I must clarify that I haven’t been allowed into Clubhouse as I’m wearing the wrong shoes, the lady with the clipboard won’t let me in as I’m an Android user. Nevertheless, from the outside I have been curious and wondering how they monitor false information, hate, bullying and abuse. How do you monitor a world of audio content? How do you monitor tone of voice? If Facebook and Twitter have struggled with years of experience, what about the new kid on the block? And how well does Clubhouse protect your privacy?
What is Clubhouse?
Clubhouse is an invite-only audio social network where users gather in virtual rooms and listen to one another speak (or if it’s anything like real-life, talk over each other). Launched in March 2020, exclusively on Apple devices, it has reached the tipping point, due in part to its exponential growth and therefore higher numbers of people being added every day via invitation, and bolstered by a couple of tech titans, namely Elon Musk and Mark Zuckerberg trying it out.
So how do Clubhouse manage Trust and Safety?
The invite-only policy means that people are going to be picky with who they invite which engenders a base level of trust. There are strict Community Guidelines which offer a range of tools including room moderator powers (speakers can be muted and people removed from the room) and an individual ability to block or unfollow users. Further, Clubhouse temporarily records and encrypts every session. These recordings are deleted at the end of the live session and so if you have a complaint or suffer abuse, you should report it as soon as possible so that they can retain the recording for investigation.
What about my privacy?
This is an area of concern for different reasons. The app had become increasingly popular in China due to an ability to have unmonitored conversations about a wide range of topics and opinions that would not be able elsewhere due to censorship. Yet, on Monday authorities blocked the app. This is of course a blow for Chinese citizens’ privacy (and human rights) but of course not the responsibility of Clubhouse.
The Federation of German Consumer Organisations has accused Alpha Exploration Co. (Clubhouse) of a number of violations including solely publishing its terms and conditions and privacy policy in English; not publishing an Impressum (a form of legal notice); and a number of data protection violations including accessing contacts from a user’s phone.
Let’s look at the contacts issue in more detail. When you sign up to Clubhouse, you’re encouraged to let Clubhouse access to your phone’s contacts, so you can connect with other users of the social network. But this means that Clubhouse would have access to the contacts of people who aren’t members and in turn know how many people they are connected to. This used to be quite a common practice; we’ve probably all seen it. In fact, my LinkedIn data includes the phone numbers of all my contacts in my phone – request your data and you will see it too – go to privacy and settings/get a copy of your data/imported contacts. But today this contravenes German regulation and GDPR.
Whilst I am reassured from a safety perspective that sessions are recorded, how else could you prove abuse? And yet this is likely a privacy violation, Alexander Hanff wrote an excellent LinkedIn piece on this topic and pointed out that accessing the recordings without consent from all participants violates the ePrivacy Directive (2002/58/EC).
Like Alexander (sorry I can’t call people by their surname, this isn’t a boarding school) I did read the privacy policy and this screamed out like a sore thumb:
“By using our Service, you understand and acknowledge that your Personal Data will be transferred from your location to our facilities and servers in the United States, and where applicable, to the servers of the technology partners we use to provide our Service.”
What? They haven’t even paid lip service to privacy and dropped in words like “legal basis”, “adequacy” or “safeguards”!
Summary
In conclusion, Clubhouse does appear to have safety at the heart of its platform, but with regards to privacy it is missing out on fundamentals. This is bizarre for a product that would have been developed in this privacy-centric era, and further, has had significant funding from more than 180 investors which must have included due diligence and top-notch legal work.
Further reading and sources:
Comments