[HN Gopher] Tell HN: Notion Desktop is monitoring your audio and...
___________________________________________________________________
Tell HN: Notion Desktop is monitoring your audio and network
If you have the Notion Desktop App installed, you may have started
to notice a "In a meeting? Start AI Meeting Notes" notification pop
up exactly when you are joining a virtual meeting (e.g. joining a
Google Meet on Firefox). At first, I assumed it must have been
using my Google Workspace account to snoop on my calendar. But then
I started to notice it would notify exactly when I joined even if I
was late and the meeting had previously started. This was the
response from Notion Support after they worked with the Notion
Engineering team. > Meeting Detection Architecture: > - The
system uses a sophisticated dual-detection approach: microphone
monitoring combined with network port analysis > - Detection is
implemented separately for macOS and Windows at the native
operating system level I've uninstalled the Notion Desktop App...
Author : HoyaSaxa
Score : 368 points
Date : 2025-07-17 15:59 UTC (7 hours ago)
| nihalbaig wrote:
| that's really corcerning for user privacy!!
| whalesalad wrote:
| This is an unintended benefit of being on a Linux workstation -
| the only client available is the browser.
| JoshTriplett wrote:
| This kind of thing is one of many reasons I refuse to install
| Zoom/Discord/etc apps. Stay in your sandboxed browser tab.
| runjake wrote:
| Notion and all these kinds of apps are available for Linux. But
| yeah, I don't recommend using them. Just use them in the
| browser.
| whalesalad wrote:
| There is no "native" app for Linux.
| rchaud wrote:
| If there's an app that started life in the browser, a
| desktop/native app can only make it worse. I don't use native
| apps for Youtube, Amazon, Slack etc for this purpose.
| catapart wrote:
| yuck.
| _kush wrote:
| They only check if your mic is on, not what you're saying (they
| can't hear you unless you've granted mic permission). They also
| look at your network traffic to see if audio is being sent
| (otherwise you can get a lot of false positives). Using mic +
| network data is a common way to spot meetings -- my app
| LookAway[0] does something similar to pause reminders during
| calls.
|
| [0]: https://lookaway.app
| AlexandrB wrote:
| I thought you had to give explicit permission for an app to
| monitor network traffic in macOS? I'm assuming your app asks
| for this, but it sounds like Notion does not if the GP was
| surprised by the monitoring.
| tbeseda wrote:
| My Notion install (macOS) asked to discover devices on my
| network. I'm assuming this permission is related to
| "monitoring network traffic".
| odo1242 wrote:
| Yes, it would be that one
| simple10 wrote:
| That's interesting. Although I wasn't able to find any
| confirming info that allowing the "locate local devices"
| permissions allows for network monitoring. It seems to only
| allow Bonjour and multicast DNS. Anyone know for sure what
| it allows?
| mh- wrote:
| This would certainly be news to me as well. Packet
| capture (even local) has historically required superuser
| perms, but I'm not up to speed on how MacOS permissions
| work in this regard since the launch of System/Network
| Extensions.
|
| After writing the above, I've just reviewed [0] - as much
| as I could in 5 minutes - and as far as I can tell it
| confirms our understanding. To do packet filtering or
| interception or reading, you'd need to do [1].
|
| [0]: https://developer.apple.com/documentation/technotes/
| tn3179-u...
|
| [1]: https://developer.apple.com/documentation/NetworkExt
| ension/c...
| _kush wrote:
| No, that's the new "Local Network" prompt which started
| appearing since macOS 15. Any app that opens a
| multicast/broadcast socket (mDNS, SSDP, WebRTC ICE, etc.)
| now has to ask. Electron apps (including Notion) do this by
| default, so you see this dialog.
| jraph wrote:
| > Electron apps (including Notion) do this by default
|
| Feels like a bad default, it teaches user to ignore and
| say yes.
| JadeNB wrote:
| > Feels like a bad default, it teaches user to ignore and
| say yes.
|
| I believe that, broadly speaking, from all but the most
| scrupulous app developers' point of view, it _is_ a good
| thing for users to blindly agree to permissions. This is
| obviously true if they are doing something nefarious, but
| even true if not, since every user who denies a
| permission to your app is a user who might be writing a
| nasty review about such-and-such an advertised feature
| that doesn 't work. I hope very much that my OS will make
| it easy for me to behave in a security-conscious way--a
| hope that is almost always disappointed!--but I do not
| even bother to have such a hope for all but my most
| beloved apps, which are often beloved for exactly that
| reason.
| jraph wrote:
| "Hey, head's up, this doesn't work because you didn't
| give us permission to {...}, needed because {...}. [Fix
| this]" would not be the end of the world.
| JadeNB wrote:
| > "Hey, head's up, this doesn't work because you didn't
| give us permission to {...}, needed because {...}. [Fix
| this]" would not be the end of the world.
|
| You don't need to convince me, as a software user, but
| the app developers! And it's hard to blame them. I'm a
| teacher, and I rail against students who won't read the
| plain instructions before working on an assignment, but I
| also see it in myself: when I'm rushing through what I
| have to do, to get to what I want to do, I can stare
| right at a block of text and simply not register crucial
| parts of it. So such a plain instruction seems
| straightforward, but you'd still get users somehow
| managing to click it out of the way and then saying it
| doesn't work, and even one such user is a user that you
| wouldn't have to deal with if you made the permission
| opt-out.
| _kush wrote:
| You don't need to give any explicit permissions for the
| snapshot of current sockets.
| jjcob wrote:
| Yeah, non-sandboxed apps can iterate over open file
| descriptors. It's quite useful to detect eg. which app on
| your local machine is connecting over TCP. I hope they
| don't lock it down. It doesn't allow intercepting traffic,
| but you can see what connects where.
| e9a8a0b3aded wrote:
| Are you saying that Notion desktop has access to microphone audio
| or it is only able to determine if the microphone is in use?
|
| The former is actually concerning to me. I can't imagine caring
| if it only knows my microphone is in use.
| _kush wrote:
| It's the latter. An app can't access the audio without explicit
| microphone monitoring permissions.
| Torwald wrote:
| Thank you for telling HN, much appreciated! I am concerned re
| privacy, so, thanks again.
|
| There is a rule in journalism to not burn one's sources, did you
| violate that rule in the OP? (I don't know, I am not a
| journalist.)
|
| We could invite Notion management to comment on this thread.
| ipsum2 wrote:
| He's not a journalist, why would he need to follow the rules of
| journalism?
| rubyn00bie wrote:
| This is insane. The amount of absolutely sensitive audio they
| could be grabbing is unbelievable. And port analysis? Why anyone
| would think this sort of intrusion is acceptable is boggling my
| mind. It's a writing app for god sakes. I hope the backlash from
| this is both severe and swift.
| untech wrote:
| I've come to hate Notion with passion because of its abysmal
| performance, but I still pay for it for my small business. My
| non-technical employees use it as a database for clients, tasks,
| payments etc. I tried to research replacements several times, and
| still haven't found anything good. Sometimes I wonder if I should
| build my own.
| seanw444 wrote:
| NocoDB perhaps? It's not a document-focused system, but you
| said they use it more as a database.
|
| https://github.com/nocodb/nocodb
| baxtr wrote:
| I really like Notion's information architecture (in particular
| the top index pages) and its multi-user capability.
|
| I tried some other tools like Confluence and Obsidian but like
| you say, there seems to be no match from a UX perspective.
|
| Do I love Notion? Definitely not. Would I change to another
| tool with the same feature set? Instantly.
| dtkav wrote:
| If you like Obsidian and want it to be multiplayer you might
| be interested in Relay [0] (shameless plug).
|
| There are also plugins like make.md [1] that are focused more
| on making the UX feel more like notion.
|
| [0] https://relay.md
|
| [1] https://github.com/make-md/makemd
| bschne wrote:
| Most intriguing thing in that vein I've seen:
| https://thymer.com (haven't used it, am not affiliated, just
| looked promising in a demo video esp. on performance grounds)
| xamde wrote:
| Looks like org mode for the masses
| jdvh wrote:
| Hey thanks for mentioning us!
|
| With Thymer we really care about performance, but Thymer is
| also end-to-end encrypted because we don't want to compromise
| on privacy. And it's real-time collaborative and offline
| first.
|
| Thymer has optional self-hosting. Then you can upgrade (or
| not) at your own leisure, or intentionally stick to an older
| version you like better. Enshittification is a big problem in
| our industry. We've all been burned by it -- we certainly
| have -- and being able to opt out of a "new and improved!"
| version is a real feature.
|
| Thymer will also be very extensible. Today we launched our
| plugin SDK: https://thymer.com/plugins and
| https://github.com/thymerapp/thymer-plugin-sdk/ with a bunch
| of examples. With Thymer you will be able to "vibe code" the
| very simple plugins and with VSCode/Cursor you can make more
| complex plugins with hot-reload.
| tummler wrote:
| Anytype (https://anytype.io), Appflowy (https://appflowy.com)
| __jonas wrote:
| Do you use Anytype productively?
|
| I have it installed but I find it kind of daunting compared
| to Notion for organizing my notes, it seems to want to be a
| more abstract kind of 'knowledge management system'.
|
| I just opened it again and it popped up a 'What's New' with
| phrases like 'Relations are now properties' and something
| about 'types', 'templates', 'sets' and 'queries', I really
| just want to take notes and organize them in a
| straightforward hierarchy.
| bGl2YW5j wrote:
| These concepts have been copied directly from Notion.
|
| I've found Anytype to be more streamlined. I'm highly
| familiar with Notion though, so adapted easily.
| dml2135 wrote:
| The performance really is abysmal. I started using it years ago
| and the change from the early days has been drastic.
| major505 wrote:
| I used a lot for organizing my personal projects, endup
| changing to Microsoft Loop for client stuff. And Obsidian for
| personal stuff.
| paul-tharun wrote:
| outline - https://getoutline.com is pretty good and you can
| import all your notion spaces too.
| armedgorilla wrote:
| I'm in the same boat. Since they decided to bundle in their AI
| features with their core product (at only a 30% price
| increase!), I've been looking for an exist route. But finding a
| single collaborative text editor + database designer
| replacement has been difficult.
| tekawade wrote:
| There are many suggestions already let me through in one more:
| Affine : https://affine.pro/
|
| You can self host too if you like. Not all features as Notion
| but comes very close. Seems more private too compared to
| Notion.
|
| I am also looking for more private and secure Notion
| alternatives. My company doesn't allow using Notion.
|
| I like templates, tasks, scrum etc. which I use for personal
| use. But I am reluctant on saving any personal information in
| it.
| jraph wrote:
| > I wonder if I should build my own.
|
| Please consider improving one of the existing open source
| solutions before doing this: XWiki, Nextcloud, wiki.js...
|
| There's advanced stuff that already exists and we could use
| some cooperation to get better instead of another competitor in
| a crowded space.
|
| (I work for XWiki SAS - you can also pay them to build what's
| missing for you)
| rob74 wrote:
| Well, to give them the benefit of doubt, this monitoring could be
| done in a (more or less) privacy sensitive way, e.g. by analyzing
| the frequency spectrum of the audio input without actually
| recording or transmitting it, or as others have suggested, maybe
| they're just checking if the microphone is in use. And for the
| network they're apparently only monitoring the ports, not the
| actual data. But still, it sounds like a feature for which they
| should provide an option to turn it off - or, even better, make
| it opt-in.
| Pi9h wrote:
| If anyone is looking for an alternative to Notion without the
| bloat, I'm building https://docmost.com.
|
| It has a nice UI, real-time collaboration, diagrams support and
| more.
|
| You can self-host it too.
| moomoo11 wrote:
| Very cool.
|
| I wish tools like this could be embeddable. For example, being
| able to add it into existing apps.
| barbazoo wrote:
| I love so much how nice this looks. But I wish this was
| Obsidian or rather, a standalone app. I don't want a web app
| for notes. Notes are all files. Different use case I know but I
| wish so much Obsidian looked and felt more like your
| app/Notion.
| barbazoo wrote:
| Looking more into this, 4o actually produced a list of
| plugins that add functionality to do some of the things
| Notion excels at so that tells me that there probably is a
| way to get datatables etc.
| xelia wrote:
| I self host docmost and love it, thank you for making it!
|
| Will you consider making it publishable as a wiki? The current
| share feature is close but forces me to share a specific URL
| and live-edit public pages.
| Pi9h wrote:
| The next sharing goal would be to make it possible to share
| an entire "Space", but not the "Workspace" itself.
|
| Would that fit the ideas you have in mind?
| xelia wrote:
| Yes! I maintain documentation relating to music production
| and want to make it public, while also ideally also
| accepting contributions (though I'm not sure how that'd
| look like).
|
| It would be nice to have a way to have WIP be private until
| I publish the changes.
| savolai wrote:
| I'm wondering if integrating this with nocodb mentioned above
| would work, as i also use databases in documents.
| Pi9h wrote:
| You could use the Iframe embed feature to embed your NocoDB
| databases.
| nashashmi wrote:
| What is notion?
|
| I have been pulling my hair trying to learn these new no code db
| tools. And I think I have come to a simple explainer.
|
| It is a list of documents built with (something called) block-
| editors. Each document can be given properties. The properties
| get listed into columns. The columns are fields. The documents
| are rows. And that makes a database table.
|
| In reverse, it is a database table of records. One record can be
| can be configured with various fields, plus a document "canvas"
| made by a block-editor.
|
| The block editors can import and display views (aka queries) of
| database tables. And that is what makes it a full circle
| spaghetti. A document (listed in a database) can display a
| database table.
| jherdman wrote:
| If you go to "Settings > Notifications > Desktop meeting
| detections notifications" you can turn this feature off. I
| haven't verified if the mic and traffic sniffing is
| correspondingly turned off though.
| like_any_other wrote:
| While both have privacy implications, I'd rather we distinguish
| 'monitoring' that exfiltrates your data to their servers, and
| offline-only 'monitoring', used only for legitimate, benign
| purposes of the program itself.
| wustep wrote:
| Hey!
|
| 1. Notion records audio only during your use of the Meeting Notes
| feature. Here are the docs: https://www.notion.com/help/ai-
| meeting-notes
|
| 2. Notion desktop app has notifications about meetings that ask
| you if you want to use Meeting Notes, it recognizes this by
| detecting that your microphone is on (i.e. it does not listen to
| audio coming from your microphone). This feature is a setting in
| preferences btw, under Notifications > Desktop meeting detection
| notification.
|
| source: I work for Notion
| chinathrow wrote:
| From 1)
|
| > If you do not want the AI Meeting Notes feature available to
| your users, administrators may opt-out their workspace at any
| time via the toggle available in their console.
|
| Here's your problem: Make this opt-in.
| rchaud wrote:
| AI features + user opt-in are mutually exclusive at this
| point.
| jitl wrote:
| To elaborate:
|
| The Notion desktop app will observe if there is a process
| running on your computer that is actively using your
| microphone, such as Zoom.
|
| Notion does not and cannot listen to the audio coming from your
| microphone ambiently or snoop on the signal received by another
| application. This detection is done purely based on the
| existing of a process using your microphone, not on the audio
| coming from the microphone. Users can verify this because the
| OS-level microphone indicator will show that Notion is not
| listening to their microphone.
|
| If one is detected, Notion will notify the user and try to
| associate it with a calendar event if you have connected your
| calendar. Connecting your calendar is not a requirement to
| receive this notification.
|
| Users can disable this behavior via their account settings in
| Settings > Notifications > Desktop meeting detection
| notifications.
|
| Only when the user has started a meeting note and clicked
| record, will Notion activate the user's microphone. We cannot
| do this without operating system mediated consent dialog, which
| is the way it should be! At this point Notion will show up as
| using the microphone in the OS indicators.
|
| (I work at Notion)
| chinathrow wrote:
| Make it opt-in and this would be not an issue.
| jitl wrote:
| Our PMs don't like making things opt-in. I pitched a fit
| when we added global shortcuts to launch the Notion app
| search window, but I wasn't able to change any minds.
|
| A feature that's opt-in will get like 1% of the use of a
| feature that's opt-out. A happier middle ground would be to
| enable by default and showed a "I don't like this, pls turn
| it off" button the first few times.
| chinathrow wrote:
| Your new feature is privacy invading. It's none of your
| business to detect if someones mic is on unless they
| invite you to do that.
|
| What is so hard about that?
|
| > Our PMs don't like making things opt-in.
|
| Lamest excuse ever.
|
| I wouldn't be surprised if you phoned back home about
| that mic activation - do you?
|
| I recently joined an org where Notion is in use - I will
| actively lobby them to not install the desktop app, at
| all or to quit Notion alltogether.
| hackinthebochs wrote:
| What exactly is the privacy issue with detecting when a
| process begins using the microphone?
| bayindirh wrote:
| Following my habits, and reporting to a data broker that
| how I use my microphone, allowing even more precise
| profiling of my life circumstances or habits.
| FuriouslyAdrift wrote:
| Make a pop-up with the opt-in/out for all the features on
| first launch with everything defaulted to on so people
| can turn features off and get notified that such features
| exist. You can also use this to gather metrics on what
| features people are actually interested in.
|
| Good compromise.
| jitl wrote:
| Yep, completely agree.
| threetonesun wrote:
| Nothing makes me not want to use software more than it
| asking questions about how I want to use the software
| before I've used the software.
|
| Runner up is the "what's new" tutorial overlays.
| falcor84 wrote:
| Well, I suppose everyone is different. The first thing I
| do after launching a new software is inspect its options,
| and if it doesn't have a good range of tunable options,
| there's a good chance I'll immediately abandon it. So I
| actually really love the recent trend in video games
| putting you into the options at the start.
| brookst wrote:
| Just seeing the words "got it" raises my blood pressure.
| eddythompson80 wrote:
| > Our PMs don't like making things opt-in.
|
| Whenever people on HN and else where present you the
| mustache twirling evil Microsoft or Apple or Google
| C-suite/board who are trying to enshitificate a product
| or a tool because they don't care, always keep in mind
| that the reality is often a lot more mundane than that.
|
| The application that is "sneakily" listening to you and
| transmitting everything you say to their servers can be a
| legitimate product of a mustache twirling villain, but
| it's a lot more likely (in my experience) that a group of
| 5 engineers and a PM were tasked by "Present relevant
| products from our company to the user" task and someone
| was like "what if we record what they are saying (or just
| zip-up their entire ~/Documents folder), run it through
| an LLM on our server and prompt it to analyze their convo
| or documents and recommend one of our products to sell to
| them? Sounds good to me, no?"
| owebmaster wrote:
| No Eddy, this simpleton scenario of yours is not more
| likely to be true than the evil scenario where the evil
| tech company invades users privacy and collect data it
| wasn't directly allowed for an extra profit.
| eddythompson80 wrote:
| I admit I haven't been in any of the mustash twirling
| meetings. They probably happen, but I have also been in
| the room with engineers and PMs discussing solving
| problems with analytics attribution to user.
| owebmaster wrote:
| It is because when you get your attention fixed to the
| execution level you miss the strategic.
| pksebben wrote:
| Given the structure of hierarchical orgs, both can (and
| likely are) true.
|
| Moustache-twirler A: We've identified these metrics that
| correlate with increased shareholder value
|
| Moustache-twirler B: But what do those metrics say about
| user privacy?
|
| (both laugh. This is very funny)
|
| MT A: no but really, fire any PMs that don't make these
| go up and let the survivors figure out why
|
| MT B: sounds great. See you at golf this weekend
|
| (some time later, in a less fancy conference room)
|
| Engineer: This new feature is great, but could be
| construed as an invasion of privacy. Can we make it opt-
| in?
|
| PM (panicking): Oh good heavens, no! Also send the opt-
| out button to the UX team, that way it doesn't come down
| on us.
| eddythompson80 wrote:
| It's probably more telling how you had to invent the
| cartoonishly evil MTA and MTB, a bootlicker PM, and an
| honest (but maybe just slightly clueless) engineer.
| sturza wrote:
| Your PMs should not decide what your software does with
| my hardware without me giving my informed consent.
|
| Our PMs don't like making things opt-in.
|
| -> Your users don't like making things opt-out. Low usage
| metrics is a UX problem. Activating it without informed
| consent gives you bloated metrics anyway.
| fiddlerwoaroof wrote:
| It's just not true that users don't like making things
| opt-out. HN Users tend not to like it but I think a lot
| of users dislike the alternatives: either because they're
| undiscoverable (toggle in settings or a menu) or
| intrusive (various sorts of what's new overlays). Imo,
| the question of when to make things opt-in vs. opt-out is
| fairly subtle and largely depends on the feature and pre-
| existing trust.
| sturza wrote:
| There are infinite ways on how to inform users of a new
| feature and ask to activate it.
| fiddlerwoaroof wrote:
| And nearly all of them are annoying and disrupt my flow.
| graphememes wrote:
| cookie popups that don't even work
| bayindirh wrote:
| The same thing disrupts _your_ flow allows _me_ to make
| informed decisions, and I 'm happy to be offered a
| choice, and ability to change my mind later.
| meindnoch wrote:
| >Our PMs don't like making things opt-in
|
| Then refuse implementing it. Have some dignity for God's
| sake.
| thih9 wrote:
| Depending on the company culture, this may not be
| allowed. As in: PMs will ask another dev to implement it;
| if this happens more often then they will replace you.
|
| Also, searching for dignity in a post-"don't be evil"
| startup environment seems unusual.
| d4mi3n wrote:
| While I agree with your sentiment, I'll note that ethics
| are hard to hold when it's your livelihood on the line.
|
| Expecting a shift in corporate culture to come from a
| short list of individuals making great personal sacrifice
| (of their careers, reputations, whatever) is not
| reasonable, sustainable, or realistic.
|
| I know there are a lot of folks who abhor regulation in
| many contexts, but stuff like this is most effectively
| handled by such mechanisms.
| crysin wrote:
| And then what, be out out of a job because you were
| insubordinate? If you have the personal wealth and
| security to lose your job and possibly not have a new
| opportunity for the next year or so, then that's great.
| Not everyone has that security, and a roof over their
| head just may be more important than personal convictions
| about how to treat users.
| callalex wrote:
| Having that kind of power as an implementer requires the
| backing of a union.
| brookst wrote:
| And the utter certainty that you are infallible.
| graphememes wrote:
| what an emotional response to work
| JadeNB wrote:
| While I personally wish that there were more people who
| had the ability to make such decisions, and exercised
| that ability, I think that this is a hostile response to
| someone who didn't have to spend the time to come on HN
| and describe the situation to the best of their ability.
| Calling people undignified because they, or their
| company, isn't perfect is just going to close down
| channels of communication.
| dman wrote:
| thats a red flag imho
| jjulius wrote:
| > A feature that's opt-in will get like 1% of the use of
| a feature that's opt-out.
|
| Well... yeah. It's either because the benefits of opting
| in aren't communicated well enough or that users just
| don't actually want it.
|
| For AI meeting notes, I'd imagine it's the latter.
| unsui wrote:
| >Our PMs don't like making things opt-in
|
| That is an implementation detail. What matters is the
| outcome:
|
| Notion leadership has signed off on this being opt-out.
|
| The calculus here, as you indicated, was that opt-in has
| little buy-in.
|
| What leadership didn't take into account was the risk of
| this being publicized, and the blowback from this
| awareness.
|
| That, or leadership has already calculated that not
| enough people will care (possibly true).
|
| I suppose it's then up to those that _do_ care to make
| more noise about this, to tilt the odds?, so this
| specific calculus (also known as enshittification) doesn
| 't keep occuring (i.e, if the blowback costs are
| disproportionate to the value provided by default opt-
| out....)
| rchaud wrote:
| > Our PMs don't like making things opt-in.
|
| Thank god the web browser was developed in an era where
| PMs weren't stack-ranked on rubrics like "feature
| engagement". Imagine a world where every website was
| granted access to your filesystem, webcam, microphone,
| and geolocation by default so that PMs could report back
| on how many websites were making use of those browser
| APIs.
| impish9208 wrote:
| > Our PMs don't like making things opt-in.
|
| "Ze engagement metrics must go up on ze dashboard every
| quarter, jah!" I can't wait for the day PMs and other
| parasites find a new industry to move to. They sure have
| sucked the fun out of this one.
| mbreese wrote:
| Get better PMs. Seriously. Users shouldn't have to opt-
| out of something for privacy. Respecting privacy should
| be the default. If a user finds value in letting you
| listen to the microphone, then great! But you have to
| tell them! There are also other ways to get the same
| information -- such as if the user also shares their
| calendar. This is sneaky and evasive behavior.
|
| But none of this conversation makes me want to use
| Notion. We used to use it for meeting notes and light DB
| work for non-technical users. Now I'm happy we stopped.
| weego wrote:
| If they made borderline "features" like this opt-in, no one
| would and then the people driving this won't get the career
| prospect boost of shipping a new feature.
| dakiol wrote:
| Thanks for the explanation. I was about to install Notion
| Desktop today. I Won't install it.
| XCabbage wrote:
| Why? I don't understand the objection to this. If the app
| was sending off any data to Notion without consent, that
| would obviously be a privacy issue, but why is it a problem
| for a desktop app to simply check if your mic is being used
| and offer to record?
| const_cast wrote:
| The application is almost certainly sending off data to
| Notion without consent, you just wouldn't be able to
| tell.
|
| If a company is willing to do even small privacy
| violations, I do not trust them at all. Feel free to run
| OpenSnitch or LittleSnitch - most apps are opening
| connections to many domains you won't recognize. Your
| guess is as good as anyone's what data they're
| exfiltrating. That is, of course, unless you use more
| privacy-preserving apps that are typically opensource.
| brookst wrote:
| Any evidence for "almost certainly"? That seems a huge
| leap of faith to build a whole worldview on. Kind of
| circular, really.
| const_cast wrote:
| Yes, virtually every commercial application I've ever
| seen allows exfiltration of data, usually close to all of
| it, and you agree to it by signing both an EULA and
| privacy policy.
|
| Based off of that, I then _assume_ that other companies
| are exfiltrating as much data as possible off my devices.
|
| I mean, even your car, which, keep in mind, is a multi-
| tens-of-thousands dollar product, exfiltrates your
| location, all your texts, all your phone calls, and as
| much data from your phone as possible.
|
| Yes, this is a "leap of faith". I am not bound by a
| purely evidence-based worldview - I consider that
| naivety. I do not need strong irrefutable evidence of bad
| things happening. When people are untrustworthy, I
| approach them with skepticism in order to protect myself.
|
| For example, I have absolutely no proof that the NSA is
| surveilling SMS and telephony right now. None at all. But
| I know Prism was a thing. It is safe to assume the NSA is
| absolutely surveilling SMS and telephony.
|
| And, I'm almost always right, in my experience.
| viraptor wrote:
| That's just entirely based on the "almost certainly"
| doing all the work. You're complaining about a
| hypothetical situation.
|
| > you just wouldn't be able to tell.
|
| You can setup a local web proxy and tell us. Also check
| the sources since it's an electron app.
| const_cast wrote:
| I don't use notion, but it would be a fun experiment to
| install a root CA and see the traffic.
|
| It's probably not always this easy. I see many
| connections on apps using UDP, so who knows how, exactly,
| they are encoded.
|
| The data may also be "encrypted", similar to how Zoom
| "encrypted" data. That is to say, the data is encrypted,
| but the private key is on the same server. So, if you
| MITM, it looks encrypted - but there's no security.
| jraph wrote:
| This could be a good feature in open source software
| packaged by Debian and whose build is reproducible.
|
| People being angry here shows how they distrust software
| they use and distrusting always online software causes
| fear and stress.
|
| The best these people can do is relying on free software
| distributed in a sane way because that's what can help
| trust software, and, in a professional setting, to push
| their companies or their providers towards free software
| as well, and demand guarantees that their privacy is
| respected.
|
| These matters are not theoretical and this discussion is
| a witness of this.
|
| If Notion wants to be trusted, they should go open
| source. I see Notion people are here. Do it! Stop doing
| closed source software! That doesn't bring anything worth
| and see what badness it brings. Your value is elsewhere.
| It's in you expertise, your vision and how well you do
| things.
|
| I work for an open source competitor (or at least in the
| neighborhood) and that works out well for us and has been
| for 20 years.
|
| The day you open source your desktop client, you'll be
| able to show us the code and show that you indeed don't
| send audio records or related logs to your headquarters.
| We won't have to reverse engineer, sandbox just to be
| sure, and hope for the best.
|
| Knowledge management software shouldn't hide knowledge.
| colechristensen wrote:
| Yeah, no. You don't get to monitor my anything in order to
| provide features. I was never a user of notion and I
| definitely won't be. It is just an oversight of the OS that
| your process is allowed to see the list of other processes.
|
| I do not want to be spied on and have 0 trust for any company
| wishing to do any kind of monitoring of my usage in order to
| provide or advertise "features" to me.
| wferrell wrote:
| It is not genuine to say that Notion cannot listen in. Notion
| can listen in. Anytime it wants. Yes on Macs an indicator
| will be displayed - but not always prominently depending on
| what other apps/devices are being used (for example using
| continuity camera)
|
| Source: I built the same listening infrastructure into other
| meeting note taking apps. Our team spoke at length about this
| security issue with Apple.
| combyn8tor wrote:
| While you're here - can you tell your PM's that your auto
| update on windows is annoying. Every time I start the app
| there's a prompt asking me to either "Install and Relaunch"
| or "Remind me later" (which seems to just hassle me again on
| next app start). The worst part is the pop-up doesn't show
| until 5-10 seconds after I start the app. So I'll start the
| app, start clicking around and then I'm interrupted by this
| pop-up. This seems to happen every day because you push a lot
| of updates.
|
| I'd prefer an option to silently grab non-security/non-fix
| updates once every [Day, Week, Month] in the background, and
| install automatically on next app start up. Urgent updates
| can happen immediately. The default should be every week as
| every update is around 85mb. You could go a step further and
| have an option to only download over WiFi.
|
| As for the mic "issue", I'm not sure what everyone's on
| about. Acting like it's the first app on Windows to monitor
| what the system is doing to provide a feature.
| wustep wrote:
| FWIW, you can verify when any apps are recording microphone
| input by the OS's microphone indicator. I think Windows, Mac,
| and Linux all have one.
|
| (edit: see what @jitl said)
| CubsFan1060 wrote:
| If it helps, this has been one of the most infuriating things
| for me in recent memory. I don't understand why this wasn't
| opt-in.
| wustep wrote:
| thanks, will fwd to team
|
| you're talking about the desktop notification in particular,
| right?
| CubsFan1060 wrote:
| Yeah. I mean, the rest is concerning. But one day it just
| started popping up every time I went into a meeting. Which,
| of course, was exactly the time that I was busy in a
| meeting, and didn't have time to dig through settings to
| figure out how to turn it off.
| incoming1211 wrote:
| * team receives feedback
|
| "Bin it, no one will turn it on, make them turn it off if
| they don't want it"
| chaps wrote:
| Does any of that microphone detection stuff send anything over
| the network to Notion to indicate that the check was done, plus
| the check's results?
| jitl wrote:
| let me look
|
| EDIT: no, there's no transmission of logs or analytics events
| besides a check to see if the feature is enabled. We only
| transmit some data if you ask Notion to record.
| chaps wrote:
| Thanks for the answer.
|
| Just want to clarify for pedantic reasons - is there
| transmission regardless of whether it's enabled or
| disabled? And does that happen only if someone asks Notion
| to record?
| DrillShopper wrote:
| Can you give me a source beyond "just trust me, bro"?
| wustep wrote:
| your OS shows a microphone icon when apps are recording audio
| -- when you use the app, you should see that when recording
| is on during the meeting transcription and off otherwise
| dml2135 wrote:
| Why didn't Notion ask for my affirmative consent before
| monitoring my network traffic?
|
| Are there other cases where Notion is monitoring my network
| traffic? If so, what are they?
| chinathrow wrote:
| This is unethical and creepy behavior - Notion team reading this:
| How exactly did you come up with this?
| pat64 wrote:
| As someone who has built an app that detects calls and meetings,
| this isn't as nefarious as you're making it out to be.
|
| You can detect patterns of hardware use that suggest you're in a
| meeting without actually eavesdropping on an actual audio stream
| of any kind.
|
| Basically is some app using the mic hardware for something??
| Likely a meeting so.
| shreddit wrote:
| It's not necessarily about what they doing, more like how they
| do things. They could at least tell me about it, like: Hey, we
| check whether you joined a meeting to provide you with our note
| taking assistant. Are you okay with that?
|
| Don't assume consent.
| toddmorey wrote:
| I have a funny story: I went to go to a notion doc and just
| intuitively pressed command-O in the app to open the notion doc I
| wanted. Of course that command doesn't open notion docs--what
| that does is turn on audio transcription.
|
| So two hours later, I realize I've transcribed at the bottom of
| our team overview page what read like the diary of a madman from
| fragments of conversation I was having with my wife and dog. I am
| glad I caught it and deleted it.
| TYPE_FASTER wrote:
| Did it transcribe the dog? How long until we get a LLM that can
| translate dog barks...
| callalex wrote:
| People are doing some interesting work in an attempt to
| categorize whale and dolphin communication
| https://blog.padi.com/talk-to-whales-with-ai/
| FredPret wrote:
| https://www.reddit.com/r/TheFarSide/comments/1d041lu/hey_hey.
| ..
| scblzn wrote:
| A reminder that Notion still operates under the .so TLD [1]
|
| Why should you entrust them with your private notes and data?
|
| [1] https://news.ycombinator.com/item?id=26113444
| chinathrow wrote:
| 361 points within 5 hours, 112 comments but off the frontpage.
| Why @dang?
___________________________________________________________________
(page generated 2025-07-17 23:01 UTC)