Tell HN: Notion Desktop is monitoring your audio and network
If you have the Notion Desktop App installed, you may have started to notice a "In a meeting? Start AI Meeting Notes" notification pop up exactly when you are joining a virtual meeting (e.g. joining a Google Meet on Firefox).
At first, I assumed it must have been using my Google Workspace account to snoop on my calendar. But then I started to notice it would notify exactly when I joined even if I was late and the meeting had previously started.
This was the response from Notion Support after they worked with the Notion Engineering team.
> Meeting Detection Architecture:
> - The system uses a sophisticated dual-detection approach: microphone monitoring combined with network port analysis
> - Detection is implemented separately for macOS and Windows at the native operating system level
I've uninstalled the Notion Desktop App...
Hey!
1. Notion records audio only during your use of the Meeting Notes feature. Here are the docs: https://www.notion.com/help/ai-meeting-notes
2. Notion desktop app has notifications about meetings that ask you if you want to use Meeting Notes, it recognizes this by detecting that your microphone is on (i.e. it does not listen to audio coming from your microphone). This feature is a setting in preferences btw, under Notifications > Desktop meeting detection notification.
source: I work for Notion
To elaborate:
The Notion desktop app will observe if there is a process running on your computer that is actively using your microphone, such as Zoom.
Notion does not and cannot listen to the audio coming from your microphone ambiently or snoop on the signal received by another application. This detection is done purely based on the existing of a process using your microphone, not on the audio coming from the microphone. Users can verify this because the OS-level microphone indicator will show that Notion is not listening to their microphone.
If one is detected, Notion will notify the user and try to associate it with a calendar event if you have connected your calendar. Connecting your calendar is not a requirement to receive this notification.
Users can disable this behavior via their account settings in Settings > Notifications > Desktop meeting detection notifications.
Only when the user has started a meeting note and clicked record, will Notion activate the user's microphone. We cannot do this without operating system mediated consent dialog, which is the way it should be! At this point Notion will show up as using the microphone in the OS indicators.
(I work at Notion)
It is not genuine to say that Notion cannot listen in. Notion can listen in. Anytime it wants. Yes on Macs an indicator will be displayed - but not always prominently depending on what other apps/devices are being used (for example using continuity camera)
Source: I built the same listening infrastructure into other meeting note taking apps. Our team spoke at length about this security issue with Apple.
Make it opt-in and this would be not an issue.
Our PMs don't like making things opt-in. I pitched a fit when we added global shortcuts to launch the Notion app search window, but I wasn't able to change any minds.
A feature that's opt-in will get like 1% of the use of a feature that's opt-out. A happier middle ground would be to enable by default and showed a "I don't like this, pls turn it off" button the first few times.
Your PMs should not decide what your software does with my hardware without me giving my informed consent.
Our PMs don't like making things opt-in.
-> Your users don't like making things opt-out. Low usage metrics is a UX problem. Activating it without informed consent gives you bloated metrics anyway.
It’s just not true that users don’t like making things opt-out. HN Users tend not to like it but I think a lot of users dislike the alternatives: either because they’re undiscoverable (toggle in settings or a menu) or intrusive (various sorts of what’s new overlays). Imo, the question of when to make things opt-in vs. opt-out is fairly subtle and largely depends on the feature and pre-existing trust.
There are infinite ways on how to inform users of a new feature and ask to activate it.
And nearly all of them are annoying and disrupt my flow.
cookie popups that don't even work
Make a pop-up with the opt-in/out for all the features on first launch with everything defaulted to on so people can turn features off and get notified that such features exist. You can also use this to gather metrics on what features people are actually interested in.
Good compromise.
Nothing makes me not want to use software more than it asking questions about how I want to use the software before I've used the software.
Runner up is the "what's new" tutorial overlays.
Just seeing the words “got it” raises my blood pressure.
Well, I suppose everyone is different. The first thing I do after launching a new software is inspect its options, and if it doesn't have a good range of tunable options, there's a good chance I'll immediately abandon it. So I actually really love the recent trend in video games putting you into the options at the start.
Yep, completely agree.
Your new feature is privacy invading. It's none of your business to detect if someones mic is on unless they invite you to do that.
What is so hard about that?
> Our PMs don't like making things opt-in.
Lamest excuse ever.
I wouldn't be surprised if you phoned back home about that mic activation - do you?
I recently joined an org where Notion is in use - I will actively lobby them to not install the desktop app, at all or to quit Notion alltogether.
> Our PMs don't like making things opt-in.
Thank god the web browser was developed in an era where PMs weren't stack-ranked on rubrics like "feature engagement". Imagine a world where every website was granted access to your filesystem, webcam, microphone, and geolocation by default so that PMs could report back on how many websites were making use of those browser APIs.
>Our PMs don't like making things opt-in
Then refuse implementing it. Have some dignity for God's sake.
Having that kind of power as an implementer requires the backing of a union.
And the utter certainty that you are infallible.
Depending on the company culture, this may not be allowed. As in: PMs will ask another dev to implement it; if this happens more often then they will replace you.
Also, searching for dignity in a post-“don’t be evil” startup environment seems unusual.
what an emotional response to work
And then what, be out out of a job because you were insubordinate? If you have the personal wealth and security to lose your job and possibly not have a new opportunity for the next year or so, then that's great. Not everyone has that security, and a roof over their head just may be more important than personal convictions about how to treat users.
While I agree with your sentiment, I'll note that ethics are hard to hold when it's your livelihood on the line.
Expecting a shift in corporate culture to come from a short list of individuals making great personal sacrifice (of their careers, reputations, whatever) is not reasonable, sustainable, or realistic.
I know there are a lot of folks who abhor regulation in many contexts, but stuff like this is most effectively handled by such mechanisms.
> A feature that's opt-in will get like 1% of the use of a feature that's opt-out.
Well... yeah. It's either because the benefits of opting in aren't communicated well enough or that users just don't actually want it.
For AI meeting notes, I'd imagine it's the latter.
> Our PMs don't like making things opt-in.
Whenever people on HN and else where present you the mustache twirling evil Microsoft or Apple or Google C-suite/board who are trying to enshitificate a product or a tool because they don’t care, always keep in mind that the reality is often a lot more mundane than that.
The application that is “sneakily” listening to you and transmitting everything you say to their servers can be a legitimate product of a mustache twirling villain, but it’s a lot more likely (in my experience) that a group of 5 engineers and a PM were tasked by “Present relevant products from our company to the user” task and someone was like “what if we record what they are saying (or just zip-up their entire ~/Documents folder), run it through an LLM on our server and prompt it to analyze their convo or documents and recommend one of our products to sell to them? Sounds good to me, no?”
No Eddy, this simpleton scenario of yours is not more likely to be true than the evil scenario where the evil tech company invades users privacy and collect data it wasn't directly allowed for an extra profit.
I admit I haven’t been in any of the mustash twirling meetings. They probably happen, but I have also been in the room with engineers and PMs discussing solving problems with analytics attribution to user.
Given the structure of hierarchical orgs, both can (and likely are) true.
Moustache-twirler A: We've identified these metrics that correlate with increased shareholder value
Moustache-twirler B: But what do those metrics say about user privacy?
(both laugh. This is very funny)
MT A: no but really, fire any PMs that don't make these go up and let the survivors figure out why
MT B: sounds great. See you at golf this weekend
(some time later, in a less fancy conference room)
Engineer: This new feature is great, but could be construed as an invasion of privacy. Can we make it opt-in?
PM (panicking): Oh good heavens, no! Also send the opt-out button to the UX team, that way it doesn't come down on us.
It is because when you get your attention fixed to the execution level you miss the strategic.
>Our PMs don't like making things opt-in
That is an implementation detail. What matters is the outcome:
Notion leadership has signed off on this being opt-out.
The calculus here, as you indicated, was that opt-in has little buy-in.
What leadership didn't take into account was the risk of this being publicized, and the blowback from this awareness.
That, or leadership has already calculated that not enough people will care (possibly true).
I suppose it's then up to those that do care to make more noise about this, to tilt the odds?, so this specific calculus (also known as enshittification) doesn't keep occuring (i.e, if the blowback costs are disproportionate to the value provided by default opt-out....)
thats a red flag imho
If they made borderline "features" like this opt-in, no one would and then the people driving this won't get the career prospect boost of shipping a new feature.
While you're here - can you tell your PM's that your auto update on windows is annoying. Every time I start the app there's a prompt asking me to either "Install and Relaunch" or "Remind me later" (which seems to just hassle me again on next app start). The worst part is the pop-up doesn't show until 5-10 seconds after I start the app. So I'll start the app, start clicking around and then I'm interrupted by this pop-up. This seems to happen every day because you push a lot of updates.
I'd prefer an option to silently grab non-security/non-fix updates once every [Day, Week, Month] in the background, and install automatically on next app start up. Urgent updates can happen immediately. The default should be every week as every update is around 85mb. You could go a step further and have an option to only download over WiFi.
As for the mic "issue", I'm not sure what everyone's on about. Acting like it's the first app on Windows to monitor what the system is doing to provide a feature.
Thanks for the explanation. I was about to install Notion Desktop today. I Won’t install it.
Why? I don't understand the objection to this. If the app was sending off any data to Notion without consent, that would obviously be a privacy issue, but why is it a problem for a desktop app to simply check if your mic is being used and offer to record?
This could be a good feature in open source software packaged by Debian and whose build is reproducible.
People being angry here shows how they distrust software they use and distrusting always online software causes fear and stress.
The best these people can do is relying on free software distributed in a sane way because that's what can help trust software, and, in a professional setting, to push their companies or their providers towards free software as well, and demand guarantees that their privacy is respected.
These matters are not theoretical and this discussion is a witness of this.
If Notion wants to be trusted, they should go open source. I see Notion people are here. Do it! Stop doing closed source software! That doesn't bring anything worth and see what badness it brings. Your value is elsewhere. It's in you expertise, your vision and how well you do things.
I work for an open source competitor (or at least in the neighborhood) and that works out well for us and has been for 20 years.
Knowledge software shouldn't hide knowledge.
The application is almost certainly sending off data to Notion without consent, you just wouldn't be able to tell.
If a company is willing to do even small privacy violations, I do not trust them at all. Feel free to run OpenSnitch or LittleSnitch - most apps are opening connections to many domains you won't recognize. Your guess is as good as anyone's what data they're exfiltrating. That is, of course, unless you use more privacy-preserving apps that are typically opensource.
That's just entirely based on the "almost certainly" doing all the work. You're complaining about a hypothetical situation.
> you just wouldn't be able to tell.
You can setup a local web proxy and tell us. Also check the sources since it's an electron app.
I don't use notion, but it would be a fun experiment to install a root CA and see the traffic.
It's probably not always this easy. I see many connections on apps using UDP, so who knows how, exactly, they are encoded.
The data may also be "encrypted", similar to how Zoom "encrypted" data. That is to say, the data is encrypted, but the private key is on the same server. So, if you MITM, it looks encrypted - but there's no security.
Any evidence for “almost certainly”? That seems a huge leap of faith to build a whole worldview on. Kind of circular, really.
Yes, virtually every commercial application I've ever seen allows exfiltration of data, usually close to all of it, and you agree to it by signing both an EULA and privacy policy.
Based off of that, I then assume that other companies are exfiltrating as much data as possible off my devices.
I mean, even your car, which, keep in mind, is a multi-tens-of-thousands dollar product, exfiltrates your location, all your texts, all your phone calls, and as much data from your phone as possible.
Yes, this is a "leap of faith". I am not bound by a purely evidence-based worldview - I consider that naivety. I do not need strong irrefutable evidence of bad things happening. When people are untrustworthy, I approach them with skepticism in order to protect myself.
For example, I have absolutely no proof that the NSA is surveilling SMS and telephony right now. None at all. But I know Prism was a thing. It is safe to assume the NSA is absolutely surveilling SMS and telephony.
And, I'm almost always right, in my experience.
Yeah, no. You don't get to monitor my anything in order to provide features. I was never a user of notion and I definitely won't be. It is just an oversight of the OS that your process is allowed to see the list of other processes.
I do not want to be spied on and have 0 trust for any company wishing to do any kind of monitoring of my usage in order to provide or advertise "features" to me.
From 1)
> If you do not want the AI Meeting Notes feature available to your users, administrators may opt-out their workspace at any time via the toggle available in their console.
Here's your problem: Make this opt-in.
AI features + user opt-in are mutually exclusive at this point.
Why didn't Notion ask for my affirmative consent before monitoring my network traffic?
Are there other cases where Notion is monitoring my network traffic? If so, what are they?
FWIW, you can verify when any apps are recording microphone input by the OS's microphone indicator. I think Windows, Mac, and Linux all have one.
(edit: see what @jitl said)
Does any of that microphone detection stuff send anything over the network to Notion to indicate that the check was done, plus the check's results?
let me look
EDIT: no, there's no transmission of logs or analytics events besides a check to see if the feature is enabled. We only transmit some data if you ask Notion to record.
Thanks for the answer.
Just want to clarify for pedantic reasons - is there transmission regardless of whether it's enabled or disabled? And does that happen only if someone asks Notion to record?
If it helps, this has been one of the most infuriating things for me in recent memory. I don't understand why this wasn't opt-in.
thanks, will fwd to team
you're talking about the desktop notification in particular, right?
Yeah. I mean, the rest is concerning. But one day it just started popping up every time I went into a meeting. Which, of course, was exactly the time that I was busy in a meeting, and didn't have time to dig through settings to figure out how to turn it off.
* team receives feedback
"Bin it, no one will turn it on, make them turn it off if they don't want it"
Can you give me a source beyond "just trust me, bro"?
your OS shows a microphone icon when apps are recording audio — when you use the app, you should see that when recording is on during the meeting transcription and off otherwise
They only check if your mic is on, not what you're saying (they can't hear you unless you've granted mic permission). They also look at your network traffic to see if audio is being sent (otherwise you can get a lot of false positives). Using mic + network data is a common way to spot meetings -- my app LookAway[0] does something similar to pause reminders during calls.
[0]: https://lookaway.app
I thought you had to give explicit permission for an app to monitor network traffic in macOS? I'm assuming your app asks for this, but it sounds like Notion does not if the GP was surprised by the monitoring.
My Notion install (macOS) asked to discover devices on my network. I'm assuming this permission is related to "monitoring network traffic".
No, that’s the new "Local Network" prompt which started appearing since macOS 15. Any app that opens a multicast/broadcast socket (mDNS, SSDP, WebRTC ICE, etc.) now has to ask. Electron apps (including Notion) do this by default, so you see this dialog.
That's interesting. Although I wasn't able to find any confirming info that allowing the "locate local devices" permissions allows for network monitoring. It seems to only allow Bonjour and multicast DNS. Anyone know for sure what it allows?
This would certainly be news to me as well. Packet capture (even local) has historically required superuser perms, but I'm not up to speed on how MacOS permissions work in this regard since the launch of System/Network Extensions.
After writing the above, I've just reviewed [0] - as much as I could in 5 minutes - and as far as I can tell it confirms our understanding. To do packet filtering or interception or reading, you'd need to do [1].
[0]: https://developer.apple.com/documentation/technotes/tn3179-u...
[1]: https://developer.apple.com/documentation/NetworkExtension/c...
Yes, it would be that one
You don't need to give any explicit permissions for the snapshot of current sockets.
Yeah, non-sandboxed apps can iterate over open file descriptors. It's quite useful to detect eg. which app on your local machine is connecting over TCP. I hope they don't lock it down. It doesn't allow intercepting traffic, but you can see what connects where.
I’ve come to hate Notion with passion because of its abysmal performance, but I still pay for it for my small business. My non-technical employees use it as a database for clients, tasks, payments etc. I tried to research replacements several times, and still haven’t found anything good. Sometimes I wonder if I should build my own.
Anytype (https://anytype.io), Appflowy (https://appflowy.com)
Do you use Anytype productively?
I have it installed but I find it kind of daunting compared to Notion for organizing my notes, it seems to want to be a more abstract kind of 'knowledge management system'.
I just opened it again and it popped up a 'What's New' with phrases like 'Relations are now properties' and something about 'types', 'templates', 'sets' and 'queries', I really just want to take notes and organize them in a straightforward hierarchy.
These concepts have been copied directly from Notion.
I’ve found Anytype to be more streamlined. I’m highly familiar with Notion though, so adapted easily.
I'm in the same boat. Since they decided to bundle in their AI features with their core product (at only a 30% price increase!), I've been looking for an exist route. But finding a single collaborative text editor + database designer replacement has been difficult.
Most intriguing thing in that vein I've seen: https://thymer.com (haven't used it, am not affiliated, just looked promising in a demo video esp. on performance grounds)
Hey thanks for mentioning us!
With Thymer we really care about performance, but Thymer is also end-to-end encrypted because we don't want to compromise on privacy. And it's real-time collaborative and offline first.
Thymer has optional self-hosting. Then you can upgrade (or not) at your own leisure, or intentionally stick to an older version you like better. Enshittification is a big problem in our industry. We've all been burned by it -- we certainly have -- and being able to opt out of a "new and improved!" version is a real feature.
Thymer will also be very extensible. Today we launched our plugin SDK: https://thymer.com/plugins and https://github.com/thymerapp/thymer-plugin-sdk/ with a bunch of examples. With Thymer you will be able to "vibe code" the very simple plugins and with VSCode/Cursor you can make more complex plugins with hot-reload.
Looks like org mode for the masses
There are many suggestions already let me through in one more: Affine : https://affine.pro/
You can self host too if you like. Not all features as Notion but comes very close. Seems more private too compared to Notion.
I am also looking for more private and secure Notion alternatives. My company doesn’t allow using Notion.
I like templates, tasks, scrum etc. which I use for personal use. But I am reluctant on saving any personal information in it.
I really like Notion’s information architecture (in particular the top index pages) and its multi-user capability.
I tried some other tools like Confluence and Obsidian but like you say, there seems to be no match from a UX perspective.
Do I love Notion? Definitely not. Would I change to another tool with the same feature set? Instantly.
If you like Obsidian and want it to be multiplayer you might be interested in Relay [0] (shameless plug).
There are also plugins like make.md [1] that are focused more on making the UX feel more like notion.
[0] https://relay.md
[1] https://github.com/make-md/makemd
NocoDB perhaps? It's not a document-focused system, but you said they use it more as a database.
https://github.com/nocodb/nocodb
I used a lot for organizing my personal projects, endup changing to Microsoft Loop for client stuff. And Obsidian for personal stuff.
The performance really is abysmal. I started using it years ago and the change from the early days has been drastic.
outline - https://getoutline.com is pretty good and you can import all your notion spaces too.
I have a funny story: I went to go to a notion doc and just intuitively pressed command-O in the app to open the notion doc I wanted. Of course that command doesn’t open notion docs—what that does is turn on audio transcription.
So two hours later, I realize I’ve transcribed at the bottom of our team overview page what read like the diary of a madman from fragments of conversation I was having with my wife and dog. I am glad I caught it and deleted it.
Did it transcribe the dog? How long until we get a LLM that can translate dog barks...
People are doing some interesting work in an attempt to categorize whale and dolphin communication https://blog.padi.com/talk-to-whales-with-ai/
https://www.reddit.com/r/TheFarSide/comments/1d041lu/hey_hey...
If anyone is looking for an alternative to Notion without the bloat, I’m building https://docmost.com.
It has a nice UI, real-time collaboration, diagrams support and more.
You can self-host it too.
I self host docmost and love it, thank you for making it!
Will you consider making it publishable as a wiki? The current share feature is close but forces me to share a specific URL and live-edit public pages.
The next sharing goal would be to make it possible to share an entire "Space", but not the "Workspace" itself.
Would that fit the ideas you have in mind?
I’m wondering if integrating this with nocodb mentioned above would work, as i also use databases in documents.
You could use the Iframe embed feature to embed your NocoDB databases.
I love so much how nice this looks. But I wish this was Obsidian or rather, a standalone app. I don't want a web app for notes. Notes are all files. Different use case I know but I wish so much Obsidian looked and felt more like your app/Notion.
Looking more into this, 4o actually produced a list of plugins that add functionality to do some of the things Notion excels at so that tells me that there probably is a way to get datatables etc.
Very cool.
I wish tools like this could be embeddable. For example, being able to add it into existing apps.
[dead]
As someone who has built an app that detects calls and meetings, this isn’t as nefarious as you’re making it out to be.
You can detect patterns of hardware use that suggest you’re in a meeting without actually eavesdropping on an actual audio stream of any kind.
Basically is some app using the mic hardware for something?? Likely a meeting so.
It’s not necessarily about what they doing, more like how they do things. They could at least tell me about it, like: Hey, we check whether you joined a meeting to provide you with our note taking assistant. Are you okay with that?
Don’t assume consent.
Well, to give them the benefit of doubt, this monitoring could be done in a (more or less) privacy sensitive way, e.g. by analyzing the frequency spectrum of the audio input without actually recording or transmitting it, or as others have suggested, maybe they're just checking if the microphone is in use. And for the network they're apparently only monitoring the ports, not the actual data. But still, it sounds like a feature for which they should provide an option to turn it off - or, even better, make it opt-in.
While both have privacy implications, I'd rather we distinguish 'monitoring' that exfiltrates your data to their servers, and offline-only 'monitoring', used only for legitimate, benign purposes of the program itself.
Are you saying that Notion desktop has access to microphone audio or it is only able to determine if the microphone is in use?
The former is actually concerning to me. I can't imagine caring if it only knows my microphone is in use.
It's the latter. An app can't access the audio without explicit microphone monitoring permissions.
If you go to "Settings > Notifications > Desktop meeting detections notifications" you can turn this feature off. I haven't verified if the mic and traffic sniffing is correspondingly turned off though.
that's really corcerning for user privacy!!
What is notion?
I have been pulling my hair trying to learn these new no code db tools. And I think I have come to a simple explainer.
It is a list of documents built with (something called) block-editors. Each document can be given properties. The properties get listed into columns. The columns are fields. The documents are rows. And that makes a database table.
In reverse, it is a database table of records. One record can be can be configured with various fields, plus a document "canvas" made by a block-editor.
The block editors can import and display views (aka queries) of database tables. And that is what makes it a full circle spaghetti. A document (listed in a database) can display a database table.
A reminder that Notion still operates under the .so TLD [1]
Why should you entrust them with your private notes and data?
[1] https://news.ycombinator.com/item?id=26113444
This is unethical and creepy behavior - Notion team reading this: How exactly did you come up with this?
This is insane. The amount of absolutely sensitive audio they could be grabbing is unbelievable. And port analysis? Why anyone would think this sort of intrusion is acceptable is boggling my mind. It’s a writing app for god sakes. I hope the backlash from this is both severe and swift.
Thank you for telling HN, much appreciated! I am concerned re privacy, so, thanks again.
There is a rule in journalism to not burn one's sources, did you violate that rule in the OP? (I don't know, I am not a journalist.)
We could invite Notion management to comment on this thread.
He's not a journalist, why would he need to follow the rules of journalism?
yuck.
This is an unintended benefit of being on a Linux workstation - the only client available is the browser.
This kind of thing is one of many reasons I refuse to install Zoom/Discord/etc apps. Stay in your sandboxed browser tab.
If there's an app that started life in the browser, a desktop/native app can only make it worse. I don't use native apps for Youtube, Amazon, Slack etc for this purpose.
Notion and all these kinds of apps are available for Linux. But yeah, I don't recommend using them. Just use them in the browser.
There is no "native" app for Linux.