Trendy New App Clubhouse Burns All Of Your Contacts’ Privacy
Tech types and Elon Musk fanboys have their Uniqlos in a bunch over a new app called Clubhouse, an invite-only social media app that offers the ability to listen to other people talk that already exists on approximately 800 million other apps. The app is receiving all manner of fawning media coverage, much of which leaves out a completely nightmarish privacy flaw — Clubhouse completely fucks over the privacy of every single person in your phone’s contacts, by vacuuming up their data without their consent.
For any app that asks for your Contacts list: unless you contact each & every person in your list & ask their permission to share their birthday, phone #, real location, all emails, & any notes you have on them w the app you want to install, do not click Allow. It is unethical.
— Tarah (@tarah) March 1, 2021
In a Medium post entitled Clubhouse Is Suggesting Users Invite Their Drug Dealers and Therapists, technology reporter Will Oremus describes how “one of the first things the app will ask you to do is grant it access to your iPhone’s contacts. A finger icon points to the ‘OK’ button, which is also in a bolder font and more enticing than the adjacent ‘Don’t Allow’ option. You don’t have to do it, but if you don’t, you lose the ability to invite anyone else to Clubhouse.”
Clubhouse's (@joinClubhouse) failure to provide an easy/quick way to delete accounts is putting sex workers in danger, according to a current sex worker and former Clubhouse user who shared her story with me. https://t.co/uQPMlCqEtZ
— Jack Morse (@jmorse_) March 2, 2021
Considering that most Clubhouse users are tech industry sycophants, of course they will happily hand your personal data to Clubhouse without your consent. “The permission dialog iOS presents users before an app is able to access their contacts is, in a sense, being presented to the wrong person,” Nick Heer writes at Pixel Envy. “Can you really consent on behalf of hundreds of friends, family members, and acquaintances? From a purely ethical perspective, the request ought to be pushed to every contact in the directory for approval.”
Just had a poke at the Clubhouse app with a proxy, given the recent concerns about contacts usage. The bad part is that it uploads all of your contact’s phone numbers (surprise!). The good part is that that’s the ‘only’ thing it uploads about them. pic.twitter.com/6YskN9xFlX
— Guilherme Rambo (@_inside) February 26, 2021
Of course Clubhouse has already been hacked, everyone in Silicon Valley cares more about growth than they care about security. Bloomberg reported in late February that Clubhouse has already been breached and that supposedly private conversations have been stolen and broadcast without participants’ consent. It’s a fair bet that hackers stole phone numbers too. “Clubhouse cannot provide any privacy promises for conversations held anywhere around the world,” former Facebook security chief Alex Stamos told Bloomberg.
If you sign up for Clubhouse, two steps:
1.) Don't allow access to your contacts. (They're sent to CH servers and there's no way to go back and get your data.)
2.) Turn off notifications. https://t.co/LGJYLVXVrX
— Steve Kovach (@stevekovach) February 24, 2021
The typical tech industry response to outrageous privacy violations is never to acknowledge the problem or try to fix it, but to hide behind the bullshit excuse of “Yeah, but everybody does it.” (NOTE: Not everybody does it.) But if you’re going to download this VC circle jerk app Clubhouse, and give it access to the phone number of every single person in your contacts, then the least you could do is go through your contacts and buy every single one of them a fancy, expensive dinner with an endless round of cocktails.