Skip to main content

Dear Affinity, any thoughts why your Publisher app starts attempting to contact every page on my reading list/bookmarks/browser history including my health insurance provider on launch?

(You cunts.)

(Did I mention I fucking hate capitalism?)

PS. This is an app downloaded from the Mac App Store and it’s got a lovely, comforting, blue, Apple-approved checkmark to let you know that data is not collected. So it’s safe. *phew!*

#surveillance #capitalism #affinity #affinityPublisher #apple #macOS #BigTech #SiliconValley

Screenshot of the Little Snitch network monitor showing a list of sites Affinity Publisher attempted to contact on launch. The ones for their company related sites (starting with serif) were allowed. Others, to sites that were on either on my bookmarks or history, including vhi.ie, a health insurance company, were denied (by yours truly).
Screenshot of the Affinity Publisher 2 page on the Apple App Store. Under App Privacy, it says “Data Not Collected”
#capitalism #surveillance #apple #macos #BigTech #SiliconValley #affinity #affinitypublisher
This entry was edited (1 week ago)
in reply to Aral Balkan

ThisLeeNoble
ThisLeeNoble
Could this be a WebKit bug? Maybe Publisher is using a WebKit view and there’s a leaky sandbox or something.
in reply to ThisLeeNoble

Aral Balkan
Aral Balkan
@thisleenoble Possible. But why would even WebKit/Safari have to hit every URL unless they were crawling your links?
@ThisLeeNoble
in reply to Aral Balkan

ThisLeeNoble
ThisLeeNoble
I’m not an expert by any means, don’t even use Safari, but if those are in your favourites/reader list I can imagine Safari pings them all on launch to update ui indicators. Were there to be a poorly implemented API then maybe in some instances an innocent app loading a WebKit instance might trigger that same procedure unwittingly.
in reply to Aral Balkan

Olivier Forget
Olivier Forget
@thisleenoble Are these your bookmarks or something? Maybe it's preloading for more immediate display if you happen visit your bookmarks?
@ThisLeeNoble
in reply to Aral Balkan

Steven Op de beeck
Steven Op de beeck
can you see what it’s downloading? Maybe it’s just favicons for some WebKit view.
in reply to Steven Op de beeck

Aral Balkan
Aral Balkan
@stevenodb Favicons would make sense but, at least insofar as I remember from using web views for Better Blocker, I never saw such behaviour. Now have I seen it in any other apps to this point.
@Steven Op de beeck
in reply to Aral Balkan

Christofuzius
Christofuzius
@stevenodb I observed the same behavior for Affinity Foto and Designer. Started with the lasted update.
@Steven Op de beeck

Aral Balkan reshared this.

in reply to Aral Balkan

Matt × 🇳🇴 🇺🇦
Matt × 🇳🇴 🇺🇦
What app are you using to track those connections?
in reply to Aral Balkan

mathew
mathew
@gareth @matt FWIW I use Affinity applications (latest versions) with Little Snitch, and I don't see them attempting to call out to random web sites.
@Matt × 🇳🇴 🇺🇦 @Gareth
in reply to mathew

Aral Balkan
Aral Balkan
@mathew @gareth @matt Interesting. This was during the initial launch/in-app sign up process. Do you see it if you sign out and go to sign in again?
@Matt × 🇳🇴 🇺🇦 @mathew @Gareth
in reply to Aral Balkan

mathew
mathew
@gareth @matt In bed ill right now, but I can imagine that the signup might use embedded WebKit, and that in turn might ping your bookmarks to get and cache user icons.
@Matt × 🇳🇴 🇺🇦 @Gareth
in reply to Aral Balkan

DJGummikuh
DJGummikuh
well the checkmark only states that the devs are not collecting data from THIS app - apparently they collect data from everything else instead 😅
in reply to Aral Balkan

Me and my Arrow
Me and my Arrow
thanks for pointing this out. I was giving affinity a pass in LitttleSnitch because I thought the traffic was benign. Guess I’ll need to change my rules in LittleSnitch. BTW, I’ll bet adobe creative cloud is doing something similar.
in reply to Aral Balkan

Der Teilweise
Der Teilweise

Doesn’t happen here. 2.5.7, non-AppStore.

Did you write about it in their forums? Their staff actually reads reports there and they tag bug reports so a bot will add a comment when the fix is released. Quite the opposite of how Apple handles bug reporting.

Given how serious this is, I‘m convinced they will investigate it.

in reply to Der Teilweise

Aral Balkan
Aral Balkan
@teilweise Nope, uninstalled it instead. I don’t work for free for Big Tech. That said, I also don’t work for money for Big Tech so 🤷‍♂️
@Der Teilweise
in reply to Aral Balkan

Der Teilweise
Der Teilweise

Fair. Do you mind if I mention this thread on the forum?

I think this needs to be fixed and since this does not happen for everyone it might be worth making sure that Serif is aware of the issue.

in reply to Aral Balkan

Der Teilweise
Der Teilweise

I finally found the time to report it (forum.affinity.serif.com/index…), here’s the response by a user marked as “staff”:

“From speaking to the Dev team, this will be Apple components doing their own checks. Affinity itself can't and doesn't read you browser bookmarks or reading list. This has also been reported for other apps as well, one of those reports is here (community.bitwarden.com/t/litt…).”

Of course I cannot verify this but it sounds reasonable.


Unexpected network connection, accessing bookmarks and reading list entries.

Referring to this post on Mastodon: The Affinity suite apps seem to access the bookmarks and reading list entries on start and try to access (all of) those websites.
Daniel Höpfl (Affinity | Forum)
in reply to Der Teilweise

Aral Balkan
Aral Balkan
@teilweise Thanks for checking. Good to know. Still don’t trust them though (they’re Canva now).
@Der Teilweise