https://www.cigionline.org/articles/4-billion-app-doesnt-value-privacy-security-or-accessibility Skip to main content CIGISearch block Keyword Search [ ] [Search] Main Menu * Research * Publications + Books + Conference Reports + Essay Series + Papers + Policy Briefs + Policy Memos + Special Reports * Experts + Media Relations * Opinions * Multimedia + Big Tech Podcast * Events * About + 20th Anniversary + Annual Report + CIGI Campus + Funding + History + Leadership + Partners + Staff Directory + Strategy and Evaluation + The CIGI Rule Footer * Contact * Careers * Directions * Privacy Notice * Media * * * * 20 y ears 2 0 t h Main Menu * Research * Publications + Books + Conference Reports + Essay Series + Papers + Policy Briefs + Policy Memos + Special Reports * Experts + Media Relations * Opinions * Multimedia + Big Tech Podcast * Events * About + 20th Anniversary + Annual Report + CIGI Campus + Funding + History + Leadership + Partners + Staff Directory + Strategy and Evaluation + The CIGI Rule Platform Governance The $4 Billion App That Doesn't Value Privacy, Security or Accessibility It is tempting to excuse Clubhouse's flaws as growing pains, but the app's design and rollout illustrate just how little Silicon Valley and its venture capital backers have learned. Author: * Elizabeth M. Renieris April 28, 2021 (Photo by Thiago Prudencio/SOPA Images/Sipa USA) (Photo by Thiago Prudencio/SOPA Images/Sipa USA) Clubhouse is a small but quickly growing audio-based, invite-only mobile chat app and social network owned by Alpha Exploration Co. In what feels like a combination of talk radio and podcasting, the app allows its users to weave in and out of digital spaces known as "rooms" to listen in on live conversations between featured speakers, known as "hosts," and their guests, as well as to join "clubs" of interest. Clubhouse rooms and clubs span many topics, everything from vegan fashion to bitcoin, theoretically offering something for everyone. Co-founders Rohan Seth and Paul Davison launched the app for iOS in beta in March 2020. After a slow start, downloads began to soar in 2021, due in part to the COVID-19 pandemic with its resultant captive audiences desperate for connection, and some high-profile audio chats, such as the one hosted by Elon Musk on January 31. Clubhouse is now estimated to have more than 10 million active weekly users and Alpha Exploration Co. is rumoured to be valued at nearly US$4 billion in a round led by venture capital firm Andreessen Horowitz. Despite its high valuation, Clubhouse's founders and backers have demonstrated limited regard for privacy, security and accessibility to date, and appear to have learned little from the missteps of earlier platforms on perennial challenges such as content moderation, facing them sooner than platforms have in the past. As one reporter observed, "Clubhouse [is] speed-running the platform life cycle." As a result, Clubhouse is an important case study in the limits of our approaches to data governance in the face of Silicon Valley's indefatigable ethos. The app, which initially launched without a privacy policy, leveraged "dark patterns" and algorithmic discoverability tactics to gain access to users' phone contacts and even required users to grant this access before they could invite friends to the platform. It is clear that Clubhouse was not designed with privacy in mind. The app, which initially launched without a privacy policy, leveraged " dark patterns" (manipulative product design) and algorithmic discoverability tactics to gain access to users' phone contacts and even required users to grant this access before they could invite friends to the platform (those contacts, of course, had no opportunity to consent to that sharing or to even know it was happening). The app also broadcasts a new user's presence on the platform, one of its many notifications and alerts, and provides no way to block harassers or abusers. Audio files are recorded but not encrypted, and the app also uses invasive tracking tools, including cookies and pixel tags. After pushback from users and privacy advocates, Clubhouse made some minor tweaks; it now allows users to manually enter phone numbers to invite their friends and contacts. It is uncertain whether this change actually prevents Clubhouse from harvesting the contacts of its users even when they do not opt-in. These concerns are particularly problematic in Europe, where the law mandates data protection by design and default. Clubhouse's privacy policy, which is only available in English, does not reference European regulations or provide any way for users to exercise their data protection rights. Security experts have raised concerns about issues beyond the privacy challenges. In February, researchers at the Stanford Internet Observatory confirmed that Clubhouse was transmitting audio and other personal information in plain text to servers in China, making the information potentially accessible to the Chinese government. The app has since been banned in China after hosting conversations about alleged Uighur internment camps and other politically controversial subjects, which could clearly have put activists and dissidents at risk. More recently, a database containing the records of 1.3 million Clubhouse users was posted on a popular hacker forum, including user names, profile photos, social media handles, account creation details, contacts and more, soon after similar leaks of Facebook and LinkedIn user data. According to security experts, "the Clubhouse SQL database used sequential numbering in the creation of user profiles, which allowed scrapers relatively easy access with basic tools [through] a simple script that adds one number to profile links." Clubhouse CEO Paul Davison vehemently rejected characterizations that the app had been breached or hacked, stating, "The data referred to is all public profile information from our app, which anyone can access via the app or our API." Davidson was essentially defending "scraping" -- the practice of extracting publicly available, non-copyrighted data from the Web. Whether technically a breach or not, the incident has breached the trust of many of its users, who did not reasonably expect their information to be used in this way. It also demonstrates a growing chasm between attitudes in the United States and Europe about data governance, as Silicon Valley continues to export its technology and ideals around the world. Scraping is the same technique that controversial start-up Clearview AI, popular with law enforcement, has used to amass its facial recognition database. Although it's received cease-and-desist letters from Facebook and Google (who themselves would not exist but for scraping and, in the case of Facebook, scraping non-public information), Clearview AI defends its practices on First Amendment grounds. In Europe, where data governance is more concerned with the fundamental rights of individuals than with the rights of corporations, techniques like scraping and the repurposing of publicly accessible data conflict with core principles in the General Data Protection Regulation, such as purpose limitation, notification and consent requirements, the individual's right to object to certain processing and more. Clubhouse is already under investigation by data protection authorities in both France and Germany for violations of data protection law. Illustration by Armando Veve. Recommended New Platform, Old Problems: How TikTok Recreates the Regulatory Challenges That Came Before It But Clubhouse's gaslighting on privacy and security concerns pales in comparison to its disregard for accessibility. In its quest for exclusivity, Clubhouse has managed to exclude large swaths of the population. The audio app, only available to iPhone users, was designed and deployed with virtually no accommodations for individuals who are deaf, hard of hearing, visually impaired or who have certain other disabilities. Competitors such as Twitter Spaces, while not perfect, at least allow users to turn on captions and share transcripts, among other features, demonstrating that accessibility in audio apps is possible. As one expert put it, "The app's founders -- and their venture-capital mega-backers in Andreessen-Horowitz -- don't know enough and don't care enough to make accessibility the priority it deserves." It might be tempting to excuse these challenges as teething problems that will be worked out over time. But there are two main problems with that view. First, these problems are not new. Public opinion and attitudes about privacy and security have evolved significantly since Mark Zuckerberg launched the Ivy League-only TheFacebook.com nearly two decades ago. Law- and policy makers are increasingly concerned too, and more than 130 countries around the world have introduced modern data protection and privacy laws for the digital world. And yet, much like early Facebook -- which was also backed by Marc Andreessen, before he formed Andreessen Horowitz -- Clubhouse is built on a combination of engineered hype, artificial scarcity and exclusivity, and the fear of missing out, with little regard for privacy, security or accessibility. In fact, in an unusual move for an app still in its beta phase, Clubhouse has already launched an influencer program. In other words, Clubhouse is following the standard Silicon Valley playbook. That Clubhouse was designed and rolled out this way now shows how little Silicon Valley and its venture capital backers have learned about what true "innovation" looks like, or perhaps, how little they care. A truly innovative product would learn from the mistakes of predecessor platforms and would focus on things like privacy, security and accessibility. Instead, Clubhouse is yet another example of technology designed by, and largely for, privileged, white, Western and able-bodied men. In many ways, Rohan and Davison, who met at Stanford and have an estimated nine failed apps between them, exhibit the naive optimism of many Silicon Valley founders who only see the good in tech and represent persistent disparities in the venture capital world. In 2020, only 2.3 percent of all venture funding went to female founders (down from 2.8 percent in 2019, as women were hit harder by the pandemic). It's easy to think that if policy makers, developers and users could all go back to the beginning of Facebook, they would do some things differently. But, as Clubhouse demonstrates, we are, once again, quick and eager to trade in our purportedly core values of privacy, security and accessibility for yet another shiny toy. And while it is one thing to ask people to go without their Facebook or Google products and services, now that these platforms have become so embedded in their daily life, it is another to ask them to abstain from Clubhouse. In this moment, before users have a compelling need to be on these platforms (because everyone else is there), and before Clubhouse becomes too big to fail, we still have a choice. This is our opportunity to demand more and to demand better. After all, if Clubhouse users do not demand these things from the outset, why should the policy makers whom we ask to regulate these technologies care? As the author and Princeton professor Ruha Benjamin so eloquently puts it, "Most people are forced to live inside someone else's imagination." For now, at least when it comes to Clubhouse, we still have a chance to reimagine. The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors. About the Author * Elizabeth M. Renieris Elizabeth M. Renieris is a technology and human rights fellow at Harvard University's Carr Center for Human Rights Policy, a fellow at Stanford University's Digital Civil Society Lab and an affiliate at the Berkman Klein Center for Internet and Society. Recommended Created with Sketch. A man walks past Google's logo in front of at an office building in Zurich, Switzerland on July 1, 2020. (Reuters/Arnd Wiegmann) Emerging Technology Platform Governance What Google's Privacy Sandbox Means for Internet Governance * Elizabeth M. Renieris March 19, 2021 A man walks past a sign for ByteDance's app TikTok at an expo in Hangzhou. (REUTERS/Stringer) Platform Governance Surveillance & Privacy Why Doesn't TikTok Get Policy Makers' Attention? * Heidi Tworek June 25, 2020 Illustration by Christian Gralingen Platform Governance A New Blueprint for Platform Governance * Heidi Tworek February 24, 2020 [CIGI-default-recommended-thumb] Platform Governance Briefing: The Facebook Oversight Board Decision about Donald Trump April 21, 2021 Naomi Klein on Entering the Tech Governance Debate Platform Governance Naomi Klein on Entering the Tech Governance Debate * Naomi Klein * Taylor Owen April 15, 2021 A flagship Apple store at the a flagship Apple store in the Carnegie Library in downtown Washington, DC (Shutterstock) Democracy Platform Governance Naomi Klein Takes Aim at Big Tech * Taylor Owen April 15, 2021 (Shutterstock) Platform Governance Security Who's Minding the Gaps? How the Shadowy World of Cyber Exploits Affects Us All * Taylor Owen April 5, 2021 (Shutterstock) Big Data Platform Governance Reckoning With the Size, Scope and Power of Social Media Giants * Robert Fay March 31, 2021 Mark Zuckerberg testifies remotely at the US House hearing on extremism and misinformation. (US House TV via CNP/Sipa USA) Platform Governance Five Things to Know About the Hearing on Extremism and Misinformation * Jesse Hirsh March 26, 2021 [CIGI-default-recommended-thumb] Platform Governance Briefing: The March 25 Hearing on Platform Misinformation March 24, 2021 An employee at Kytabu, an online learning platform, works in the company's office in Nairobi, Kenya on July 28, 2017. (Reuters/ Siegfried Modola) Platform Governance Toward a Global Platform Governance Research Agenda * Sonja Solomun March 22, 2021 Google Chief Executive Officer Sundar Pichai testifies remotely during the Senate Commerce, Science, and Transportation Committee hearing on October 28, 2020. (Reuters/Greg Nash) Platform Governance Five Things Democratic Governments Should Do to Fight Disinformation * Delphine Halgand-Mishra March 22, 2021 2 0 t h Created with Sketch. Africa (90) Artificial Intelligence (87) Big Data (185) Central Banking (105) China (217) Democracy (187) Digital Currency (24) Emerging Technology (116) Financial Systems (326) Future of Work (32) G20/G7 (304) Gender (79) IMF (222) India (55) Innovation (186) Innovation Economy (167) Intellectual Property (187) Internet Governance (201) Investor State Arbitration (70) Monetary Policy (129) NAFTA/CUSMA (201) Patents (21) Platform Governance (282) Productivity (12) Security (178) Sovereign Debt (109) Standards (33) Surveillance & Privacy (126) Systemic Risk (20) Trade (509) WTO (135) Get regular updates on our research and events in your inbox. Email [ ] [ Sign Up] Footer * Contact * Careers * Directions * Privacy Notice * Media * * * (c) 2021 Centre for International Governance Innovation This site uses cookies to provide the best online experience. By using this site, you agree to the use of cookies and collection of personal information per our Privacy Notice. To alter or disable the use of cookies, adjust your browser settings. OK * * * *