TAIPEI (Taiwan News) — Chinese and foreign users of the social media site Clubhouse post political content at their own peril, as its servers are based in China and its content is the legal domain of the Chinese Communist Party (CCP).

In recent weeks, Chinese netizens, Taiwanese nationals, Hongkongers, Uyghurs, Tibetans, and journalists have been flocking to the social media app Clubhouse to engage in open political discussions. Subjects covered include Hong Kong's national security law, Xinjiang detention camps, and Taiwan independence.

The audio-only app is being peddled as a new way for Chinese, Taiwanese, Hongkongers, and other groups to have open, frank discussions about topics considered taboo by the CCP. Whereas all other such discussions are quickly censored on all major Chinese social media sites — and Western social media sites are strictly banned — Clubhouse is being billed as a special exception.

However, would-be users should exercise caution as the app is built on Agora, which is a Chinese company founded by Tony Wang and Tony Zhao and based in Shanghai, with an office in Santa Clara, California. The company's data protection practices have come under scrutiny recently after netizens unearthed the firm's S-1 filing to the Securities and Exchange Commission in June of last year, which stated that Chinese laws may require it to "provide assistance in government investigations on national security grounds or in criminal cases," reported the South China Morning Post.

Clubhouse was created in just a week and using Agora as a Platform As A Service (PaaS), reported Seeking Alpha. An IT expert who wished to remain anonymous told Taiwan News that the creators of Clubhouse have no way to secure user data and speech uploaded to the server.

He warned that people who have signed onto Clubhouse have used traceable identification, making it easy for Chinese authorities to track them down in China. Chinese trolls on Twitter bragged over the weekend that they have taken screenshots of participants, recorded the conversations, and reported them to the government.

In an interview with SCMP, Agora Co-Founder, Head of APAC & Emerging Markets Tony Wang tried to reassure users by saying that it does not store any end-user data. However, the IT consultant told Taiwan News that being HIPAA and GDPR compliant only applies to servers in the U.S. or E.U. and has no bearing on servers in China.

The IT expert said that if Agora tried to become GDPR compliant by anonymizing user data, the government can still identify the person by derandomizing it. He then cited a European study that found that methods exist that can re-identify 99.98 percent of individuals.

All companies that have servers in China are subject to a number of draconian security laws such as the National Security Law, the National Intelligence Law, and the Cybersecurity Law. The last of these requires companies with networks in China to submit themselves to government supervision and stop transmission of information prohibited by laws or administrative regulations.

In addition, according to the broad language of Hong Kong's new national security law, any citizen of any country who is labeled as inciting hatred among Hongkongers toward the Chinese government could face criminal charges in China.