> When you publish a Notion page to the web, the webpage’s metadata may include the names, profile photos, and email addresses associated with any Notion users that have contributed to the page.
I'm guessing it's not trivial to fix without breaking other things? The weakness seems to be that anyone can turn UUIDs into details like email. But I assume this functionality is necessary for other flows so they can't just turn off all UUID->email/profile look ups. And similarly hiding author UUIDs on posts also isn't trivial.
Conceptually, I agree it should be easy, but I suspect they're stuck with legacy code and behaviors that rely on the current system. Not breaking anything else while fixing this is likely the time consuming part.
Recently I checked back on Notion after a year or so of not seeing it. I was going to recommend it to someone as an example of hypertext, but I see now it calls itself an "AI workplace that works for you" and "Your AI everything app". This company means nothing now, seriously what happened.
They’ve basically positioned themselves as a workplace app for years now. A fully integrated project management and documentation really is just asking for AI to be part of it
I think it does all of this really well... Especially as someone coming from the dystopia of permissions management that is Atlassian, I really like notion.
It never meant anything. Motion has always tried to be everything, do everything and work for absolutely everyone and that has always meant it was just a jumbled mess of pure waste of computing cycles. Notion has always been a disgrace of an app and a service—shoving AI into it is just the natural next step for a “whatever” company such as this.
Interesting that people immediately think of workarounds instead of rejecting the governments and corporations behind the thing. Year by year Overton Window moves, workarounds become more and more involved and eventually people will give up and become just living datapoints on corporate/government dashboard.
Extreme, yet I can't deny its effectiveness. How do you radicalize a decadent, apathetic population? People who literally do not give a shit about important issues because they have too much to lose, because they'd have to give up their comfortable lifestyles? Terrorists attack them directly, breaking the illusion that their almighty governments can protect them. They gave up all those freedoms, paid all those taxes, sacrificed their principles, all in the name of security... Only to discover they aren't safe at all. Quite ironic, really. No wonder governments worldwide are willing to pull out all the stops against terrorists.
> Also at least in democracies you can reject the government without physical violence.
Doubt. To me it seems democracies exist just to give people the illusion of choice, not to give them any real power. The reality is people are manipulated by the mass media, their very wants and desires are shaped by it. Censorship is growing world wide, even in "democratic" governments, because they want to reserve the right to shape the population's collective mind. And when even that fails, it turns out every politician answers to the corporations anyway. They literally buy laws via lobbyists. If by some miracle some law gets passed to benefit people at the expense of corporations, the lobbyists swoop in and neuter it with hidden loopholes and fine print.
Good luck with that. Companies simply don't want to invest in security. It's simply cheaper to write a post-mortem and apology blog post after the fact.
The sad thing is that people are used by now that anything they enter on a website is sooner or later going to be leaked, if not sold as if often happens with email addresses.
Very timely. I literally ran a Claude prompt "compare and contrast Notion vs Obsidian" and flipped over to HN while it was thinking, and this comes up. Thanks HN!
For a personal knowledge base? I would stay far away from anything proprietary for personal notes. I love logseq though I'm increasingly worried it's abandonware
My use case isn't likely to be a personal knowledge base, I've just never had any traction on that sort of thing beyond a blog/microblog. I'm wanting to use something specifically for organizing the building of a shop/ADU: todo lists, pinterest-like inspiration boards, costing spreadsheets...
Logseq was captured by VC a long time ago. They switched from open files to a database, their synching product is closed source (not selfhostable), and they have built-in telemetry.
Logseq isn't abandonware - they're in the process of rebuilding the app from the ground up to be database-driven, rather than house-brand Markdown as the source of truth and a database constructed from the files afterwards.
I'm not saying it's the most likely project to survive, but they've been working in quiet mode for a good while now.
I self host https://www.getoutline.com/ instead, they might not have the latest AI features but it has everything I could ask for from a Notion alternative.
I think we’ll start seeing consulting agencies advertise how many vulnerabilities that can resolve per million token, and engineering teams feeling pressure to merge this generated code.
We’ll also see more token heavy services like dependabot, sonar cube, etc that specialize in providing security related PR Reviews and codebase audits.
This is one of the spaces where a small team could build something that quickly pulls great ARR numbers.
The same vertical-specialist logic applies in legal tech. Law firms are drowning in contract review — NDA, MSAs, leases — and generic AI gives them vague answers with no accountability. The teams winning there aren't building 'AI for lawyers', they're building AI that cites every answer to a specific clause and pins professional liability to the output. That's a very different product than a chatbot.
What is needed there are custom harnesses that don’t let the LLM decide what to do when. Use their power of pattern matching on data, not on decision transcriptions.
Does SonarCube use LLMs these days? It always seemed like a bloated, Goodhart's law inviting, waste of time, so hearing that doesn't surprise me at all.
The problem is that they don't "need" to. There's no consequences for not caring, and no incentive to care.
We need laws and a competent government to force these companies to care by levying significant fines or jail time for executives depending on severity. Not fines like 0.00002 cents per exposed customers, existential fines like 1% of annual revinue for each exposed customer. If you fuck up bad enough, your company burns to the ground and your CEO goes to jail type consequences.
This kind of response went out of fashion after Enron. Burning an entire company to the ground (in that case Arthur Andersen) and putting thousands out of work because of the misdeeds of a few - even if they were due to companywide culture problems - turned out to be disproportionate, wasteful, and cruel.
That's exactly backwards. In the current regime, it's precisely the billions of people who are affected by data breaches (and who happen to be taxpayers!) who are footing the bill.
More importantly people need to start voting out politicians who refuse to. It's easy to elect people because of things they promise, but its what they actually do that matters.
I've been toying around an architecture that sets things up such that the data for each user is actually stored with each user and only materialized on demand, such that many data leaks would yield little since the server doesn't actually store most of the user data. I mention this since this sorts of leaks are inevitable as long as people are fallible. I feel the correct solution is to not store user data to begin with.
some problems I've identified:
1. suppose you have x users and y groups, of which require some subset of x. joining the data on demand can become expensive, O(x*y).
2. the main usefulness of such an architecture is if the data itself is stored with the user, but as group sizes y increase, a single user's data being offline makes aggregate usecases more difficult. this would lend itself to replicating the data server side, but that would defeat the purpose
3. assuming the previous two are solved, which is very difficult to say the least, how do you secure the data for the user such that someone who knows about this architecture can't just go to the clients and trivially scrape all of the data (per user)?
4. how do you allow for these features without allowing people to modify their data in ways you don't want to allow? encryption?
a concrete example of this would be if HN had it so that each user had a sqlite database that stored all of the posts made per user. then, HN server would actually go and fetch the data for each of the posters to then show the regular page. presumably here if a data of a given user is inaccessible then their data would be omitted.
I’ve always liked this idea but I think it eventually ends back up with essentially our current system. Users have multiple devices so you quickly get to needing a sync service. Once that gets complex enough, then people will outsource to a third party and then we are back to a FB/Google/Apple sign in and data mgmt world.
It loves to hog disk space for some reason. An hour after installing, service workers are using 7gb. I have very few files uploaded so I don’t know what it’s caching.
Webwrapper apps should die a quick painful death and those involved in deciding that a given app should be a webwrapper should stub their toes on furniture corners every 30 minutes of their lives.
These apps are a disease and no one should be using services that offer them.
Apparently this is officially documented at https://www.notion.com/help/public-pages-and-web-publishing#... buried in a note:
> When you publish a Notion page to the web, the webpage’s metadata may include the names, profile photos, and email addresses associated with any Notion users that have contributed to the page.
This is, as a notion user with public pages, beyond stupid.
That's just ... absurd.
The flaw itself is absurd but then just accepting it as "by design" makes it even worse.
It's also trivially easy to fix. 1 min delete and deploy.
I'm guessing it's not trivial to fix without breaking other things? The weakness seems to be that anyone can turn UUIDs into details like email. But I assume this functionality is necessary for other flows so they can't just turn off all UUID->email/profile look ups. And similarly hiding author UUIDs on posts also isn't trivial.
Conceptually, I agree it should be easy, but I suspect they're stuck with legacy code and behaviors that rely on the current system. Not breaking anything else while fixing this is likely the time consuming part.
Of course they can fix it, come on.
They can easily withold information they put out intenionally.
The whole point of that comment is that it's not that easy. There are potential side effects and consequences that are difficult to architect around.
Some CMSs do this in their RSS feeds as well. Can't recall which ones, but seen it.
Recently I checked back on Notion after a year or so of not seeing it. I was going to recommend it to someone as an example of hypertext, but I see now it calls itself an "AI workplace that works for you" and "Your AI everything app". This company means nothing now, seriously what happened.
Maybe I'm a computer nerd. But I know Unix and I'm so happy that I can avoid such software in my daily life.
> I was going to recommend it to someone as an example of hypertext
What does this mean?
Demonstrating what hypertext is capable of.
Thanks, exactly, that's what I meant to say.
They’ve basically positioned themselves as a workplace app for years now. A fully integrated project management and documentation really is just asking for AI to be part of it
I think it does all of this really well... Especially as someone coming from the dystopia of permissions management that is Atlassian, I really like notion.
What do you mean “now”?
It never meant anything. Motion has always tried to be everything, do everything and work for absolutely everyone and that has always meant it was just a jumbled mess of pure waste of computing cycles. Notion has always been a disgrace of an app and a service—shoving AI into it is just the natural next step for a “whatever” company such as this.
It has been an issue for at least 5 years. I remember one dude from HN deanonymized me around 5 years ago by looking at my notion page.
Looks like we're gonna have to go full CIA mode and shift into maximum OPSEC if we want any semblance of privacy. Gotta compartmentalize everything...
Interesting that people immediately think of workarounds instead of rejecting the governments and corporations behind the thing. Year by year Overton Window moves, workarounds become more and more involved and eventually people will give up and become just living datapoints on corporate/government dashboard.
Rejecting the government is insurrection, it's the same as becoming a terrorist.
A terrorist works with terror (fear).
Also at least in democracies you can reject the government without physical violence.
> A terrorist works with terror (fear).
Extreme, yet I can't deny its effectiveness. How do you radicalize a decadent, apathetic population? People who literally do not give a shit about important issues because they have too much to lose, because they'd have to give up their comfortable lifestyles? Terrorists attack them directly, breaking the illusion that their almighty governments can protect them. They gave up all those freedoms, paid all those taxes, sacrificed their principles, all in the name of security... Only to discover they aren't safe at all. Quite ironic, really. No wonder governments worldwide are willing to pull out all the stops against terrorists.
> Also at least in democracies you can reject the government without physical violence.
Doubt. To me it seems democracies exist just to give people the illusion of choice, not to give them any real power. The reality is people are manipulated by the mass media, their very wants and desires are shaped by it. Censorship is growing world wide, even in "democratic" governments, because they want to reserve the right to shape the population's collective mind. And when even that fails, it turns out every politician answers to the corporations anyway. They literally buy laws via lobbyists. If by some miracle some law gets passed to benefit people at the expense of corporations, the lobbyists swoop in and neuter it with hidden loopholes and fine print.
You are called terrorist only until you win then you are a freedom fighter.
You even may be called freedom fighter from the start if you are trying to displace government in the right country. There are plenty of examples.
Learn about the origin of word terrorism (hint: it was term for rogue government acting against its peoples)
Good luck with that. Companies simply don't want to invest in security. It's simply cheaper to write a post-mortem and apology blog post after the fact.
The sad thing is that people are used by now that anything they enter on a website is sooner or later going to be leaked, if not sold as if often happens with email addresses.
Sue them out of existence then.
Very timely. I literally ran a Claude prompt "compare and contrast Notion vs Obsidian" and flipped over to HN while it was thinking, and this comes up. Thanks HN!
For a personal knowledge base? I would stay far away from anything proprietary for personal notes. I love logseq though I'm increasingly worried it's abandonware
Obsidian is at least storing in markdown. Although some plugins probably add additional formatting that isn't standard.
My use case isn't likely to be a personal knowledge base, I've just never had any traction on that sort of thing beyond a blog/microblog. I'm wanting to use something specifically for organizing the building of a shop/ADU: todo lists, pinterest-like inspiration boards, costing spreadsheets...
You don't lose anything from the proprietary nature of Obsidian because it's just markdown files all the way down.
Yeah to clarify, I mean Notion was proprietary. Obsidian I would call borderline because as you mentioned, the markdown file storage format.
Logseq was captured by VC a long time ago. They switched from open files to a database, their synching product is closed source (not selfhostable), and they have built-in telemetry.
Logseq isn't abandonware - they're in the process of rebuilding the app from the ground up to be database-driven, rather than house-brand Markdown as the source of truth and a database constructed from the files afterwards.
I'm not saying it's the most likely project to survive, but they've been working in quiet mode for a good while now.
I switched from Obsidian to Joplin years ago. Its completely FOSS and can sync with your private Nextcloud instance.
But all the Joplin data is not in Markdown files sadly.
I self host https://www.getoutline.com/ instead, they might not have the latest AI features but it has everything I could ask for from a Notion alternative.
You could try https://hyperclast.com/ (my project). Here's the comparison vs Notion, Obsidian etc https://hyperclast.com/vs/
Big companys need to start caring more security and privacy of its users and employees
I think we’ll start seeing consulting agencies advertise how many vulnerabilities that can resolve per million token, and engineering teams feeling pressure to merge this generated code.
We’ll also see more token heavy services like dependabot, sonar cube, etc that specialize in providing security related PR Reviews and codebase audits.
This is one of the spaces where a small team could build something that quickly pulls great ARR numbers.
The same vertical-specialist logic applies in legal tech. Law firms are drowning in contract review — NDA, MSAs, leases — and generic AI gives them vague answers with no accountability. The teams winning there aren't building 'AI for lawyers', they're building AI that cites every answer to a specific clause and pins professional liability to the output. That's a very different product than a chatbot.
What is needed there are custom harnesses that don’t let the LLM decide what to do when. Use their power of pattern matching on data, not on decision transcriptions.
Does SonarCube use LLMs these days? It always seemed like a bloated, Goodhart's law inviting, waste of time, so hearing that doesn't surprise me at all.
The problem is that they don't "need" to. There's no consequences for not caring, and no incentive to care.
We need laws and a competent government to force these companies to care by levying significant fines or jail time for executives depending on severity. Not fines like 0.00002 cents per exposed customers, existential fines like 1% of annual revinue for each exposed customer. If you fuck up bad enough, your company burns to the ground and your CEO goes to jail type consequences.
This kind of response went out of fashion after Enron. Burning an entire company to the ground (in that case Arthur Andersen) and putting thousands out of work because of the misdeeds of a few - even if they were due to companywide culture problems - turned out to be disproportionate, wasteful, and cruel.
the answer to that is a functional social safety net for the innocent employees to land in, not allowing companies to violate the law with impunity.
You’re describing a system where taxpayers foot the bill for data breaches.
That's exactly backwards. In the current regime, it's precisely the billions of people who are affected by data breaches (and who happen to be taxpayers!) who are footing the bill.
Not at all. Make the guilty corporation pay for all of it.
We already are in a system where we foot most of the consequences.
If the government wants me to take copyright and IP laws seriously, then they need to take my personal information seriously too.
This. Severe harsh consequences are the best way to prevent crime.
If we also make the penalty for every crime the death penalty we'll have no more crime. Very simple solution no one has thought of.
Nah. They care about profits only, the sooner the better, so everyone can cash out and move to their next “venture”
I don’t think ”caring about profits” applies to any company 2026?
People need to start voting in politicians who will meaningfully punish corporations who don't.
More importantly people need to start voting out politicians who refuse to. It's easy to elect people because of things they promise, but its what they actually do that matters.
Maybe the board and shareholders of big companies need to be held accountable financially instead of being able to hide behind legal constructs.
And on that day, Satan will be skating to work.
I've been toying around an architecture that sets things up such that the data for each user is actually stored with each user and only materialized on demand, such that many data leaks would yield little since the server doesn't actually store most of the user data. I mention this since this sorts of leaks are inevitable as long as people are fallible. I feel the correct solution is to not store user data to begin with.
some problems I've identified:
1. suppose you have x users and y groups, of which require some subset of x. joining the data on demand can become expensive, O(x*y).
2. the main usefulness of such an architecture is if the data itself is stored with the user, but as group sizes y increase, a single user's data being offline makes aggregate usecases more difficult. this would lend itself to replicating the data server side, but that would defeat the purpose
3. assuming the previous two are solved, which is very difficult to say the least, how do you secure the data for the user such that someone who knows about this architecture can't just go to the clients and trivially scrape all of the data (per user)?
4. how do you allow for these features without allowing people to modify their data in ways you don't want to allow? encryption?
a concrete example of this would be if HN had it so that each user had a sqlite database that stored all of the posts made per user. then, HN server would actually go and fetch the data for each of the posters to then show the regular page. presumably here if a data of a given user is inaccessible then their data would be omitted.
I’ve always liked this idea but I think it eventually ends back up with essentially our current system. Users have multiple devices so you quickly get to needing a sync service. Once that gets complex enough, then people will outsource to a third party and then we are back to a FB/Google/Apple sign in and data mgmt world.
Notion’s macOS app is some of the worst software I’ve ever used. If there is a platform design idiom, they likely break it without a second thought.
Well thats because it isn't really a macOS app. its just the web app.
It loves to hog disk space for some reason. An hour after installing, service workers are using 7gb. I have very few files uploaded so I don’t know what it’s caching.
Webwrapper apps should die a quick painful death and those involved in deciding that a given app should be a webwrapper should stub their toes on furniture corners every 30 minutes of their lives.
These apps are a disease and no one should be using services that offer them.
Are security vulnerabilities good marketing?
The tweet is only a few words, you really need an LLM to write that for you???
Transparency is a good thing?
Any self hosted solution?
I’m building Docmost, a self-hosted alternative to Notion and Confluence.
It’s open-source, easy to self-host and feature-packed.
GitHub: https://github.com/docmost/docmost.
Isn't this very typical? Also, what is the proposal?