Clubhouse didn’t officially release in China and it was also banned just days ago, but the app’s creators are still nervous enough to take action.

Sometime during the long U.S. holiday weekend, developer Alpha Exploration Co. will make backend changes that will boost the service’s encryption and prevent user ID pings from being routed through servers in China. The Clubhouse dev also pledged to have “an external data security firm…review and validate these changes.”

The move follows a detailed report from the Stanford Internet Observatory (SIO) revealing the audio chat app’s previously unreported links to a tech interest in China. Agora is a “video, voice and live interactive streaming platform” that provides backend services to Clubhouse — namely hosting and piping the app’s raw audio across the internet.

This is particularly worrisome, as the SIO notes, because “a user’s unique Clubhouse ID number and chatroom ID are transmitted in plaintext, and Agora would likely have access to users’ raw audio.” Imagine a Chinese citizen hosts a chat on a provocative subject, and the accompanying data is subsequently able to connect the user and Clubhouse ID to audio from the chat.

Agora is jointly headquartered in the U.S. and China, which means the company is subject to the latter’s restrictive cybersecurity law requiring it to provide aid in any criminal or national security investigation. And although Agora claims that it doesn’t store any audio or user data, there are genuine concerns about data privacy when it comes to Chinese companies.

The specifics here get fairly technical, but Clubhouse does store user audio temporarily for trust and safety investigations. That audio is stored in the U.S. — which effectively puts it outside the Chinese government’s reach — but it could still be at risk if an outside partner, such as, say, Agora, held the audio somewhere inside China.

As a result of SIO’s thorough investigation, which you should definitely read through for more specifics, Clubhouse is going to see some backend changes. The report ends with a statement from Alpha Exploration running through the plans.

“With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection,” the statement reads, going on to explain the changes described at the outset of this story. “We welcome collaboration with the security and privacy community as we continue to grow.”

As we reported earlier in the week, it’s not clear exactly what earned Clubhouse an official ban in China. There’s probably no single reason. Although the app was never released there, as Alpha Exploration explained in its SIO statement, people in China found workarounds that allowed them to get online. 

h/t Engadget