Comment by dzink
2 months ago
I started using Roam and as a proper geek, dug through the data it sends back and forth about me and my notes in the browser console. It was doing access logs and some random day I saw some random dude’s name in the access log for my notes. I reached out to ask. They told me he was a new employee. I saw no reason to save personal notes and ideas on a platform where any employee can enjoy them. Thereafter I took my notes to tools i wrote myself. Very enlightening to the incentives for building such tools.
Another thing to add: I had deleted my Roam Research account a long time ago by now, but the media I uploaded on it is still available through the Firebase links.
Hey Baibhav from the Roam Engineering team here
I think this might be a remnant of the time we did not delete media for graphs for cases we thought they might've just migrated to a new graph. For context, a semi-common pattern was for users to export their graph and restore to a new graph, so that they can change the name. Could you have gone through a similar process before deleting your account?
If you please contact support@roamresearch.com and provide the firebase links (even just a few should be okay to find the media), then we can proceed with the deletion for you. Sorry for the issue
Hey,
I work at Roam on the engineering team.
I do not claim to know about this case, could you send me or support@roamresearch.com any more details you have re: this?
I can, however, tell you what the protocol has been since I've been working here at Roam (since 2021). No one can access user notes without an explicit written permission being granted. We have logs for when any graph is accessed via admins, and so, any member on the team accessing user notes without permission would be fired immediately. This was the operating policy and was made clear to me on my onboarding itself, along with the policy of immediate termination in the case of abuse.
Additionally, since Jan 2022, we have the ability for users to create End-to-end encrypted graphs. These graphs provide an extra level of protection - where your notes (& media) would be safe even in the worst case of Roam being hacked or compelled by law agencies to give info (to be clear, we haven't had either happen)
Hi Baibhav, This was in August 2020. I have attached screenshots as a reply to Josh's reply above. It was early in the days so I could understand the founder perusing as a way of seeing how users are using the site, but not some random dude with a gmail. The logs were showing in my local storage on the browser. My notes were just test notes, so I didn't have anything important to worry about, but I never used Roam as a result.
Hey, clarifying (for anyone who sees this thread and not the other replies)
Roam actually DID NOT READ THEIR DATA (we have always had the policy of never accessing user data without explicit user permission). She just misunderstood what she was looking at.
More (verifiable) details in my comment here: https://news.ycombinator.com/item?id=44047945
Hi, co-founder of Roam, Josh here. I don't recall your case ever being brought up to me, but as Baibhav said in his comment, we have strict no-access rule for engineers. They (and me) are only allowed to open your graph if given explicit permission by you through support. We have always had this rule and it's in our terms and conditions.
I think I found your account and I don't see any access logs to your graph from anyone other than your account. If you can provide any more info or screenshots of we would be able to dig deeper into exactly what you saw. It could have been a console log or a hard coded employee email in the code.
We've always cared deeply about user's privacy and ownership over their notes. This is why we've had this policy from the start and focused heavily on local first features and data portability. We offer fully offline graphs, where the data never touches our server and is never able to be accessed by anyone on our team. We also offer fully encrypted graphs, which are stored on our servers but are not able to be read by anyone without the password (our team cannot read your data).
You are in luck. I found a little video I took of the screen when it happened. It was from Aug 11 2020. Here is a screenshot with the log details: https://www.dropbox.com/scl/fi/g9jv8eh1ugi5qda0c6azx/0811202...
Here is another screenshot and screenshots of the email exchange with the person in the logs. https://www.dropbox.com/scl/fi/v0x26d5jvou5k9gvx5tnd/IMG_205...
Emails: https://www.dropbox.com/scl/fi/s6ed1brrcvc0hncig7nm0/IMG_205...
https://www.dropbox.com/scl/fi/ohafavhr9nlqfedlbfxrd/IMG_206...
5 replies →
Thanks for sharing, see Baibhav's response for what happened here, these logs you are seeing are for the public help graph, not your personal graph.
Hey thank you for replying!
I understand what the screenshots are saying and this makes it clear that it was a misunderstanding and that NO ONE ACCESSED YOUR GRAPH(S). Please let me explain
Lets start with your first screenshot: https://www.dropbox.com/scl/fi/g9jv8eh1ugi5qda0c6azx/0811202...
If you take a look at this screenshot, it shows that the values you saw are in the indexeddb db "..._help-tx". The "help" bit denotes that those are the actions/txs taken in the "help" graph (which you can access via https://roamresearch.com/#/app/help). The reason you're seeing Bardia and Conor's emails there is because they wrote in the help graph (maybe they were writing guides there or adding stuff to the changelog). The reason the help graph data is in your indexedDB is because you probably opened the help graph at some point.
If someone had accessed your graphs, similar txs would have shown instead in the indexeddb dbs "..._DZ-tx" or "..._programming-with-categories-tx"
Everything I've said above can be verified if you say go to any Roam graph, and see what dbs are stored in IndexedDB in the devtools.
Hopefully this makes sense. Also, as Bardia replied in the email, we have never and will never edit user notes without explicit permission.
tl;dr: You thought you were looking at the logs for your graph but you were looking at the logs for the "help" graph. This is easily verifiable from your screenshots itself if you know where to look (details above).
6 replies →
Wow, that's very icky.
Hey, clarifying
Roam actually DID NOT READ THEIR DATA (we have always had the policy of never accessing user data without explicit user permission). She just misunderstood what she was looking at.
More (verifiable) details in my comment here: https://news.ycombinator.com/item?id=44047945
OK THANKS FOR LETTING ME KNOW
1 reply →
Would you be open to providing some more details on this? Was this a private graph or a public graph?
It happened several years ago - when Conor was holding talks on Clubhouse. I had created an account with a few test notes and went back days later. The notes were not listed or linked anywhere. The person’s email or name was showing in the log but he was not even outed as an employee on linkedin at the time - so I originally thought someone has hacked my account or was accidentally given access to my notes. Then I asked the founder or the person and they said it was a new employee. I have screenshots somewhere but I don’t remember how i reached out to them - if it was a service chat, or email, or twitter, or clubhouse. I always check the network chatter on new sites I use - very enlightening about what they think of customers. A lot of times you see flags for things they want you or don’t want you to be, or what they want to upsell to you. Reactive sites put all kinds of logic in the front end where it doesn’t belong.
Thanks for elaborating! This is definitely not ok, and the response beyond unacceptable.
I've been an active user for a couple of years now and have substantial amount of information stored in Roam. I guess I should have known better than to have sensitive data stored in someone else's servers without encryption.
Time to explore Obsidian and see what the migration path looks like.
1 reply →
That does seem very shady, did you at least get a written apology from him/his boss?
Forget an apology, was there any accountability?
Have they clamped down on employee access? Was this "new employee" let go for accessing user data without any apparent reason?
Hey, Baibhav from the Roam Engineering team here
Relevant reply here: https://news.ycombinator.com/item?id=44038085
1 reply →