Description of the Issue:
When a user clicks on another collaborator’s icon within a Coda document, they are immediately taken to the exact page and modal that the collaborator is viewing or editing. This happens regardless of any access restrictions or table filtering rules set to limit visibility, such as information meant only for specific individuals or roles. This feature can inadvertently reveal sensitive or private information to unauthorized users, posing a significant privacy and security risk.
Steps to Reproduce:
- Open a Coda document with multiple collaborators.
- Click on a collaborator’s icon.
- Notice that you are navigated directly to the content they are viewing or editing, bypassing any set filtering rules or access restrictions.
Expected Behavior:
The collaborator activity feature should respect table filtering rules. Users should not be able to see or navigate to content that is not intended for their role or access level.
Actual Behavior:
The current implementation allows unrestricted navigation to a collaborator’s active view, disregarding privacy settings and potentially exposing sensitive information.
Impact:
- Violates user privacy and confidentiality expectations.
- Bypasses access control measures, risking exposure of sensitive content.
- Causes discomfort among team members, affecting their willingness to use the platform for sensitive tasks.
Suggested Solutions:
- Enhance Privacy Controls: Introduce options allowing document owners to disable or fine-tune this feature to prevent unauthorized access to sensitive information.
- Transparency and Guidelines: Provide clear documentation on how the collaborator activity feature works and its implications for privacy and security.
We are relying on Coda for its collaboration capabilities, but the security and privacy of our documents are paramount. Addressing this issue promptly will greatly enhance the trust and safety of using Coda for all users. Thank you for your attention to this critical matter.
3 Likes
Hi @Yuriy_Mykhasyak. Coda documents load all information present in a document into the local webpage cache, even filtered table data and hidden pages, so documents should be designed with this in mind.
Separating documents by sensitivity/permissions and using cross-doc tables (or other cross-document syncing methods, e.g. embeds or packs that provide other methods) is typically used to manage this.
Enhanced permissions is on the coda roadmap, but we don’t know yet how that will impact change the current approaches, or when/if it will arrive.
1 Like
And just a note that there is also the page history, so deleting sensitive data may not be enough to remove it from visibility. If you delete data and then make a copy of the doc, the history will be cleared.
1 Like
Ad, thanks for sharing. I know this. We are not expecting a typical user to be able to read the cache. But just out of curiosity, they click on the collaborator icons and get to see their private content.
Cross-Doc is not a viable solution for the company with around 100 employees for documents with more than 10 tables. It may work for a few people, but I do not see how you can scale such a system.
I understand Coda does not prioritize business users, but this is a mistake.
Each business can introduce Coda to dozens and hundreds of users.
And people move to Coda from Notion because they expect it’s much more powerful.
3 Likes
I got a reply from support saying that they think it’s not a bug and have no plans to do anything with it.
It’s a bug.
It applies User() filters for the table views and ignores this filter on the row view.
The feature is broken.
Coda is leading users to the false belief that you can build apps for enterprise HR teams here.
3 Likes
Hi Yuriy, thanks for the feedback and suggestions. We’ve shared it internally with the product team.
3 Likes
Thank Brian. Is there any chance we will have this fixed anytime soon?
We had to cancel our performance management process in the middle and move back to the previous software due to this privacy issue.
People could see anonymous reviews, and a lot of complaints were raised.
Thanks!
4 Likes
Hi Brian,
Any update? This is a very important issue to be solved. When I am developing something to a client, I need to say that the team actually cannot have any type of “secret” information, because everybody can see everything if just click on the person icon. It limits a lot of our work with Coda.
3 Likes
Absolutely agree 100%.
+1,000
This is such a security/privacy breach I cannot believe that this remains in software that would wish to be used in the enterprise. It is a complete show-stopper.
Setting a filter to restrict access to certain users (or more usefully, to all users who are in a dedicated list of admins) is certainly helpful eg this tip.
At the minimum, a doc maker should be able to hide the avatars of collaboration activity to all users of the doc.
Another security breach is that the editors can open the document settings and see the Doc Map. In my experience, new users to Coda who are exploring the doc and the interface click on these elements to familiarise themselves with Coda. They believe that ‘Doc Map’ is like a site map structure type element, when in fact they can click to navigate to any table in the doc, even inside hidden pages.
5 Likes
I reported this probably more than a year ago and yes, it still gives me some pain, and more importantly, it prevents me from building more critical apps. And I do not want to drown in a labyrinth of cross-doc tables.
A quick-fix would be adding an option for the doc owner to disable the avatar feature entirely. (In some cases restricting it to visible pages only would suffice, but that is more effort to implement.)
4 Likes
It’s a showstopper for more serious Apps that woud like to enjoy quite basic privacy features.
2 Likes
This is also a BIG issue for us. @Brian_Klein is there any news on that?
1 Like
Does this problem also apply to the enterprise plan?
1 Like
Any update on this? this is extremely important, as people can follow doc makers to see hidden pages, which is something that shouldn’t happen, ever.
No, as always. Still the same. Collaborators still can acces not only hidden pages but also surpass User filters.
Edit: I noticed a small improvement! The user filter can now only be bypassed for the individual row that the authorized user has currently opened, and no longer for the entire table. I used to be able to see the whole table via the arrows at the bottom of the detail view, now I can only see the row that the other user is currently looking at.
I didn’t hear any updates from Coda on the topic and decided to stop and code custom software. I do not see this as a priority for them. It looks like they want to compete with Notion, not app builders.
1 Like
hi @Stefan_Huber
Can you share a screenshot to explain in more detail what may have changed?
These updates are so important to all of us.
merci, Cheers, Christiaan
1 Like
A year ago I was able to circumvent the user filter for the entire table in the detail view by clicking through the rows. Now the filter stays - at least on the rows the admin has not opened.
3 Likes
that is interesting and avoids the user wanders around through the table, merci for this update and I hope Coda will make a formal statement soon! @Stefan_Huber
1 Like
