Data sovereignty and privacy - More of it please

The summary of your Data Policy insists on privacy and sovereignty.

I came to test your tool as a Diigo user on Firefox. I was used to the tool (Diigo) collecting data only if I took action. After a while, I realised that your default setting makes your tool record and index pretty much all my browsing.

I think the default is wrong. I’m aware I skipped something (a startup wizard) but the default should protect my privacy better. You probably consider that, well, this is local to my computer. What if e.g. “my” machine is my corporate computer, or a friend’s computer, or whatever… The default should be: nothing is stored unless the user takes explicit action with your tool. You might think that the browser records the history anyway. Well, actually, the user might have changed the settings of the browser to NOT record the history.

I went through the settings to find a “delete my data” button. I found none. It could be added on the “Privacy” tab, next to the statement that “Your personal data is yours”. The data is supposedly mine, but I couldn’t find exactly where it is stored, and I was not given an easy way to delete it. Maybe Memex deletes all data when the firefix extension is uninstalled, but I’d rather not rely on that assumption.

Sorry for the bad vibe. For the rest, even though I couldn’t test much, what I saw impressed me. Congratulation and good luck.

Cheers

Firefox 68.0 ESR. Memex extension downloaded yesterday.

We highly value your data ownership & privacy. We don’t just say so. In fact Memex was built around giving you maximum data ownership and sovereignty. All personal data stays on your computer if you don’t choose to share it with someone or back it up to a provider of your choice

1 Like

I hadn’t mentioned it because it’s clear that the product is in early stages and has a lot of improvements in progress, but I feel the same about these issues.

IMO this would defeat the purpose of the product since the whole point is for it to index, organize all your browsing for you and make it easier for you to interact with it and turn it into a knowledge base. This is one of the things that differentiates it from other web annotation products like Hypothesis and LINER

1 Like

I see that as more of a personal use case question, @aadilayub – for my purposes the important thing is reliable and privacy-respecting bookmarking that works cross-browser/cross-device. (I’ve had both chrome and firefox lose bookmarks, with no clear indication of when or why, xmarks got shut down but it wasn’t very reliable to begin with, etc.)

I didn’t expect history indexing to be on by default, and initially didn’t want it, but now I’m finding uses for it after the fact, despite my initial impression. I do think it’s important to have an option to remove things individually or in bulk from the index, given the stated values and principles already mentioned.

Hello,

Thank you @dees and @aadilayub for sharing your views. I still feel the default (if the wizard was skipped) should lean more towards less data collection. But I now understand better that it depends a lof on the positioning of the tool. On Mozilla.org, the extension appears as "

Remember Everything You Read Online.
An open-source and privacy focused extension to Full-Text Search, Annotate and Organise your Web-Research"

The first sentence goes toward indexing everything, so, installing the extension might be considered as “opt-in”. Note though that my understanding of the second sentence is more towards indexing only what was explicitly “tagged” (annotated etc) for indexing (“your Web-Research” is probably not the same as all Web surfing).

Anyway, the default is less important if one has more control on the deletion of data. @dees idea is great. Data deletion should preferably NOT be “all or nothing”. The preferences allow to identify indexing preferences. It would be cool if the deletion feature would similarly allow to define the categories of stuff that should be deleted, based on the same categories as the indexing preference.

I think the default is wrong.

I can see where you are coming from and we have been internally debating about this too.
The problem was that most people expect the indexing by default based on the core value proposition of the full-text search. We could see a measurable increase in uninstallations and lots of feedback from people that were expecting the full text search to work, but then didn’t see any results. We could go other routes of for example showing notifications in other places of the tool, making people aware of the fact that their history is not yet indexed, but that introduces new development work that we currently can’t prioritise for. That may change in the future though, because we are soon working on a better onboarding UX.

I went through the settings to find a “delete my data” button. I found none

That could be explained a bit better. Basically in order to delete your data you just uninstall the extension, then all data is gone and you can start from scratch, if you like. We haven’t had people yet requesting their data to be deleted.

“Your personal data is yours”. The data is supposedly mine, but I couldn’t find exactly where it is stored, and I was not given an easy way to delete it.

Mhh we might need to phrase it better, but isn’t the first sentence saying it already:
“All your personal data is stored locally on your computer. Unless you share it, or back it up to one of your cloud services, noone will ever have access to it by default.”
What information is missing there for you? Really interested on how to improve it to remove any ambiguity.

Maybe Memex deletes all data when the firefix extension is uninstalled, but I’d rather not rely on that assumption.

Yeah that’s how extensions work usually. I see that we have assumed to much knowledge here and should communicate this better in our privacy policies.

Sorry for the bad vibe. For the rest, even though I couldn’t test much, what I saw impressed me. Congratulation and good luck.

Please don’t worry at all here. Data privacy is a very intimate and personal issue and being concerned about it, especially with nowadays prevalent practices, is absolutely understandable.

1 Like

I totally agree. One of our most pressing issues is to add a bulk-edit options for removing, tagging, starring and sorting pages/notes into collections.

For now you can use the blacklist option to remove items in bulk. It has a not-so-intuitively done/experimental feature that if you wait for a bit after adding a new entry it shows you a prompt with which you can delete all entries in your database that match this query. We have it on the map to overhaul this feature soon.

Nice to hear!

Intuitive UI is a big deal for onboarding users, but I think we can also generally get over that if the productivity is high after the learning curve, and there’s enough documentation around to discover everything. As a vim user, I’m very interested in streamlining my most frequent tool interactions into a minimal series of keystrokes that still have mnemonic value (but don’t sacrifice mouse-only interaction support either), and I’m ok with things being out of sight or non-obvious if they’re still learnable. There may be some strategic level thinking to do over which core audience you want more: the power users, or the mainstream users.

1 Like

“All your personal data is stored locally on your computer. Unless you share it, or back it up to one of your cloud services, noone will ever have access to it by default.”
What information is missing there for you? Really interested on how to improve it to remove any ambiguity.

Thank you for your time and interest. I was expecting to find, somewhere, the physical folder for the index etc (possibly as a relative path based on my firefox profile); so that I could have deleted “the index”. Now that you have clarified that the data will be deleted by deleting the extension, this is less important. Note that, assuming the user would have configured the extension to work the way she likes, she would probably rather have a feature to delete just the “personal” data (index), allowing her to keep the extension and all its configuration.

By the way, you emphasized “noone will ever have access to it by default.” This is correct only as long as your focus is on GAFAM and the likes. AFAIK, the Memex extension does nothing to prevent access from anyone who has access to my user directory on my computer (think kids at home, IT admin at work; think encryption). Assuming the user has configured the browser to not record the history, the extension probably creates a (local) data leak. Same if the extension indexes the sites that were visited in incognito mode.
Now that I better understand the app, its positioning and maturity level, it is mostly fine by me. But with my background (I came to Memex in a rush, from https://alternativeto.net/software/diigo/ ), only interested in highlighting, it came as an undesirable surprise at first.
I’m impressed by your commitment and willingness to exchange ideas. Thank you. Best wishes.

1 Like

Agreed that that would be a preferable option, but we don’t have the (wo)man power right now to implement it. Simply other priorities.

This is correct only as long as your focus is on GAFAM and the likes. AFAIK, the Memex extension does nothing to prevent access from anyone who has access to my user directory on my computer (think kids at home, IT admin at work; think encryption)

Indeed there is always multiple threat vectors. In our case we can for now only focus on making the economics of our company and the technology of Memex in such a way that at least you are secure from us taking your data. Encrypting indexes is very hard and we can’t put up the effort to do that right now. We assume that you are using Memex on devices where you trust your environment.
Also Memex does not index pages you visit in incognito mode.

Indeed we think that our core target group for now are people who are experienced with other tools of knowledge management, and those who run into limitations in terms of flexibility of organising and recovering bigger amounts of online research.

Since we are now coming to an end of the work on the sync between devices, we are going to focus on smoothing out the UX and fix all the tiny, but sometimes important, bugs Memex still has.

Any UX issues you encounter are again much appreciated to know :pray:

1 Like

Very useful. When someone told me about WorldBrain, my first reflex was to think of Hypothes.is and #OpenAnnotation as a standard. Was going to ask on Twitter about differences between [h] and this Vannevarly-named tool. This short post makes things much clearer for me.