All posts by JenThorpe

Clubhouse’s Database of User Records was Scraped



Clubhouse has had an SQL database containing 1.3 million user records scraped and linked for free on a “popular hacker forum”, CyberNews reported. Clubhouse claims that this is false, and that it has not been breached. The situation appears to have led to some speculation on Twitter.

According to CyberNews, the leaked database contains a variety of user-related information from Clubhouse profiles including: user ID, name, photo URL, username, Twitter handle, Instagram handle, number of followers, number of people followed by the users, account creation date, and invited by user profile name.

CyberNews speculates that the leaked data could be used by threat actors against Clubhouse. It could be used to carry out targeted phishing or other types of social engineering attacks. CyberNews reported that they did not find sensitive data like credit card details or legal documents in the archive that was posted online.

Business Insider also reported about the leak of the personal data of Clubhouse users. It is not the only social media platform that has had this problem. Business Insider said that LinkedIn confirmed that about two-thirds of the platform’s userbase was scraped and posted publicly online. Previous to that, Facebook had a data leak that included the full names, location, email addresses, and other sensitive pieces of information of 533 million Facebook users. That data was posted in a forum.

Clubhouse responded to the situation by quote-tweeting a tweet from Techmeme about the CyberNews article that reported the scraping of Clubhouse’s user data. Clubhouse tweeted: “This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.”

I do not use Clubhouse, mostly because I personally feel that it lacks proper support for user privacy. There has been at least one situation in which a Clubhouse user recorded a Clubhouse chat and streamed it online. At the time Clubhouse stated that they permanently banned the user and installed new “safeguards”. It is unclear what those “safeguards” are.

Personally, I feel that Clubhouse’s tweet, insisting that the app had not been breached or hacked, is not enough to convince me Clubhouse will protect user’s information. Clubhouse stated that the data obtained is all public profile information, which anyone who has access to the app can see. Just because the profile is public doesn’t mean people are happy to have that information posted online outside of the Clubhouse app.


The Battle Between Epic Games and Apple Continues



Today, 9To5Mac reported a significant update to the legal battle between Apple and Epic Games – “Project Liberty”.

According to Apple, Epic Games hired PR firms in 2019 to work on a media strategy called “Project Liberty” aimed at portraying Apple “as the bad guy.” In October 2020, Judge Yvonne Rogers had concerns that Epic knew exactly what they were doing with the controversial Fortnite update, so this doesn’t come as a surprise.

Here is a quote from Apple:

Epic’s monopoly maintenance claim is premised on the notion that the antitrust laws preclude Apple from imposing conditions on the licensed use of its intellectual property, and impose on Apple a duty to deal with Epic on the terms preferred by Epic – to the detriment of other developers and consumers alike. But Apple has no obligation to license its intellectual property, aside from a limited exception not applicable here, businesses are free to choose the parties with whom they will deal, as well as the prices, terms and conditions of that dealing.

CNBC provided a summary of what Apple, and Epic, will argue in court. The case could be heard on May 3, 2021, (but the date could change due to the pandemic).

Apple will argue:

  • Its 30% commission is essentially the same as other online software stores like Google Play or stores for video game consoles and Apple’s fee has decreased over time.
  • It faces competition both for iPhones as well as other platforms to play games.
  • Its App Store policies have led to a boom in the software industry and result in greater safety and security for users.
  • The App Store is a core, integrated feature of the iPhone, and that using Apple payments for digital purchases is a key feature.

Epic will argue:

  • Apple forces consumers to bear high switching costs to stop using Apple products, locking them in.
  • As Apple has accumulated more customers and locked them in, the importance of selling software to Apple customers has grown.
  • Apple controls the only way to install software on an iPhone through the App Store.
  • Apple uses its App Review process, which manually screens individual apps, for anti-competitive purposes, removing apps for business reasons under the pretext of security.
  • Because some developers have chosen to raise iPhone software prices because of Apple’s 30% fee, it causes consumers to pay more, and Fortnite is an example.

Discord Banned More than 2,000 Extremist Groups



Discord is a group-chat app that is often used by people who enjoy playing video games with their friends who live far away. I use Discord to play Dungeons & Dragons with my friends, and have used it to talk to people while playing Diablo III. Unfortunately, it appears that a lot of terrible people had been using Discord for nefarious reasons. Discord has rightfully banned them.

Discord provided a lot of information in their Transparency Report which covers July through December of 2020. There is a pie chart that shows user reports by category. Harassment was the largest category, with 132,817 reports. This was followed by Cybercrime (42,588) and NSFW (33,106).

NPR reported that Discord removed more than 2,000 communities dedicated to extremism and other violent content in the second half of last year. NPR noted that the enforcement actions by Discord come at a time when Microsoft is (reportedly) in talks to acquire Discord for $10 billion.

Discord’s transparency report points out that it has invested in resources that enable it to proactively detect and remove the highest-harm groups from their platform. This includes many categories including: Exploitative Content, and Violent Extremist groups.

We also worked in the second half of 2020 to take action against militarized movements like the “Boogaloo Boys” and dangerous conspiratorial groups like QAnon. We continue to believe there is no place on Discord for groups organizing around hate, violence, or extremist ideologies.

Discord’s Trust & Safety team removed 1,504 servers for Violent Extremism in the second half of 2020. That is nearly a 93% increase from the first half of the year. According to Discord, the increase can be attributed to the expansion of their anti-extremism efforts as well as growing trends in the online extremism space.

One of the online trends Discord observed in that period of time was the growth of QAnon. Discord adjusted their efforts to address that movement and removed 334 QAnon-related servers.

Personally, I’m happy that Discord has been making efforts to remove violent extremism and conspiracy theories. Some of the Discords that I am connected to, and participate in, are open to anyone who wants to join. Knowing that Discord has been actively removing bad actors from its service makes me feel safer using it.


Clubhouse Introduces Payments



Clubhouse, a new social media thing that allows people to have live audio-chats with friends and strangers, has introduced “Payments”. This does not mean that people who use Clubhouse will have to pay a fee in order to keep using it. Instead, it gives users the ability to send money to someone else through Clubhouse.

Today, we’re thrilled to begin rolling out Payments – our first monetization feature for creators on Clubhouse. All users will be able to send payments today, and we’ll be rolling out the ability to receive payments in waves, starting with a small test group today. Our hope is to collect feedback, fine-tune the feature, and roll it out to everyone soon.


Here is how Clubhouse payments will work:

  • To send a payment in Clubhouse, just tap the profile of a creator (who has the feature enabled) and tap “Send Money.”
  • Enter the amount you would like to send them. The first time you do this, you’ll be asked to register a credit card or debit card.
  • 100% of the payment will go to the creator. The person sending the money will also be charged a small card processing fee, which will go directly to our payment processing partner, Stripe. Clubhouse will take nothing.

Clubhouse makes it clear that this is the “first of many features that allow creators to get paid directly on Clubhouse”. In other words, if this works, Clubhouse might add more payment features. What will people pay for? I suppose Clubhouse is hoping to find that out.

Stripe is a well known payment provider. Creators who post their work on Medium, and make money from doing so, are paid through Stripe. Substack also uses it. I have no problem with Clubhouse’s choice of payment provider.

My concern is that Clubhouse has a history of not respecting user’s privacy. Users are pushed to upload their entire contact list from their phone.

Doing so gives Clubhouse information about who you are connected to. It will use that information to try and connect you to your contacts that are on Clubhouse. Will Ormus pointed out on Medium that if you have an ex or harasser, who has you in their contacts, Clubhouse will know you are connected to that person and make recommendations on that basis.

What will Clubhouse do with your credit card information? Users will be giving it to Stripe – but they have to go through Clubhouse to do that.


You Can Now Buy a Tesla with Bitcoin



Elon Musk, the “Technoking of Tesla”, used Twitter to post some information that people who love cryptocurrency will probably enjoy. His tweet said: “You can now buy a Tesla with Bitcoin.” In a second tweet wrote: “Pay by Bitcoin capability available outside US later this year.”

CNBC reported that Tesla revealed last month that it had bought $1.5 billion worth of bitcoin and that it would soon start accepting the world’s most popular cryptocurrency as a form of payment. According to CNBC, Tesla’s electric vehicles typically cost between $37,990 and $124,000 before tax.

Tesla’s image as an environmentally-friendly car company sits at odds with the bitcoin network’s colossal carbon footprint. Researchers at the University of Cambridge found that it uses more electricity on an annual basis than the whole of Argentina. A 2018 paper published in Nature, arguably the most prestigious academic journal in the world, found that bitcoin emissions alone could push global warming above 2 degrees Celsius.

The Verge reported that according to Tesla’s bitcoin payment terms and conditions, its cars will continue to be priced in US dollars, and customers who choose to will pay the equivalent value in bitcoin. According to The Verge, Tesla estimates that a $100 deposit paid today equals 0.00183659BTC, for example.

Gizmodo pointed out something that was not explained by either Elon Musk or Tesla. Will Tesla price its cars based upon the number of bitcoins or paid for the fiat conversion of the time? If Tesla starts charging, for example, one bitcoin for a car, that will be the equivalent of roughly $56,000 today, but could be much higher or lower tomorrow.

Personally, I think bitcoin, and other cryptocurrency, are a gamble. The price can rapidly fluctuate based on unpredictable circumstances. It can be said that real currency can also do that. The difference is that the U.S. dollar has value because a society of people have agreed to treat it as though it has value. There is no such agreement connected to cryptocurrency.


Medium Offers Buyouts to its Editorial Team



Ev Williams, CEO of Medium, announced that there will be changes made to Medium’s editorial strategy and leadership. Employees of Medium are being given a voluntary exit option if they “would like to take a different path”.

…I want to give an option to those who would rather get off this crazy ride. To that end, we’re offering to everyone in editorial a voluntary separation program (VSP). What this means is that they can choose to leave the company and receive a lump sum of payment of five month’s salary to give a buffer to find their next job. (We will also cover six months of health benefits.) Again, this is voluntary and applies to everyone in the editorial organization…

As a writer who occasionally posts things on Medium, I find this interesting. It is good that Medium is giving the editors who choose to leave the platform five months of salary and six months of health benefits. That should make it easier for them to find new jobs.

The Medium post by Ev Williams provides detailed background information that led up to the decision to let the editors go. In 2019, Medium decided to create their own publications. The first one that was launched was called OneZero (which is about tech and science). Medium launched seven magazine-style publications within the next nine months.

According to Ev Williams, commissioning stories from professional writers into publications “worked less well” than hoped. It wasn’t because the writing wasn’t good. The problem was that the Medium subscriber base grew – but the publication’s audiences did not.

One part of the article sticks with me. “Trust is more important than ever and well-established editorial brands still have meaning. But today, credibility and affinity are primarily built by people – individual voices – rather than brands. In fact, that describes the vast majority of what people read on Medium, and is in line with our Relational strategy.”

To me, it sounds like Medium might be gearing up to compete with Substack, Twitter’s Revue, and whatever Facebook is calling its newsletter option. As someone who occasionally posts articles on Medium, I am curious to find out what changes will come.


Facebook Allows Users to Call for the Death of Public Figures



Facebook’s bullying and harassment policy explicitly allows for “public figures” to be targeted in ways otherwise banned on the site, including “calls for [their] death”, The Guardian reported. The information comes from internal moderator guidelines that were leaked to The Guardian.

In short, it appears that Facebook thinks it is acceptable to allow public figures to be abused on their platform, including with death threats, simply because the company considers the person to be a public figure. I’m not sure why anyone who fits that definition would stay on Facebook. It seems dangerous.

The company’s definition of public figures is broad. All politicians count, whatever the level of government and whether they have been elected or are standing for office, as does any journalist who is employed “to write/speak publicly”.

Online fame is enough to qualify provided the user has more than 100,000 fans or followers on one of their social media accounts. Being in the news is enough to strip users of protections.

In addition, people who are mentioned in the title, subtitle, or preview of 5 or more news articles or media pieces within the last 2 years are counted as public figures.

Children who are under the age of 13 are never counted as public figures. That description is troubling, as it implies that teenagers 13 or older – who Facebook considers to be a public figure – can be targeted for death threats. That’s definitely not acceptable!

The internal moderator documents state that private individuals cannot be targeted with “calls for death” on Facebook. This is not so for those Facebook considers to be public figures.

According to The Guardian, public figures cannot be “purposefully exposed” to “calls for death”. What does that mean? The documents indicate that calling for the death of a local minor celebrity is acceptable to Facebook so long as the user who is making the threat does not tag the person whom they are threatening.

There are problems with that practice. Obviously, the public person who is the target of a death threat is unlikely to see it unless they have been tagged in the post. That leaves them at risk if the private person who wants them dead decides to act on it offline.

Once Facebook considers a person to be a “public figure” – it sticks. There does not appear to be a way to discover if you are considered one, which makes it impossible to have that designation removed by Facebook.