this post was submitted on 07 Jan 2025
3 points (100.0% liked)

Privacy

0 readers
40 users here now

Everything about privacy (the confidentiality pillar of security) -- but not restricted to infosec. Offline privacy is also relevant here.

founded 1 year ago
MODERATORS
[email protected]
3
I'm checking out various "personal knowledge management" tools in a sandbox to see if it be an upgrade my ragtag collection of text file-based notes. (fedia.io)
submitted 3 weeks ago by [email protected] to c/[email protected]
35 comments fedilink hide all child comments
 

I'm checking out various "personal knowledge management" tools in a sandbox to see if it be an upgrade my ragtag collection of text file-based notes.

First candidate is #Logseq, supposedly "privacy-first".

How #privacy friendly is something based on Electron (aka Chrome)? Debatable, but then they also do this:

  1. Have "Send usage data" on by default
  2. Start with an example page that embeds a YouTube video, and accepts all cookies

tcpdump and mitmproxy go wild when starting the program.

Shows that the "Send usage data and diagnostics to Logseq" setting is enabled by default.
Shows the services being contacted by Logseq over HTTPS right after starting it for the first time. Hosts that are being contact: www.youtube.com, googleads.g.doubleclick.net, jnn-pa-googleapis.com, play.google.com, app.posthog.com, o416451.ingest.sentry.io

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 3 weeks ago

You might feel I'm nitpicking about a possible edge case.

But you are promised privacy, and without going through every screen in the options menu, sniffing the network traffic, or going through the source code you have no idea that your note titles are being sent to Google Analytics.

It's another example of a company (they sell premium services) using "privacy-first" as a buzzword instead of living by it as a guiding principle.

At least there is an opt-out, I guess.

3/3