I slept through the opench.aix.uy drama, but the synopsis of this — and someone can correct me if I miss anything — is that ai-eks used their Clubhouse user token and had a bot join every room, collect the Agora tokens, and plug them into a browser client. 
This technical breakdown shows how Clubhouse works. It's a scrappy startup, & there are 3 legs. Clubhouse has their own API for user management. It relies on Agora for RTC audio streams. And less spoken is that the room interactions flow over PubNub events theori.io/research/korea…
Unless I missed something, Clubhouse conversations weren't being recorded by the opench.aix.uy experiments. But, the metadata was indeed being scraped & relayed over the flask service. That's of course a cause for concern for the intimate, ephemeral network.
The nuts & bolts of how someone could build a service like this points at two weaknesses. First, Agora tokens. They're magic keys that unlock a 'call.' They shouldn't be able to be shared. But they can be. A combination of a bad architecture (Agora) and implementation (Clubhouse)
When a user joins a channel, they're getting what is essentially a long-lived token that can then be shared. Ai-eks' service crawls & joins every room, grabs the token, then just passes it around to be used on the client-side N number of times to connect to Agora.
That brings us to the second problem. Agora and Clubhouse don't always maintain the same state. When a user joins a room — aka channel — they receive a token, and unless that token is invalidated (by time or Clubhouse's API), then they can maintain a connection to Agora.
This essentially means that anyone with an active token — depending on how robust the implementation — can become a ghost listener. Their Clubhouse state would change, but their Agora state would not, and they could continue to listen as a ghost.
https://twitter.com/_j0no/status/1361556691360174085?s=20
The chaotic few days of this experiment was a result of these weaknesses, turning what is essentially a phone call into a livestream using the quirks of the Clubhouse/Agora architecture. It didn't change the state of Clubhouse; but rather played out on the Agora side.
Clubhouse can fix a lot of these issues with better token management. It was always a hard problem, but they added another layer of complexity — these RTC products were designed for trustful calls & data streams, and Clubhouse threw a wrench in how they were designed to work.
Clubhouse can also be more aggressive on their half of state, preventing individual users like ai-eks from joining every room. In fact, they already did. But that's a bare minimum; this is an arms race, and the nefarious actors will get better with sophisticated botnets.
This isn't the only experiment playing out right now. Others are building their own private clients (lacking the centralized token swapping). It's a neat race playing out on GitHub, and it is healthy & fun.
https://twitter.com/zhuowei/status/1361498612820287488?s=20
These events are a wake up call. Clubhouse responded by swiftly blocking the first user. It was the right decision. But, the code is out there, and anyone can do this now. This isn't a private call: this is a public social network. Clubhouse will fight that distinction forever.
I started sniffing Clubhouse traffic & learning about it two weeks ago when the Chinese government banned the app. At that point, @zhuowei had already released the OpenAPI spec and the hackers were off to the races github.com/zhuowei/Clubho…
What I was curious about was whether Clubhouse's Achilles heal would actually make it more censorship resistant. Specifically, the GFW targeted the Clubhouse API, but *did not* target Agora, which has a number of Chinese customers. That still stands.
https://twitter.com/_DanielSinclair/status/1358656186619486209?s=20
We saw my little theory became true this weekend. The experiment subverted the domain that was banned — the central Clubhouse API — thus evading the firewall. Prior to Clubhouse pulling the token, Chinese users could listen to Clubhouse again through the service.
What I want to see after this successful experiment is for Clubhouse to natively support their own proxy like Signal. This would allow users from behind the Great Firewall to continue to communicate over Clubhouse.
https://twitter.com/_DanielSinclair/status/1357485146996420619?s=20
Clubhouse would face challenges in acknowledging & supporting censorship resistance (namely putting Agora in a position to retaliate at the behest of the Chinese government), which is why I hope this growing body of Clubhouse hackers continue to push forward w/ a quiet nod.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
