alt.hn

4/19/2026 at 3:20:01 PM

Notion leaks email addresses of all editors of any public page

 https://twitter.com/weezerOSINT/status/2045849358462222720

by Tiberium

4/19/2026 at 5:10:51 PM

Apparently this is officially documented at https://www.notion.com/help/public-pages-and-web-publishing#... buried in a note:

> When you publish a Notion page to the web, the webpage’s metadata may include the names, profile photos, and email addresses associated with any Notion users that have contributed to the page.

by Tiberium

4/19/2026 at 5:46:30 PM

That's just ... absurd.

The flaw itself is absurd but then just accepting it as "by design" makes it even worse.

by EMM_386

4/19/2026 at 6:33:14 PM

It's also trivially easy to fix. 1 min delete and deploy.

by chinathrow

4/19/2026 at 7:33:03 PM

I'm guessing it's not trivial to fix without breaking other things? The weakness seems to be that anyone can turn UUIDs into details like email. But I assume this functionality is necessary for other flows so they can't just turn off all UUID->email/profile look ups. And similarly hiding author UUIDs on posts also isn't trivial.

Conceptually, I agree it should be easy, but I suspect they're stuck with legacy code and behaviors that rely on the current system. Not breaking anything else while fixing this is likely the time consuming part.

by varenc

4/19/2026 at 8:24:22 PM

This is a rendering artifact, nothing more. If you can tokenize and protect PII on your platform, you can protect PII on your public pages.

    if (metadata.is_public)
Simple fix.

by reactordev

4/20/2026 at 2:46:09 AM

But a user's email isn't always forbidden. The API endpoint which turns UUIDs into a user email presumably also has use cases where you do want to expose the user email. For example, when seeing a list of people you've already invited via email to collaborate with, or listing users within your organization, etc. So a user's email isn't always forbidden PII, it depends on the context.

The trouble is the UUID->email endpoint has no idea what the context is and that endpoint alone can't decide if it should expose email or not. And then public Notion docs publicly expose author UUIDs.

Their mistake was architecting things this way. From day 1 they should have cleanly separated public identifiers from privileged ones. Or have more bespoke endpoints for looking up a UUID's email for each of the narrow contexts in which this is allowed. They didn't do this, and they certainly should have, but fixing this mess is likely a non-trivial amount of work. Though I bet it could be done immediately if they really cared and didn't mind other things breaking.

I'm absolutely not defending their choice to expose emails in this way. They should have addressed this years ago when it was first reported, and I want them shamed for failing to care. But just trying to say it's likely not a one line fix.

by varenc

4/20/2026 at 11:55:10 AM

A users email should always be forbidden…

It is not a public marker, it’s PII.

by reactordev

4/19/2026 at 7:43:41 PM

Of course they can fix it, come on.

They can easily withold information they put out intenionally.

by chinathrow

4/19/2026 at 7:55:27 PM

The whole point of that comment is that it's not that easy. There are potential side effects and consequences that are difficult to architect around.

by csallen

4/20/2026 at 2:18:45 PM

The fix IS easy. The side effects need to be dealt with accordingly. Why do you defend shit like this?

by chinathrow

4/20/2026 at 1:36:37 AM

Except it is.

If you can't easily architect around it, then don't do what you're trying to do.

"Oh I needed to disclose user data in order to make more money" isn't an acceptable excuse.

by markdown

4/20/2026 at 4:26:12 AM

No one's talking about excuses.

by csallen

4/20/2026 at 2:19:14 PM

Looks like everyone does talk about excuses though.

by chinathrow

4/20/2026 at 12:09:21 PM

> Oh I needed to disclose user data in order to make more money

hmm maybe they should've paywalled?

by sysguest

4/20/2026 at 12:33:08 AM

You literally don’t know that. Add this to the mammoth file titled “HN comments in which the author makes some completely unsubstantiated technical claim”

by UqWBcuFx6NV4r

4/19/2026 at 5:31:26 PM

This is, as a notion user with public pages, beyond stupid.

by chinathrow

4/19/2026 at 8:34:15 PM

Don't attribute to stupidity what can be explained by malice.

by ArchieScrivener

4/20/2026 at 5:55:10 AM

Yes! I’ve always maintained Hanlon’s razor needs to be reversed in matters of computer security.

by sph

4/20/2026 at 6:24:16 AM

Theres just a higher form of malicious stupidity, where the people who own these platforms can be selectively, maliciously stupid where it comes to security.

by protocolture

4/20/2026 at 5:29:14 AM

This phrase needs way more traction.

by gib444

4/19/2026 at 6:54:54 PM

[dead]

by huflungdung

4/19/2026 at 6:38:57 PM

Some CMSs do this in their RSS feeds as well. Can't recall which ones, but seen it.

by mikae1

4/19/2026 at 6:00:46 PM

Recently I checked back on Notion after a year or so of not seeing it. I was going to recommend it to someone as an example of hypertext, but I see now it calls itself an "AI workplace that works for you" and "Your AI everything app". This company means nothing now, seriously what happened.

by lioeters

4/19/2026 at 10:12:53 PM

I haven't used Notion the last couple of years either, but there was a multi-year period where someone at each of the companies I was at would champion it, convince someone high enough to transition the team to it, and it would slow the team down so much. There was a joke at one point amongst coworkers that it might not be bad subterfuge to get someone hired at a rival in order to introduce Notion there.

Anyways, I think Notion has a learning curve that is a little longer than one expects. I can believe that with some dedicated learning time I could be turned into a believer. But I also distinctly had the impression that it was one of those things where it saved a ton of time for a few narrow-visioned people (the people who championed it), but added meaningful time to everyone else's. Those people were largely project managers or operations folks, and transitively the leaders they reported to. It heavily threw the switch towards "legibility" over reality.

It's like when someone new to a messy project, creates a spreadsheet, and says, "Let not overthink this, everybody just fill in your project details in your row". If your work, which you are the expert on, doesn't fit nicely into the person's columns, it's not easy for you to fill out. Meanwhile, the person who created the spreadsheet, gets what looks like a neat and orderly answer to everything. All the messy things—which are or at least have in them the correct status of the thing—will be masked under a clean and simple, but rather incorrect, thing. That spreadsheet will also travel far specifically because it's neat and therefore portable. There aren't a bunch of "it depends" in it.

by cm11

4/19/2026 at 6:47:44 PM

They’ve basically positioned themselves as a workplace app for years now. A fully integrated project management and documentation really is just asking for AI to be part of it

by thatxliner

4/19/2026 at 7:28:33 PM

I think it does all of this really well... Especially as someone coming from the dystopia of permissions management that is Atlassian, I really like notion.

by homeonthemtn

4/19/2026 at 7:28:44 PM

What do you mean “now”?

It never meant anything. Motion has always tried to be everything, do everything and work for absolutely everyone and that has always meant it was just a jumbled mess of pure waste of computing cycles. Notion has always been a disgrace of an app and a service—shoving AI into it is just the natural next step for a “whatever” company such as this.

by ksidosjcosjcisj

4/20/2026 at 6:24:13 AM

While I don't share your condemnation, I do share your critique of the design. When I tried Notion--really wanting to like it--I could find essentially zero documentation about how to do use those numerous features. After wasting a ton of time trying to get a document template I wanted, I gave up and went back to simpler tools.

by ternaryoperator

4/20/2026 at 8:30:18 AM

I'm impressed, been unistalling that monster 20 years before the founder died.

by ngold

4/20/2026 at 11:21:42 AM

After making one of the least worst rich editors out there on the web, they needed to keep their developers and designers busy (while not having time to fix privacy bugs).

Like every other AI tool it mainly seems to exist to produce productivity porn. Summarize the meetings nobody could be bothered to summarize. Write the docs nobody can be bothered to read or write. Communicate as an end, not a means, because the company your work for has transitioned into the dead-weight phase.

by unconed

4/19/2026 at 6:18:23 PM

> I was going to recommend it to someone as an example of hypertext

What does this mean?

by argee

4/19/2026 at 6:36:53 PM

Demonstrating what hypertext is capable of.

by gbgarbeb

4/19/2026 at 6:56:01 PM

Thanks, exactly, that's what I meant to say.

by lioeters

4/19/2026 at 6:16:31 PM

Maybe I'm a computer nerd. But I know Unix and I'm so happy that I can avoid such software in my daily life.

by skydhash

4/19/2026 at 8:13:40 PM

Hi, this is Max from Notion.

First: This is documented and we also warn users when they publish a page. But, that’s not good enough!

Second: We don’t like this and are looking at ways to fix this either by removing the PII from the public endpoints or by replacing it with an email proxy similar to GitHub’s equivalent functionality for public commits.

P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

by mschoening

4/19/2026 at 9:38:01 PM

> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

4 years.

by aucisson_masque

4/20/2026 at 7:59:11 AM

We have top men working on it right now

by blitzar

4/19/2026 at 8:34:31 PM

Can you share the warning? I made a public page and would say it was not clear to me this was a consequence of doing that. The warning as I remember it (a month ago) makes it sound like the information on this page is going to be public -- not - oh yeah the email addresses of everyone who edited this page will also be leaked.

by wferrell

4/19/2026 at 9:10:19 PM

When you start contributing to a page you see this:

https://cleanshot.com/share/trYdqYFZ

This is pretty meh. We will deploy more explicit messaging while we mitigate this properly.

by mschoening

4/19/2026 at 9:45:33 PM

The warning is too vague. “May become visible” kind of sounds like Notion doesn’t know whether they will become visible or not.

by janalsncm

4/19/2026 at 11:44:24 PM

It's definitely weasel wording. And moreover, it's honestly tiring to constantly have these weasel words carrying such weight, and then jackasses getting bent out of shape that they aren't given the benefit of the doubt anymore.

by halJordan

4/20/2026 at 6:25:26 AM

Also, to me, "anyone who can view this page" sounds like "anyone _in this workspace_ that can view this page", not "anyone _on the public web_".

by reddalo

4/19/2026 at 11:19:28 PM

Please also especially clarify that IDs of contributors will be public. Meh is good, but this was a bit too simple.

There is a way to mitigate this. Re-hash and cache the page to be meta-less for public URLs. I guess that requires a huge amount of coding for a team that has not built the product from the ground up. But I feel like a "copy and paste" could fix that (remove author data).

by nashashmi

4/19/2026 at 9:11:09 PM

I will speculate that Notion has had more than one minute to fix it.

by cm11

4/20/2026 at 2:20:54 AM

> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

Ignoring the “the bug was raised four years ago” part and assuming you just mean it isn't as easy as that and might break other things: what other things could resolving this potentially break? If the issue is that the PII needs to be present for private/authenticated views, would not making it unavailable everywhere including there, and fixing that later, be the better option over leaving the PII present for public views for a second longer?

by dspillett

4/19/2026 at 8:16:42 PM

Considering it was reported in 2022, and it is obviously an error, I don't think it is unfair for people here to have expected it to be fixed by now since it was first reported.

by ktallett

4/19/2026 at 8:18:13 PM

I agree. We will do better.

by mschoening

4/19/2026 at 11:05:34 PM

Can you please share an update when you can? will this be prioritised and fixed or not.

by _kl

4/19/2026 at 10:16:40 PM

While you're here, why is Notion so slow on Firefox? I mean extremely slow.

by andrelaszlo

4/20/2026 at 5:31:52 AM

The answer is usually that the devs only use Chrome.

by gib444

4/20/2026 at 5:53:58 AM

You should explain WHY that is not the case, or else accept that everyone's takeaway about this is that you've KNOWN you've been leaking your users' data for FOUR YEARS and have done nothing about it by CHOICE.

by popalchemist

4/19/2026 at 10:00:48 PM

This flaw was reported four years ago. Forgive me if I don’t believe a word of what you’re saying.

by hluska

4/20/2026 at 1:39:54 AM

> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

Nonsense! It is a 1 minute fix. You just don't want to take a $ hit from inconveniencing users by breaking another part of your app.

Pull your thumb out and do the right thing. Implement the 1 minute fix, and then spend the rest of the week or month fixing the other parts of your app that might break as a result of fixing this.

by markdown

4/20/2026 at 1:59:29 AM

What are you doing to address the process/structural issues that allowed such a privacy issue to get to production?

What are you doing to address the support issues that allowed such a privacy issue to remain after being reported?

What are you doing to address the issues with the company's prioritisation framework that allowed such a privacy issue to remain for 4 years?

Which authorities are you reporting the privacy issue to in line with local requirements?

by danpalmer

4/19/2026 at 5:05:23 PM

It has been an issue for at least 5 years. I remember one dude from HN deanonymized me around 5 years ago by looking at my notion page.

by RomanPushkin

4/19/2026 at 5:29:23 PM

Looks like we're gonna have to go full CIA mode and shift into maximum OPSEC if we want any semblance of privacy. Gotta compartmentalize everything...

by matheusmoreira

4/19/2026 at 6:08:36 PM

Good luck with that. Companies simply don't want to invest in security. It's simply cheaper to write a post-mortem and apology blog post after the fact.

The sad thing is that people are used by now that anything they enter on a website is sooner or later going to be leaked, if not sold as if often happens with email addresses.

by sph

4/19/2026 at 6:36:44 PM

Sue them out of existence then.

by themafia

4/19/2026 at 10:04:41 PM

How many lawsuits against large companies can one person afford?

by djeastm

4/19/2026 at 9:32:21 PM

This has been an ineffective plan for guaranteeing the rights of the citizen in this country.

A new default is needed.

by DANmode

4/19/2026 at 5:58:54 PM

Interesting that people immediately think of workarounds instead of rejecting the governments and corporations behind the thing. Year by year Overton Window moves, workarounds become more and more involved and eventually people will give up and become just living datapoints on corporate/government dashboard.

by varispeed

4/19/2026 at 6:16:15 PM

Rejecting the government is insurrection, it's the same as becoming a terrorist.

by matheusmoreira

4/19/2026 at 8:02:00 PM

You are called terrorist only until you win then you are a freedom fighter.

You even may be called freedom fighter from the start if you are trying to displace government in the right country. There are plenty of examples.

by d0mine

4/19/2026 at 10:17:45 PM

I realize that. I'm just saying that "reject the government" is a radical choice. It's not something the average first world citizen is going to think about. US government has been eroding the freedom of americans for nearly a century now. American citizens have a bigger arsenal than many actual countries out there. And what do they do with all of those weapons? Literally nothing.

Only those who are willing to die have the power to truly change the world. Those who don't want to die are dominated by those who do. The average citizen of a civilized society has a lot to lose. They don't want to die over nothing. They want to get even richer and enjoy an even better life. It's the people who have nothing to lose and everything to gain who are radicalized.

by matheusmoreira

4/19/2026 at 6:33:17 PM

A terrorist works with terror (fear).

Also at least in democracies you can reject the government without physical violence.

by steve1977

4/19/2026 at 7:29:50 PM

> A terrorist works with terror (fear).

Extreme, yet I can't deny its effectiveness. How do you radicalize a decadent, apathetic population? People who literally do not give a shit about important issues because they have too much to lose, because they'd have to give up their comfortable lifestyles? Terrorists attack them directly, breaking the illusion that their almighty governments can protect them. They gave up all those freedoms, paid all those taxes, sacrificed their principles, all in the name of security... Only to discover they aren't safe at all. Quite ironic, really. No wonder governments worldwide are willing to pull out all the stops against terrorists.

> Also at least in democracies you can reject the government without physical violence.

Doubt. To me it seems democracies exist just to give people the illusion of choice, not to give them any real power. The reality is people are manipulated by the mass media, their very wants and desires are shaped by it. Censorship is growing world wide, even in "democratic" governments, because they want to reserve the right to shape the population's collective mind. And when even that fails, it turns out every politician answers to the corporations anyway. They literally buy laws via lobbyists. If by some miracle some law gets passed to benefit people at the expense of corporations, the lobbyists swoop in and neuter it with hidden loopholes and fine print.

by matheusmoreira

4/19/2026 at 8:23:59 PM

> in democracies you can reject the government

No, you cannot. You can reject the current party, but the government is much more than that. In the US, for example, the government is a set of institutions that were put in power in the American revolution. If you try to reject this your own life is at risk.

by coliveira

4/19/2026 at 10:01:08 PM

I would argue that many people do “reject” the government, but they do so by abstaining from the political process. This is why participation is low. It’s not a direct threat to the government so the government doesn’t do anything.

The U.S. government is confident enough in their appearance of legitimacy that they allow pretty broad liberty to criticize it. This is in contrast to other governments like China or Russia or even Singapore which are much less secure about their legitimacy.

by janalsncm

4/20/2026 at 5:31:33 AM

Maybe the US is not a real democracy then?

by steve1977

4/19/2026 at 8:04:49 PM

Learn about the origin of word terrorism (hint: it was term for rogue government acting against its peoples)

by varispeed

4/19/2026 at 6:12:33 PM

Very timely. I literally ran a Claude prompt "compare and contrast Notion vs Obsidian" and flipped over to HN while it was thinking, and this comes up. Thanks HN!

by linsomniac

4/19/2026 at 6:14:27 PM

For a personal knowledge base? I would stay far away from anything proprietary for personal notes. I love logseq though I'm increasingly worried it's abandonware

by freedomben

4/19/2026 at 7:14:05 PM

Logseq was captured by VC a long time ago. They switched from open files to a database, their synching product is closed source (not selfhostable), and they have built-in telemetry.

by zaggle

4/19/2026 at 9:46:20 PM

I don't think I've updated my Logseq since 2022. As far as that is concerned, it's Markdown files that I can sync with an open-source tool like Syncthing-Fork.

by rchaud

4/19/2026 at 6:19:28 PM

Obsidian is at least storing in markdown. Although some plugins probably add additional formatting that isn't standard.

by Saris

4/19/2026 at 6:21:38 PM

My use case isn't likely to be a personal knowledge base, I've just never had any traction on that sort of thing beyond a blog/microblog. I'm wanting to use something specifically for organizing the building of a shop/ADU: todo lists, pinterest-like inspiration boards, costing spreadsheets...

by linsomniac

4/19/2026 at 9:50:06 PM

https://anytype.io/ is the open-source CC of Notion AFAIK.

by amaccuish

4/20/2026 at 1:04:56 AM

Anytype is a well-made product, but its data format is somewhat opaque and like Notion suffers from significant complexity. I switched to Obsidian last year, which while proprietary at least gives me the option to move my data somewhere else if I should need to. Anytype doesn't make it easy to get your data off its platform.

by hresvelgr

4/19/2026 at 6:58:10 PM

You don't lose anything from the proprietary nature of Obsidian because it's just markdown files all the way down.

by vovavili

4/19/2026 at 7:37:14 PM

Yeah to clarify, I mean Notion was proprietary. Obsidian I would call borderline because as you mentioned, the markdown file storage format.

by freedomben

4/19/2026 at 9:19:24 PM

For the sake of staying a computer nerd I decided to put all my notes in a private GitHub repo with help of a local 5b Gemma4 LLM. Is working extremely well. It doesn't matter in what format i type. I Use opencode for entering new notes.

by holoduke

4/19/2026 at 7:31:09 PM

Logseq isn't abandonware - they're in the process of rebuilding the app from the ground up to be database-driven, rather than house-brand Markdown as the source of truth and a database constructed from the files afterwards.

I'm not saying it's the most likely project to survive, but they've been working in quiet mode for a good while now.

by soundnote

4/20/2026 at 12:25:31 AM

Thanks for the pointers everyone, there were quite a few that weren't on my radar. My use-case isn't a "personal knowledge graph", I'm building an ADU and so I'm looking for a lot of components: todo lists, inspiration boards, costing/spreadsheets, ordering lists, documents.

Notion looks to be pretty capable in that regard, so the knowledge graph options really fell short (Logseq, Obsidian, Joplin, Trilium, Craft). They are likely good if your use case is in their lane.

Anynote looks like a good option, except it doesn't have a web client, just the Android/iOS (and MacOS I guess?).

Milanote sounds like a possible option if my use were more inspiration-board heavy.

I'll probably give Anynote a try, but Notion really does seem to be a compelling product if it weren't for the jackassery that lead to this thread to begin with.

by linsomniac

4/20/2026 at 1:47:00 AM

I wrote a more detailed comparison of Notion vs Obsidian here: https://bryanhogan.com/blog/notion-obsidian-comparison

I kinda dislike where Notion is heading though, forcing more and more things on their users without any ways to disable them. But yes, it's capable to do what you are looking for.

Maybe Affine could also work though, you can self-host it and it's more customizable: https://affine.pro/

by bryanhogan

4/19/2026 at 7:00:04 PM

I self host https://www.getoutline.com/ instead, they might not have the latest AI features but it has everything I could ask for from a Notion alternative.

by supriyo-biswas

4/19/2026 at 6:50:07 PM

I switched from Obsidian to Joplin years ago. Its completely FOSS and can sync with your private Nextcloud instance.

by weberer

4/19/2026 at 7:15:28 PM

But all the Joplin data is not in Markdown files sadly.

by zaggle

4/19/2026 at 8:54:40 PM

Consider Trilium if the collaboration stuff people use Notion for isn't important. It's open source, uses SQLite, and does automatic daily and weekly backups.

https://triliumnotes.org/

by Kye

4/19/2026 at 4:22:32 PM

Big companys need to start caring more security and privacy of its users and employees

by DropDead

4/19/2026 at 6:35:24 PM

Maybe the board and shareholders of big companies need to be held accountable financially instead of being able to hide behind legal constructs.

by steve1977

4/19/2026 at 10:23:09 PM

That system has been invented already. It’s called civil law.

by hluska

4/20/2026 at 6:57:28 AM

Considering the current president, it's going great! /s

by ramon156

4/19/2026 at 4:30:33 PM

I think we’ll start seeing consulting agencies advertise how many vulnerabilities that can resolve per million token, and engineering teams feeling pressure to merge this generated code.

We’ll also see more token heavy services like dependabot, sonar cube, etc that specialize in providing security related PR Reviews and codebase audits.

This is one of the spaces where a small team could build something that quickly pulls great ARR numbers.

by bitmasher9

4/19/2026 at 4:39:48 PM

The same vertical-specialist logic applies in legal tech. Law firms are drowning in contract review — NDA, MSAs, leases — and generic AI gives them vague answers with no accountability. The teams winning there aren't building 'AI for lawyers', they're building AI that cites every answer to a specific clause and pins professional liability to the output. That's a very different product than a chatbot.

by contractlens_hn

4/19/2026 at 5:33:55 PM

What is needed there are custom harnesses that don’t let the LLM decide what to do when. Use their power of pattern matching on data, not on decision transcriptions.

by dgb23

4/19/2026 at 4:56:25 PM

Does SonarCube use LLMs these days? It always seemed like a bloated, Goodhart's law inviting, waste of time, so hearing that doesn't surprise me at all.

by delecti

4/19/2026 at 6:12:30 PM

People need to start voting in politicians who will meaningfully punish corporations who don't.

by phyzome

4/19/2026 at 7:04:59 PM

More importantly people need to start voting out politicians who refuse to. It's easy to elect people because of things they promise, but its what they actually do that matters.

by autoexec

4/19/2026 at 8:14:34 PM

So not sure where you are from, but over here both main parties and almost all press and TV would viciously push back (and actually are trying to do it right now with another party).

The reason for it is very simple: big companies bribe politicians and.... buy ads in media.

by subscribed

4/19/2026 at 10:27:25 PM

Companies will only care if they have a reason to. People need to start caring about their privacy and security and be willing to change product if they have to. We can blame companies and insist they start caring, but this makes no difference to them, people complain for a while and then they move on and the earnings remain unchanged.

by resident423

4/19/2026 at 4:53:41 PM

Nah. They care about profits only, the sooner the better, so everyone can cash out and move to their next “venture”

by fnoef

4/19/2026 at 5:04:10 PM

I don’t think ”caring about profits” applies to any company 2026?

by estetlinus

4/19/2026 at 4:31:55 PM

The problem is that they don't "need" to. There's no consequences for not caring, and no incentive to care.

We need laws and a competent government to force these companies to care by levying significant fines or jail time for executives depending on severity. Not fines like 0.00002 cents per exposed customers, existential fines like 1% of annual revinue for each exposed customer. If you fuck up bad enough, your company burns to the ground and your CEO goes to jail type consequences.

by estimator7292

4/19/2026 at 4:42:25 PM

This kind of response went out of fashion after Enron. Burning an entire company to the ground (in that case Arthur Andersen) and putting thousands out of work because of the misdeeds of a few - even if they were due to companywide culture problems - turned out to be disproportionate, wasteful, and cruel.

by rafram

4/19/2026 at 5:07:34 PM

the answer to that is a functional social safety net for the innocent employees to land in, not allowing companies to violate the law with impunity.

by knome

4/19/2026 at 10:28:13 PM

First off, adults use capital letters. I know it’s hard but it’s a basic part of our language. I would respect you and your arguments more if you used them. Second, your idea is as naive as your writing is poor. The issue with AA was that accounting doesn’t provide a lot of bounce and recover space for people whose firms go belly up in the way that AA did. A social safety net has precisely zero to do with the loss of a lot of dreams.

If you read more you’d know that (and you would use capitals).

by hluska

4/20/2026 at 3:37:00 AM

and I might respect your opinions if they weren't couched in vapid complaints over the formatting of casual online intercourse. nobody with an argument of substance starts off with a complaint on the casing of someone's statement.

if true, your claim of the inability of the financial worker sector to absorb masses of workers dumped from a company going under due to fraud committed by the company sounds like exactly something that a social safety net would assist with, giving the workers a larger space to safely transition from one position to another.

an emotional appeal to insist on allowing a company engaged in criminal acts to persist because it might have a negative impact on those working for it isn't logical. if the company valued its employees, it shouldn't have engaged in fraud and been folded under as it deserved.

by knome

4/19/2026 at 5:15:40 PM

You’re describing a system where taxpayers foot the bill for data breaches.

by rafram

4/19/2026 at 5:23:49 PM

That's exactly backwards. In the current regime, it's precisely the billions of people who are affected by data breaches (and who happen to be taxpayers!) who are footing the bill.

by wry_durian

4/19/2026 at 5:31:07 PM

Not at all. Make the guilty corporation pay for all of it.

by matheusmoreira

4/19/2026 at 6:16:22 PM

We already are in a system where we foot most of the consequences.

by folkrav

4/19/2026 at 5:26:56 PM

This. Severe harsh consequences are the best way to prevent crime.

If we also make the penalty for every crime the death penalty we'll have no more crime. Very simple solution no one has thought of.

by drstewart

4/19/2026 at 4:48:35 PM

If the government wants me to take copyright and IP laws seriously, then they need to take my personal information seriously too.

by amelius

4/20/2026 at 9:39:16 AM

Yes, it makes sense as both are about the value we give to information.

by amelius

4/19/2026 at 10:25:44 PM

This is genuinely the stupidest thing I have read today. I get that anti-capitalism is cool now but this is fucking insane. You want to incarcerate someone for exposing email addresses on a public service? Absolute madness.

by hluska

4/19/2026 at 7:30:07 PM

And on that day, Satan will be skating to work.

by ksidosjcosjcisj

4/19/2026 at 10:28:55 PM

Did you really start an account to post this shit?

by hluska

4/20/2026 at 9:01:44 AM

I reported this and several other issues with public pages almost six years ago. Some of them were fixed after many years - but they're very slow to handle it. I never received any bug bounty or anything.

Here's a Reddit post just as confirmation: https://www.reddit.com/r/Notion/comments/hqyxid/possible_sec.... I also reported it privately two months prior, of course.

by O4epegb

4/19/2026 at 8:36:02 PM

I love Notion and use it extremely heavily. I've also built a few integrations with Notion. I think it's a great app that uses AI very well, and they continue improving. Hopefully they fix this though! Also, their API has recently been upgraded quite a bit and now supports database views as a first class object. I have a few other small requests regarding their public API.

by jdgiese

4/19/2026 at 4:35:41 PM

I've been toying around an architecture that sets things up such that the data for each user is actually stored with each user and only materialized on demand, such that many data leaks would yield little since the server doesn't actually store most of the user data. I mention this since this sorts of leaks are inevitable as long as people are fallible. I feel the correct solution is to not store user data to begin with.

some problems I've identified:

1. suppose you have x users and y groups, of which require some subset of x. joining the data on demand can become expensive, O(x*y).

2. the main usefulness of such an architecture is if the data itself is stored with the user, but as group sizes y increase, a single user's data being offline makes aggregate usecases more difficult. this would lend itself to replicating the data server side, but that would defeat the purpose

3. assuming the previous two are solved, which is very difficult to say the least, how do you secure the data for the user such that someone who knows about this architecture can't just go to the clients and trivially scrape all of the data (per user)?

4. how do you allow for these features without allowing people to modify their data in ways you don't want to allow? encryption?

a concrete example of this would be if HN had it so that each user had a sqlite database that stored all of the posts made per user. then, HN server would actually go and fetch the data for each of the posters to then show the regular page. presumably here if a data of a given user is inaccessible then their data would be omitted.

by amazingamazing

4/20/2026 at 8:45:11 AM

Disclosure: I work at Anytype. This is the architectural bet we took, so I'll answer your four problems directly.

Premise: treat it as certain that the server will eventually be compromised, subpoenaed, or misconfigured. So the server must hold nothing that can be decrypted or linked to a specific user's content. Users hold their own encryption keys, the server stores ciphertext, and there is no UUID→identity mapping at the sync layer. Sync runs over any-sync, which is peer-to-peer-capable; intermediate nodes see ciphertext.

On your four problems:

1. O(x*y) joins - pushed to the client, because the server can't decrypt enough to do them.

2. Offline members - eventual-consistency sync and CRDT.

3. Client-side theft - if an attacker has the user's keys, they have the data. Intentional: no server-side gate to break means no server-side gate to exfiltrate at scale. We're considering optional 2FA at the infrastructure layer as an additional barrier to data retrieval.

4. Unwanted modifications - content is signed with user keys and validated on read.

Real cost is on the product side: no server-side AI over your notes, no server-side full-text search, slower cold-start, and harder to build product analytics (no access to user data). Granular ACLs are also harder — permissions are enforced by key possession, so revoking access often requires key rotation rather than a permission-flag change.

But the exact bug this post is about (a server endpoint that maps a public UUID to an email) is structurally impossible in this model, because there's no such mapping on our servers to misuse.

any-sync and our data format (any-block) are MIT, if you want to poke at how it works: https://github.com/anyproto

by requilence

4/19/2026 at 4:43:55 PM

I’ve always liked this idea but I think it eventually ends back up with essentially our current system. Users have multiple devices so you quickly get to needing a sync service. Once that gets complex enough, then people will outsource to a third party and then we are back to a FB/Google/Apple sign in and data mgmt world.

by yellow_postit

4/19/2026 at 4:59:49 PM

The tweet is only a few words, you really need an LLM to write that for you???

by VladVladikoff

4/20/2026 at 4:05:52 AM

I really dislike Notion. Its public API is full of bizarre arbitrary limitations, like a rich text database field can only contain max 100 “child blocks”, where each change in formatting consumes one child block-but its web UI doesn’t have this issue. Yes, I realise the undocumented private API that the web UI uses doesn’t have this issue either-but I shouldn’t have to, and I haven’t.

I don’t love Confluence, but at least it doesn’t do this to me.

by skissane

4/19/2026 at 5:42:07 PM

Notion’s macOS app is some of the worst software I’ve ever used. If there is a platform design idiom, they likely break it without a second thought.

by georgespencer

4/19/2026 at 6:49:40 PM

It loves to hog disk space for some reason. An hour after installing, service workers are using 7gb. I have very few files uploaded so I don’t know what it’s caching.

by uxjw

4/19/2026 at 7:32:27 PM

Webwrapper apps should die a quick painful death and those involved in deciding that a given app should be a webwrapper should stub their toes on furniture corners every 30 minutes of their lives.

These apps are a disease and no one should be using services that offer them.

by ksidosjcosjcisj

4/19/2026 at 9:36:38 PM

It's Electron. The lowest common denominator.

by rvz

4/19/2026 at 5:47:01 PM

Well thats because it isn't really a macOS app. its just the web app.

by breakfastduck

4/19/2026 at 6:41:48 PM

Are security vulnerabilities good marketing?

by e-dant

4/19/2026 at 5:12:12 PM

Any self hosted solution?

by hohithere

4/20/2026 at 1:52:15 AM

I'd say Affine or Obsidian.

Obsidian is built on-top of just markdown files, so you can do whatever you want with them. E.g. if you need multiplayer editing you could use 3rd party solutions or even something like HedgeDoc.

Affine is more closer to Notion and self-hostable.

Obsidian: https://obsidian.md/

Affine: https://affine.pro/

by bryanhogan

4/19/2026 at 6:46:05 PM

I’m building Docmost, a self-hosted alternative to Notion and Confluence.

It’s open-source, easy to self-host and feature-packed.

GitHub: https://github.com/docmost/docmost.

by Pi9h

4/20/2026 at 1:56:44 AM

I'm not sure DocMost is a Notion alternative, it's just a note-taking tool without many of the features that give Notion its unique position.

I'm always disappointed by note-taking tools calling themselves a Notion alternative when they do not provide an alternative to Notion and are instead just another note-taking tool with a simple UI.

If you want to be a Notion alternative provide the things that make Notion great, e.g. the database functionality. It's okay to be a simple colaborative notes tool, but that is not a Notion alternative.

by bryanhogan

4/20/2026 at 2:42:21 AM

Perhaps try it first before dismissing it as just a “note-taking tool,” which it isn’t.

We have support for team-spaces, permissions, diagrams, real-time collaboration, comments, page verification workflows, AI, SSO/LDAP, search, audit logs, API, public sharing, and a lot more.

Btw, we have plans to introduce a database-like feature.

by Pi9h

4/20/2026 at 7:52:19 AM

Confluence and Notion are not equivalent products. Docmost looks to be similar to Confluence - a full fat wiki, but the whole point of Notion was its database-like features.

by tweetle_beetle

4/19/2026 at 8:17:21 PM

Anytype

by Throwaway838333

4/19/2026 at 5:58:59 PM

Isn't this very typical? Also, what is the proposal?

by staticassertion

4/19/2026 at 9:34:39 PM

Why people choose these services and have zero care about security is beyond me.

Tells me everything I need to know about this industry. No regard or seriousness to security at all.

by rvz

4/19/2026 at 7:47:29 PM

Transparency is a good thing?

by colesantiago

4/19/2026 at 7:54:14 PM

[dead]

by Grappelli

4/19/2026 at 8:27:44 PM

[dead]

by ibrahimhossain

4/20/2026 at 4:05:42 AM

[dead]

by qotgalaxy

4/19/2026 at 5:46:32 PM

[dead]

by SadErn