Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
const_cast 10 hours ago

The application is almost certainly sending off data to Notion without consent, you just wouldn't be able to tell.

If a company is willing to do even small privacy violations, I do not trust them at all. Feel free to run OpenSnitch or LittleSnitch - most apps are opening connections to many domains you won't recognize. Your guess is as good as anyone's what data they're exfiltrating. That is, of course, unless you use more privacy-preserving apps that are typically opensource.

viraptor 9 hours ago | parent | next [-]

That's just entirely based on the "almost certainly" doing all the work. You're complaining about a hypothetical situation.

> you just wouldn't be able to tell.

You can setup a local web proxy and tell us. Also check the sources since it's an electron app.

const_cast 9 hours ago | parent [-]

I don't use notion, but it would be a fun experiment to install a root CA and see the traffic.

It's probably not always this easy. I see many connections on apps using UDP, so who knows how, exactly, they are encoded.

The data may also be "encrypted", similar to how Zoom "encrypted" data. That is to say, the data is encrypted, but the private key is on the same server. So, if you MITM, it looks encrypted - but there's no security.

brookst 9 hours ago | parent | prev [-]

Any evidence for “almost certainly”? That seems a huge leap of faith to build a whole worldview on. Kind of circular, really.

const_cast 9 hours ago | parent [-]

Yes, virtually every commercial application I've ever seen allows exfiltration of data, usually close to all of it, and you agree to it by signing both an EULA and privacy policy.

Based off of that, I then assume that other companies are exfiltrating as much data as possible off my devices.

I mean, even your car, which, keep in mind, is a multi-tens-of-thousands dollar product, exfiltrates your location, all your texts, all your phone calls, and as much data from your phone as possible.

Yes, this is a "leap of faith". I am not bound by a purely evidence-based worldview - I consider that naivety. I do not need strong irrefutable evidence of bad things happening. When people are untrustworthy, I approach them with skepticism in order to protect myself.

For example, I have absolutely no proof that the NSA is surveilling SMS and telephony right now. None at all. But I know Prism was a thing. It is safe to assume the NSA is absolutely surveilling SMS and telephony.

And, I'm almost always right, in my experience.