Notesnook has a serious privacy issue that no one seems to have noticed. And it’s that it always generates the same public link when you publish a note. If you unpublish a note, and then republish it, it won’t generate a new link but the identical one you had before.
I use Notesnook to send private notes to people via e-mail or via social media. I don’t just send private notes to people I know, but also complete strangers on the internet.
HOW IT WORKS
The way you send a private note in Notesnook is by writing whatever sensitive information you need to write in the note, publish the note, and share the URL with the recipient. You can set limits to the note, in that the recipient may only be able to see it once, or it may require a password.
THE PROBLEM
All that is well and good, but the problem is that once my note is unpublished, ie once it expires and the recipient no longer has access to it because the link won’t work, it will work again if I republish the note. That’s because the URLs are identical.
Every time you publish the same note on Notenook, the URL link for it remains identical. It never changes.
PROTON PASS & 1PASSWORD DON’T HAVE THIS PROBLEM
On 1Password and Proton Pass, you can create a public link to share your login credentials for a website with someone you trust. That public link will expire after a certain period of time or a certain number of views. However, if a week or months later, you decide to share the same login credentials with someone else, the public link that you generated will be completely different from the first one that expired.
NEITHER DOES FILEN
Filen has the same security measure. Every time you create a public link for the same file or folder, the links are different, so that anyone you had shared that file with in the past, will not be able to use the old expired link to access it. That is not the case with Notesnook.
THIS IS A SECURITY AND PRIVACY ISSUE
Notesnook always generates the exact same, identical link every time you unpublish and re-publish a note. So if I sent a private note to someone a year ago that expired, and sent the same private note to someone else today, the first person can still read that note if they click it in the same time window.
I don’t like that. A lot of times, the information that I have to send someone via a private note is the same. Hence, I’m not going to create a new note every time I need to send someone my phone number or my email via private note.
Notesnook needs to fix this.