Notion Is Unusable and Unsafe

I am a sucker for new note-taking and productivity applications, so a couple of years ago, I started using Notion. I still keep logging into it for a very specific purpose, but in general, Notion is largely unusable.

This anonymous post outlining Notion’s usability experience “disaster” does a good job of cataloging all of the ways that Notion is largely unusable. If you read any Notion community groups for any length of time, it quickly becomes clear that Notion is the tool of choice for the sorts of folks who enjoy tinkering around with their productivity systems rather than actually getting things done.

As if the user interface isn’t horrific enough, it has become apparent over the past couple of years that the developer’s behind Notion either a) don’t care or b) don’t know how to make their application secure.

As this Reddit post points out, simply inviting a guest to edit a page grants that guest a large amount of private information that they do not and should not have access to. Stuff like this crops up all the time. It is clear there are almost no privacy or security protections built into Notion.

I still use Notion, but largely because I’ve built an extensive inventory of my action figure collection within Notion. That’s the only sort of data I would trust to Notion as it is today.

Local Gravatars Plugin for WordPress

Local Gravatars is a WordPress plugin designed to minimize potential privacy issues around Automattic’s Gravatar service.

The plugin will get your users gravatars and host them locally on your website.

Your visitors will get the gravatars directly from your website instead of the gravatar CDN, therefore increasing privacy and performance.

To avoid cluttering the filesystem and to allow refreshing gravatars, the files get flushed on a weekly basis (interval can be modified using a filter).

To avoid performance issues server-side, the download process for gravatars is limited to a maximum of 5 seconds (value can be modified using a filter).

In an interview at WP Tavern, the plugin’s author, Ari Stathopoulos, outlined the sort of risk he’s trying to reduce with the plugin,

“And when I visit a site that uses Gravatar, some information is exposed to the site that serves them — including my IP,” said Stathopoulos. “Even if it’s just for analytics purposes, I don’t think the company should know that page A on site B got 1,000 visitors today with these IPs from these countries. There is absolutely no reason why any company not related to the page I’m actually visiting should have any kind of information about my visit.”

The Local Gravatars plugin must still connect to the Gravatar service. However, the connection is made on the server rather than the client. Stathopoulos explained that the only information exposed in this case is the server’s IP and nothing from the client, which eliminates any potential privacy concerns.

No, Do Not Use Unroll.Me

It was kind of odd seeing (or hearing) security podcast Security In Five recommend Unroll.Me, which is a service that helps users easily unsubscribe from subscription-based emails.

It’s a great idea, but Unroll.Me’s business model is essentially selling data about its users.

For years they did this and lied about it, claiming that they didn’t sell such data. In late 2019, they reached a settlement with the US Federal Trade Commission.

The FTC alleged that Unrollme Inc., which helps users unsubscribe from unwanted emails or consolidate their email subscriptions, falsely told consumers that it would not “touch” their personal emails in order to persuade consumers to provide access to their email accounts.

In fact, Unrollme shared users’ email receipts from completed transactions with Unrollme’s parent company, Slice Technologies, Inc. E-receipts can include, among other things, the user’s name, billing and shipping addresses, and information about products or services purchased by the consumer. Slice uses anonymous purchase information from Unrollme users’ e-receipts in the market research analytics products it sells.

As part of the settlement with the Commission, Unrollme is prohibited from misrepresenting the extent to which it collects, uses, stores, or shares information from consumers. It must also notify those consumers who signed up for Unrollme after viewing one of the allegedly deceptive statements about how it collects and shares information from e-receipts. The order also requires Unrollme to delete, from both its own systems and Slice’s systems, stored e-receipts previously collected from those consumers, unless it obtains their affirmative, express consent to maintain the e-receipts.

So today, Unroll.Me is upfront about its data usage, but the way it collects and uses data is concerning. According to its How We Use Your Data page (you know, the one the FTC had to force them create),

Unroll.Me is owned by Rakuten Intelligence, an e-commerce measurement business that provides companies with insights into industry trends, corporate performance, and the competitive landscape. Unless otherwise restricted by your email provider, when you sign up for Unroll.Me, we share your transactional emails with Rakuten Intelligence, who helps us de-identify and combine your information with that of millions of users, including Rakuten Intelligence’s shopping panel.

Honestly, I get why a lot of people would blow that off and figure “who cares”, but I am surprised that someone in computer security would given a company like this access to their data.

Nitter

Nitter is “a free and open-source alternative Twitter front-end focused on privacy.” It is Twitter without JavaScript, user tracking, and ads.

For privacy-minded folks, preventing JavaScript analytics and potential IP-based tracking is important, but apart from using the legacy mobile version and a VPN, it’s impossible. This is is especially relevant now that Twitter removed the ability for users to control whether their data gets sent to advertisers.

Along with the public web-based version linked to above, there is a GitHub repository with the code so that the entire front-end can be self-hosted.

Privacy.Net Analyzer

Privacy.Net Analyzer is one of many tools on the web that will inform you of what information your browser is leaking to websites. It is one of the cleanest and best looking of these tools that I’ve seen, however.

It will attempt to determine information about the computer you are using, potentially vulnerable autofill settings, other websites your browser is logged into, and a fingerprint analysis.

One of the things I was happy to see was how little information the site was able to determine about my browser, thanks to actions I’ve taken to limit that.

LeakyPick: IoT Audio Spy Detector

Researchers concerned about IoT devices surreptitiously transmitting audio recordings back to their manufacturer put together a Raspberry Pi-based proof-of-concept (1mb PDF) to detect such transmissions.

Manufacturers of smart home Internet of Things (IoT) devices are increasingly adding voice assistant and audio monitoring features to a wide range of devices including smart speakers, televisions, thermostats, security systems, and doorbells. Consequently, many of these devices are equipped with microphones, raising significant privacy concerns: users may not always be aware of when audio recordings are sent to the cloud, or who may gain access to the recordings. In this paper, we present the LeakyPick architecture that enables the detection of the smart home devices that stream recorded audio to the Internet without the user’s consent. Our proof-of-concept is a LeakyPick device that is placed in a user’s smart home and periodically “probes” other devices in its environment and monitors the subsequent network traffic for statistical patterns that indicate audio transmission. Our prototype is built on a Raspberry Pi for less than USD $40 and has a measurement accuracy of 94% in detecting audio transmissions for a collection of 8 devices with voice assistant capabilities. Furthermore, we used LeakyPick to identify 89 words that an Amazon Echo Dot misinterprets as its wake-word, resulting in unexpected audio transmission. LeakyPick provides a cost effective approach for regular consumers to monitor their homes for unexpected audio transmissions to the cloud.