Although it sounds fun and exciting, the app comes with serious security concerns. Much like TikTok, another white-hot app, this app has ties to China, bringing foreign spying concerns. Tap or click here to see if TikTok is actually a cybersecurity risk. A recent blog post from Stanford University sent red flags flapping in the wind. In response, developers said they would try to improve its security, but can users trust this? We put on our detective cap and looked into the privacy concerns.

What’s all the buzz about?

Tons of big names have thrown their hat into the Clubhouse ring. Elon Musk and Mark Zuckerberg appeared on Clubhouse chats, driving traffic to the app. The exclusivity is only boosting its popularity. After all, everyone wants to feel like they’re getting the VIP treatment. When an app is invite-only, that makes people more eager to join. It’s like a way of proving yourself. Before you join, though, you might want to look behind the curtain. While Clubhouse claims it doesn’t store any information about U.S. users, privacy advocates aren’t sure that conversations are completely secure. A new report from Stanford Internet Observatory (SIO) found some cracks in the app’s foundation. It found a connection between the Clubhouse app and Agora Inc., a video and audio streaming software company with headquarters in both Shanghai and Santa Clara. To put it simply, Agora supports the app’s back-end infrastructure.

Your private chats aren’t secret. Anyone can peek at the code

Think of direct messages in an app. On Twitter, you can slip into someone’s private inbox and have a one-on-one chat. There’s a similar feature on Clubhouse, but a vulnerability in the code could let third parties spy on you. When you and a friend open a chat room, that room gets its own ID. You also have user IDs in the app. All of this information is transmitted in plain text — or, in other words, they’re not encrypted. If you want to keep a conversation on the app private, tough luck. Third parties could match IDs on different chatrooms to track down who’s talking to each other. Here’s what the data may look like to third parties. When you sign up for Clubhouse, the app claims that there’s no public record of your voice after you’re done talking. However, its Chinese connections could muddy the waters.

China could be listening in

SIO took a close look at Clubhouse’s privacy policy, which says user audio is “temporarily” recorded for the sake of safety. Once the app determines there was no hate speech or terrorism, it deletes your audio. But Clubhouse didn’t define what it meant by temporarily. Is your audio in its servers for hours, days, weeks? We’re not sure. There may be server complications, too. When looking at the metadata from a Clubhouse room, they found information being relayed to servers that were likely hosted in the People’s Republic of China. They also found audio being sent to servers managed by Chinese entities. SIO wasn’t sure if user audio was stored in the U.S. or China. Although Clubhouse hasn’t said where user audio is stored, SIO wondered what could happen if the audio were stored in China. Here’s where the Agora connection comes back. Since it’s a Chinese company, it would be legally required to submit to authorities. If government leaders said audio messages could pose a national security threat, Agora would have to comply. So, if your messages are stored for an indeterminate amount of time, they could hypothetically be shared if the Chinese government put its foot down. And that’s only if audio clips are shared with Agora, which has not been confirmed. Of course, this hasn’t happened as far as we know. Still, though, it’s a very real — and frightening — possibility. YOU NEED TO KNOW THIS: Spot covert government and policy spy cameras hidden in plain sight

Is it worth the hype?

If you still want to join the chats on Clubhouse, make sure you’re protecting your privacy. Use a VPN to protect your location data and don’t share any personal information about yourself. We recommend our sponsor, ExpressVPN. Tap or click here to get 3 months free when you sign up for one year at ExpressVPN.com/Kim. Also, if you’re traveling abroad, be aware that it’s blocked in China. Social media apps can be a ton of fun, but they’re not worth getting into hot water over. If you want to find out more about government surveillance in popular tech, keep reading!

Take this quiz to see which government agencies have your photo on fileTap or click for details on a facial recognition app with connections to law enforcementStop Facebook from looking for you with face recognition