Why? I don't understand the objection to this. If the app was sending off any data to Notion without consent, that would obviously be a privacy issue, but why is it a problem for a desktop app to simply check if your mic is being used and offer to record?
The application is almost certainly sending off data to Notion without consent, you just wouldn't be able to tell.
If a company is willing to do even small privacy violations, I do not trust them at all. Feel free to run OpenSnitch or LittleSnitch - most apps are opening connections to many domains you won't recognize. Your guess is as good as anyone's what data they're exfiltrating. That is, of course, unless you use more privacy-preserving apps that are typically opensource.
I don't use notion, but it would be a fun experiment to install a root CA and see the traffic.
It's probably not always this easy. I see many connections on apps using UDP, so who knows how, exactly, they are encoded.
The data may also be "encrypted", similar to how Zoom "encrypted" data. That is to say, the data is encrypted, but the private key is on the same server. So, if you MITM, it looks encrypted - but there's no security.
it's electron so you can just open chromium dev tools and see almost all network activity - im pretty sure this is exposed to everyone in the debug menu. takes seconds. http proxy the rest. (i work at notion and do this all the time to debug)
Yes, virtually every commercial application I've ever seen allows exfiltration of data, usually close to all of it, and you agree to it by signing both an EULA and privacy policy.
Based off of that, I then assume that other companies are exfiltrating as much data as possible off my devices.
I mean, even your car, which, keep in mind, is a multi-tens-of-thousands dollar product, exfiltrates your location, all your texts, all your phone calls, and as much data from your phone as possible.
Yes, this is a "leap of faith". I am not bound by a purely evidence-based worldview - I consider that naivety. I do not need strong irrefutable evidence of bad things happening. When people are untrustworthy, I approach them with skepticism in order to protect myself.
For example, I have absolutely no proof that the NSA is surveilling SMS and telephony right now. None at all. But I know Prism was a thing. It is safe to assume the NSA is absolutely surveilling SMS and telephony.
Firstly, I don't believe that you require proof to believe the things you do. Yes, I am calling you a liar. You have noticed patterns, and make assumptions every day. Every functional human being does.
I don't need proof that some random man is a mugger to know to put my phone in my pocket and walk quickly at 3 AM. This is what I mean when I say your mentality here is naive - how many times do you need to get mugged to learn?
And, secondly, even if you DO require proof, this is an incredibly inefficient way to live. If you require proof for everything, you wouldn't be able to get much done. You'll be sitting around waiting, or searching. Sometimes, it's faster to assume, if your assumption is good.
This could be a good feature in open source software packaged by Debian and whose build is reproducible.
People being angry here shows how they distrust software they use and distrusting always online software causes fear and stress.
The best these people can do is relying on free software distributed in a sane way because that's what can help trust software, and, in a professional setting, to push their companies or their providers towards free software as well, and demand guarantees that their privacy is respected.
These matters are not theoretical and this discussion is a witness of this.
If Notion wants to be trusted, they should go open source. I see Notion people are here. Do it! Stop doing closed source software! That doesn't bring anything worth and see what badness it brings. Your value is elsewhere. It's in you expertise, your vision and how well you do things.
I work for an open source competitor (or at least in the neighborhood) and that works out well for us and has been for 20 years.
The day you open source your desktop client, you'll be able to show us the code and show that you indeed don't send audio records or related logs to your headquarters. We won't have to reverse engineer, sandbox just to be sure, and hope for the best.
