A member of your address book is surely there and the Clubhouse app, which you may never have heard of, already knows your first name, last name and phone number.
Already under attack for its propensity to cultivate interpersonal skills, the new American social network - available by invitation and only on iPhone - is facing criticism on its level of cybersecurity and its ability to protect the personal data of its users.
Launched in San Francisco in March 2020, the platform has built its young reputation on its original format: users meet in a "room", a space entirely dedicated to live discussions where a few members lead debates on predefined topics and Most of the others listen while waiting for a chance to speak.
A meteoric rise
With a sense of marketing cleverly studied by its creators, most of them Silicon Valley veterans, Clubhouse has experienced great growth across the Atlantic and around the world thanks to a few highlights and the undeniable appeal of exclusivity.
American stars such as entrepreneurs Elon Musk or Bill Gates, actor Kevin Hart or rapper Meek Mill have participated in discussions with their fan communities, attracted by the possibility of getting closer to a celebrity and talking to him without filtered.
The 100% audio social network offered at the beginning of February, for at least 48 hours, a rare space for discussion away from censorship to Chinese Internet users before being banned by the authorities.
In France, start-uppers, communicators and some political figures are among the pioneers in creating and exploring “rooms”.
The boss of Free Xavier Niel answered questions from French Tech earlier this week.
The comedian Jamel Debbouze came to test some jokes there last week.
Even the Secretary of State for Digital Cédric O came to discuss the French cybersecurity strategy on Tuesday.
It is however on this angle of computer protection that Alpha Exploration Co, the developers of Clubhouse, are taken to task as the Zoom videoconferencing application could have been.
"This is the perfect example of the American start-up which creates the buzz and grows in audience but delegates the complicated part of the infrastructure of its exchanges and data storage to an outside company", analyzes Arnaud Lemaire, director technician and cybersecurity expert at F5 Networks.
Security breaches detected
American researchers from Stanford Internet Observatory have in fact discovered that conversations on Clubhouse passed through the servers and networks of Agora, one of the new Chinese hosting specialists who is attracting more and more start-ups thanks in particular to its technology. voice optimization house.
Clubhouse may reply that audio conversations are only briefly stored for moderation.
Doubt is permissible when voice data passes through the Middle Kingdom, where companies are subject to Chinese law and inquisition by authorities and secret services.
“It's not a weakness from a purely technical point of view, but Clubhouse praises its exclusivity and its space for private conversations.
Its users should be aware that their exchanges are not private and they should not use them for personal and confidential discussions, ”said Andy Yen, CEO of Protonmail, the Swiss specialist in the protection of online privacy.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
Worse, other researchers have managed to extract and record conversations supposed to be ephemeral from the application.
They then posted them on the Internet.
"Recording the conversations of a user without his consent is contrary to the General Data Protection Regulation (GDPR) and other legal provisions", recalls Me Ariane Mole, associate lawyer at Bird & Bird.
Problem solved this week according to the designers of Clubhouse: “We have added extra protections to prevent people from doing this in the future.
"
But it is especially for its management of personal data that the application is pinned.
According to information reported to the Apple App Store, Clubhouse collects only the user's contact information, usage data, IDs and contacts.
Upon registration, the app requires access to your address book and specifies: “To protect privacy, we remove your friends' names before sending their contacts to our servers.
"
The Cnil not yet seized
"The problem is that the technical layer which is used for the physical transmission of data is not encrypted and therefore not very secure, this opens the way to a worrying analysis of exchanges on this platform", notes Arnaud Lemaire.
“This co-optation app shouldn't need it, but it brings in potentially cashable data portfolios,” the expert warns.
A nightmare for privacy advocates.
"The supervisory authority for data protection in Italy, for example, wrote to Clubhouse to inform it that its data processing does not respect either Italian rules or European rules (RGPD)", reminds Me Ariane Mole.
“She pointed out in particular the lack of information of participants, the profiling of their data or the transfer of data to the United States.
"
Contacted by Le Parisien-Today-en-France, the CNIL assures that it has "not received any complaint against the Clubhouse application".
"No file is under investigation and we have no information to communicate on this organization for the moment", she indicates.
READ ALSO>
Parisian, elitist and hateful?
The study that will change your mind on Twitter