undefined

points

[-]

> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

Ignoring the “the bug was raised four years ago” part and assuming you just mean it isn't as easy as that and might break other things: what other things could resolving this potentially break? If the issue is that the PII needs to be present for private/authenticated views, would not making it unavailable everywhere including there, and fixing that later, be the better option over leaving the PII present for public views for a second longer?

by danpalmer25 minutes ago|

prev|

[-]

What are you doing to address the process/structural issues that allowed such a privacy issue to get to production?

What are you doing to address the support issues that allowed such a privacy issue to remain after being reported?

What are you doing to address the issues with the company's prioritisation framework that allowed such a privacy issue to remain for 4 years?

Which authorities are you reporting the privacy issue to in line with local requirements?

by aucisson_masque4 hours ago|

prev|

[-]

> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

4 years.

by wferrell5 hours ago|

prev|

[-]

Can you share the warning? I made a public page and would say it was not clear to me this was a consequence of doing that. The warning as I remember it (a month ago) makes it sound like the information on this page is going to be public -- not - oh yeah the email addresses of everyone who edited this page will also be leaked.

by mschoening5 hours ago|

parent|

[-]

When you start contributing to a page you see this:

https://cleanshot.com/share/trYdqYFZ

This is pretty meh. We will deploy more explicit messaging while we mitigate this properly.

by janalsncm4 hours ago|

parent|

[-]

The warning is too vague. “May become visible” kind of sounds like Notion doesn’t know whether they will become visible or not.

by halJordan2 hours ago|

parent|

[-]

It's definitely weasel wording. And moreover, it's honestly tiring to constantly have these weasel words carrying such weight, and then jackasses getting bent out of shape that they aren't given the benefit of the doubt anymore.

by nashashmi3 hours ago|

parent|

prev|

[-]

Please also especially clarify that IDs of contributors will be public. Meh is good, but this was a bit too simple.

There is a way to mitigate this. Re-hash and cache the page to be meta-less for public URLs. I guess that requires a huge amount of coding for a team that has not built the product from the ground up. But I feel like a "copy and paste" could fix that (remove author data).

by cm115 hours ago|

prev|

[-]

I will speculate that Notion has had more than one minute to fix it.

by andrelaszlo4 hours ago|

prev|

[-]

While you're here, why is Notion so slow on Firefox? I mean extremely slow.

by ktallett6 hours ago|

prev|

[-]

Considering it was reported in 2022, and it is obviously an error, I don't think it is unfair for people here to have expected it to be fixed by now since it was first reported.

by mschoening6 hours ago|

parent|

[-]

I agree. We will do better.

by _kl3 hours ago|

parent|

[-]

Can you please share an update when you can? will this be prioritised and fixed or not.

by hluska4 hours ago|

prev|

[-]

This flaw was reported four years ago. Forgive me if I don’t believe a word of what you’re saying.

by markdown45 minutes ago|

prev|

[-]

> P.S: Some folks here have speculated that this should be a 1 minute fix. Unfortunately that is not the case. :(

Nonsense! It is a 1 minute fix. You just don't want to take a $ hit from inconveniencing users by breaking another part of your app.

Pull your thumb out and do the right thing. Implement the 1 minute fix, and then spend the rest of the week or month fixing the other parts of your app that might break as a result of fixing this.