I have been trying to evaluate Quire for use in my own personal life and as a tool for the company I worked for. On inspecting the page, it is very clear that you're sending information on the tasks to doubleclick, which is a massive privacy violation, and not acceptable for company use.
Let me explain this very clearly: when working for a company, there is often important data that can't be released publicly -- names of clients and business partners or unfinished/experimental features, the types of information that you might often put in a task. If you put that information in a URL -- either as part of your API or as part of sending that information to advertising partners, you are potentially leaking company secrets to every router and any script kiddie using a packet sniffer in a cafe.
To reproduce:
- Open Quire in a web browser.
- Do "Inspect Element" in the browser. Scroll through all the javascript src includes for "googleads.g.doubleclick.net" and notice that it contains the project name, the board name and the first 17 characters of the task. This means that as part of requesting the script, that information is being passed in plaintext.
I am so disappointed in Quire. This is a huge breach of trust.
Updated: The issue is taken care of, please reload your browser to get the updated version of Quire. Thank you 😃
Vicky, Nov 6, 2019
Hi JL,
Thank you for bringing this matter to our attention. First of all, please rest assured that your tasks, projects and personal data will be kept safe, secure and private with Quire.
We use Google Analytics (involving googleads.g.doubleclick.net) to better understand Quire users and create a better user experience for our users. We initially have signed the Google Terms & Agreements so your personally identifiable information will never be shared with third parties. Quire commits to be transparent and straightforward without any hidden agendas about the use of users’ personal data.
However, we understand the Google doubleclick URL link might cause concern and insecurity for our users. We should have handled this matter more carefully from our end. Our developer team is actively working on this and we will release an updated version soon to get this problem taken care of.
Please rest assured that your data is carefully handled and protected with Quire. All traffic on Quire runs on SSL/TLS, the most powerful and trusted protocol for secure communications. The communication between Quire server and users is encrypted and cannot be leaked or tapped from the outside.
Again, we’re deeply sorry about this problem. Thank you very much for letting us know.
Vicky, Nov 5, 2019
😳
(deleted-IAMQ), Nov 5, 2019