![]() ![]() is included in since that list changed how it handles Spotify ad domains. How familiar are you with the the source code relevant to this issue?:ĭefault lists shouldn't block major non-ad functionality. The issue I am reporting isn't a duplicate (see FAQs, closed issues, and open issues).The issue I am reporting can be replicated.I have read and understood the contributors guide.On Windows and Linux this is powered by Hunspell dictionaries, and on macOS it makes use of the native spellchecker APIs.In raising this issue, I confirm the following: Here is another potential solution, according to this page: SpellChecker | ElectronĮlectron has built-in support for Chromium's spellchecker since Electron 8. So would a solution be to call this api with a dummy URL by default and to call the api again with either an alternate URL or the google one once the user has activated this feature? This would at least allow the user informed consent. If the files present in hunspell_dictionaries.zip are available at then you should call this api with ses.setSpellCheckerDictionaryDownloadURL('') If you want to override this behavior you can use this API to point the dictionary downloader at your own hosted version of the hunspell dictionaries. On a fresh install of Joplin on this platform I do not see any external data activity when Joplin is launched which is what I would expect.ĭoes anyone have an ios or Windows devices to test?īy default Electron will download hunspell dictionaries from the Chromium CDN. In this spirit, I did some preliminary testing with the Android app (v2.6.9) and I do not see any pings to Google servers. Let's focus on understanding the scope of the issue and what can be done to mitigate and come up with solutions. ![]() The effect causes a conflict with the privacy policy and remove the user's ability opt-out (or even better, to opt-in) to this data collection. There is a specific data leak to Google servers in the default Joplin application on at least one platform (Linux) that appears to have been introduced by an upstream project (Electron version 14?). ![]() I agree that demands on community based open source project are ineffective and issues should be approached constructively however earlier comments with pejoratives and discussions of donations are a bit off topic for the purpose of this thread. I do agree that 'demanding' a security expert isn't in the spirit of this community tho. ![]() In fact, it is listed as one of the only two recommended digital notebooks on Privacy Guides: Notebooks | Privacy Guides.Ī privacy orientated notetaking app that sends information to Google every time it is started has real privacy implications. I do think this is an issue that deserves our attention as one of the appeals of Joplin is a private and secure notetaking app. Also, a description can be added to this setting page under this checkbox that explains the privacy implications of activating this feature and so the user is given fair warning. I agree with laurent, at a minimum and as a stop gap measure the privacy policy wording would need to be updated to bring Joplin back in compliance with the policy.Īs a more medium term solution, perhaps the code can be updated so that these dictionaries are only downloaded or updated when the user specifically activates the spell checking feature from the settings above. This makes the issue even more problematic because most users will be unaware that Joplin is contacting Google servers on startup, especially with the current privacy policy that states the Joplin does not do this. There is no notice given unless the user checks the traffic being generated by Joplin in a application firewall log. The spell checking is not enabled by default (Tools->Options->General->Enable Spell Checking in Markdown Editor) however the Google servers are still being contacted every time Joplin is started. The leak happens regardless of if the user has enabled the spellchecker or not. I have never use the spellchecker either. There is still a need to deal with the issue. I never saw this request because I never enabled spellchecker. ![]()
0 Comments
Leave a Reply. |