Cybersecurity | IT Protection | Attack Vectors
Regulars’ table, conference call or live podcast 2.0: In recent weeks, the new mobile app “Clubhouse” has triggered a real hype. But in terms of data protection, the app still has some weaknesses and risks. What’s the deal with this new platform? Is it safe to use? Can it also be used for business? Here are the most important answers to the SoMe hype of the hour
What is Clubhouse?
Clubhouse is an “audio-only” mobile app where you can listen to conversations like a live podcast or actively participate in discussions. Text, video, likes or comments are completely dispensed with. This hybrid of social network and messenger can be compared to a virtual online conference, where some have a microphone and most just listen.
The operators Alpha Exploration themselves call it “drop-in audio chat” and describe Clubhouse as “a new kind of social service based on voice that allows people all over the world to talk, tell stories, develop ideas, deepen friendships and meet interesting new people”.
Where does the app come from?
Clubhouse launched in April 2020 and triggered a real “hype” in the USA at the beginning of the pandemic, comparable to that of WhatsApp or Snapchat in its early days. Among the first 1,500 members were stars such as rapper Drake, Paris Hilton and Oprah Winfrey.
The app is published by the US company Alpha Exploration. Behind it are the two founders and managing directors Paul Davison and Rohan Seth. Venture capitalist Andreessen Horowitz, who also invested early in Airbnb, Facebook, Instagram, Lyft and Twitter, financed the startup with twelve million dollars in May last year. After that, the young company was suddenly worth 100 million dollars.
How does Clubhouse work?
To participate in Clubhouse, you first need to download the drop-in audio app from the Apple Store. In addition, an invitation from an already registered user is required. This “Invite” works via the telephone number.
The platform consists of communities and chat rooms on specific topics, between which users can switch back and forth and also create them themselves – privately or publicly. As a host, you can specify which members are allowed to speak, raise their hands and which are only allowed to listen. The app’s search function can be used to find people, clubs and communities. The clubs are assigned to categories and topics, from which you can choose up to five during registration.
Who is speaking? And about what?
Since the marketing concept is probably based on exclusivity (access by invitation only) and a limited user group (only for users of iOS devices), at least in the start-up phase, the range of people and topics is still very manageable. At the moment, artists, media professionals and politicians in particular are bustling around here as “early adopters” – i.e. people who are already broadcasting on all other SoMe channels anyway.
Luisa Neubauer talks about climate protection, Christian Lindner about the FDP and Joko Winterscheid about himself. You can even listen to a journalist eating pasta. Topics such as foundations, start-ups or real estate still predominate at present. But there are also rooms for young journalists, fans of the TV format “Jungle Camp” or the NBA.
Is this interesting for companies?
Clubhouse is currently not recommended as a service channel for companies or for paid offers. The app is still too new for that, and too many data protection requirements are still not met. The business use of Clubhouse is currently still prohibited anyway. The term “commercial use” is not further specified, a “personal use” is permitted. For example, there is a gray area, e.g. when professional conversations, topic sessions and discussions take place, recruiters are looking for new employees or interviews are only offered for a fee. On the other hand, the app is only available for iOS/Apple users. That’s only 20 percent of all smartphone users.
What are the risks and dangers?
From a privacy perspective, Clubhouse isn’t without risk:
App wants access to the entire address book – and the existing social media profiles.
If you want to use Clubhouse, you should give the app access to the address book of your iPhone. Without this access, no friends can be invited. Interested parties should carefully consider whether access to the app is worth this delicate data release, which also affects other, uninvolved contacts. New users can only be added if their mobile phone number is provided. Even when registering via a social media account, the provider reserves access to followers and friend lists. European data protectionists have already criticized this with WhatsApp.
There are also functional reasons for access, as it establishes the connection between users. However, without consent and with the establishment of shadow profiles, this is extremely questionable.
Account can only be deleted by e-mail: The fact that Clubhouse apparently attaches little importance to data protection is also shown by the fact that the app does not even offer users an option to have their own data deleted directly into the platform. If you want to get rid of your account, you have to write an e-mail.
The conversations in a room are recorded: According to the developers, the recording should help to track possible violations of the terms and conditions.
Non-transparent use of data: It is not clear from the rules how the collected data is actually used. According to its own privacy policy, the provider may even pass it on for advertising and marketing purposes – this is also legally questionable.
App violates the GDPR: According to many experts, Clubhouse’s data protection concept violates the European General Data Protection Regulation (GDPR). This cannot be punished: The US company Alpha Exploration does not have a branch in the European Union.
Clubhouse is not immune to hate speech either: Hate speech and harassment in the individual rooms is possible and also happens. Invited guests can also misbehave. The operator of the room himself can intervene little or not at all in the discussions in a moderating capacity. Until recently, it was not possible to report grievances directly. However, this circumstance is actively counteracted by setting up its own community guidelines and a new reporting function.
“Users should deal with the data protection guidelines and weigh up the risk of whether the sharing of data is worth using the app.”
Christof Stein, Press Spokesperson of the Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Would the Bavarian folk comedian Karl Valentin have become a Clubhouse member 100 years ago? Even then, he said: “Everything has already been said – just not yet by everyone.” This may help to keep your own FOMO (Fear of Missing out) under control.
Read here are the legal aspects to consider when using the Clubhouse app. Data protection expert Dr. Thomas Schwenke has summarized the GDPR violations and risks.
Cyber security | IT protection | Attack vectors
Regulars’ table, conference call or live podcast 2.0: In recent weeks, the new mobile app ‘Clubhouse’ has caused a real hype. But when it comes to data protection, the app still has some weaknesses and risks. What is this new platform all about? Is it safe to use? Can it also be used for business purposes? Here are the most important answers to the social media hype of the moment.
What is Clubhouse?
Clubhouse is a mobile ‘audio-only app’ where you can listen to conversations like a live podcast or actively participate in discussions. There is no text, video, likes or comments. This hybrid of a social network and messenger can be compared to a virtual online conference, where some people have a microphone and most just listen.
The operators, Alpha Exploration, call it a ‘drop-in audio chat’ and describe Clubhouse as ‘a new type of social service based on voice that allows people around the world to chat, tell stories, develop ideas, deepen friendships and meet interesting new people’.
Where does the app come from?
Clubhouse launched in April 2020 and sparked a real hype in the US at the beginning of the pandemic, comparable to WhatsApp or Snapchat in their early days. Among the first 1,500 members were stars such as rapper Drake, Paris Hilton and Oprah Winfrey.
The app is published by the US company Alpha Exploration. Behind it are the two founders and managing directors Paul Davison and Rohan Seth. Venture capitalist Andreessen Horowitz, who also invested early in Airbnb, Facebook, Instagram, Lyft and Twitter, financed the start-up in May last year with twelve million dollars. After that, the young company was suddenly worth 100 million dollars.
How does Clubhouse work?
To join Clubhouse, you first need to download the drop-in audio app from the Apple Store. You also need an invitation from an existing user. This ‘invite’ works via your phone number.
The platform consists of communities and chat rooms on specific topics, which users can switch between and also create themselves – privately or publicly. As a host, you can determine which members can speak, raise their hands and which can only listen. The app’s search function allows you to find people, clubs and communities. The clubs are assigned to categories and topics, from which you can select up to five when you register.
Who is speaking? And about what?
Since the marketing concept, at least in the initial phase, is based on exclusivity (access by invitation only) and a limited user group (only for users of iOS devices), the range of people and topics is still very manageable. At the moment, it is mainly artists, media professionals and politicians who are active here as ‘early adopters’ – i.e. people who are already active on all other social media channels.
Luisa Neubauer talks about climate protection, Christian Lindner about the FDP and Joko Winterscheid about himself. You can even listen to a journalist eating pasta. Topics such as start-ups and real estate currently predominate. But there is also space for young journalists, fans of the TV show ‘Jungle Camp’ or the NBA.
Is this interesting for companies?
Clubhouse is not currently recommended as a service channel for companies or for paid services. The app is still too new, and there are still too many data protection requirements that have not been met. The commercial use of Clubhouse is currently prohibited anyway. The term ‘commercial use’ is not specified in more detail, but ‘personal use’ is permitted.
This creates a grey area, e.g. when professional conversations, themed sessions and discussions take place, recruiters are looking for new employees or conversations are only offered in return for payment. On the other hand, the app is only available for iOS/Apple users. That’s only 20 percent of all smartphone users.
What are the risks and dangers?
From a data protection perspective, Clubhouse is not without risk:
The app wants access to your entire address book – and your existing social media profiles.
Anyone who wants to use Clubhouse must give the app access to their iPhone’s address book. Without this access, it is not possible to invite friends. Interested users should carefully consider whether access to the app is worth this sensitive data disclosure, which also affects other, uninvolved contacts. New users can only be added if their mobile phone number is provided. Even when registering via a social media account, the provider reserves the right to access followers and friend lists. European data protection authorities have already criticised this practice on WhatsApp.
There are functional reasons for this access, as it establishes the connection between users. However, without consent and with the creation of shadow profiles, this is extremely questionable.
Accounts can only be deleted by email: Clubhouse’s apparent lack of concern for data protection is also evident in the fact that the app does not even offer users a built-in option to delete their own data. Anyone who wants to get rid of their account has to write an email.
Conversations in a room are recorded: According to the developers, the recording is intended to help track possible violations of the terms and conditions.
Non-transparent use of data: The rules do not specify how the collected data is actually used. According to its own privacy policy, the provider may even pass it on for advertising and marketing purposes – this is also legally questionable.
App violates the GDPR: According to many experts, Clubhouse’s data protection concept violates the European General Data Protection Regulation (GDPR). However, this cannot be punished: the US company Alpha Exploration has no branch in the European Union.
Clubhouse is not immune to hate speech either: Hate speech and harassment are possible in individual rooms and do occur. Even invited guests can misbehave. The room operator has little to no moderating power in the discussions. Until recently, it was not possible to report abuses directly. However, this is now being actively counteracted by the establishment of community guidelines and a new reporting function.
‘Users should familiarise themselves with the privacy policy and weigh up the risk of whether sharing data is worth using the app.’
Christof Stein, press spokesman for the Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Would Bavarian comedian Karl Valentin have become a Clubhouse member 100 years ago? Even back then, he said: ‘Everything has already been said – just not by everyone.’ Perhaps that will help keep your own FOMO (fear of missing out) in check.
Read here about the legal aspects to consider when using the Clubhouse app. Data protection expert Dr Thomas Schwenke has summarised the GDPR violations and risks.
