I use Joplin because its privacy focussed. I trust Joplin would not directly transmit my note contents to remote servers without my knowledge unless venerability has been exploited in my OS or Joplin. Without its focus on privacy, Joplin will lose its unique value to me and many others. The people arguing that Joplin should not prioritise privacy because it only serves a small user base, are making a seemingly sound, but destructive argument. While people who use Joplin because they like its editor can use Evernote with slight annoyance, people who want privacy will have very few to no options. Just because you do not want privacy now, does not mean you won't want it later on.
Should Joplin focus on 'what the userbase wants?' with guesstimates of what percentage of user want something or maintain what it has to offer more uniquely than other projects?
Privacy is not just a bonus, its a matter of ethics as far as software development is concerned. Should you allow Google to collect risky amounts of data as it might threaten our freedom in the long run, irrespective of whether people care or not? Just because people do not care, does not mean they should not care, does not mean that their demands, no matter the percentage demanding, should not be considered valid and worth catering to? For example, ramps for disabled need to built, despite the percentage of people benefitting from them is very small. Should not the people who care be ready with options for when the public becomes more cognizant of the importance of privacy?
However, the more important point is whether these calls to Google Servers are a privacy risk or not, and if they are, to what magnitude. The privacy risk level corresponds to the sensitivity of information that can be deduced with the help of data collected. Here it is important to know what data is being sent and can the user verify what data is being sent by looking at the code? What is the potential maximum amount of data being sent if the data being sent cannot be verified from the code? Can it included note content or not? As for trusting the devs, in this line of buisness, paranoria is not always unjustified. What is the possibility of underhand deal to quitely siphon off data of your privacy focussed app. Not saying anything like that is going on, but is there any way to properly put this beyond the realm of possibility without an analysis of what data is sent and to whom? The data of those seemingly looking for privacy is of great value. Having said this, I will like to state that I highly value all the work that has been done with Joplin and I respect and admire the dev(s?) and contributors very much I stated that possibility not to throw shade on wonderful people but to achieve clarity about what people might be worried about so that an adequate solution might be found.
Beyond just the reality of privacy, there is also the mental comfort level. Many people are paranoid, as they are not able to calculate the actual risk posed to them by Google data collection. They just want to feel safe. Sometimes feeling safe can also be very important. So, if it is assessed that Google server calls are not a substantial privacy risk, that assessment needs ideally to be available either in form of a pinned post or
a section in the privacy policy. This will give people a ready reference each time they feel challenged on privacy aspects of Joplin. All this panic over Google server calls might just be down to lack of knowledge about how software works. People like me feel helpless in a software infused world, with no concrete idea what reasonable limits of something might be.
5 Likes