In 2019 I recall writing a negative scree concerning Coda search. It was shortly after a scathing review of Airtable search. I was in a bad mood and my AI team was just getting into Coda. Search. Of course, in 2019, it was pretty bad.
My commentary now a half-decade ago (which I cannot seem to put my fingers on because search is so shitty), underscored a basic idea - the security context of the user.
I spent a fair but of time a Verity (the 1990’s enterprise search engine company) and the one thing they were absolutely driven by is knowing that the discovery of a document titled “1998 Layoffs”, would be deemed a security breach even if no one could actually access the document. Ergo, the security context of each user must dictate information access.
Coda doesn’t seem to share this mantra, nor does it appear to have an architecture that makes this possible, else, it would exist. As such, I believe the problem is much bigger than we are able to realize, and Coda is simply too fearful to reveal the underlying technical challenges. But one must ask …
If you’re building the all-in-one app that supports a variety of variant object types and objects within other objects, why was this development effort not buttressed with a vast collection of security-related requirements?
While I agree that disabling search altogether may eliminate problems for certain customers, the underlying porous architecture remains. The only reasonable security model from my experience is to assert accessibility at the document level, and even that still has some risks.
I’m also dismayed that most of the vendors continue to come at this challenge without a unified mapping of information objects in the context of each user. If they were, the very idea of a hidden page would be unnecessary. In my view, the bigger mistake was thinking that hidden pages were a good idea. We’ve all come to learn that this was a really bad idea. And now we think it’s a feature that encourage Coda to lean into; also another bad idea.
Hiding objects and pages should be reserved to satisfy requirements of visibility and UI simplicity. Not access control. That’s the mistake.