Notion leaks email addresses of all editors of any public page

Original Article ↗ Hacker News Discussion ↗

Nature of the privacy issue

  • Public Notion pages expose contributors’ names, profile photos, and email addresses via page metadata.
  • This behavior is officially documented but buried in help text; several users say they were unaware despite having public pages.
  • The in‑product warning is described as vague and misleading (e.g., “may become visible” and unclear that visibility extends to the entire public web).
  • Some report deanonymization incidents and say they reported related issues 4–6 years ago, with slow responses and no bug bounties.

Notion’s response (as described in the thread)

  • A Notion representative acknowledges the problem, says it’s documented but “not good enough,” and states they’re exploring removing PII from public endpoints or proxying emails similar to GitHub.
  • They claim it is not a “1‑minute fix,” citing complexity, but provide no detailed technical explanation in the thread.
  • Many commenters challenge this, arguing that hiding PII for public views should be straightforward and criticizing the years‑long delay.

Technical and architectural debate

  • Some argue this is fundamentally a design mistake: public UUIDs can be mapped to emails via shared APIs, and public/private identifiers should have been separated from day one.
  • Others insist even if the architecture is messy, PII should be disabled everywhere first, then internal breakage fixed later.
  • A separate discussion highlights “privacy‑by‑design” architectures where servers only store ciphertext and cannot map content to identities, making this class of leak structurally impossible but limiting server‑side features (AI, search, analytics).

Trust, incentives, and regulation

  • Many see this as emblematic of a broader problem: companies under‑invest in security because post‑incident apologies are cheaper.
  • Proposals range from severe financial penalties and executive liability to suing firms “out of existence,” while others argue such approaches can be disproportionate or politically infeasible.
  • Several note user apathy and low willingness to switch tools undermine market pressure for privacy.

Tool choices and alternatives

  • Multiple self‑hosted or privacy‑friendlier alternatives are mentioned (wiki‑style tools, markdown‑based note apps, and “Notion‑like” systems), with debate over which truly match Notion’s database‑centric functionality.
  • Some strongly dislike Notion’s Electron/macOS client, performance, and AI pivot; others continue to praise it as a powerful integrated workplace tool despite privacy concerns.