fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Clubhouse Is Recording Your Conversations. That’s Not Even Its Worst Privacy Problem

Clubhouse Is Recording Your Conversations. That’s Not Even Its Worst Privacy Problem

The popular new social media platform is scooping up more data than you might think.

Clubhouse was sort of perfectly made for the pandemic. People aren’t going out, and they’re desperately searching for social connections and entertainment. The app provides both in a way, while also capitalizing on the draw of celebrity influencers on the platform.

It’s also built on one of the most effective strategies for generating buzz and excitement–scarcity. In order to join Clubhouse, you have to have an invite from someone who is already a member. Not only that, they have to have your phone number and give Clubhouse access to their iPhone contacts. No access, no invites. 

From a business standpoint, it certainly makes sense that Clubhouse is taking this approach. Building a social graph from scratch is very hard, and requiring users to upload their contacts list is the most effective way to determine connections. 

There’s a problem, however. As always, the problem comes down to figuring out the right balance between protecting user privacy and the use of data to provide the best experience for both the user and the business behind the app.

In that sense, it’s worth considering that Clubhouse has a few policies that aren’t exactly privacy-friendly. Even worse is the fact that you have to do a bit of digging to even understanding what those policies actually are. I reached out to Clubhouse multiple times but did not immediately receive a response to my questions about how it uses data.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

1. Clubhouse is recording your audio.

One of the “features” of Clubhouse is that it’s ephemeral. You can’t listen to it later, or even pause the room you’re in. You have to show up live in order to participate in the experience. That’s one thing that sets it apart from, say, podcasts, which are recorded and can be listened to at any time. You can’t even record conversations on Clubhouse.

Except, Clubhouse can, and does record what you say. The app’s privacy policy says that Clubhouse rooms are recorded: 

Solely for the purpose of supporting incident investigations, we temporarily record the audio in a room while the room is live. If a user reports a Trust and Safety violation while the room is active, we retain the audio for the purposes of investigating the incident, and then delete it when the investigation is complete. If no incident is reported in a room, we delete the temporary audio recording when the room ends.

That means that if someone does report a problem, everything that happened in the room is recorded and saved. And, Clubhouse isn’t clear about what happens to it then other than it is saved in order for the company to make a determination. It doesn’t say who can listen to it, or under what conditions.

2. You can’t delete information other people share about you. 

Even if you haven’t created an account, if someone you know has, there’s a good chance Clubhouse already has your phone number. That’s because the app encourages users to upload their entire contacts database in order to send invitations. You can only invite someone who is in your contacts, and it doesn’t include any ability to only share specific contacts. It’s all or nothing. 

In addition, not only might those friends have shared their contact list, but if they connect their social media profiles, that information is collected as well. Clubhouse specifically says that when you “create your account, and/or authenticate with a third-party service like Twitter, we may collect, store, and periodically update information associated with that third-party account, such as your lists of friends or followers.”

What if, say, you have no interest in Clubhouse at all? There’s still no mechanism to have any personal information about you, whether via a phone number or through other social media networks like Twitter or Instagram. 

3. You can’t just delete your account. 

In fact, even if you have an account, you can’t delete it without sending an email to a support account. There’s no option anywhere in the app to delete your account, and neither are there any instructions on what to do if you want to delete it. You have to send an email to “[email protected]” in order to request that your account be canceled, and wait for someone to take action.

4. They can share your personal information without notifying you. 

One of the biggest questions surrounding Clubhouse is how it intends to eventually make money. Looking through the privacy policy, it’s clear that it will likely involve some form of advertising or sponsorship system. To get ready for that, Clubhouse is making clear that it “may share Personal Data with our current and future affiliates.” 

That’s fine, but that same section makes clear that Clubhouse “may share the categories of Personal Data described above without further notice to you.” That means you have no right to know that your personal information that was collected by Clubhouse is now being used outside of Clubhouse.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

5. Clubhouse is tracking you.

The privacy policy says it uses cookies, pixels, and tracking technologies to monitor what you do within Clubhouse, and across the web even though they aren’t currently monetizing the app. This is both confirmed by the privacy policy, as well as traffic monitoring, which shows it uses activity tracking and analytics tools to understand what you are doing with the app.

The company’s privacy policy also explicitly says:

We may share Identification Data and Internet Activity Data with social media platforms and other advertising partners that will use that information to serve you targeted advertisements on social media platforms and other third party websites – under certain regulations such sharing may be considered a “sale” of Personal Data.

It seems pretty clear that Clubhouse is getting ready to monetize the platform it’s building. That’s fair–every business should have a plan for making money. If that plan includes monetizing its users’ activity and data, I think we can all agree it should be upfront and transparent about that fact.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us