Privacy Issue with Collaborator Activity Visibility Needs Urgent Attention

Description of the Issue:

When a user clicks on another collaborator’s icon within a Coda document, they are immediately taken to the exact page and modal that the collaborator is viewing or editing. This happens regardless of any access restrictions or table filtering rules set to limit visibility, such as information meant only for specific individuals or roles. This feature can inadvertently reveal sensitive or private information to unauthorized users, posing a significant privacy and security risk.

Steps to Reproduce:

  1. Open a Coda document with multiple collaborators.
  2. Click on a collaborator’s icon.
  3. Notice that you are navigated directly to the content they are viewing or editing, bypassing any set filtering rules or access restrictions.

Expected Behavior:

The collaborator activity feature should respect table filtering rules. Users should not be able to see or navigate to content that is not intended for their role or access level.

Actual Behavior:

The current implementation allows unrestricted navigation to a collaborator’s active view, disregarding privacy settings and potentially exposing sensitive information.

Impact:

  • Violates user privacy and confidentiality expectations.
  • Bypasses access control measures, risking exposure of sensitive content.
  • Causes discomfort among team members, affecting their willingness to use the platform for sensitive tasks.

Suggested Solutions:

  • Enhance Privacy Controls: Introduce options allowing document owners to disable or fine-tune this feature to prevent unauthorized access to sensitive information.
  • Transparency and Guidelines: Provide clear documentation on how the collaborator activity feature works and its implications for privacy and security.

We are relying on Coda for its collaboration capabilities, but the security and privacy of our documents are paramount. Addressing this issue promptly will greatly enhance the trust and safety of using Coda for all users. Thank you for your attention to this critical matter.

1 Like

Hi @Yuriy_Mykhasyak. Coda documents load all information present in a document into the local webpage cache, even filtered table data and hidden pages, so documents should be designed with this in mind.

Separating documents by sensitivity/permissions and using cross-doc tables (or other cross-document syncing methods, e.g. embeds or packs that provide other methods) is typically used to manage this.

Enhanced permissions is on the coda roadmap, but we don’t know yet how that will impact change the current approaches, or when/if it will arrive.

1 Like

And just a note that there is also the page history, so deleting sensitive data may not be enough to remove it from visibility. If you delete data and then make a copy of the doc, the history will be cleared.

1 Like

Ad, thanks for sharing. I know this. We are not expecting a typical user to be able to read the cache. But just out of curiosity, they click on the collaborator icons and get to see their private content.
Cross-Doc is not a viable solution for the company with around 100 employees for documents with more than 10 tables. It may work for a few people, but I do not see how you can scale such a system.
I understand Coda does not prioritize business users, but this is a mistake.
Each business can introduce Coda to dozens and hundreds of users.
And people move to Coda from Notion because they expect it’s much more powerful.

One possible workaround:

  • There is no collaboration feature in the sync doc or published doc.
    We may just need a control to hide the ability to get to the source doc from the published doc ( Edit Doc button)

I got a reply from support saying that they think it’s not a bug and have no plans to do anything with it.
It’s a bug.
It applies User() filters for the table views and ignores this filter on the row view.
The feature is broken.
Coda is leading users to the false belief that you can build apps for enterprise HR teams here.

Hi Yuriy, thanks for the feedback and suggestions. We’ve shared it internally with the product team.

2 Likes

Thank Brian. Is there any chance we will have this fixed anytime soon?
We had to cancel our performance management process in the middle and move back to the previous software due to this privacy issue.
People could see anonymous reviews, and a lot of complaints were raised.
Thanks!

1 Like