Negligent default settings for doc sharing - why is nobody bothered by this?

Hello everyone!

I love Coda and find it a revolutionary tool. Whenever possible I try to do my work in Coda and in the meantime I have also been able to inspire numerous colleagues in the education sector with Coda. But there is something that bothers me incredibly and I can hardly imagine that I am alone with it, because it really leads to very unpleasant situations. Unfortunately, my posts in the Suggestion forum go unseen. Perhaps because many Coda users are not even aware of the problem and, like me, only notice it when it has already led to unpleasant situations. The most important default settings that are set when sharing a doc are not only chosen carelessly, but are also only apparent at second glance. Here are the most negligent default settings according to priority:

1. editors can administer access and publication rights by default. This makes no sense as a default setting! I want to have the administration rights for my document, I don’t want editors to be able to administer the rights of MY document by default.
   

   

   Copies and Permissions598×563 79.1 KB

2. editors can also “unlock” a document by default. This also makes no sense - because as a doc maker I can already define the locking settings in detail. There is no reason why users of my document should have the right to bypass these settings by default. So why should I set the locking at all if every user can bypass it by default anyway?
   

3. allowing copies of my document by default. As a doc maker, I don’t want it to be automatically assumed that if I copy parts, they can simply copy the whole doc. Common sense dictates that I want to consciously agree to the possibility of copies, not consciously prohibit them.

4. making it discoverable by default. Here too: Why assume that I want to make every published document automatically visible and copyable to everyone in the world, collected with all others on my Coda profile? This is dangerous, especially for new users who are not aware of this.
   

   

   Discoerable by anyone424×859 112 KB

And that’s the worst thing about all this - Coda is shooting itself in the foot: These settings are all hidden in a submenu. I even know experienced users who were completely shocked when I told them this. Why hide such fundamentally negligent settings, which actually require the explicit consent of the user, in a submenu?

For me, these are not “suggestions” that need to be discussed, I can’t understand how Coda wants to hold a vote on them. The current approach has only disadvantages and will at best lead to unpleasant situations, at worst to business-relevant damage.

Why is nobody here bothered by this apart from me and my colleagues?

Why?

Because different people and different teams have different design departure points.

Yes. And That’s exactly why it is negligent to assume these terrible default settings that are hidden in a submenue are doing any good. It’s like Microsoft making it default that everytime you share a Word file with a shortlink it is shown on your public Microsoft profile. Or everytime you share a file, Editors can admister and change your file permissions. People are not bothered because nobody I ever told this already knew before that these are the default settings. If it’s such a problem to, then please at least don’t hide these crucial settings in a hidden submenue.

Agree to this potential unobvious privacy-nightmare, it should rather be a visible opt-in feature rather than hidden opt-out feature

Exactly! Thanks! The new “full doc in doc”-integration makes this even more urgent. It only takes one user who does not know or forgets the submenu to cause major damage to the entire organization. Even for experienced users, having to be constantly on guard and not forgetting to change every single one of these default settings every time is a huge disadvantage.

Hello @Huber_Stefan_Werner ,

I agree fully with the default settings - my wish would be that we can set whatever we want the defaults to be for our own ecosystem.

And although I don’t understand why we are not heard by @Coda_hq (it should not be that hard to fix this), I do understand where Coda is coming from, or at least I think I understand.

Coda was build as a collaborating tool, where you share pages, doc and clusters of docs with partners, where everyone has (had) pretty much equal rights. That is a Coda choice and Coda is entitled to make it’s own choice.

As the eco system grew into what is today, the user base changed too. Over the past couple of years a lot of options have been added to make the doc a lot more secure regarding unauthorized sharing, protecting tables and table content against accidental changes.

We are not there yet, I have written about quite a few things that would make life easier for us makers (like printing options, really hiding data, an option to kill the search bar or change the way it works, etc.). But you can build a doc like an app that is pretty useable in a lot of environments. Yes, you have to find your way around to set it up properly (like all the things you mention), but at least it can be done. It is a one time deal per document and most people only share so many documents.

So, even though I agree with what you say and I keep hoping for better control of defaults, it is our choice to work with Coda and accept some if the choices they made or the time they take to change things around. We can always switch to another Low- or No-Code tool, but the grass is not always greener somewhere else.

Let’s not forget to weight the good against the bad - for me, I stay with Coda and hope that some stuff will be addressed as time goes by.

Greetings, Joost

After a recent experience, I can now definitively reject this argument. The default settings pose a serious security risk that even professionals often fail to recognize—until it’s too late. Some students are now getting a kick out of destroying public templates and documents in the Coda Gallery that were created by professional document creators who are complete strangers to them. The setting that allows any editor to change doc permissions and locking settings by default is primarily responsible for this. Of course we can philosophize for hours about the philosophie of collaboration, but the fact remains that professional coda creators around the world now have broken templates, forms and documents just because some young students are having some fun with codas negligent default settings.

High school students are the worlds greatest trolls.

Well, I manage to access the Azure data of some makers by keeping the Coda devault settings in their source document for the form. Edit Layout - add person column, change privacy to include people and voila - i can Access even Codas own Azure data. Can we please stop dismissing this issue as a funny school troll problem? Coda is supposedly also used by companies.

image824×211 18.5 KB

It takes one single user who forgets to change the Coda default setting in one single document and everyone now has access to the whole damn workspace data of the entire organization.