So 12 characters is not secure, 4 numbers is not secure, 6 numbers is not secure either. 5 numbers is the best security!
They've got a custom OTP setup which they've revised at least twice already, but as with this Clubhouse thing if you transmit your OTP as plaintext over unencrypted channels obviously a bad guy can intercept that. So basically that SSL box ought to be removed (in favour of always doing TLS) or at the very least default checked.
I can most easily imagine they had a proprietary setup in the 1990s, and one day they make a web site because of this exciting new technology. Should it have SSL? Security sounds good, but it is slower. Traders demand an option. Now, fast forward a few years you're building an iPhone app, your prototype looks good, but traders ask, where is that SSL option? Chances are the answer is "Um, TLS is always On? Because switching it Off would be stupid?". Oh dear, are you calling a long time customer "stupid" for not clicking the SSL box all these years? No of course you aren't, you add the SSL box to the app and everybody working on it learns not to point out that this is stupid.
[ Do I trust that they got that right? Maybe. Others might have a better idea how many off-the-shelf OTP implementations handle this correctly ]
However an active MitM just works. You give the user the illusion they're talking directly to the real system, but you actually keep working copies of their logged in state. When they're done trading, you just carry on. If there's an explicit "Log out" step you can dummy that out.
Forget passwords and OTP, even something modern like Security Keys (WebAuthn) would fall to this - except WebAuthn's APIs magically don't exist unless you have secure context (basically an HTTPS site) so for the web that can't happen. If you used the built-in Android / iOS FIDO implementation† and stupidly did HTTP backend in your app, you'd be screwed.
† In this scenario, you're getting the same features as WebAuthn but backed by your device biometrics, and with a custom per-app identifier instead of a DNS name to stop you stealing the user's Google authentication or whatever.
Normal people will never learn about this , and doing it right would take too much effort. While I would love new better social media to take over, I don't think social media which serves it's users is possible.
Hell, I self sensor more here than I do in real life. In real life if I say something odd it's forgotten within minutes.
EDIT: I didn’t realize initially this is UDP, but I think there is a similar solution like TLS for TCP
Sure getting it right might be hard, but getting it somehow good enough to not be obviously bad is much less so.
Not only are there thinks like DTLS, in the worst case you could just "ship" a AES key when you login over TCP/TLS and then you encrypt any udp message with that key or something like that. Sure there are many ways you can get it wrong but it's easy to setup and better then plaintext.
Why bother , move fast and break things yo
"Jam" is an open source implementation of the "audio space" concept that I built over the last few days w/ @DoubleMalt and @mitschabaude
There is still a lot to do but for now you can create rooms and moderate them (stage, audience, mic-flashing, …), powered by WebRTC and should work in any modern browser.
Any feedback, suggestions, thoughts welcome, might do a Show HN in the next days
I'm also looking forward to run a jam on my raspberry :))
to support rooms with larger audiences we'll probably need to add support for mixing on the server side as well eventually
I'd be more worried about it being hosted in China than user IDs being unencrypted.
There are a lot of software features that Clubhouse can add, but they have to or choose to focus on many other things instead. Something simple like a "shut up" button "we got your point two minutes ago".
Competition will force them to re-prioritize just to keep the users.
Some people on HN seem to take security much more seriously than necessary, as if security is the most important feature. But in business, it usually isn't.
Necessary to who?
Just trying to understand the severity here and if I'm doing something wrong in my apps.
The rule is, if ever in doubt, send all data through https. There is just about no reason to use unencrypted http or tcp in 2021.
Is there a term for this form of argument? Like where someone makes a rhetorical question after seeding the answer? Its like creating a false dilemma, where one intentionally removes non-binary choices for their own agenda, but its not quite a false dilemma yet, except after someone responds about how weak this form of argument is by presenting second, third and fourth reasons that were outside of the boundaries of the question but inside the boundaries of reality.
The bigger question right here is why startup culture works so successfully. The purpose of a VC Startup assumes to create a product to expand the marketshare to the world eventually. And it was based on the assumption of globalization. In a world where it was less polarized to politics opinion and enjoy the economical growth and appreciation of new tech. A entrepreneur who neglect geo-politics could do pretty fine in this environment.
With the rise of sharp power of China, the question is not so straightforward. Hollywood company faced China's influence by banning content that is not favorable to China, in order to get access to China's market. Airline companies were threatened by China to not referring Taiwan as country otherwise a boycott to those airline. If a company just comply to China's request or threat, then they could potentially piss off Taiwan and Hong Kong customers, and potentially losing other countries in the free world if the PR was too bad. However, they don't comply, then they could potentially lose access to China's market. It is difficult to be neutral and not taking side, because of the polarization of both parties. Not taking side was potentially the worst option which would piss off both side because both thinks the company does not stand for their value.
It is just a extension of this underwater war. The take right here is if a startup is intended to be used by the world, the owner may need to be prepared for unintentionally pissing off a potential group of customers because of not understanding sensitive geo-polictics issue.
Deciding that China’s gatekeeping is worse just because it comes the government is where we lose a lot of possibility of introspection from people.
because a lot of Chinese companies are really good at voice related services due to the ubiquitous use of it in China. (typing Mandarin is annoying because you have to use pinyin).
Maybe, because that startup does a good job for an reasonable cost.
> Clubhouse is a honey pot for CCP
No it's a fancy life style app which doesn't care about censorship resistance at all. As far as I know
you can be pretty sure that any service operating in China will have backdoors or similar of some form, through potentially only for their Chinese users.
So as long as you don't use a service which explicitly cares about censorship and privacy which also operates in China you shouldn't trust them with any sensitive information at all especially if part of the "conversation" is "in china". I mean I would be seriously surprised if the key-server of e.g. zoom doesn't leak encryption keys for "(partial) in china" conversations to the government.
And coming back to clubhouse while they might seem to be privacy orientated on the first sight they are, as far as I can tell not. They just use "exclusivity" as a way to sell there product and mistaking this "exclusivity" with privacy would be a big mistake.
I mean some of the most common usages of club house are basically a fancy form of a pod-cast "just more exclusive".
> Or prove me wrong
Your argument is as much based on biased assumptions as is mine. So this discussion is pretty far away from any prove in any direction tbh.
That fact of life is not guiding factor for why corporations create technology, compete for contracts, and make revenue.
And there is a lot of technology there. It is an innovative, high growth, competitive maybe overly competitive, and dense part of the world. Most of which has nothing to do with what's happening on the other side of the Gobi desert. If that is to be your cause, great, because that's going to keep happening, but its a large stretch to make that the sole guiding factor for everyone else that creates or simply uses software from China.
If you are subject to that system, then you should use discretion on Clubhouse, that would really be the entirety of your message.
Edit: It's off-topic. Chill out.
I also found out there’s a project management app called Clubhouse, so that’s a little weird.
The privacy implications of leaking user identifying information are massive. Not something that should be dismissed so quickly as “nothing to see”.
Maybe not interesting for you, but many of us care about holding companies accountable for bad practices. If you don’t, this will become more common as it’s effectively being tolerated.
No company gets a free pass on the implications of sacrificing privacy or security. Even if “less than a year old”.
This is serious:
“Any observer of internet traffic could easily match IDs on shared chatrooms to see who is talking to whom. For mainland Chinese users, this is troubling”
A dangerous and all too common pattern of negligence. Willful or otherwise.
do the display name thing and use email as your auth identity. stop doing the same namespace mistake everyone else has made
If I was Clubhouse and when I launch a new service one day when I'm not so busy with my day job, I will have a sunrise period where GitHub user will reserve their username. There will be phase 2, when Twitter users will be able to grab theirs, too, and will get the option to use the "@" prefix if somebody with GitHub grabbed theirs or change it. Lastly, there will be Facebook and LinkedIn phases, too. How can one be pissed in such a scenario? Plus, I will be onboard the most influential people first.
I do like your ideas though, that's definitely a new one!