I saw Clubhouse in the news a few months ago and joined the waiting list. I wasn’t sure what it was, but saw it was the new cool thing. I went forward even knowing celebrities were all over it; I’m pretty anti-culture. A friend of a friend saw I was waiting and gave me an invite a few weeks ago. I was really impressed.
I found some great communities right away, the founderstreams group was welcoming to me. The owner Jonathan G. Blanco invited me to stage after being on the app for a few hours, and I was terrified. It turned out great though, I was able to give some startups advice, from my experience, and they appreciated it. I branched out from there and have met some really cool people, I love talking to them weeks later.
Before I get into the rest, if I am banned from the platform, it’s because I am going to say below. Free me, if I do :)
And then it was leaked Agora powers the app. It’s a Chinese service, hosted on the Alibaba Cloud. Yeah, the Chinese government can spy on you. They probably could have anyway, but it makes things easier for them. I’ll get into that later. No one really seemed to care though.
A few days later a developer wrote some amateur level code and hosted it, demonstrating anyone can join rooms and listen, without an invite. Bypassing the invite system isn’t great, but I don’t particularly care. The small and junior engineering community on the app started a room, and they were in uproar. They were so upset. Nazi’s were brought up. And the worst ideas and conclusions were made. I wanted to die.
These self-proclaimed “top engineers” were very upset Clubhouse would not hire them, despite their begging. Their claims of being senior engineers, after 5 years experience really had them upset they weren’t being listened to. Even an engineer from Google tried to make it into a social justice warrior forum. It never fails with these people, never. If they spent half their energy becoming good engineers, they wouldn’t even have the energy to think about all that bullshit.
Anyway, their ideas were terrible. “Obscure the token” one “expert engineer” with 6 minutes of experience enthusiastically proclaimed. No. Obscurity is not security. It does nothing. Another “security expert” and “top engineer” had been developing iOS apps for months and and has no experience with server side code spoke up. After his tears and weeping ceased, after being rejected to work for Clubhouse, he wanted to share the audio should be encrypted! Okay. Here’s the deal, buddy: it is. The S in HTTPS means secure, it’s encrypted. If his suggestion was to add another layer of encryption, which I think it was, it does nothing. Everyone in a public room needs to be able to decrypt these conversations, which means everyone needs the key.
Clubhouse talks are the equivalent of making a public post on Facebook or Twitter. Public means… never mind. You can’t have it both ways. Things are public or private. The end. Let’s tell everyone the password and not tell China. Yeah, they will never find out. The fuck? These “experts” had no idea what they are talking about. What I did learn though is that I would never hire those people.
The following day (today) I went to the “town hall” meeting. They kept saying how security and safety is so important to them. They answered 1 canned question about security. I think they answered 2 about safety. They don’t care. And I don’t either. There is no safety and security on a public internet forum.
But they said they care. They don’t. It was my second town hall and the fact they answer curated questions only was a huge red flag for me. Have the balls to answer hard questions live, or shut up. Your PR stunts are boring and transparent. Anyway, they said they were alerted about the “breach” (it’s not a breach), and banned the user who’s token was being used and are working to prevent it in the future. Liars. They can’t prevent it. It’s literally not possible. They can prevent the Chinese from spying on private calls though. If they bring it to US services only the US and Russia can spy on it; that’s cool, I guess. Either way, they are pretending they care or have a 3rd grade education. My bet is that they don’t care. They want users and to try to flip it, which they will fail at, because they have no unique technology and it would take a week to recreate what they have made.
It was all a waste of time. I really wanted to meet some engineers on CH, but I’m not sure any of them can read, so I’ll stick to the startup scene there. I wish you all the best of luck protecting yourselves from people listening to you in a public forum. I can’t wait until you figure out the impossible.