Tell HN: Notion Desktop is monitoring your audio and network
By: HoyaSaxaIf you have the Notion Desktop App installed, you may have started to notice a "In a meeting? Start AI Meeting Notes" notification pop up exactly when you are joining a virtual meeting (e.g. joining a Google Meet on Firefox).
At first, I assumed it must have been using my Google Workspace account to snoop on my calendar. But then I started to notice it would notify exactly when I joined even if I was late and the meeting had previously started.
This was the response from Notion Support after they worked with the Notion Engineering team.
> Meeting Detection Architecture:
> - The system uses a sophisticated dual-detection approach: microphone monitoring combined with network port analysis
> - Detection is implemented separately for macOS and Windows at the native operating system level
I've uninstalled the Notion Desktop App...
By: wustep
21 hours agoHey!
1. Notion records audio only during your use of the Meeting Notes feature. Here are the docs: https://www.notion.com/help/ai-meeting-notes
2. Notion desktop app has notifications about meetings that ask you if you want to use Meeting Notes, it recognizes this by detecting that your microphone is on (i.e. it does not listen to audio coming from your microphone). This feature is a setting in preferences btw, under Notifications > Desktop meeting detection notification.
source: I work for Notion
By: jitl
21 hours agoTo elaborate:
The Notion desktop app will observe if there is a process running on your computer that is actively using your microphone, such as Zoom.
Notion does not and cannot listen to the audio coming from your microphone ambiently or snoop on the signal received by another application. This detection is done purely based on the existing of a process using your microphone, not on the audio coming from the microphone. Users can verify this because the OS-level microphone indicator will show that Notion is not listening to their microphone.
If one is detected, Notion will notify the user and try to associate it with a calendar event if you have connected your calendar. Connecting your calendar is not a requirement to receive this notification.
Users can disable this behavior via their account settings in Settings > Notifications > Desktop meeting detection notifications.
Only when the user has started a meeting note and clicked record, will Notion activate the user's microphone. We cannot do this without operating system mediated consent dialog, which is the way it should be! At this point Notion will show up as using the microphone in the OS indicators.
(I work at Notion)
By: wferrell
20 hours agoIt is not genuine to say that Notion cannot listen in. Notion can listen in. Anytime it wants. Yes on Macs an indicator will be displayed - but not always prominently depending on what other apps/devices are being used (for example using continuity camera)
Source: I built the same listening infrastructure into other meeting note taking apps. Our team spoke at length about this security issue with Apple.
By: benaubin
4 hours agoI work at Notion. We don't ship code that would let us listen in until users explicitly click start recording. We don't want to, we aren't in the business of selling data and this would be incredibly expensive - and destroy trust. We are cash flow positive so we can sustain our values for the long term. We build useful software and get paid by our users for it. It's pretty simple. Agree that operating systems should display prominent indicators when the microphone is in use.
By: chinathrow
21 hours agoMake it opt-in and this would be not an issue.
By: jitl
21 hours agoOur PMs don't like making things opt-in. I pitched a fit when we added global shortcuts to launch the Notion app search window, but I wasn't able to change any minds.
A feature that's opt-in will get like 1% of the use of a feature that's opt-out. A happier middle ground would be to enable by default and showed a "I don't like this, pls turn it off" button the first few times.
By: sturza
21 hours agoYour PMs should not decide what your software does with my hardware without me giving my informed consent.
Our PMs don't like making things opt-in.
-> Your users don't like making things opt-out. Low usage metrics is a UX problem. Activating it without informed consent gives you bloated metrics anyway.
By: fiddlerwoaroof
20 hours agoIt’s just not true that users don’t like making things opt-out. HN Users tend not to like it but I think a lot of users dislike the alternatives: either because they’re undiscoverable (toggle in settings or a menu) or intrusive (various sorts of what’s new overlays). Imo, the question of when to make things opt-in vs. opt-out is fairly subtle and largely depends on the feature and pre-existing trust.
By: sturza
20 hours agoThere are infinite ways on how to inform users of a new feature and ask to activate it.
By: fiddlerwoaroof
20 hours agoAnd nearly all of them are annoying and disrupt my flow.
By: bayindirh
18 hours agoThe same thing disrupts your flow allows me to make informed decisions, and I'm happy to be offered a choice, and ability to change my mind later.
By: graphememes
20 hours agocookie popups that don't even work
By: FuriouslyAdrift
21 hours agoMake a pop-up with the opt-in/out for all the features on first launch with everything defaulted to on so people can turn features off and get notified that such features exist. You can also use this to gather metrics on what features people are actually interested in.
Good compromise.
By: threetonesun
20 hours agoNothing makes me not want to use software more than it asking questions about how I want to use the software before I've used the software.
Runner up is the "what's new" tutorial overlays.
By: falcor84
20 hours agoWell, I suppose everyone is different. The first thing I do after launching a new software is inspect its options, and if it doesn't have a good range of tunable options, there's a good chance I'll immediately abandon it. So I actually really love the recent trend in video games putting you into the options at the start.
By: brookst
20 hours agoJust seeing the words “got it” raises my blood pressure.
By: jitl
21 hours agoYep, completely agree.
By: chinathrow
21 hours agoYour new feature is privacy invading. It's none of your business to detect if someones mic is on unless they invite you to do that.
What is so hard about that?
> Our PMs don't like making things opt-in.
Lamest excuse ever.
I wouldn't be surprised if you phoned back home about that mic activation - do you?
I recently joined an org where Notion is in use - I will actively lobby them to not install the desktop app, at all or to quit Notion alltogether.
By: hackinthebochs
18 hours agoWhat exactly is the privacy issue with detecting when a process begins using the microphone?
By: bayindirh
18 hours agoFollowing my habits, and reporting to a data broker that how I use my microphone, allowing even more precise profiling of my life circumstances or habits.
By: jitl
15 hours agoWe don’t report your habits to any data broker. This information use used purely for local UI.
By: bayindirh
9 hours agoSorry if it came through like that. I didn't mean to say Notion shares personal data to broker(s). I just wanted to highlight where it can go.
Please don't forget: Road to hell is paved with good intentions. Making features which can eavesdrop on users opt-in can go very wrong, very fast.
I understand the need to make it "feel like magic", but that line is very thin.
Last note, please when you move something around (e.g. Calculate button from bottom of the database columns to header menu), please let users know. It really feels bad when you use something too much just disappears.
BTW, I'm a Notion subscriber as you can say :)
By:
4 hours agoBy: mbreese
14 hours agoYet... you don't report habits to a data broker yet. It is currently used for local UI.
Once you already are in the habit of evading user-privacy, it's a only a couple of down quarters before you start tracking and sending data to data brokers or someone else. This is why no one here likes this behavior.
By: michaelcampbell
3 hours agoAnd evidently their PM's don't like doing opt-out, so...
By: developerDan
13 hours agoDelta Airlines has entered the chat.
As more and more companies start to use AI for “personalized”/targeted pricing, offers, advertising, etc. The more this exact type of data will be useful and therefore lucrative.
By: mbreese
17 hours agoGet better PMs. Seriously. Users shouldn’t have to opt-out of something for privacy. Respecting privacy should be the default. If a user finds value in letting you listen to the microphone, then great! But you have to inform them! There are also other ways to get the same information — such as if the user also shares their calendar. This is sneaky and evasive behavior.
But none of this conversation makes me want to use Notion. We used to use it at $OLDJOB for meeting notes and light DB work for non-technical users. Now I’m happy we stopped.
By: benaubin
4 hours agohave any in mind? we're hiring :)
http://job-boards.greenhouse.io/notion/jobs/6345904003
By: jeanlucas
59 minutes agonot sure if I wanna send someone your way if the current PMs are dropping the ball so hard. There's no guarantee if this behavior will be only encouraged for new hires.
By: benaubin
14 minutes agoin seriousness: we don't listen to your microphone unless you click the button that says "start transcribing" in big letters.
we dropped the ball with the support response quoted the top of the thread. we don't process your microphone data until you click the button to start transcribing, and remind the user to confirm they have two-party consent. we merely detect when a meeting app is using your microphone.
source: i work at notion, just checked the code. it's electron, you're welcome to check for yourself.
By: jjulius
20 hours ago> A feature that's opt-in will get like 1% of the use of a feature that's opt-out.
Well... yeah. It's either because the benefits of opting in aren't communicated well enough or that users just don't actually want it.
For AI meeting notes, I'd imagine it's the latter.
By: rchaud
19 hours ago> Our PMs don't like making things opt-in.
Thank god the web browser was developed in an era where PMs weren't stack-ranked on rubrics like "feature engagement". Imagine a world where every website was granted access to your filesystem, webcam, microphone, and geolocation by default so that PMs could report back on how many websites were making use of those browser APIs.
By: michaelcampbell
3 hours ago> Our PMs don't like making things opt-in.
Tell them that alone is one reason I'll never use it. I'm sure I'm a minority, but not zero.
By: meindnoch
20 hours ago>Our PMs don't like making things opt-in
Then refuse implementing it. Have some dignity for God's sake.
By: callalex
20 hours agoHaving that kind of power as an implementer requires the backing of a union.
By: brookst
20 hours agoAnd the utter certainty that you are infallible.
By: thih9
20 hours agoDepending on the company culture, this may not be allowed. As in: PMs will ask another dev to implement it; if this happens more often then they will replace you.
Also, searching for dignity in a post-“don’t be evil” startup environment seems unusual.
By: d4mi3n
20 hours agoWhile I agree with your sentiment, I'll note that ethics are hard to hold when it's your livelihood on the line.
Expecting a shift in corporate culture to come from a short list of individuals making great personal sacrifice (of their careers, reputations, whatever) is not reasonable, sustainable, or realistic.
I know there are a lot of folks who abhor regulation in many contexts, but stuff like this is most effectively handled by such mechanisms.
By: crysin
20 hours agoAnd then what, be out out of a job because you were insubordinate? If you have the personal wealth and security to lose your job and possibly not have a new opportunity for the next year or so, then that's great. Not everyone has that security, and a roof over their head just may be more important than personal convictions about how to treat users.
By: JadeNB
18 hours agoWhile I personally wish that there were more people who had the ability to make such decisions, and exercised that ability, I think that this is a hostile response to someone who didn't have to spend the time to come on HN and describe the situation to the best of their ability. Calling people undignified because they, or their company, isn't perfect is just going to close down channels of communication.
By: graphememes
20 hours agowhat an emotional response to work
By: impish9208
18 hours ago> Our PMs don't like making things opt-in.
“Ze engagement metrics must go up on ze dashboard every quarter, jah!” I can’t wait for the day PMs and other parasites find a new industry to move to. They sure have sucked the fun out of this one.
By: unsui
19 hours ago>Our PMs don't like making things opt-in
That is an implementation detail. What matters is the outcome:
Notion leadership has signed off on this being opt-out.
The calculus here, as you indicated, was that opt-in has little buy-in.
What leadership didn't take into account was the risk of this being publicized, and the blowback from this awareness.
That, or leadership has already calculated that not enough people will care (possibly true).
I suppose it's then up to those that do care to make more noise about this, to tilt the odds?, so this specific calculus (also known as enshittification) doesn't keep occuring (i.e, if the blowback costs are disproportionate to the value provided by default opt-out....)
By: dman
20 hours agothats a red flag imho
By: eddythompson80
21 hours ago> Our PMs don't like making things opt-in.
Whenever people on HN and else where present you the mustache twirling evil Microsoft or Apple or Google C-suite/board who are trying to enshitificate a product or a tool because they don’t care, always keep in mind that the reality is often a lot more mundane than that.
The application that is “sneakily” listening to you and transmitting everything you say to their servers can be a legitimate product of a mustache twirling villain, but it’s a lot more likely (in my experience) that a group of 5 engineers and a PM were tasked by “Present relevant products from our company to the user” task and someone was like “what if we record what they are saying (or just zip-up their entire ~/Documents folder), run it through an LLM on our server and prompt it to analyze their convo or documents and recommend one of our products to sell to them? Sounds good to me, no?”
By: owebmaster
20 hours agoNo Eddy, this simpleton scenario of yours is not more likely to be true than the evil scenario where the evil tech company invades users privacy and collect data it wasn't directly allowed for an extra profit.
By: eddythompson80
20 hours agoI admit I haven’t been in any of the mustash twirling meetings. They probably happen, but I have also been in the room with engineers and PMs discussing solving problems with analytics attribution to user.
By: pksebben
19 hours agoGiven the structure of hierarchical orgs, both can (and likely are) true.
Moustache-twirler A: We've identified these metrics that correlate with increased shareholder value
Moustache-twirler B: But what do those metrics say about user privacy?
(both laugh. This is very funny)
MT A: no but really, fire any PMs that don't make these go up and let the survivors figure out why
MT B: sounds great. See you at golf this weekend
(some time later, in a less fancy conference room)
Engineer: This new feature is great, but could be construed as an invasion of privacy. Can we make it opt-in?
PM (panicking): Oh good heavens, no! Also send the opt-out button to the UX team, that way it doesn't come down on us.
By: eddythompson80
18 hours agoIt's probably more telling how you had to invent the cartoonishly evil MTA and MTB, a bootlicker PM, and an honest (but maybe just slightly clueless) engineer.
By: owebmaster
19 hours agoIt is because when you get your attention fixed to the execution level you miss the strategic.
By: weego
20 hours agoIf they made borderline "features" like this opt-in, no one would and then the people driving this won't get the career prospect boost of shipping a new feature.
By: benaubin
4 hours agoTo be clear: recording is opt-in. We also remind users to ask for two-party consent. (obligatory "i work at notion")
By: dakiol
21 hours agoThanks for the explanation. I was about to install Notion Desktop today. I Won’t install it.
By: XCabbage
21 hours agoWhy? I don't understand the objection to this. If the app was sending off any data to Notion without consent, that would obviously be a privacy issue, but why is it a problem for a desktop app to simply check if your mic is being used and offer to record?
By: const_cast
21 hours agoThe application is almost certainly sending off data to Notion without consent, you just wouldn't be able to tell.
If a company is willing to do even small privacy violations, I do not trust them at all. Feel free to run OpenSnitch or LittleSnitch - most apps are opening connections to many domains you won't recognize. Your guess is as good as anyone's what data they're exfiltrating. That is, of course, unless you use more privacy-preserving apps that are typically opensource.
By: viraptor
20 hours agoThat's just entirely based on the "almost certainly" doing all the work. You're complaining about a hypothetical situation.
> you just wouldn't be able to tell.
You can setup a local web proxy and tell us. Also check the sources since it's an electron app.
By: const_cast
19 hours agoI don't use notion, but it would be a fun experiment to install a root CA and see the traffic.
It's probably not always this easy. I see many connections on apps using UDP, so who knows how, exactly, they are encoded.
The data may also be "encrypted", similar to how Zoom "encrypted" data. That is to say, the data is encrypted, but the private key is on the same server. So, if you MITM, it looks encrypted - but there's no security.
By: benaubin
4 hours agoit's electron so you can just open chromium dev tools and see almost all network activity - im pretty sure this is exposed to everyone in the debug menu. takes seconds. http proxy the rest. (i work at notion and do this all the time to debug)
By: brookst
20 hours agoAny evidence for “almost certainly”? That seems a huge leap of faith to build a whole worldview on. Kind of circular, really.
By: const_cast
19 hours agoYes, virtually every commercial application I've ever seen allows exfiltration of data, usually close to all of it, and you agree to it by signing both an EULA and privacy policy.
Based off of that, I then assume that other companies are exfiltrating as much data as possible off my devices.
I mean, even your car, which, keep in mind, is a multi-tens-of-thousands dollar product, exfiltrates your location, all your texts, all your phone calls, and as much data from your phone as possible.
Yes, this is a "leap of faith". I am not bound by a purely evidence-based worldview - I consider that naivety. I do not need strong irrefutable evidence of bad things happening. When people are untrustworthy, I approach them with skepticism in order to protect myself.
For example, I have absolutely no proof that the NSA is surveilling SMS and telephony right now. None at all. But I know Prism was a thing. It is safe to assume the NSA is absolutely surveilling SMS and telephony.
And, I'm almost always right, in my experience.
By: brookst
3 hours agoWell, I certainly admire the circular reasoning pride movement. I’ll buy a t-shirt if you make one.
By: jraph
18 hours agoThis could be a good feature in open source software packaged by Debian and whose build is reproducible.
People being angry here shows how they distrust software they use and distrusting always online software causes fear and stress.
The best these people can do is relying on free software distributed in a sane way because that's what can help trust software, and, in a professional setting, to push their companies or their providers towards free software as well, and demand guarantees that their privacy is respected.
These matters are not theoretical and this discussion is a witness of this.
If Notion wants to be trusted, they should go open source. I see Notion people are here. Do it! Stop doing closed source software! That doesn't bring anything worth and see what badness it brings. Your value is elsewhere. It's in you expertise, your vision and how well you do things.
I work for an open source competitor (or at least in the neighborhood) and that works out well for us and has been for 20 years.
The day you open source your desktop client, you'll be able to show us the code and show that you indeed don't send audio records or related logs to your headquarters. We won't have to reverse engineer, sandbox just to be sure, and hope for the best.
Knowledge management software shouldn't hide knowledge.
By: combyn8tor
19 hours agoWhile you're here - can you tell your PM's that your auto update on windows is annoying. Every time I start the app there's a prompt asking me to either "Install and Relaunch" or "Remind me later" (which seems to just hassle me again on next app start). The worst part is the pop-up doesn't show until 5-10 seconds after I start the app. So I'll start the app, start clicking around and then I'm interrupted by this pop-up. This seems to happen every day because you push a lot of updates.
I'd prefer an option to silently grab non-security/non-fix updates once every [Day, Week, Month] in the background, and install automatically on next app start up. Urgent updates can happen immediately. The default should be every week as every update is around 85mb. You could go a step further and have an option to only download over WiFi.
As for the mic "issue", I'm not sure what everyone's on about. Acting like it's the first app on Windows to monitor what the system is doing to provide a feature.
By: colechristensen
20 hours agoYeah, no. You don't get to monitor my anything in order to provide features. I was never a user of notion and I definitely won't be. It is just an oversight of the OS that your process is allowed to see the list of other processes.
I do not want to be spied on and have 0 trust for any company wishing to do any kind of monitoring of my usage in order to provide or advertise "features" to me.
By: chinathrow
21 hours agoFrom 1)
> If you do not want the AI Meeting Notes feature available to your users, administrators may opt-out their workspace at any time via the toggle available in their console.
Here's your problem: Make this opt-in.
By: rchaud
21 hours agoAI features + user opt-in are mutually exclusive at this point.
By: fusslo
2 hours agoHow does it work in two-party consent states?
Like, I can give my consent, but the meeting attendees can't, right?
Does Notion just listen to me, not my attendees?
I only ask because we got an email about recording meetings from HR/Legal a couple weeks ago and I never considered it before
By: 93po
1 hour agoi assume it's the user's responsibility to use software legally
By: fusslo
1 hour agoI think you're probably right
I believe it's Notion, not me, who is doing the recording. And Notion doesn't require everyone's consent, just mine.
So if I am to take your meaning, it'd be up to me to disable the meeting notes if any other attendee is in a 2 party consent state (assuming everyone is in the US, IDK how other countries handle that)
By: 93po
1 hour agoIn two party consent states, don't need explicit consent from the other party, you just have to tell them you're recording or using a live transcription service that captures but doesn't store audio. But explicit consent is better (which can just be them acknowledging what you said with "ok") if you ever need to defend yourself.
With Notion it's still you doing the recording, you're the one using software and clicking a button to record.
By: fusslo
1 hour agois that right? good to know. I always thought that you had to seek consent before the recording starts, and I thought Notion started when the meeting started when the feature was enabled
ty
By: 93po
1 hour agoyou're correct that technically before any audio is recorded, you need to inform and/or get explicit consent. even a single word recorded prior to that isn't two party consent.
i assume with notion you'd need to click the "yes transcribe this" both after the meeting starts and after you inform other party if it's a two party state.
By: dml2135
20 hours agoWhy didn't Notion ask for my affirmative consent before monitoring my network traffic?
Are there other cases where Notion is monitoring my network traffic? If so, what are they?
By: wustep
15 hours agoThere's no network traffic monitoring, not sure what the support agent is talking about -- I think they misunderstood something.
See here: https://www.reddit.com/r/Notion/comments/1i4ypl8/comment/m8o... for info about the "local network access" permission
By: dml2135
26 minutes agoSo just to confirm, you are saying that "network port analysis" is NOT used to determine if someone has entered a zoom meeting?
By: wustep
21 hours agoFWIW, you can verify when any apps are recording microphone input by the OS's microphone indicator. I think Windows, Mac, and Linux all have one.
(edit: see what @jitl said)
By: chaps
21 hours agoDoes any of that microphone detection stuff send anything over the network to Notion to indicate that the check was done, plus the check's results?
By: jitl
21 hours agolet me look
EDIT: no, there's no transmission of logs or analytics events besides a check to see if the feature is enabled. We only transmit some data if you ask Notion to record.
By: chaps
20 hours agoThanks for the answer.
Just want to clarify for pedantic reasons - is there transmission regardless of whether it's enabled or disabled? And does that happen only if someone asks Notion to record?
By: jitl
17 hours agoIf you ask Notion to record will record if you don’t ask to record, we won’t record
By: CubsFan1060
21 hours agoIf it helps, this has been one of the most infuriating things for me in recent memory. I don't understand why this wasn't opt-in.
By: wustep
21 hours agothanks, will fwd to team
you're talking about the desktop notification in particular, right?
By: CubsFan1060
21 hours agoYeah. I mean, the rest is concerning. But one day it just started popping up every time I went into a meeting. Which, of course, was exactly the time that I was busy in a meeting, and didn't have time to dig through settings to figure out how to turn it off.
By: incoming1211
20 hours ago* team receives feedback
"Bin it, no one will turn it on, make them turn it off if they don't want it"
By: fusslo
2 hours ago"It's just one user, we have x users who haven't complained. Not an issue"
By: DrillShopper
20 hours agoCan you give me a source beyond "just trust me, bro"?
By: benaubin
8 minutes agoour app is electron and you can open the chromium dev tools via the help menu. if you want to verify yourself.
By: wustep
19 hours agoyour OS shows a microphone icon when apps are recording audio — when you use the app, you should see that when recording is on during the meeting transcription and off otherwise
By: _kush
23 hours agoThey only check if your mic is on, not what you're saying (they can't hear you unless you've granted mic permission). They also look at your network traffic to see if audio is being sent (otherwise you can get a lot of false positives). Using mic + network data is a common way to spot meetings -- my app LookAway[0] does something similar to pause reminders during calls.
[0]: https://lookaway.app
By: AlexandrB
23 hours agoI thought you had to give explicit permission for an app to monitor network traffic in macOS? I'm assuming your app asks for this, but it sounds like Notion does not if the GP was surprised by the monitoring.
By: tbeseda
23 hours agoMy Notion install (macOS) asked to discover devices on my network. I'm assuming this permission is related to "monitoring network traffic".
By: _kush
22 hours agoNo, that’s the new "Local Network" prompt which started appearing since macOS 15. Any app that opens a multicast/broadcast socket (mDNS, SSDP, WebRTC ICE, etc.) now has to ask. Electron apps (including Notion) do this by default, so you see this dialog.
By: jraph
18 hours ago> Electron apps (including Notion) do this by default
Feels like a bad default, it teaches user to ignore and say yes.
By: JadeNB
18 hours ago> Feels like a bad default, it teaches user to ignore and say yes.
I believe that, broadly speaking, from all but the most scrupulous app developers' point of view, it is a good thing for users to blindly agree to permissions. This is obviously true if they are doing something nefarious, but even true if not, since every user who denies a permission to your app is a user who might be writing a nasty review about such-and-such an advertised feature that doesn't work. I hope very much that my OS will make it easy for me to behave in a security-conscious way—a hope that is almost always disappointed!—but I do not even bother to have such a hope for all but my most beloved apps, which are often beloved for exactly that reason.
By: jraph
18 hours ago"Hey, head's up, this doesn't work because you didn't give us permission to {...}, needed because {...}. [Fix this]" would not be the end of the world.
By: JadeNB
17 hours ago> "Hey, head's up, this doesn't work because you didn't give us permission to {...}, needed because {...}. [Fix this]" would not be the end of the world.
You don't need to convince me, as a software user, but the app developers! And it's hard to blame them. I'm a teacher, and I rail against students who won't read the plain instructions before working on an assignment, but I also see it in myself: when I'm rushing through what I have to do, to get to what I want to do, I can stare right at a block of text and simply not register crucial parts of it. So such a plain instruction seems straightforward, but you'd still get users somehow managing to click it out of the way and then saying it doesn't work, and even one such user is a user that you wouldn't have to deal with if you made the permission opt-out.
By: wustep
15 hours agoI think this has to do with Chromium x MacOS -- https://issues.chromium.org/issues/346505950
https://x.com/rauchg/status/1846590635677004039?s=46&t=kVfjh...
By: simple10
22 hours agoThat's interesting. Although I wasn't able to find any confirming info that allowing the "locate local devices" permissions allows for network monitoring. It seems to only allow Bonjour and multicast DNS. Anyone know for sure what it allows?
By: mh-
21 hours agoThis would certainly be news to me as well. Packet capture (even local) has historically required superuser perms, but I'm not up to speed on how MacOS permissions work in this regard since the launch of System/Network Extensions.
After writing the above, I've just reviewed [0] - as much as I could in 5 minutes - and as far as I can tell it confirms our understanding. To do packet filtering or interception or reading, you'd need to do [1].
[0]: https://developer.apple.com/documentation/technotes/tn3179-u...
[1]: https://developer.apple.com/documentation/NetworkExtension/c...
By: odo1242
22 hours agoYes, it would be that one
By: _kush
22 hours agoYou don't need to give any explicit permissions for the snapshot of current sockets.
By: jjcob
21 hours agoYeah, non-sandboxed apps can iterate over open file descriptors. It's quite useful to detect eg. which app on your local machine is connecting over TCP. I hope they don't lock it down. It doesn't allow intercepting traffic, but you can see what connects where.
By: untech
23 hours agoI’ve come to hate Notion with passion because of its abysmal performance, but I still pay for it for my small business. My non-technical employees use it as a database for clients, tasks, payments etc. I tried to research replacements several times, and still haven’t found anything good. Sometimes I wonder if I should build my own.
By: tummler
22 hours agoAnytype (https://anytype.io), Appflowy (https://appflowy.com)
By: __jonas
19 hours agoDo you use Anytype productively?
I have it installed but I find it kind of daunting compared to Notion for organizing my notes, it seems to want to be a more abstract kind of 'knowledge management system'.
I just opened it again and it popped up a 'What's New' with phrases like 'Relations are now properties' and something about 'types', 'templates', 'sets' and 'queries', I really just want to take notes and organize them in a straightforward hierarchy.
By: bGl2YW5j
19 hours agoThese concepts have been copied directly from Notion.
I’ve found Anytype to be more streamlined. I’m highly familiar with Notion though, so adapted easily.
By: __jonas
7 hours agoFair enough, maybe it's the way they are surfaced that makes them hard to parse to me – I may just have to give it another shot
By: bschne
22 hours agoMost intriguing thing in that vein I've seen: https://thymer.com (haven't used it, am not affiliated, just looked promising in a demo video esp. on performance grounds)
By: jdvh
20 hours agoHey thanks for mentioning us!
With Thymer we really care about performance, but Thymer is also end-to-end encrypted because we don't want to compromise on privacy. And it's real-time collaborative and offline first.
Thymer has optional self-hosting. Then you can upgrade (or not) at your own leisure, or intentionally stick to an older version you like better. Enshittification is a big problem in our industry. We've all been burned by it -- we certainly have -- and being able to opt out of a "new and improved!" version is a real feature.
Thymer will also be very extensible. Today we launched our plugin SDK: https://thymer.com/plugins and https://github.com/thymerapp/thymer-plugin-sdk/ with a bunch of examples. With Thymer you will be able to "vibe code" the very simple plugins and with VSCode/Cursor you can make more complex plugins with hot-reload.
By: xamde
22 hours agoLooks like org mode for the masses
By: armedgorilla
21 hours agoI'm in the same boat. Since they decided to bundle in their AI features with their core product (at only a 30% price increase!), I've been looking for an exist route. But finding a single collaborative text editor + database designer replacement has been difficult.
By: baxtr
22 hours agoI really like Notion’s information architecture (in particular the top index pages) and its multi-user capability.
I tried some other tools like Confluence and Obsidian but like you say, there seems to be no match from a UX perspective.
Do I love Notion? Definitely not. Would I change to another tool with the same feature set? Instantly.
By: dtkav
22 hours agoIf you like Obsidian and want it to be multiplayer you might be interested in Relay [0] (shameless plug).
There are also plugins like make.md [1] that are focused more on making the UX feel more like notion.
[0] https://relay.md
[1] https://github.com/make-md/makemd
By: nickthesick
8 hours agoInteresting product. What do you use for the backend sync? I see CRDT so I assume Y.js?
I’m building a Y.js sync server: https://github.com/nperez0111/teleportal
By: dtkav
8 hours agoYeah, we use yjs and a fork of y-sweet [0]. We have a custom-built control plane that allows us to support many different types of relay server configurations (including self hosting, multi-tenant, per-relay, per-document) and optimize for cost.
Your project looks cool -- especially sub-document support -- thanks for sharing
By: jraph
18 hours ago> I wonder if I should build my own.
Please consider improving one of the existing open source solutions before doing this: XWiki, Nextcloud, wiki.js...
There's advanced stuff that already exists and we could use some cooperation to get better instead of another competitor in a crowded space.
(I work for XWiki SAS - you can also pay them to build what's missing for you)
By: tekawade
20 hours agoThere are many suggestions already let me through in one more: Affine : https://affine.pro/
You can self host too if you like. Not all features as Notion but comes very close. Seems more private too compared to Notion.
I am also looking for more private and secure Notion alternatives. My company doesn’t allow using Notion.
I like templates, tasks, scrum etc. which I use for personal use. But I am reluctant on saving any personal information in it.
By: seanw444
22 hours agoNocoDB perhaps? It's not a document-focused system, but you said they use it more as a database.
By: wustep
15 hours agoBummer performance is a problem for ya. We've worked on it a ton over the past year or two and generally performance should be much better across the board. Feel free to email me (username @ makenotion.com) if you have example pages that are slow you're willing to share. thanks!
By: major505
21 hours agoI used a lot for organizing my personal projects, endup changing to Microsoft Loop for client stuff. And Obsidian for personal stuff.
By: dml2135
21 hours agoThe performance really is abysmal. I started using it years ago and the change from the early days has been drastic.
By: paul-tharun
21 hours agooutline - https://getoutline.com is pretty good and you can import all your notion spaces too.
By: Pi9h
22 hours agoIf anyone is looking for an alternative to Notion without the bloat, I’m building https://docmost.com.
It has a nice UI, real-time collaboration, diagrams support and more.
You can self-host it too.
By: oehpr
17 hours agoI've been looking for a tool like this that can publish. I was thinking of some way to create a help doc system for end users, but interleaved with technical information and discussion for devs. IE to make the help documentation a single source of truth for application behaviour.
All this needs to work is the ability to mark blocks of the document as "public" so only that gets published properly. Any possibility of doing this currently or interest in supporting in the future?
By: xelia
22 hours agoI self host docmost and love it, thank you for making it!
Will you consider making it publishable as a wiki? The current share feature is close but forces me to share a specific URL and live-edit public pages.
By: Pi9h
19 hours agoThe next sharing goal would be to make it possible to share an entire "Space", but not the "Workspace" itself.
Would that fit the ideas you have in mind?
By: xelia
18 hours agoYes! I maintain documentation relating to music production and want to make it public, while also ideally also accepting contributions (though I'm not sure how that'd look like).
It would be nice to have a way to have WIP be private until I publish the changes.
By: barbazoo
22 hours agoI love so much how nice this looks. But I wish this was Obsidian or rather, a standalone app. I don't want a web app for notes. Notes are all files. Different use case I know but I wish so much Obsidian looked and felt more like your app/Notion.
By: barbazoo
22 hours agoLooking more into this, 4o actually produced a list of plugins that add functionality to do some of the things Notion excels at so that tells me that there probably is a way to get datatables etc.
By: savolai
20 hours agoI’m wondering if integrating this with nocodb mentioned above would work, as i also use databases in documents.
By: Pi9h
19 hours agoYou could use the Iframe embed feature to embed your NocoDB databases.
By: savolai
10 hours agoThat’s really clumsy ux wise (scrollbars, surrounding content on nocodb page probably). I’d need a deeper integration i.e ability to link to rows directly at a minimum using @ like in notion without looking up row url.
By: moomoo11
22 hours agoVery cool.
I wish tools like this could be embeddable. For example, being able to add it into existing apps.
By: always_imposter
21 hours ago[dead]
By: toddmorey
20 hours agoI have a funny story: I went to go to a notion doc and just intuitively pressed command-O in the app to open the notion doc I wanted. Of course that command doesn’t open notion docs—what that does is turn on audio transcription.
So two hours later, I realize I’ve transcribed at the bottom of our team overview page what read like the diary of a madman from fragments of conversation I was having with my wife and dog. I am glad I caught it and deleted it.
By: sevenseacat
2 hours agoThat's not funny, that's horrifying.
By: TYPE_FASTER
20 hours agoDid it transcribe the dog? How long until we get a LLM that can translate dog barks...
By: callalex
20 hours agoPeople are doing some interesting work in an attempt to categorize whale and dolphin communication https://blog.padi.com/talk-to-whales-with-ai/
By: FredPret
19 hours agohttps://www.reddit.com/r/TheFarSide/comments/1d041lu/hey_hey...
By: pull_my_finger
34 minutes agoIs "network port analysis" the same thing Facebook was recently getting (justified) heat for? Basically snooping local ports to see what apps are running?
By: pat64
21 hours agoAs someone who has built an app that detects calls and meetings, this isn’t as nefarious as you’re making it out to be.
You can detect patterns of hardware use that suggest you’re in a meeting without actually eavesdropping on an actual audio stream of any kind.
Basically is some app using the mic hardware for something?? Likely a meeting so.
By: shreddit
20 hours agoIt’s not necessarily about what they doing, more like how they do things. They could at least tell me about it, like: Hey, we check whether you joined a meeting to provide you with our note taking assistant. Are you okay with that?
Don’t assume consent.
By: rob74
23 hours agoWell, to give them the benefit of doubt, this monitoring could be done in a (more or less) privacy sensitive way, e.g. by analyzing the frequency spectrum of the audio input without actually recording or transmitting it, or as others have suggested, maybe they're just checking if the microphone is in use. And for the network they're apparently only monitoring the ports, not the actual data. But still, it sounds like a feature for which they should provide an option to turn it off - or, even better, make it opt-in.
By: like_any_other
22 hours agoWhile both have privacy implications, I'd rather we distinguish 'monitoring' that exfiltrates your data to their servers, and offline-only 'monitoring', used only for legitimate, benign purposes of the program itself.
By: e9a8a0b3aded
23 hours agoAre you saying that Notion desktop has access to microphone audio or it is only able to determine if the microphone is in use?
The former is actually concerning to me. I can't imagine caring if it only knows my microphone is in use.
By: _kush
22 hours agoIt's the latter. An app can't access the audio without explicit microphone monitoring permissions.
By: pseudocomposer
2 hours agomacOS will always show the user yellow/green notifications in the menu bar when apps access the microphone/camera, as far as I understand.
I keep Notion Desktop open pretty much all the time on my work laptop, and have not seen these.
I’m happy to be wrong (well, in this case, I’d be upset at a big privacy violation)… but it seems pretty unlikely the audio monitoring is happening on macOS.
By:
1 hour agoBy: jherdman
22 hours agoIf you go to "Settings > Notifications > Desktop meeting detections notifications" you can turn this feature off. I haven't verified if the mic and traffic sniffing is correspondingly turned off though.
By: sevenseacat
2 hours agoI don't have this setting on Mac.
By: nihalbaig
1 day agothat's really corcerning for user privacy!!
By: nashashmi
22 hours agoWhat is notion?
I have been pulling my hair trying to learn these new no code db tools. And I think I have come to a simple explainer.
It is a list of documents built with (something called) block-editors. Each document can be given properties. The properties get listed into columns. The columns are fields. The documents are rows. And that makes a database table.
In reverse, it is a database table of records. One record can be can be configured with various fields, plus a document "canvas" made by a block-editor.
The block editors can import and display views (aka queries) of database tables. And that is what makes it a full circle spaghetti. A document (listed in a database) can display a database table.
By: chinathrow
21 hours agoThis is unethical and creepy behavior - Notion team reading this: How exactly did you come up with this?
By: chinathrow
18 hours ago361 points within 5 hours, 112 comments but off the frontpage. Why @dang?
By: lion__93332
9 hours agoThis is so frustrating.
By: scblzn
19 hours agoA reminder that Notion still operates under the .so TLD [1]
Why should you entrust them with your private notes and data?
By: rubyn00bie
23 hours agoThis is insane. The amount of absolutely sensitive audio they could be grabbing is unbelievable. And port analysis? Why anyone would think this sort of intrusion is acceptable is boggling my mind. It’s a writing app for god sakes. I hope the backlash from this is both severe and swift.
By: Torwald
23 hours agoThank you for telling HN, much appreciated! I am concerned re privacy, so, thanks again.
There is a rule in journalism to not burn one's sources, did you violate that rule in the OP? (I don't know, I am not a journalist.)
We could invite Notion management to comment on this thread.
By: ipsum2
22 hours agoHe's not a journalist, why would he need to follow the rules of journalism?
By: whalesalad
23 hours agoThis is an unintended benefit of being on a Linux workstation - the only client available is the browser.
By: JoshTriplett
22 hours agoThis kind of thing is one of many reasons I refuse to install Zoom/Discord/etc apps. Stay in your sandboxed browser tab.
By: rchaud
21 hours agoIf there's an app that started life in the browser, a desktop/native app can only make it worse. I don't use native apps for Youtube, Amazon, Slack etc for this purpose.
By: runjake
22 hours agoNotion and all these kinds of apps are available for Linux. But yeah, I don't recommend using them. Just use them in the browser.
By: whalesalad
20 hours agoThere is no "native" app for Linux.
By: runjake
12 hours agoBy your definition, there is no "native" app for any platform. It's all just Electron.
By: catapart
23 hours agoyuck.