Comment by dzink
20 hours ago
I started using Roam and as a proper geek, dug through the data it sends back and forth about me and my notes in the browser console. It was doing access logs and some random day I saw some random dude’s name in the access log for my notes. I reached out to ask. They told me he was a new employee. I saw no reason to save personal notes and ideas on a platform where any employee can enjoy them. Thereafter I took my notes to tools i wrote myself. Very enlightening to the incentives for building such tools.
Another thing to add: I had deleted my Roam Research account a long time ago by now, but the media I uploaded on it is still available through the Firebase links.
Wow, that's very icky.
Would you be open to providing some more details on this? Was this a private graph or a public graph?
It happened several years ago - when Conor was holding talks on Clubhouse. I had created an account with a few test notes and went back days later. The notes were not listed or linked anywhere. The person’s email or name was showing in the log but he was not even outed as an employee on linkedin at the time - so I originally thought someone has hacked my account or was accidentally given access to my notes. Then I asked the founder or the person and they said it was a new employee. I have screenshots somewhere but I don’t remember how i reached out to them - if it was a service chat, or email, or twitter, or clubhouse. I always check the network chatter on new sites I use - very enlightening about what they think of customers. A lot of times you see flags for things they want you or don’t want you to be, or what they want to upsell to you. Reactive sites put all kinds of logic in the front end where it doesn’t belong.
Thanks for elaborating! This is definitely not ok, and the response beyond unacceptable.
I've been an active user for a couple of years now and have substantial amount of information stored in Roam. I guess I should have known better than to have sensitive data stored in someone else's servers without encryption.
Time to explore Obsidian and see what the migration path looks like.
That does seem very shady, did you at least get a written apology from him/his boss?