Did you get an invitation to join Clubhouse, the invite-only, audio-based app that seemingly everyone is talking about? Before you decide to join the cool kids club, you might want to consider who will see you there, even if you take every available measure to keep your contacts private.
Though it’s still in beta mode, Clubhouse has millions of users, and privacy issues are starting to emerge, both for measures the app has built to preserve the privacy of its users and that of the app itself — including a recent incident in which chats on the closed platform were streamed to a third-party website.
Clubhouse allows users to create and join rooms where all kinds of topics are discussed. You can join speaking events or you can make your own room to chat. There’s also a big social component: You follow people, people follow you, and Clubhouse very much encourages these networks to form and grow. And as OneZero’s Will Oremus has reported, that’s led to a few privacy issues some Clubhouse users didn’t expect and can’t avoid, given the app’s lack of privacy controls or information about them.
The primary piece of Clubhouse’s user recommendation engine relies on access to your contacts. You actually can’t invite anyone else to the platform if you don’t grant it. If you do give the app access to your contacts, Clubhouse will show you everyone on your contact list who is also on Clubhouse. It will also urge you to invite those who aren’t and let you know as soon as someone in your contacts has joined so you can say hello to them. This is all pretty standard for an app trying to gain new users.
But what if you didn’t give Clubhouse access to your contacts, specifically because you didn’t want all or any of them to know you were there? I regret to inform you that Clubhouse has made it possible for them to know anyway, encourages them to follow you, and there isn’t much you can do about it. When I joined, I didn’t give Clubhouse access to my contacts; as has been my policy since childhood, only I may decide who enters my clubhouse. Nevertheless, a few minutes later, I had a bunch of followers from my contacts. Even worse: I got followers who weren’t in my contacts at all — but I was in theirs.
It turns out that your privacy on Clubhouse depends not just on what you do but also on what those who have your information in their contacts do. For now, you can only get invited to Clubhouse through your phone number, which is attached to your account and can’t be removed. So if someone has your phone number in their contacts, and they’ve given Clubhouse access to those contacts, they’ll get a notification when you join the app and a recommendation to follow you.
Clubhouse also encourages you to connect your Twitter and Instagram accounts, which could be another way for you to find people (or people to find you). Clubhouse did not respond to a request for comment on if or how the app does this, but it’s something to consider before you connect your social media accounts.
To be clear, Clubhouse isn’t the only app that is overly aggressive with its connection recommendations. Plenty of social media platforms use algorithms that take various factors into account, including your personal data and your contacts, to suggest people you should friend or follow. Those algorithms are very powerful, and yet somehow not powerful enough to avoid making recommendations that are creepy.
Remember all those stories about Facebook’s “People You May Know” feature that recommended psychiatrists to their patients or random people they passed by on the street to each other? Facebook admitted that it recommended people based on their contacts, even if they weren’t in yours. But Facebook, which is hardly a shining beacon of best practices when it comes to privacy, now has a bunch of settings and ways to keep your profile reasonably locked down if you want it to be. You also don’t have to link your phone number to your Facebook profile.
Such privacy options don’t currently exist on Clubhouse. While the app also has some measures to prevent abuse — the ability to block users, to make rooms private, and to report incidents — Clubhouse has been criticized for having poor or inadequate moderation tools that allow misinformation and hate speech to spread. The company says it’s working on improving them. Meanwhile, you can’t currently report potential violations of those terms without handing over your email address.
Other privacy and security concerns have been popping up recently, too. The Stanford Internet Observatory has confirmed that Clubhouse used a software development kit (SDK) made by the Shanghai-based company Agora to connect users to chatrooms, which could give the Chinese government access to some Clubhouse user data — which users are talking to who, and in which rooms — as well as “theoretically” tap into the audio and record it through Agora’s networks. That doesn’t mean any of this is or has happened, simply that it’s possible. Clubhouse responded to the report by saying it was going to add encryption and stop Clubhouse user data from being routed through any servers in China.
In another incident, a Clubhouse user managed to stream audio feeds from Clubhouse rooms to another website, according to a Bloomberg report. A Clubhouse spokesperson told that it has banned the user responsible and installed “safeguards” to prevent this from happening again but did not detail what those safeguards are.
At the very least, both instances should serve as a warning to Clubhouse users that what they say and do on the platform isn’t private, even from people (or governments) that aren’t Clubhouse users.
It’s not clear why Clubhouse doesn’t have better options for users to manage their privacy or more information for users about how their data might be used or linked to them. The company is reportedly operating with a small staff, but it also has millions of users and millions of dollars worth of funding from major Silicon Valley venture capital firms, including Andreessen Horowitz, and a valuation of $1 billion. It’s not the first well-funded social media app to push the boundaries of data privacy. But you’d at least think Clubhouse would have learned from the unicorns that came before it.
Update, February 22: This story has been updated to include details of the Clubhouse user who streamed audio to a third-party website.
Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.