The screen above shows various contacts of mine that Clubhouse is urging me to invite to join, listed in order of the number of friends they already have on Clubhouse.

Clearly, as these people are yet to join the network, Clubhouse is using their mobile phone number to check how many times they appear in the contacts of other Clubhouse members. Even if you’ve no interest in joining Clubhouse whatsoever, the service may well know your name, mobile number and how many friends you have on the network.

MORE FOR YOU

This has already attracted the attention of privacy advocates and it could be a problem for the service in some jurisdictions. In Germany, for example, the highest court in the country ruled in 2016 that Facebook’s similar practice of using uploaded contacts to attract new members to the service contravened German consumer law.

Privacy advocate and co-founder of SynData AB, Alexander Hanff, agrees the service is encouraging users to break European data law. “It is a breach of GDPR [General Data Protection Regulation] and does not fall under the Household Activity exception (yes, we have case law in the EU for invite-a-friend referral marketing which states you must have the consent of your friend to share their personal data with a third-party commercial entity),” Hanff writes in a LinkedIn post on Clubhouse.

“As a company you cannot use personal data provided by a third party unless that data has been provided lawfully and… unless there is consent, disclosure of personal data in this way is not lawful.”

Clubhouse has yet to respond to repeated requests for comment.

Recording voice chats

There are further concerns about Clubhouse recording the voice chats that are taking place on the service.

Clubhouse explains the reasons why it might record voice communications in its community guidelines. “Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live,” it explains.

“If a user reports a Trust and Safety violation while the room is active, we retain the audio for the purposes of investigating the incident, and then delete it when the investigation is complete. If no incident is reported in a room, we delete the temporary audio recording when the room ends.”

The company adds that “audio from muted speakers and audience members is never captured, and all temporary audio recordings are encrypted.”

While it’s arguably a good thing that Clubhouse is recording audio to investigate claims of abuse, the terms suggest that recording is deleted if the company itself is satisfied no abuse took place. As such, the company appears to be appointing itself as judge and juror of what constitutes abuse and is then deleting the evidence afterwards.

Hanff once again questions the legality of Clubhouse’s policy. “If they are recording the conversations in the room for investigative purposes, clearly the audio messages are not end-to-end encrypted,” he writes.

“This is a big problem (at least in the EU) as under the ePrivacy Directive (2002/58/EC) the confidentiality of communications is required, and interception of those communications can only occur legally with the consent of all parties engaged in that communication.”

Privacy policy in English only

Clubhouse is also feeling the heat from European consumer groups over its privacy policy – and the fact that those who don’t speak English would struggle to understand it.

Klaus Muller, executive director of the Federation of German Consumer Organizations (vzbv) has warned Clubhouse it will face sanctions if it does not deal with its data privacy problems.

That tweet translates as: “Serious deficiencies in #Data protection, #AGB [terms and conditions] only in English, no imprint: these points are complained about @vzbv in his #warning to the operator of #Clubhouse and demands the submission of a declaration of cease and desist with criminal penalties.”

Clubhouse may be the fresh upstart of social networks, but it’s being plagued by the privacy problems that have beset its better-known predecessors.

Share This :