32 comments

[ 4.0 ms ] story [ 72.9 ms ] thread
Why is it against GDPR if somebody agreed to it and agreed to their Privacy Policy [1]? I don't understand the claim in this tweet exactly. I think some context is missing.

[1]: https://www.notion.so/Privacy-Policy-cd4b415950204a46819478b...

I believe the "We need contacts permission" message is key here. The message should include the purpose for what the contact data will be used for when asking for consent.

> Specific – consent must relate to specific actions relating to the data rather than for any purpose the business wants it. For example, if the data is for a newsletter subscription, it must say exactly that.

https://www.gdpreu.org/the-regulation/key-concepts/consent/

AFAIK the issue is that the service is pulling in PI of other people without their consent.

You can not store my name/phone number etc without my consent - even if you got that data from one of your user's contact list.

Please correct me if I'm wrong. IANAL.

If my number is in your phonebook, you cannot give consent to Clubhouse to get that info on my behalf.
And so does every other social media platform. Signal does so with hashes (https://support.signal.org/hc/en-us/articles/360007061452-Do...), but there's so few phone numbers that it would be trivial to brute force or rainbow table all the possible values.
I'm assuming signal is following best practice. How else could one match contacts without uploading some contact data?
There is no need to upload or match contacts in this case. It is a required step for inviting a new user. The invite SMS is even sent from the device, not by Clubhouse.
One of the recent versions sends it from Clubhouse servers not the device.
Oh! I see. I was thinking of matching users in your list with those already on the platform. In this case, that means N number of user already sent their contact list to clubhouse and club house is keeping and using that data.
Signal's "best practice" for a while was to use special hardware that relied trusting Intel in the best case but in practice was also perpetually being broken into…
I wish Signal didn't use phone numbers as identifiers. That's the original sin of all these apps and the convenient excuse for uploading contacts
You don't need to use phone numbers as identifiers to upload contacts. For example Hangouts (RIP) and Matrix both support letting people find you by number without using it as a primary identifier.

I assume that using numbers as identifiers has two main benefits 1. easy (insecure) auth 2. it forces everyone to provide you their number so that lookup by number works better.

Of course I don't find these worth it. I have had 5 numbers so far and there is a decent chance I will switch numbers again. I don't like having an identifier that is tied to my physical location.

Public, the stock trading app does this as well. Same interface (your contact has x friends) but it seems this is a growing, and worrisome trend.
The terseness of their permission request does not meet Apple's review guidelines. It's almost identical to one of Apple's unacceptable examples.

https://developer.apple.com/design/human-interface-guideline...

https://developer.apple.com/app-store/review/guidelines/#5.1...

Is there a way to report the app to bring it to Apple's attention?

Sadly, it doesn't seem so. The fact that there is no clear place to do this is honestly quite ironic given that Apple requires all third-party apps to have an easy way to report rulebreaking content…
There is actually! I was told about it over the phone with an App Review rep a few weeks ago. I didn't write it down unfortunately, but I think it was appreview@apple.com - googling for that e-mail address returns some results, so I am pretty positive that was it.
Awesome! It seems that most of the references in search results are around interactions between Apple and developers. But it definitely looks like the best place to send violations as well. Thank you!
I just sent them an email. Other developers should too because everyone should play by the same rules.
I was extremely annoyed last week when my friend messaged me and asked me if I was going to use clubhouse, I said no I don't think anyone I know would be using it. She said, well.. you have 63 friends using it, I said... I don't have 63 friends! She then proceeded to send me a screenshot with a list of her contacts not on ClubHouse that shows how many of their contacts are on it. I don't know why this bothered me so much, but for whatever reason it did.
This is precisely why iOS and Android should never have allowed an app direct access to our Contacts. Rather, everything from the API should be anonymous hashes AND be different per application. The OS should also have supplied a "Contact list UI" that gave apps a unified way of displaying contacts without giving away the keys to the kingdom.

Otherwise, once your contact list is uploaded, everyone's privacy is violated.

I imagine this is not Clubhouse.io ?

Confusing when different products have the same name.

I absolutely thought this was clubhouse.io until I had a closer look at the screenshots. I have no idea what this other clubhouse app is. Confusing indeed.
Lol Big Tech spying on their own. Beautiful.
A little known fact is that Uber also does this, or at least used to. On iOS when you try to copy a link to follow your trip it first asks for contacts permissions with a bullshit reason - declining doesn't have any ill effects but obviously it's designed to try and catch users off-guard or make them think it's mandatory and I guess a lot of people do submit.
I think there should be dark patterns and ... darkest patterns.
It would actually be a neat UI to show the person's contacts letting the person pick which one to try with a "match the hash" function that shows the one way hash generated and does a "ping" on the service to see if someone matches.

Won't happen, but would be a fun UI to do.

It is worth nothing that hashing phone numbers without salt is basically useless, and you can't do a lookup like this if salted. North America only has 10M possible phone numbers so brute forcing or building a rainbow table is trivial. I don't know about other country codes but I presume the situation is pretty similar.
This is not Clubhouse.io but joinClubhouse.com, an invite-only zoom/gather.town alternative for organising events. I have a few friends in San Francisco using it but doesn't look like it's well-known outside the circle.

Think they've been growing a lot in the recent months and getting more popular.

Curious what is the legal implication from a privacy perspective if they are only uploading the hashes.

Thanks for clarifying that. I've got a generally good opinion of clubhouse.io and was concerned.
Title should be changed, because it's not about clubhouse.io.
On a lighter note: when I joined.. I found out that I had a contact who has over 1000+ Clubhouse members in their phone contacts.

Turns out that it was the cab company’s number in SF that I used to have on speed dial. This was from pre-Uber days when we still had to hail a cab or call for one while at the city by the bay.

The cab company guy is hands down the one with the most Silicon Valley/Big Tech (phone) connections.

Data is awesome. But sometimes it’s just noise rather than signal.