About a week ago:

The Stanford Internet Observatory has confirmed that Agora, a Shanghai-based provider of real-time engagement software, supplies back-end infrastructure to the Clubhouse App (see Appendix). This relationship had previously been widely suspected but not publicly confirmed. Further, SIO has determined that a user’s unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users’ raw audio, potentially providing access to the Chinese government. In at least one instance, SIO observed room metadata being relayed to servers we believe to be hosted in the PRC, and audio to servers managed by Chinese entities and distributed around the world via Anycast. It is also likely possible to connect Clubhouse IDs with user profiles.

The WDI Club hosted a room last week to discuss this topic.

Then, earlier today, it was noticed that Opench.aix.uy had been launched and exploited a flaw in the design of the application to run bots and stream conversations from different open rooms on Clubhouse.

It has since been shut down and this is the note left on the page:

作者的话/Author's words:

网站已死，开源永存！
While the account is blocked and the website is over, the open source will live forever.

这是一个第三方 Clubhouse 音频播放器，我希望任何人能听到 CH 上的各种声音，所以这是一个安卓可用，电脑可用，也是所有没有邀请码的小伙伴们可以使用的 Clubhouse 客户端。所有的房间权限都是通过个人的 Session 获取。所有音频的版权都归 JoinClubhouse.com 和其用户所有。

This is a third part Clubhouse audio player. I hope that everybody can hear the voice. So it is a open Clubhouse client for Android, for Computer, and for anyone without invite code. All room accesses are acquired from personal session, and all copyrights of the voice are belongs to JoinClubhouse.com and its users.

GitHub: https://github.com/ai-eks/OpenClubhouse

In true Clubhouse meta-style, several rooms opened up to discuss the situation:

It appears that a user was using his tokens from the Clubhouse iOS application to access the audio streams through the Agora API. As the story unfolded, it revealed that Opench.aix.uy was published by a researcher in China whose intention was to create access to the application to blocked China users and Android users.

It does not appear that there was malicious intent by this researcher.

However, it is also quite possible that other actors have been using this flaw to access different rooms and record conversations.

What is amazing is that the conversations on Clubhouse (particularly in the House of Prelon room) unpacked the technical details in real-time. Resources to further understand the architecture and vulnerabilities of Clubhouse, and general web application security were also shared. It felt like an accelerated crash course in cybersecurity from top experts with a real-world live case study.

Now, it is important to remember that no conversation on Clubhouse is private - the nature of the application is a public square conversation, and it should be assumed that you can be recorded, streamed, or misquoted. This is also the nature of the Internet. Anything you post on the Internet potentially lives forever. Digital hygiene is an important responsibility.