Notion leaks email addresses of all editors of any public page (twitter.com)
311 points by Tiberium 9 hours ago
Tiberium 7 hours ago
Apparently this is officially documented at https://www.notion.com/help/public-pages-and-web-publishing#... buried in a note:
> When you publish a Notion page to the web, the webpage’s metadata may include the names, profile photos, and email addresses associated with any Notion users that have contributed to the page.
EMM_386 7 hours ago
That's just ... absurd.
The flaw itself is absurd but then just accepting it as "by design" makes it even worse.
chinathrow 6 hours ago
It's also trivially easy to fix. 1 min delete and deploy.
varenc 5 hours ago
chinathrow 7 hours ago
This is, as a notion user with public pages, beyond stupid.
ArchieScrivener 4 hours ago
Don't attribute to stupidity what can be explained by malice.
mikae1 6 hours ago
Some CMSs do this in their RSS feeds as well. Can't recall which ones, but seen it.
mschoening 4 hours ago
Hi, this is Max from Notion.
First: This is documented and we also warn users when they publish a page. But, that’s not good enough!
Second: We don’t like this and are looking at ways to fix this either by removing the PII from the public endpoints or by replacing it with an email proxy similar to GitHub’s equivalent functionality for public commits.
P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(
aucisson_masque 3 hours ago
> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(
4 years.
wferrell 4 hours ago
Can you share the warning? I made a public page and would say it was not clear to me this was a consequence of doing that. The warning as I remember it (a month ago) makes it sound like the information on this page is going to be public -- not - oh yeah the email addresses of everyone who edited this page will also be leaked.
mschoening 3 hours ago
When you start contributing to a page you see this:
https://cleanshot.com/share/trYdqYFZ
This is pretty meh. We will deploy more explicit messaging while we mitigate this properly.
janalsncm 3 hours ago
nashashmi an hour ago
cm11 3 hours ago
I will speculate that Notion has had more than one minute to fix it.
andrelaszlo 2 hours ago
While you're here, why is Notion so slow on Firefox? I mean extremely slow.
ktallett 4 hours ago
Considering it was reported in 2022, and it is obviously an error, I don't think it is unfair for people here to have expected it to be fixed by now since it was first reported.
mschoening 4 hours ago
I agree. We will do better.
_kl an hour ago
hluska 2 hours ago
This flaw was reported four years ago. Forgive me if I don’t believe a word of what you’re saying.
lioeters 6 hours ago
Recently I checked back on Notion after a year or so of not seeing it. I was going to recommend it to someone as an example of hypertext, but I see now it calls itself an "AI workplace that works for you" and "Your AI everything app". This company means nothing now, seriously what happened.
cm11 2 hours ago
I haven't used Notion the last couple of years either, but there was a multi-year period where someone at each of the companies I was at would champion it, convince someone high enough to transition the team to it, and it would slow the team down so much. There was a joke at one point amongst coworkers that it might not be bad subterfuge to get someone hired at a rival in order to introduce Notion there.
Anyways, I think Notion has a learning curve that is a little longer than one expects. I can believe that with some dedicated learning time I could be turned into a believer. But I also distinctly had the impression that it was one of those things where it saved a ton of time for a few narrow-visioned people (the people who championed it), but added meaningful time to everyone else's. Those people were largely project managers or operations folks, and transitively the leaders they reported to. It heavily threw the switch towards "legibility" over reality.
It's like when someone new to a messy project, creates a spreadsheet, and says, "Let not overthink this, everybody just fill in your project details in your row". If your work, which you are the expert on, doesn't fit nicely into the person's columns, it's not easy for you to fill out. Meanwhile, the person who created the spreadsheet, gets what looks like a neat and orderly answer to everything. All the messy things—which are or at least have in them the correct status of the thing—will be masked under a clean and simple, but rather incorrect, thing. That spreadsheet will also travel far specifically because it's neat and therefore portable. There aren't a bunch of "it depends" in it.
thatxliner 6 hours ago
They’ve basically positioned themselves as a workplace app for years now. A fully integrated project management and documentation really is just asking for AI to be part of it
homeonthemtn 5 hours ago
I think it does all of this really well... Especially as someone coming from the dystopia of permissions management that is Atlassian, I really like notion.
ksidosjcosjcisj 5 hours ago
What do you mean “now”?
It never meant anything. Motion has always tried to be everything, do everything and work for absolutely everyone and that has always meant it was just a jumbled mess of pure waste of computing cycles. Notion has always been a disgrace of an app and a service—shoving AI into it is just the natural next step for a “whatever” company such as this.
argee 6 hours ago
> I was going to recommend it to someone as an example of hypertext
What does this mean?
gbgarbeb 6 hours ago
Demonstrating what hypertext is capable of.
lioeters 5 hours ago
skydhash 6 hours ago
Maybe I'm a computer nerd. But I know Unix and I'm so happy that I can avoid such software in my daily life.
RomanPushkin 7 hours ago
It has been an issue for at least 5 years. I remember one dude from HN deanonymized me around 5 years ago by looking at my notion page.
matheusmoreira 7 hours ago
Looks like we're gonna have to go full CIA mode and shift into maximum OPSEC if we want any semblance of privacy. Gotta compartmentalize everything...
sph 6 hours ago
Good luck with that. Companies simply don't want to invest in security. It's simply cheaper to write a post-mortem and apology blog post after the fact.
The sad thing is that people are used by now that anything they enter on a website is sooner or later going to be leaked, if not sold as if often happens with email addresses.
themafia 6 hours ago
varispeed 6 hours ago
Interesting that people immediately think of workarounds instead of rejecting the governments and corporations behind the thing. Year by year Overton Window moves, workarounds become more and more involved and eventually people will give up and become just living datapoints on corporate/government dashboard.
matheusmoreira 6 hours ago
linsomniac 6 hours ago
Very timely. I literally ran a Claude prompt "compare and contrast Notion vs Obsidian" and flipped over to HN while it was thinking, and this comes up. Thanks HN!
freedomben 6 hours ago
For a personal knowledge base? I would stay far away from anything proprietary for personal notes. I love logseq though I'm increasingly worried it's abandonware
zaggle 5 hours ago
Logseq was captured by VC a long time ago. They switched from open files to a database, their synching product is closed source (not selfhostable), and they have built-in telemetry.
rchaud 3 hours ago
Saris 6 hours ago
Obsidian is at least storing in markdown. Although some plugins probably add additional formatting that isn't standard.
linsomniac 6 hours ago
My use case isn't likely to be a personal knowledge base, I've just never had any traction on that sort of thing beyond a blog/microblog. I'm wanting to use something specifically for organizing the building of a shop/ADU: todo lists, pinterest-like inspiration boards, costing spreadsheets...
vovavili 5 hours ago
You don't lose anything from the proprietary nature of Obsidian because it's just markdown files all the way down.
freedomben 5 hours ago
holoduke 3 hours ago
For the sake of staying a computer nerd I decided to put all my notes in a private GitHub repo with help of a local 5b Gemma4 LLM. Is working extremely well. It doesn't matter in what format i type. I Use opencode for entering new notes.
soundnote 5 hours ago
Logseq isn't abandonware - they're in the process of rebuilding the app from the ground up to be database-driven, rather than house-brand Markdown as the source of truth and a database constructed from the files afterwards.
I'm not saying it's the most likely project to survive, but they've been working in quiet mode for a good while now.
kirubakaran 5 hours ago
You could try https://hyperclast.com/ (my project). Here's the comparison vs Notion, Obsidian etc https://hyperclast.com/vs/
supriyo-biswas 5 hours ago
I self host https://www.getoutline.com/ instead, they might not have the latest AI features but it has everything I could ask for from a Notion alternative.
weberer 6 hours ago
I switched from Obsidian to Joplin years ago. Its completely FOSS and can sync with your private Nextcloud instance.
zaggle 5 hours ago
But all the Joplin data is not in Markdown files sadly.
Kye 3 hours ago
Consider Trilium if the collaboration stuff people use Notion for isn't important. It's open source, uses SQLite, and does automatic daily and weekly backups.
DropDead 8 hours ago
Big companys need to start caring more security and privacy of its users and employees
steve1977 6 hours ago
Maybe the board and shareholders of big companies need to be held accountable financially instead of being able to hide behind legal constructs.
hluska 2 hours ago
That system has been invented already. It’s called civil law.
resident423 2 hours ago
Companies will only care if they have a reason to. People need to start caring about their privacy and security and be willing to change product if they have to. We can blame companies and insist they start caring, but this makes no difference to them, people complain for a while and then they move on and the earnings remain unchanged.
bitmasher9 8 hours ago
I think we’ll start seeing consulting agencies advertise how many vulnerabilities that can resolve per million token, and engineering teams feeling pressure to merge this generated code.
We’ll also see more token heavy services like dependabot, sonar cube, etc that specialize in providing security related PR Reviews and codebase audits.
This is one of the spaces where a small team could build something that quickly pulls great ARR numbers.
contractlens_hn 8 hours ago
The same vertical-specialist logic applies in legal tech. Law firms are drowning in contract review — NDA, MSAs, leases — and generic AI gives them vague answers with no accountability. The teams winning there aren't building 'AI for lawyers', they're building AI that cites every answer to a specific clause and pins professional liability to the output. That's a very different product than a chatbot.
dgb23 7 hours ago
delecti 7 hours ago
Does SonarCube use LLMs these days? It always seemed like a bloated, Goodhart's law inviting, waste of time, so hearing that doesn't surprise me at all.
phyzome 6 hours ago
People need to start voting in politicians who will meaningfully punish corporations who don't.
autoexec 5 hours ago
More importantly people need to start voting out politicians who refuse to. It's easy to elect people because of things they promise, but its what they actually do that matters.
subscribed 4 hours ago
So not sure where you are from, but over here both main parties and almost all press and TV would viciously push back (and actually are trying to do it right now with another party).
The reason for it is very simple: big companies bribe politicians and.... buy ads in media.
fnoef 8 hours ago
Nah. They care about profits only, the sooner the better, so everyone can cash out and move to their next “venture”
estetlinus 7 hours ago
I don’t think ”caring about profits” applies to any company 2026?
estimator7292 8 hours ago
The problem is that they don't "need" to. There's no consequences for not caring, and no incentive to care.
We need laws and a competent government to force these companies to care by levying significant fines or jail time for executives depending on severity. Not fines like 0.00002 cents per exposed customers, existential fines like 1% of annual revinue for each exposed customer. If you fuck up bad enough, your company burns to the ground and your CEO goes to jail type consequences.
rafram 8 hours ago
This kind of response went out of fashion after Enron. Burning an entire company to the ground (in that case Arthur Andersen) and putting thousands out of work because of the misdeeds of a few - even if they were due to companywide culture problems - turned out to be disproportionate, wasteful, and cruel.
knome 7 hours ago
drstewart 7 hours ago
This. Severe harsh consequences are the best way to prevent crime.
If we also make the penalty for every crime the death penalty we'll have no more crime. Very simple solution no one has thought of.
amelius 8 hours ago
If the government wants me to take copyright and IP laws seriously, then they need to take my personal information seriously too.
hluska 2 hours ago
This is genuinely the stupidest thing I have read today. I get that anti-capitalism is cool now but this is fucking insane. You want to incarcerate someone for exposing email addresses on a public service? Absolute madness.
ksidosjcosjcisj 5 hours ago
And on that day, Satan will be skating to work.
hluska 2 hours ago
Did you really start an account to post this shit?
amazingamazing 8 hours ago
I've been toying around an architecture that sets things up such that the data for each user is actually stored with each user and only materialized on demand, such that many data leaks would yield little since the server doesn't actually store most of the user data. I mention this since this sorts of leaks are inevitable as long as people are fallible. I feel the correct solution is to not store user data to begin with.
some problems I've identified:
1. suppose you have x users and y groups, of which require some subset of x. joining the data on demand can become expensive, O(x*y).
2. the main usefulness of such an architecture is if the data itself is stored with the user, but as group sizes y increase, a single user's data being offline makes aggregate usecases more difficult. this would lend itself to replicating the data server side, but that would defeat the purpose
3. assuming the previous two are solved, which is very difficult to say the least, how do you secure the data for the user such that someone who knows about this architecture can't just go to the clients and trivially scrape all of the data (per user)?
4. how do you allow for these features without allowing people to modify their data in ways you don't want to allow? encryption?
a concrete example of this would be if HN had it so that each user had a sqlite database that stored all of the posts made per user. then, HN server would actually go and fetch the data for each of the posters to then show the regular page. presumably here if a data of a given user is inaccessible then their data would be omitted.
yellow_postit 8 hours ago
I’ve always liked this idea but I think it eventually ends back up with essentially our current system. Users have multiple devices so you quickly get to needing a sync service. Once that gets complex enough, then people will outsource to a third party and then we are back to a FB/Google/Apple sign in and data mgmt world.
jdgiese 4 hours ago
I love Notion and use it extremely heavily. I've also built a few integrations with Notion. I think it's a great app that uses AI very well, and they continue improving. Hopefully they fix this though! Also, their API has recently been upgraded quite a bit and now supports database views as a first class object. I have a few other small requests regarding their public API.
VladVladikoff 7 hours ago
The tweet is only a few words, you really need an LLM to write that for you???
georgespencer 7 hours ago
Notion’s macOS app is some of the worst software I’ve ever used. If there is a platform design idiom, they likely break it without a second thought.
ksidosjcosjcisj 5 hours ago
Webwrapper apps should die a quick painful death and those involved in deciding that a given app should be a webwrapper should stub their toes on furniture corners every 30 minutes of their lives.
These apps are a disease and no one should be using services that offer them.
uxjw 6 hours ago
It loves to hog disk space for some reason. An hour after installing, service workers are using 7gb. I have very few files uploaded so I don’t know what it’s caching.
rvz 3 hours ago
It's Electron. The lowest common denominator.
breakfastduck 7 hours ago
Well thats because it isn't really a macOS app. its just the web app.
e-dant 6 hours ago
Are security vulnerabilities good marketing?
hohithere 7 hours ago
Any self hosted solution?
Pi9h 6 hours ago
I’m building Docmost, a self-hosted alternative to Notion and Confluence.
It’s open-source, easy to self-host and feature-packed.
GitHub: https://github.com/docmost/docmost.
Throwaway838333 4 hours ago
Anytype
rvz 3 hours ago
Why people choose these services and have zero care about security is beyond me.
Tells me everything I need to know about this industry. No regard or seriousness to security at all.
colesantiago 5 hours ago
Transparency is a good thing?
staticassertion 6 hours ago
Isn't this very typical? Also, what is the proposal?