The Notion desktop app will observe if there is a process running on your computer that is actively using your microphone, such as Zoom.
Notion does not and cannot listen to the audio coming from your microphone ambiently or snoop on the signal received by another application. This detection is done purely based on the existing of a process using your microphone, not on the audio coming from the microphone. Users can verify this because the OS-level microphone indicator will show that Notion is not listening to their microphone.
If one is detected, Notion will notify the user and try to associate it with a calendar event if you have connected your calendar. Connecting your calendar is not a requirement to receive this notification.
Users can disable this behavior via their account settings in Settings > Notifications > Desktop meeting detection notifications.
Only when the user has started a meeting note and clicked record, will Notion activate the user's microphone. We cannot do this without operating system mediated consent dialog, which is the way it should be! At this point Notion will show up as using the microphone in the OS indicators.
It is not genuine to say that Notion cannot listen in. Notion can listen in. Anytime it wants. Yes on Macs an indicator will be displayed - but not always prominently depending on what other apps/devices are being used (for example using continuity camera)
Source: I built the same listening infrastructure into other meeting note taking apps. Our team spoke at length about this security issue with Apple.
I work at Notion. We don't ship code that would let us listen in until users explicitly click start recording. We don't want to, we aren't in the business of selling data and this would be incredibly expensive - and destroy trust. We are cash flow positive so we can sustain our values for the long term. We build useful software and get paid by our users for it. It's pretty simple. Agree that operating systems should display prominent indicators when the microphone is in use.
A feature that's opt-in will get like 1% of the use of a feature that's opt-out. A happier middle ground would be to enable by default and show a "I don't like this, pls turn it off" button the first few times.
EDIT: shouldn't single out any specific role here. We think opt-out, enable-by-default makes a feature have far greater total utility. But we could do more to provide user agency for these features in-line during first use or find a different balance point.
Your PMs should not decide what your software does with my hardware without me giving my informed consent.
Our PMs don't like making things opt-in.
-> Your users don't like making things opt-out. Low usage metrics is a UX problem. Activating it without informed consent gives you bloated metrics anyway.
It’s just not true that users don’t like making things opt-out. HN Users tend not to like it but I think a lot of users dislike the alternatives: either because they’re undiscoverable (toggle in settings or a menu) or intrusive (various sorts of what’s new overlays). Imo, the question of when to make things opt-in vs. opt-out is fairly subtle and largely depends on the feature and pre-existing trust.
Following my habits, and reporting to a data broker that how I use my microphone, allowing even more precise profiling of my life circumstances or habits.
Yet... you don't report habits to a data broker yet. It is currently used for local UI.
Once you already are in the habit of evading user-privacy, it's a only a couple of down quarters before you start tracking and sending data to data brokers or someone else. This is why no one here likes this behavior.
As more and more companies start to use AI for “personalized”/targeted pricing, offers, advertising, etc. The more this exact type of data will be useful and therefore lucrative.
Sorry if it came through like that. I didn't mean to say Notion shares personal data to broker(s). I just wanted to highlight where it can go.
Please don't forget: Road to hell is paved with good intentions. Making features which can eavesdrop on users opt-in can go very wrong, very fast.
I understand the need to make it "feel like magic", but that line is very thin.
Last note, please when you move something around (e.g. Calculate button from bottom of the database columns to header menu), please let users know. It really feels bad when you use something too much just disappears.
Make a pop-up with the opt-in/out for all the features on first launch with everything defaulted to on so people can turn features off and get notified that such features exist. You can also use this to gather metrics on what features people are actually interested in.
Well, I suppose everyone is different. The first thing I do after launching a new software is inspect its options, and if it doesn't have a good range of tunable options, there's a good chance I'll immediately abandon it. So I actually really love the recent trend in video games putting you into the options at the start.
Get better PMs. Seriously. Users shouldn’t have to opt-out of something for privacy. Respecting privacy should be the default. If a user finds value in letting you listen to the microphone, then great! But you have to inform them! There are also other ways to get the same information — such as if the user also shares their calendar. This is sneaky and evasive behavior.
But none of this conversation makes me want to use Notion. We used to use it at $OLDJOB for meeting notes and light DB work for non-technical users. Now I’m happy we stopped.
not sure if I wanna send someone your way if the current PMs are dropping the ball so hard. There's no guarantee if this behavior will be only encouraged for new hires.
in seriousness: we don't listen to your microphone unless you click the button that says "start transcribing" in big letters.
we dropped the ball with the support response quoted the top of the thread. we don't process your microphone data until you click the button to start transcribing, and remind the user to confirm they have two-party consent. we merely detect when a meeting app is using your microphone.
source: i work at notion, just checked the code. it's electron, you're welcome to check for yourself.
Thank god the web browser was developed in an era where PMs weren't stack-ranked on rubrics like "feature engagement". Imagine a world where every website was granted access to your filesystem, webcam, microphone, and geolocation by default so that PMs could report back on how many websites were making use of those browser APIs.
While I personally wish that there were more people who had the ability to make such decisions, and exercised that ability, I think that this is a hostile response to someone who didn't have to spend the time to come on HN and describe the situation to the best of their ability. Calling people undignified because they, or their company, isn't perfect is just going to close down channels of communication.
Depending on the company culture, this may not be allowed. As in: PMs will ask another dev to implement it; if this happens more often then they will replace you.
Also, searching for dignity in a post-“don’t be evil” startup environment seems unusual.
While I agree with your sentiment, I'll note that ethics are hard to hold when it's your livelihood on the line.
Expecting a shift in corporate culture to come from a short list of individuals making great personal sacrifice (of their careers, reputations, whatever) is not reasonable, sustainable, or realistic.
I know there are a lot of folks who abhor regulation in many contexts, but stuff like this is most effectively handled by such mechanisms.
And then what, be out out of a job because you were insubordinate? If you have the personal wealth and security to lose your job and possibly not have a new opportunity for the next year or so, then that's great. Not everyone has that security, and a roof over their head just may be more important than personal convictions about how to treat users.
“Ze engagement metrics must go up on ze dashboard every quarter, jah!”
I can’t wait for the day PMs and other parasites find a new industry to move to. They sure have sucked the fun out of this one.
That is an implementation detail. What matters is the outcome:
Notion leadership has signed off on this being opt-out.
The calculus here, as you indicated, was that opt-in has little buy-in.
What leadership didn't take into account was the risk of this being publicized, and the blowback from this awareness.
That, or leadership has already calculated that not enough people will care (possibly true).
I suppose it's then up to those that do care to make more noise about this, to tilt the odds?, so this specific calculus (also known as enshittification) doesn't keep occuring (i.e, if the blowback costs are disproportionate to the value provided by default opt-out....)
Whenever people on HN and else where present you the mustache twirling evil Microsoft or Apple or Google C-suite/board who are trying to enshitificate a product or a tool because they don’t care, always keep in mind that the reality is often a lot more mundane than that.
The application that is “sneakily” listening to you and transmitting everything you say to their servers can be a legitimate product of a mustache twirling villain, but it’s a lot more likely (in my experience) that a group of 5 engineers and a PM were tasked by “Present relevant products from our company to the user” task and someone was like “what if we record what they are saying (or just zip-up their entire ~/Documents folder), run it through an LLM on our server and prompt it to analyze their convo or documents and recommend one of our products to sell to them? Sounds good to me, no?”
No Eddy, this simpleton scenario of yours is not more likely to be true than the evil scenario where the evil tech company invades users privacy and collect data it wasn't directly allowed for an extra profit.
I admit I haven’t been in any of the mustash twirling meetings. They probably happen, but I have also been in the room with engineers and PMs discussing solving problems with analytics attribution to user.
It's probably more telling how you had to invent the cartoonishly evil MTA and MTB, a bootlicker PM, and an honest (but maybe just slightly clueless) engineer.
If they made borderline "features" like this opt-in, no one would and then the people driving this won't get the career prospect boost of shipping a new feature.
Why? I don't understand the objection to this. If the app was sending off any data to Notion without consent, that would obviously be a privacy issue, but why is it a problem for a desktop app to simply check if your mic is being used and offer to record?
The application is almost certainly sending off data to Notion without consent, you just wouldn't be able to tell.
If a company is willing to do even small privacy violations, I do not trust them at all. Feel free to run OpenSnitch or LittleSnitch - most apps are opening connections to many domains you won't recognize. Your guess is as good as anyone's what data they're exfiltrating. That is, of course, unless you use more privacy-preserving apps that are typically opensource.
I don't use notion, but it would be a fun experiment to install a root CA and see the traffic.
It's probably not always this easy. I see many connections on apps using UDP, so who knows how, exactly, they are encoded.
The data may also be "encrypted", similar to how Zoom "encrypted" data. That is to say, the data is encrypted, but the private key is on the same server. So, if you MITM, it looks encrypted - but there's no security.
it's electron so you can just open chromium dev tools and see almost all network activity - im pretty sure this is exposed to everyone in the debug menu. takes seconds. http proxy the rest. (i work at notion and do this all the time to debug)
Yes, virtually every commercial application I've ever seen allows exfiltration of data, usually close to all of it, and you agree to it by signing both an EULA and privacy policy.
Based off of that, I then assume that other companies are exfiltrating as much data as possible off my devices.
I mean, even your car, which, keep in mind, is a multi-tens-of-thousands dollar product, exfiltrates your location, all your texts, all your phone calls, and as much data from your phone as possible.
Yes, this is a "leap of faith". I am not bound by a purely evidence-based worldview - I consider that naivety. I do not need strong irrefutable evidence of bad things happening. When people are untrustworthy, I approach them with skepticism in order to protect myself.
For example, I have absolutely no proof that the NSA is surveilling SMS and telephony right now. None at all. But I know Prism was a thing. It is safe to assume the NSA is absolutely surveilling SMS and telephony.
Firstly, I don't believe that you require proof to believe the things you do. Yes, I am calling you a liar. You have noticed patterns, and make assumptions every day. Every functional human being does.
I don't need proof that some random man is a mugger to know to put my phone in my pocket and walk quickly at 3 AM. This is what I mean when I say your mentality here is naive - how many times do you need to get mugged to learn?
And, secondly, even if you DO require proof, this is an incredibly inefficient way to live. If you require proof for everything, you wouldn't be able to get much done. You'll be sitting around waiting, or searching. Sometimes, it's faster to assume, if your assumption is good.
This could be a good feature in open source software packaged by Debian and whose build is reproducible.
People being angry here shows how they distrust software they use and distrusting always online software causes fear and stress.
The best these people can do is relying on free software distributed in a sane way because that's what can help trust software, and, in a professional setting, to push their companies or their providers towards free software as well, and demand guarantees that their privacy is respected.
These matters are not theoretical and this discussion is a witness of this.
If Notion wants to be trusted, they should go open source. I see Notion people are here. Do it! Stop doing closed source software! That doesn't bring anything worth and see what badness it brings. Your value is elsewhere. It's in you expertise, your vision and how well you do things.
I work for an open source competitor (or at least in the neighborhood) and that works out well for us and has been for 20 years.
The day you open source your desktop client, you'll be able to show us the code and show that you indeed don't send audio records or related logs to your headquarters. We won't have to reverse engineer, sandbox just to be sure, and hope for the best.
Yeah, no. You don't get to monitor my anything in order to provide features. I was never a user of notion and I definitely won't be. It is just an oversight of the OS that your process is allowed to see the list of other processes.
I do not want to be spied on and have 0 trust for any company wishing to do any kind of monitoring of my usage in order to provide or advertise "features" to me.
While you're here - can you tell your PM's that your auto update on windows is annoying. Every time I start the app there's a prompt asking me to either "Install and Relaunch" or "Remind me later" (which seems to just hassle me again on next app start). The worst part is the pop-up doesn't show until 5-10 seconds after I start the app. So I'll start the app, start clicking around and then I'm interrupted by this pop-up. This seems to happen every day because you push a lot of updates.
I'd prefer an option to silently grab non-security/non-fix updates once every [Day, Week, Month] in the background, and install automatically on next app start up. Urgent updates can happen immediately. The default should be every week as every update is around 85mb. You could go a step further and have an option to only download over WiFi.
As for the mic "issue", I'm not sure what everyone's on about. Acting like it's the first app on Windows to monitor what the system is doing to provide a feature.
The Notion desktop app will observe if there is a process running on your computer that is actively using your microphone, such as Zoom.
Notion does not and cannot listen to the audio coming from your microphone ambiently or snoop on the signal received by another application. This detection is done purely based on the existing of a process using your microphone, not on the audio coming from the microphone. Users can verify this because the OS-level microphone indicator will show that Notion is not listening to their microphone.
If one is detected, Notion will notify the user and try to associate it with a calendar event if you have connected your calendar. Connecting your calendar is not a requirement to receive this notification.
Users can disable this behavior via their account settings in Settings > Notifications > Desktop meeting detection notifications.
Only when the user has started a meeting note and clicked record, will Notion activate the user's microphone. We cannot do this without operating system mediated consent dialog, which is the way it should be! At this point Notion will show up as using the microphone in the OS indicators.
(I work at Notion)