Jump to content

Data security and protecting your paperless data


Jamie Todd Rubin

Recommended Posts

The two questions I get more than any others when it comes to going paperless are as follows:

  1. What about backups (if for some reason, Evernote was not accessible)?
  2. Aren't you worried about security/identity theft/etc.?

I was tempted to write a separate blog post for this but thought a post here in the forum would be good to better allow full discussion of these important questions. What follows is my personal take. Everyone has to gauge these issues for themselves. And let me be clear from the start: no one at Evernote asked me to write this post. This is based entirely on my own experience because I do get asked these questions a lot. Just look at the comment threads to the posts I've written.

Backing up paperless data

In all the time I've been using Evernote (well over a year) there has never been a time when I couldn't access my data. Evernote seems to have better uptime than a lot of other cloud-services I've used. In my day job, I'm a software developer and I know how difficult it can be to keep servers up and running. I give Evernote high marks for this so far. When they do have an outage, they announce it through several channels, among them:

That said, having worked in IT for 20 years, I've learned to plan for the unexpected. Here is how I ensure that I have backups of my data and access to my most important documents, even if Evernote is down.

  1. My data is not stored directly on my computer. At home, my data is not stored directly on my laptop but on a 1 TB external hard disk. If something happens to my computer, the data on the external disk is still safe and sound.
  2. My data is also backed up to the cloud. I use a product called IDrive which allows me to backup up to 5 machines and my WordPress website. The software works on Windows, Macintosh, etc. It runs nightly and I get an email when the backup is complete for each machine. I pay for a premium service that allows me to backup 500 GB of data. I think it costs me $150/year.
  3. Included in that cloud backup is the /user/[username]/Application Support/Evernote folder on my Mac. This is a bunch of local meta-data for Evernote that I can easily restore if I ever need to.
  4. Twice a year (usually 4th of July weekend and New Years) I use the "Export Notes From [Notebook]..." function to export all my notes (and related attachments) to an XML file that I store in a folder on the external hard disk (and which in turn is backed up to the cloud.)
  5. On my iPad, I have enabled the "Offline Notebook" feature for what I call my "Paperless Filing Cabinet" notebook, which is where most of my documents go. This allows me to access the notes and attachments in the Evernote app, even if have no Internet connection.

These five things provide me with all of the backup security I feel I need. Sure, there are things that can slip through the cracks here, but with the exception of item #4, the above provides me with good, reliable backups with almost no labor on my end.

Data Security, Identity Theft, etc.

I get asked a lot about this. The truth is I don't worry about this much. That might be naive on my part, but I have learned over the years that a few simple practices go a very long way to protecting data and preventing things like identify theft. Here are some of the practices that I use. I understand that some people feel more strongly about this than I do and again, you have to do what makes you most comfortable.

  1. I always use SSL when transferring data. Evernote uses SSL when data is transferred over the Internet to their servers. That means the data is encrypted over the wire.
  2. I always use strong passwords. A strong password is one that uses a combination of upper and lowercase letters, numbers and symbols and does not contain an English word. It is also long, more than 12 characters at least.
  3. I change my password frequently.
  4. If I feel like I need additional security, I can encrypt documents using some other encryption application before loading them into Evernote.

Of course, even the best practices can't always prevent a security breach. When I think about this eventuality, I liken it to the risk of someone breaking into my house and going through my (now non-existent) file cabinet. How can you protect against this? They've gotten through your physical security, they've breached your alarm system? What else can you do?

Not much. I do have a rider on my homeowners insurance that protects me against identity theft and I've made sure that rider is adequate to cover any possibly losses. But the truth is I'm not worried that it will come to that, just as I don't worry that someone will break into my house.

So there you have it! How I backup my paperless data and how I protect myself against unwanted intrusions. Have at it! Discuss! How do you handle backups? How do you protect your data? Are there better practices than what I've got here? I'm always interested in learning better practices and techniques.

Link to comment

Regarding security, I don't put anything sensitive in the EN cloud without password encrypting it. And since I have local notebooks that may have unencrypted, sensitive data, my EN database is stored in a Truecrypted container.

Regarding backups, I regularly backup my data to USB drives. And for many years, I've used Amazon S3 via Jungle Disk. The backup runs nightly. (I leave my computers on 24/7.) And I password encrypt my Jungle Disk "buckets". I don't like relying wholly on one backup, so that's why I use both. Plus, in the event of a hard drive crash, it's faster (and cheaper, if you pay for bandwidth to your cloud service) to restore from a USB drive that my not be totally current & then sync down the new files/changes from the cloud. (At least if you have very much data.)

Link to comment
  • Level 5

That's a nice summary. Thanks

My system involves:

  • Carbonite for off-site backup. It runs 24 hours a day and kicks in to find any changes whenever I am away from the computer for a few minutes. Cost is $50 a year.

  • For important documents, I store them in a local non-sync'd Evernote notebook. They do not get pushed up to the Evernote cloud.

  • Create manual backups of the .exb folder and local non-sync'd notebook at least once a week and always before installing an upgrade to Evernote.

  • LastPass manages my 80 passwords. There is no way I could possibly remember my 14 character passwords (example: nY9X*21TqSs&6$).

  • Importance of frequent password changes is subject to discussion. Pro for work related passwords. Con for personal passwords. I favor the side that does not believe it offers much benefit,

Link to comment

My backup scheme:

1st layer: Time Machine (backs up the entire machine hourly)

2nd layer: SugarSync (documents and Evernote as they are changed)

Super-critical items: Dropbox (which is also backed up by SugarSync and Time Machine) I use it in addition to SugarSync for a few files that change and need to be backed up quickly, since Sugarsync can have a lag as it runs through the upload queue.

Evernote: web, iPhone, iPad, plus all the above.

It's overkill but it's all automatic and requires no administration time other than the hassle of reminding iPhone and iPad to sync. A choice to do that by cable within iTunes would be really nice but I think the idea has been flogged to death on the forums and soundly rejected by management, for what is certainly a good reason.

Security: Strong passwords, not using dictionary words, and long. Roboform. Change occasionally.

Identity theft: Quicken checks bank account and credit cards every day, so I'll see any unusual activity.

Use SSL whenever possible.

Quit worrying about it.

Edit 12/30/11 : Roboform changed its subscription system without notice once too often, so I'm using 1Password (Mac, iPad, iPhone). Where has it been all my life?

Link to comment
  • 2 weeks later...

Regarding security, I don't put anything sensitive in the EN cloud without password encrypting it.

You mentioned this elsewhere and I felt stupid for not thinking of this sooner. All of a sudden I realized that I've been backing up to SugarSync (even before EN) and don't know what their encryption is (if any) to protect my data. Then the idea of knowingly sending all of my scanned docs to EN as well just raised my concern way too high. I've got medical docs, loan docs, financial statements, etc. Is it crazy to store all of that in the cloud without encryption? But the idea of using a 3rd party solution and also losing some search functionality brings me right back to where I'm at today. The whole reason I wanted to use EN for my scanned docs was for the search and tagging functionality (I suspect tagging would still work.)

2nd layer: SugarSync (documents and Evernote as they are changed)

Hummm.... I'm using SugarSync too (and loving it) for all personal files. I have NOT specifically included any EN folders and they don't appear to reside in "My Documents" in Win 7. Where is the local data stored?

Security: Strong passwords, not using dictionary words, and long. Roboform. Change occasionally.

I've been using Roboform for several years and absolutely love it. I've migrated all of my important credentials to completely random, complex passwords and don't have to remember a thing. Plus it syncs all that data between machines and stores the backup (Encrypted!!!!) in the cloud.

Link to comment

Is it crazy to store all of that in the cloud without encryption? But the idea of using a 3rd party solution and also losing some search functionality brings me right back to where I'm at today. The whole reason I wanted to use EN for my scanned docs was for the search and tagging functionality (I suspect tagging would still work.)

EN will not OCR/index any attachments like Word/Excel docs. It will also not OCR/index any encrypted data. (See this thread.) BUT...IMO, that's NBD b/c I rely primarily upon accurate titles/tags & keywords to find my docs. IDK if it's crazy or not to store sensitive info unencrypted My husband & I have Lifelock but I still prefer to be cautious b/c I'd rather not have to live through the hassle, even with Lifelock. OTOH, one of the EN employees (Heather?) stores all her info in EN w/o encrypting it.

I've been using Roboform for several years and absolutely love it. I've migrated all of my important credentials to completely random, complex passwords and don't have to remember a thing. Plus it syncs all that data between machines and stores the backup (Encrypted!!!!) in the cloud.

I've also been using Roboform for several years & also love it. Whenever I need a new password, I let it gen one - so nice!

Link to comment

My current major concern as a relatively recent adopter of EN (in addition to the above re backup security) is reliability of local storage of mission-critical notes. This is based on a recent experience of having lost 2 hours' worth of key data in a meeting when my Android smartphone crashed & rebooted. On re-opening the note it only had the stuff I had saved before the meeting, not the 2 hours' worth I had taken during it! Don't worry, I did a within-file search of all the files from that day in the EN folder, just to be sure it wasn't there somewhere. It wasn't.

Why is there not the option to autosave a user-definable number of local backup copy versions every so often as you go along? Without this facility, I cannot commit to Evernote, which seems really great in other respects. I need my note-managing software to be bomb-proof for my mission-critical notes; as it stands, I'm afraid EN isn't. Unless I'm missing something somewhere...

Link to comment

My current major concern as a relatively recent adopter of EN (in addition to the above re backup security) is reliability of local storage of mission-critical notes. This is based on a recent experience of having lost 2 hours' worth of key data in a meeting when my Android smartphone crashed & rebooted. On re-opening the note it only had the stuff I had saved before the meeting, not the 2 hours' worth I had taken during it! Don't worry, I did a within-file search of all the files from that day in the EN folder, just to be sure it wasn't there somewhere. It wasn't.

Why is there not the option to autosave a user-definable number of local backup copy versions every so often as you go along? Without this facility, I cannot commit to Evernote, which seems really great in other respects. I need my note-managing software to be bomb-proof for my mission-critical notes; as it stands, I'm afraid EN isn't. Unless I'm missing something somewhere...

Dude. If you need something bomb-proof, good luck with that. Every system is fallible. Every system. Even paper & pen which can be lost, stolen, damaged (spill a coke on your notebook), etc. The key is to find the most reliable system (hopefully a couple) & use it (them) with care. Then, if you still encounter data loss, you just have to accept that as part of life. (shrug). Keep in mind the reliability of note taking may involve several factors. Anything computer oriented has a host of them. If the hardware malfunctions, that can cause data loss, even with the best/most reliable software. ***** happens.

Having said all that, if I were taking "mission-critical notes" & wanted them as "bomb-proof" as possible, I would:

1. Investigate & use a process for a while to run it through it's paces to make sure the hardware/software works as I think it should & to acclimate myself with the hardware/software.

2. Have at least two "systems" in play. IOW, not rely upon one app or device.

IME, with "mission-critical" stuff I want to be as "bomb-proof" as possible, I use a Livescribe pen along with a low tech Olympus voice recorder. But this is an entirely different thread. In a nutshell, with the LS pen, I get audio/handwriting & with the Olympus, I get more audio. IOW, I have three "inputs".

BTW, this is seriously OT for this thread...you should have created a different thread.

Link to comment

I'm new to EN and concerned about security of my data going up into the EN cloud. Do you think keeping a Notebook of sensitive notes/documents local is a better way to secure the data. I'm not exactly sure how local notebooks work. I've done some looking around the forum here and correct me on this. With the premium EN account I could have a local notebook on one main home computer that I could add sensitive notes and documents (insurance policy, wills, real estate mortgage info etc.) This notebook would only live local. Besides not being able to sync this notebook with the web and other devices is there any other disadvantage of working this way? Can I still search and tag this local notebook.

Thanks

Link to comment

You don't need to be a premium user to have local notebooks. Local notebooks can be searched and the notes in them can have tags. As you correctly point out, they will not be synced with EN or your other devices, so you must back them up yourself.

Many users keep sensitive data in local notebooks. Others encrypt these notes and then sync them. And some sync everything, unencyrpted. It comes down to your level of comfort (and how sensitive your data is).

I'm new to EN and concerned about security of my data going up into the EN cloud. Do you think keeping a Notebook of sensitive notes/documents local is a better way to secure the data. I'm not exactly sure how local notebooks work. I've done some looking around the forum here and correct me on this. With the premium EN account I could have a local notebook on one main home computer that I could add sensitive notes and documents (insurance policy, wills, real estate mortgage info etc.) This notebook would only live local. Besides not being able to sync this notebook with the web and other devices is there any other disadvantage of working this way? Can I still search and tag this local notebook.

Thanks

Link to comment

I posted something similar thread under Windows and I've been reading all the links people posted on threads here.

It would be beneficial if Evernote had a bit more security that it apparently has today. I wanted to store bank statements and medical records using Evernote, but I will put that off for a while.

I know it's impossible to have bombproof protection. I know even paper is never safe. If someone REALLY wants your stuff, they can break into your house and get it. But that requires someone to know who you are and know what to get. In the cloud, it's easy for some punk @ass teenager to go fishing for any type of information without knowing who I am or what he has gotten a hold of.

1. Evernote should encrypt any information stored locally, like cache.

2. Evernote should require a password everytime you start it. After some time unused, password should be required again.

3. Information should be encrypted on the server and this should be clearly stated. I haven't found anything official, other that SSL encryption of the data stream.

4. You should be able to put passwords on certain folders and encrypt these without using any external apps.

5. You should be able to turn off any security measures if you so wish to do so.

I need to investigate this a bit further....for the moment, I think Evernote is best for recipes and pictures of stuff I don't want to forget ;)

S

Link to comment

In a nutshell, Evernote's focus is to ocr/index your notes so they are easily retrieved. That cannot be done if the notes are encrypted, since true encryption means EN would not have access to your encryption password. So it's highly unlikely more advanced encryption will be added any time soon, if ever.

As far as password protecting the app on your computer(s), as stated in the various threads, Evernote pretty much leaves that up to the user. Doubtful that will change other than maybe to have a PIN just to get into the app.

Link to comment

In a nutshell, Evernote's focus is to ocr/index your notes so they are easily retrieved. That cannot be done if the notes are encrypted, since true encryption means EN would not have access to your encryption password. So it's highly unlikely more advanced encryption will be added any time soon, if ever.

As far as password protecting the app on your computer(s), as stated in the various threads, Evernote pretty much leaves that up to the user. Doubtful that will change other than maybe to have a PIN just to get into the app.

I found this (here: http://michaelhyatt.com/is-your-data-safe-in-evernote.html)

"Evernote can encrypt sensitive data within a note. If you have something within a note that you want to keep private—passwords, financial information, counseling notes, etc.—you can do so by highlighting the data, right-clicking, and selecting “Encrypt selected text.” You will then be prompted to enter a password. In order to view that information in the future, you (or anyone else) will have to enter the password to do so."

Problem is, most sensitive documents are PDF's, not plain text (at least mine). So you can't encrypt it with this method. I don't really care for indexing these types of documents, it's more for backup/easy retrieval than fast indexing. I know what my 2009 tax return says, I just need it up in the sky.

That's why a way to create a folder within Evernote, that is encrypted as standard and you need a password (not a pin) to open. It's that easy...

Link to comment

In a nutshell, Evernote's focus is to ocr/index your notes so they are easily retrieved. That cannot be done if the notes are encrypted, since true encryption means EN would not have access to your encryption password. So it's highly unlikely more advanced encryption will be added any time soon, if ever.

As far as password protecting the app on your computer(s), as stated in the various threads, Evernote pretty much leaves that up to the user. Doubtful that will change other than maybe to have a PIN just to get into the app.

I found this (here: http://michaelhyatt....n-evernote.html)

"Evernote can encrypt sensitive data within a note. If you have something within a note that you want to keep private—passwords, financial information, counseling notes, etc.—you can do so by highlighting the data, right-clicking, and selecting “Encrypt selected text.” You will then be prompted to enter a password. In order to view that information in the future, you (or anyone else) will have to enter the password to do so."

Problem is, most sensitive documents are PDF's, not plain text (at least mine). So you can't encrypt it with this method. I don't really care for indexing these types of documents, it's more for backup/easy retrieval than fast indexing. I know what my 2009 tax return says, I just need it up in the sky.

That's why a way to create a folder within Evernote, that is encrypted as standard and you need a password (not a pin) to open. It's that easy...

I'm not sure what point you're trying to make here. Nothing new here. Yes, as has been noted before, Evernote provides TEXT encryption. However, that is not indexed. And yes, you can password encrypt PDFs with most PDF viewers. (As I posted earlier in this thread.) I do it quite often before putting the PDF into Evernote. Again, the encrypted PDF will not be ocr'd/indexed. My point is that EN will most likely never (or at least any time soon) add any more encryption than it has (with the text encryption) because it does not coincide with it's focus of ocr'ing/indexing your notes to make them easily retrieved and since files can be encrypted using the third party app of your choice. It's that easy...

Link to comment

Asking a question here: Sounds like if you don't care about OCR/Index of the file and you can lock the PDF with a password or encrypt the file then loading the file on the EN cloud should be fine. If you have good title descriptions or tags then you should be able to find the file easily. Seems like most of the files you don't need access to very often. How many times do you need to pull up your closing docs from a refinance on your iphone? My feeling is that I will keep these files on a local notebook and just back them up to several drives as part of my back up routine. Right now I have paper tax returns in files in my house. I plan on converting them to EN local notebook. But the fact is if I need to look something up from them I'd need to look up the paper files at home now anyway. I like the idea of paperless but do I need all those files up in the cloud to access at any moment? Not really.

Link to comment

Asking a question here: Sounds like if you don't care about OCR/Index of the file and you can lock the PDF with a password or encrypt the file then loading the file on the EN cloud should be fine. If you have good title descriptions or tags then you should be able to find the file easily. Seems like most of the files you don't need access to very often. How many times do you need to pull up your closing docs from a refinance on your iphone? My feeling is that I will keep these files on a local notebook and just back them up to several drives as part of my back up routine. Right now I have paper tax returns in files in my house. I plan on converting them to EN local notebook. But the fact is if I need to look something up from them I'd need to look up the paper files at home now anyway. I like the idea of paperless but do I need all those files up in the cloud to access at any moment? Not really.

I agree with everything you said. Really, any time you may need to fork over sensitive data (tax returns, bank statements), any reliable company understands & you don't have to do it in 10 seconds or less. I still don't put bank/investment/credit card statements in the Evernote cloud. But I do have some tax returns & a few other docs with sensitive info in sync'd notebooks. Those I do encrypt. I think the only reason I put them in Evernote to begin with is just because I can and b/c there are some docs/info I'd like to have "at the ready" if I were out of town or I was having computer problems.

Link to comment
  • 3 weeks later...

Interessting... http://antivirus.about.com/od/securitytips/a/evernotetip.htm

Bottom line: storing unencrypted data on an Internet-facing server is not a great idea. With that in mind, following are seven of the worst Evernote (or any cloud-based storage) tips:

  1. I'm a teacher. I use @evernote to create individual portfolio files for each student, documenting everything.
    Why it's bad: Compromise of the teacher's Evernote credentials potentially exposes sensitive details on students, who also likely happen to be minors. This tip is not only a security risk to those students, it potentially has legal ramifications for the teacher (and the school at which they teach).
  2. Store credit card statements.
    Why it's bad: Credit card statements often include the account number. Exposure could lead to increased risk of credit card fraud.
  3. Store login names and passwords for websites (tag with Login to see them all together)
    Why it's bad: Attackers who gain entry to your Evernote account now potentially have access to all your online accounts.
  4. Build family medical portfolios including medical history, allergies, pictures of medications, receipts.
    Why it's bad: In the past, cybercriminals who have stolen medical information have sometimes blackmailed the victims. Unless this is information you would feel comfortable sharing with friends, neighbors or even strangers, it is best not stored in-the-cloud.
  5. Keep family social security numbers (and other info) in an encrypted note for easy, secure access.
    Why it's bad: Exposure leaves your entire family at risk of identity theft. This type of sensitive information is best kept in a locked file cabinet, not in-the-cloud.
  6. Keep router/firewall settings (addresses, passwords, open/closed ports, etc.) handy and nearby.
    Why it's bad: Attackers who gain access can use this information to reconfigure DNS settings on your router or enable their own access to your network.
  7. Take a photo of your passport and send it to Evernote. If it's lost or stolen, you can still show the embassy your info.
    Why it's bad: A photo of your passport makes it that much easier for counterfeiting. A safer bet would be storing only the passport number (in encrypted form).

I've done 5 of those and I AM concerned, because none of my questions/worries really have been answered satisfactory. All those things above, that's what Evernote would be insanely great...

Link to comment

Interessting... http://antivirus.abo...evernotetip.htm

Bottom line: storing unencrypted data on an Internet-facing server is not a great idea. With that in mind, following are seven of the worst Evernote (or any cloud-based storage) tips:

(snip)

I've done 5 of those and I AM concerned, because none of my questions/worries really have been answered satisfactory. All those things above, that's what Evernote would be insanely great...

Nothing new here. Security has been discussed ad nauseum on the board. Please search the board for the "wide open databases" thread, if you want more information.

Bottom line:

- EN allows text encryption. Doubtful they will add anything more, any time soon, since their focus is to collect & easily retrieve info. Indexing cannot be done on encrypted info.

- Anything else you want in the EN cloud can be encrypted via the third party app of your choice.

- EN is not a password manager. However you can add your logins & passwords in text format & encrypt them using EN's built in text encryption, if you wish.

- you can store sensitive data locally only (non-cloud), via either a Mac or Windows desktop, if you choose to.

Link to comment

Interessting... http://antivirus.abo...evernotetip.htm

Bottom line: storing unencrypted data on an Internet-facing server is not a great idea. With that in mind, following are seven of the worst Evernote (or any cloud-based storage) tips:

(snip)

I've done 5 of those and I AM concerned, because none of my questions/worries really have been answered satisfactory. All those things above, that's what Evernote would be insanely great...

Nothing new here. Security has been discussed ad nauseum on the board. Please search the board for the "wide open databases" thread, if you want more information.

Bottom line:

- EN allows text encryption. Doubtful they will add anything more, any time soon, since their focus is to collect & easily retrieve info. Indexing cannot be done on encrypted info.

- Anything else you want in the EN cloud can be encrypted via the third party app of your choice.

- EN is not a password manager. However you can add your logins & passwords in text format & encrypt them using EN's built in text encryption, if you wish.

- you can store sensitive data locally only (non-cloud), via either a Mac or Windows desktop, if you choose to.

Hmmm, I hear you I hear you.

But if this is "old" news and the forum has quite of similar topics, it appears to me as this is an area where Evernote could/should get better? If there's a market for it, you make it. If Evernote leaves this area as is, then it either must be a) design philosophy or :) lack of funds?

Link to comment
  • Level 5

But if this is "old" news and the forum has quite of similar topics, it appears to me as this is an area where Evernote could/should get better? If there's a market for it, you make it. If Evernote leaves this area as is, then it either must be a) design philosophy or :) lack of funds?

There are always people who want Evernote to do something else - ranging from bullet points, to outlines, to photo manipulation to more security.

It's hard to argue with Evernote's success (and their decisions).

In less than 4 years, they have a customer base of over 20 million users.

They were named Company of the Year by Inc. Magzaine last month.

It's not a "lack of funds", Read up on the amount of venture capital they've landed.

They've increased their staff and are moving to a new 5-story office

I've seen over 40 upgrades in the product over the past couple years.

Seems like their "design philosophy" is working quite nicely for them.

Link to comment

Based on the many concerns raised by users, security is a big issue, in fact it is one of the biggest issues when using cloud based systems and it should not be played down, regardless how successful the service is. A reputation of any cloud based service could very easily be destroyed if security related problems emerge. Also, concerns about security would stop many user from using the software to the full extent.

Personally I'm using Evernote because I want to go paperless and this involves storing critical information. Having said that, I'm following each Evernote update with lots of interest hoping that the issue around encryption would be addressed (encrypting notes or OCR search indexes). So far there hasn't been much news lately.

Providing the best security would probably help Evernote immensely as it could strengthen its user base. This is more about retention and strengthening its position rather than just growth.

Link to comment

Based on the many concerns raised by users, security is a big issue, in fact it is one of the biggest issues when using cloud based systems and it should not be played down, regardless how successful the service is. A reputation of any cloud based service could very easily be destroyed if security related problems emerge. Also, concerns about security would stop many user from using the software to the full extent.

Personally I'm using Evernote because I want to go paperless and this involves storing critical information. Having said that, I'm following each Evernote update with lots of interest hoping that the issue around encryption would be addressed (encrypting notes or OCR search indexes). So far there hasn't been much news lately.

Providing the best security would probably help Evernote immensely as it could strengthen its user base. This is more about retention and strengthening its position rather than just growth.

Security is not being downplayed at all. Evernote is not a backup system. If you want a secure, encrypted cloud backup system, you should use one. (Jungle Disk, Crashplan, Carbonite, etc.)

Evernote's focus is to collect, organize & retrieve bits of information from a variety of sources. Organization & retrieval is facilitated due to their indexing system. Indexing cannot be done if the data is securely encrypted because the cloud service does not have the ability to know your encryption password.

Security exists in at least two places...sending data and the data as it resides on the "cloud" server.

This particular post is addressing how the data is stored on a cloud server...

People tend to think Dropbox is more secure that EN. Dropbox tends (IMO) to propogate this fallacy. I've seen their blurb on security.

"All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password"

Any time a cloud service can tell you your password (click "forgot password') and/or can help you restore your data, your data is NOT secure from hackers. Do you think hackers are smart enough to be able to hack into a cloud server but not smart enough to figure out where the encryption passwords are located??? Although there is no 100% security from hackers, unless the data is encrypted using a password the "host" does not have access to, then your data is not very secure from hackers. IOW, if you do not provide a second, encryption password & you are warned that if you forget it, you will not be able to recover your data, then the "host" is storing the encryption password somewhere. And hackers can get to it. That's what they do.

Jungle Disk (a TRUE backup/encryption cloud) says, if you encrypt your "bucket" & forget your password, you are SOL. They cannot help you recover your data.

Truecrypt, another TRUE encryption app, also says, if you forget your encryption password, kiss that baby good by. They cannot help you.

Evernote states any text you encrypt in Evernote notes is not indexed...same reason as above. And if you forget the password, they cannot help you recover it.

So...if you feel comfortable putting something into Dropbox (without using a WINRAR'd file or Truecrypt container or some such), then you should feel equally comfortable putting that info into Evernote.

And from Dave Engberg, CTO of Evernote (emphasis mine):

Yes, "can't search encrypted content" is an intentionally abbreviated reply. The longer version would be:

If a server has access to encrypted data, and access to the keys required to decrypt that data (for searching, display on the web, etc.), then anyone who successfully attacks that server has access to your data. If someone can gain control of that server, then the encryption has absolutely no value (other than making things slightly inconvenient). The attacker can make the server decrypt the data and read whatever she wants.

Meaningless encryption offers the illusion of security, which is frequently more dangerous than intentionally and transparently omitting encryption.

The only "meaningful" encryption would require that Evernote does not have a copy of the keys to decrypt the data at all. I.e. we just store a big blob of data that can only be decrypted by a client that has the keys. This would mean: no web interface, no "thin" mobile clients, no image processing/OCR, etc. If you lose/forget your personal encryption key/passphrase, then your data is basically unrecoverable (since Evernote doesn't keep a copy of the key).

This is actually what we do for the "encryption" feature within Evernote ... if you select some text in a note and encrypt it, that is encrypted with your passphrase, and Evernote does not have any secret "back door" to read your encrypted data. This is why you can't search for the contents of encrypted regions from the web ...

I.e. you're talking about an opaque file storage service, like one of the secure backup services. Not "Evernote." While these sorts of services have their place, that's not what Evernote's consumer service aims to be.

Link to comment
Evernote's focus is to collect, organize & retrieve bits of information from a variety of sources.

BurgersNFries is spot on here. I use Evernote as part of an active and ongoing process to be paperless. I don't use it as a backup system. The stuff that I maintain in the cloud in Evernote is stuff that I think I'll have a good chance of needing or working with in the near future. When I don't think I'll be needing to access things online, I move them to a local notebook. This requires some work and management of documents, but that's my point: I use the software as part of an active and ongoing process.

Evernote is not to my knowledge a backup system. A backup system is like an insurance policy. It's not part of an active process, but it's there if you need it. I backup my Evernote data quarterly by exporting all of the notes to an XML files using Evernote's native export functionality. This file is the backed up to the cloud using my cloud backup software, but the key difference is that I can compress and encrypt the file before sending it off the cloud because I won't be actively searching it. It's there as insurance, in the event that my local systems fail.

Distinguishing between tasks that are part of an active process (e.g. managing documents in real time) and a backup is important to understand why security is implemented as it has been in Evernote.

Link to comment
  • Level 5*

i'd like to see encryption of everything on evernote's servers. however, i don't know what impact this would have on searches or overall speed. i am sure evernote wouldn't mind offering us more security, but there is probably a reason they don't. i don't have enough tech knowledge to speculate about this. has anyone from evernote said anything about it?

Link to comment

i'd like to see encryption of everything on evernote's servers. however, i don't know what impact this would have on searches or overall speed. i am sure evernote wouldn't mind offering us more security, but there is probably a reason they don't. i don't have enough tech knowledge to speculate about this. has anyone from evernote said anything about it?

Please read my post, two above yours.

And from Dave Engberg, CTO of Evernote (emphasis mine):

Yes, "can't search encrypted content" is an intentionally abbreviated reply. The longer version would be:

If a server has access to encrypted data, and access to the keys required to decrypt that data (for searching, display on the web, etc.), then anyone who successfully attacks that server has access to your data. If someone can gain control of that server, then the encryption has absolutely no value (other than making things slightly inconvenient). The attacker can make the server decrypt the data and read whatever she wants.

Meaningless encryption offers the illusion of security, which is frequently more dangerous than intentionally and transparently omitting encryption.

The only "meaningful" encryption would require that Evernote does not have a copy of the keys to decrypt the data at all. I.e. we just store a big blob of data that can only be decrypted by a client that has the keys. This would mean: no web interface, no "thin" mobile clients, no image processing/OCR, etc. If you lose/forget your personal encryption key/passphrase, then your data is basically unrecoverable (since Evernote doesn't keep a copy of the key).

This is actually what we do for the "encryption" feature within Evernote ... if you select some text in a note and encrypt it, that is encrypted with your passphrase, and Evernote does not have any secret "back door" to read your encrypted data. This is why you can't search for the contents of encrypted regions from the web ...

I.e. you're talking about an opaque file storage service, like one of the secure backup services. Not "Evernote." While these sorts of services have their place, that's not what Evernote's consumer service aims to be.

Link to comment

Thanks for all replies!

It was mentioned above that Evernote is not a backup system, which I totally agree. Personally I use it to offload all my documents electronically. Almost all paper gets destroyed once it's in Evernote, no need to keep it anymore because it's in a safe place. Having installed Evernote on both work and home computers, all notes & document scans are therefore stored on multiple physical location (Evernote server, plus 2 computers = triple protection), the data can't get lost. That for me provides more physical data safety than any traditional filing system. As for data security, your comments above make a lot of sense and perhaps it's not so much about whether data is sitting on a server in an encrypted way but rather important that the connections are secure (SSL) and a strong password is used. I'm now confident that this is providing the best mix of convenient access and security.

Link to comment
  • Level 5*

Thanks for all replies!

It was mentioned above that Evernote is not a backup system, which I totally agree. Personally I use it to offload all my documents electronically. Almost all paper gets destroyed once it's in Evernote, no need to keep it anymore because it's in a safe place. Having installed Evernote on both work and home computers, all notes & document scans are therefore stored on multiple physical location (Evernote server, plus 2 computers = triple protection), the data can't get lost. That for me provides more physical data safety than any traditional filing system. As for data security, your comments above make a lot of sense and perhaps it's not so much about whether data is sitting on a server in an encrypted way but rather important that the connections are secure (SSL) and a strong password is used. I'm now confident that this is providing the best mix of convenient access and security.

glad to hear. it sounds like you have a strong system in place. i think i may have mentioned it earlier, but i recommend strong passwords that are unique (not used on other sites) and changed regularly (i change mine every month or so).

Link to comment

No, I don't think the topic has been discussed ad nauseum. I am an Evernote newbie having just arrived. The power of this service is staggering. In addition to my own needs, I am a physician and care for thousands of people with memory impairment. As a neurologist, I am constantly advising people to obtain and use mnemonic assistance devices and this is the best I think I have ever seen.

I have been invited to and reviewed many online services in the past and have a tendency to read the user agreement and security policies. As you are all aware, most people do not. They use the services willy-nilly and assume, without any reason to do so and all evidence to the contrary, that information they have posted to a company's site is somehow magically protected. In addition, they assume that the company will use their information only in order to serve the visiting individual. Their presumption seems to be that these companies spend their money and resources for charitable purposes and the venture capitalists who invented the service temporarily ran out of ideas that might make themselves money and instead became absolute altruists.

Unfortunately for these presumptions, the skeptics (we call ourselves realists) notice that 1) altruists quickly run out of money and disappear from the web, 2) the monetization of web services is the largest growth industry in the world and the race to become the next Google is the wet dream of every software CEO in the world, 3) many web services have already betrayed privacy policies they themselves wrote only to rewrite them and expose or use information they explicitly stated they wouldn't a la Facebook.

Evernote's terms of use and privacy policies are in my opinion fair, laudable and clear. I am not an attorney nor do I play one on TV but the user agreements are far more favorable to the user than any other site I have reviewed.

Notwithstanding the above (how was that for legalese), Evernote needs to take the final step.

There is, of course, the standard disclaimer that Evernote may change its policies. For example, “we previously didn’t collect any personal information but now we are going to. The good news is that we are going to limit our collection only to sentences or image captions using the words husband, wife, girlfriend, and boyfriend. And "if Evernote should ever sell its assets, merge with another entity or file for bankruptcy, information collected from this web site and in the operation of the services may be transferred as assets of Evernote." It's the third to last sentence in the Privacy Policy. And it means everything. Maybe we love and trust Phil and Evernote but then they can’t make it or decide to sell out and make the fortune they deserve. How long will the policies remain in our favor?

Phil, I am willing to pay you for your brilliant, fantastic service and more than you are currently charging. I can live without HIPAA compliance (though I think you have an opportunity there). I am willing to recommend your service to all of my friends and family. I will post a link to your site on business’ links and refer my thousands of memory challenged patients to you. But you have to one thing first.

Make it permanent.

That's all. Make a commitment. Take a stand. Give us the “Everpolicy” for Evernote.

"If Evernote should ever sell its assets, merge with another entity or file for bankruptcy, information collected from this web site and in the operation of the services may be transferred as assets of Evernote but only under absolute conditions that the collected information will be treated in the same manner as the current Evernote terms of service and Privacy Policies specify." Commit to never selling us out and turning Evernote into another data mine.

The Wall Street guys won't like it. But your users will. And who knows? Maybe people will start moving their information from sites poised to sell out and those in the "building phase" to Evernote. The web service we can trust – forEver.

Thanks for your prolonged attention.

Link to comment
  • Level 5*
No, I don't think the topic has been discussed ad nauseum. I am an Evernote newbie having just arrived.

Just because you haven't experienced the ad nauseam part yet doesn't mean that it hasn't happened already. It might behoove you to seek out old discussions in the forums, so that the folks who generally contribute to such discussions don't have to do it again. Sometimes they will, sometimes they'll post links to relevant conversations, but a lot of this is fairly discoverable on your own. By the way, since you're new, you should also note that this is a user forum; while you do sometimes get feedback directly from Evernote employees (and it's always welcome; also, they do read everything as far as I can tell), the bulk of posts are by users like you and me, on our own time (and dime).

Link to comment

Thanks for the reply Jeff. I agree newbies can be irritating bringing along old topics without researching first. I believe I did that in this case and hope that I brought a fresh perspective to the general idea of web based service privacy based on the changeable policies of their owners. If I didn't then I apologize for the dime wasted and will happily retreat into the night quietly. Please direct me to the discussion on the permanence of web based service policies. By the way, I remain very impressed with Evernotes capacity and plan to use it regardless of the policy change. But without that change, my intent would be to use it only for things that I wouldn't mind exposing to the world - ever. Unfortunately, that does rather limit things, doesn't it.

And I did notice the tendency for the frequent and welcome presence of employees.

Link to comment
No, I don't think the topic has been discussed ad nauseum. I am an Evernote newbie having just arrived.

Just because you haven't experienced the ad nauseam part yet doesn't mean that it hasn't happened already. It might behoove you to seek out old discussions in the forums, so that the folks who generally contribute to such discussions don't have to do it again. Sometimes they will, sometimes they'll post links to relevant conversations, but a lot of this is fairly discoverable on your own. By the way, since you're new, you should also note that this is a user forum; while you do sometimes get feedback directly from Evernote employees (and it's always welcome; also, they do read everything as far as I can tell), the bulk of posts are by users like you and me, on our own time (and dime).

+1

Their presumption seems to be that these companies spend their money and resources for charitable purposes and the venture capitalists who invented the service temporarily ran out of ideas that might make themselves money and instead became absolute altruists.

I'm sure that's not the case. But I do agree that many people (fairly) new to the internet are unaware of security issues with not only their own personal computers (in the event of loss/theft) as well as cloud data (in the event of hackers)& that's what this thread is about. OTOH, it seems your post should be in a different thread, since you seem to be discussing privacy policy issues, rather than protecting ones data on a hard drive.

Please direct me to the discussion on the permanence of web based service policies.

I suggest you use the search function of the board (top, right) & search on say, "privacy policy". Using quotes searches for the phrase, rather than the words 'privacy' & 'policy'.

Link to comment

I see that you are quite the uber user from the number of posts you have made so I greatly respect your opinion. Having said that and at the risk of making you come over here, I researched privacy policies and privacy in several ways before and after arriving at this forum. With your advice, I went back and reviewed several hundred odd black helicopter posts about security of an individuals files. Many of the common sense and expert replies were from you and JBenson and I understand them without exception.

Nevertheless, the issue that I seem to have mistakenly placed in the wrong thread instead of starting anew is not whether someone will hack my data at Evernote or on my computer. I am and remain concerned about what Evernote will do with my data stored on their servers. I understand and agree with their described legitimate and laudible statements of what they collect and what they do with the information.

The remaining issue is still - how do you know that won't change and what if they sell their assets to another company?!! This is not an issue covered in the other posts. It is an important issue. And it is more important for sites like Evernote wherein people are invited to use the site as JBenson says, their second brains.

This is not a trivial or irrelevant question. Will Evernote make a stand regarding the long term disposition of inherantly private data and say, we promise forever or is it just going to be "In Phil we Trust?"

Link to comment
  • Level 5*

@pblummd

i assume you are talking about bnf, who is smiling while threatening to come over there. as i said in my post, you are looking for permanence where there is none. if en changes ownership, i am sure we will be informed, and we can decide what to do with our data, i don't understand what you are looking for: a promise from evernote to vigorously protect your data even after it ceases to exist?

an undead elephant?

do you have examples of companies that promise to protect your data in perpetuity?

Link to comment
  • Level 5*

I think that the simplest advice that I have seen is: do not put anything into Evernote that you wouldn't put into an email. Beyond that, to insure against policy changes you can a) encrypt portions of your notes using Evernote facilities, or :) add self-encrypted documents to your notes. You will be foregoing indexing on this content, but Evernote will not be able to read or sell it.

Me? I trust in Phil...

Link to comment
  • Level 5

Suggestion: Back up your data. Even if Evernote goes under, you can still run the program.

Some links that might be helpful:

Is your data safe in Evernote

http://michaelhyatt....n-evernote.html

Here is a site that has some helpful information on how to further protect your data.

http://www.40tech.co...ernote-updated/

Link to comment

I see that you are quite the uber user from the number of posts you have made so I greatly respect your opinion. Having said that and at the risk of making you come over here, I researched privacy policies and privacy in several ways before and after arriving at this forum. With your advice, I went back and reviewed several hundred odd black helicopter posts about security of an individuals files. Many of the common sense and expert replies were from you and JBenson and I understand them without exception.

Nevertheless, the issue that I seem to have mistakenly placed in the wrong thread instead of starting anew is not whether someone will hack my data at Evernote or on my computer. I am and remain concerned about what Evernote will do with my data stored on their servers. I understand and agree with their described legitimate and laudible statements of what they collect and what they do with the information.

The remaining issue is still - how do you know that won't change and what if they sell their assets to another company?!! This is not an issue covered in the other posts. It is an important issue. And it is more important for sites like Evernote wherein people are invited to use the site as JBenson says, their second brains.

So...what's your point? You agree with what's been posted regarding protecting files (the point of this thread) but you continue to post in a thread you're hijacking?

This is not a trivial or irrelevant question. Will Evernote make a stand regarding the long term disposition of inherantly private data and say, we promise forever or is it just going to be "In Phil we Trust?"

No where did I (or anyone) say this is trivial or irrelevant.

Suggest you not continue to ignore the various replies that have been posted to you. So far, you're coming across as trollish. JMO. YMMV.

Link to comment
  • Level 5

This is not a trivial or irrelevant question. Will Evernote make a stand regarding the long term disposition of inherantly private data and say, we promise forever or is it just going to be "In Phil we Trust?"

Phil has addressed this question with Evernote's 3 Laws of Data Privacy.

In case Evernote folds or is taken over - Your data is yours, it's protected and it is portable.

Evernote's 3 Laws of Data Protection

http://blog.evernote...ata-protection/

.

Link to comment

Thank you JBenson for the link. I like the Three Laws idea. And it is certainly comforting. I hope it is enough. Of course there is the irony of the choice of titles as in the Isaac Asimov's Three Laws of Robotics.

To GrumpyMonkey, yes, I do know of such a business. My business. I am a physician. After centuries of being governed by a moral code, medicine is now endowed with HIPAA - a privacy act intended to make your medical records private and portable. Hmm, go figure. Imagine I saw you as a patient and recorded intimate details of your life in your medical record as they became necessary. When you last wet your bed. When you were treated for a sexually transmitted disease or for depression following the death of your dog. Please don't get me wrong. These are serious problems - all. And I guard these secrets and millions of others without fail.

Now, I am going bankrupt - say because Medicare has cut payments by 27%, which I believe, is scheduled for March 1. What will I do with your records? I would think you might be concerned. There are a lot of people and businesses who would pay me for the material. I followed HIPAA while I was seeing you but now I am bankrupt or retiring (a more pleasant thought) and what happens to your private records is, as you say, really of no concern to me. So I sell the records to the highest bidder. Maybe to a hospital or insurance company.

Are you OK with this? I can tell you that doctors are not and we would never do any of the above. I had to drink some Vodka just to write it. But you seem to think that most businesses would not attempt or even want to protect your privacy.

And to BNF, I apologize. I don't know what trolling in this context means but I certainly understand highjacking. Your point is that despite my admiration, my sin of posting in the wrong place has earned your disgust. I apologize again and will retire. Sorry to have disturbed.

Link to comment
  • Level 5

I can tell you that doctors are not and we would never do any of the above.

Doctors are starting to turn on Obamacare.

http://www.usatoday....paca/52650852/1

It looks like the Supreme Court is going to give Obamacare a full-screen press at the end of March. Let's hope their decision comes down quickly - to squash both the individual mandate and the Presidential re-election.

http://www.washingto...ss=rss_opinions

Link to comment
  • Level 5*

lol. well color me crow. or not.

my medical data is governed by lots of laws that don't have much to do with what you do or do not want to do. federal ones, in fact. you'd be committing a serious crime, not to mention jeopardizing your career, if you told people i still wet my bed.

evernote is a company, like lots of others, that handles confidential data. do you know of another company that will promise you this protection in perpetuity?

i think they give tou a pretty robust and clear statement about how they treat your data.

Link to comment

my medical data is governed by lots of laws that don't have much to do with what you do or do not want to do. federal ones, in fact. you'd be committing a serious crime, not to mention jeopardizing your career, if you told people i still wet my bed.

Yup.

Link to comment
  • 3 weeks later...

This is interessting, even if it is is ad nauseam for some early adopters. But hey, it's better then experiencing the flipside of early adoption....loss of data or severe security issues. Only through dialog and discussion can two sides reconcile their differences :)

Perhaps, a good and simple solituin for Evernote is to produce a pdf or a specific webpage dedicated to this issue to clarify their stance on the issue? This is what Evernote is for (security wise) and this is what it currently isn't best suited for. Now, all this is prob found throughout the website, but it would be easier to have something labled "SECURITY AND PRIVACY OF YOUR DOCUMENTS" etc....

At least, a lot more intelligent has been said in this thread than the others so at least it's a resource for newer newbies.

Link to comment
  • 2 months later...

Okay. I'll post something here.

The Evernote idea is about extending your brain. I decide when and to whom to share stuff in my brain. If Evernote is really about extending my brain, then I should have full control over the content in Evernote forever.

Phil Libin has committed Evernote to be a 100 year company and said that he envisioned working at Evernote for the rest of his life, according to statements he made in an interview at Stanford University which can be heard through Entrepreneurial Thought Leaders series entitled "No Exit Strategy for Your Life's Work - Phil Libin (Evernote)" dated 10/12/2011. Description in image below.

post-89840-0-74725000-1335103488_thumb.j

I think if Phil Libin can make the 100 year company commitment, he can make the your data is yours forever commitment too.

Evernote's "Three Laws of Data Protection" posted by Phil Libin on March 24, 2011, is this kind of commitment. Now, is this language also in the Evernote privacy policy?

I'm going to read it.

Link to comment
  • Level 5*

Okay. I'll post something here.

The Evernote idea is about extending your brain. I decide when and to whom to share stuff in my brain. If Evernote is really about extending my brain, then I should have full control over the content in Evernote forever.

Phil Libin has committed Evernote to be a 100 year company and said that he envisioned working at Evernote for the rest of his life, according to statements he made an interview at Stanford University which can be heard through Entrepreneurial Thought Leaders series entitled "No Exit Strategy for Your Life's Work - Phil Libin (Evernote)" dated 10/12/2011. Description in image below.

post-89840-0-74725000-1335103488_thumb.j

I think if Phil Libin can make the 100 year company commitment, he can make the your data is yours forever commitment too.

Evernote's "Three Laws of Data Protection" posted by Phil Libin on March 24, 2011, is this kind of commitment. Now, is this language also in the Evernote privacy policy?

I'm going to read it.

I think it is pretty clear that you have a lot of control over your data (I am not sure what "full" means). Practically speaking, you can export your content anytime. The master copy (so-to-speak) of your data is held in your computer and is completely under your control. And, you can access your data from just about any computer platform. If Evernote's servers are captured in a midnight raid by ninjas dressed in Disney character outfits, you'll have everything safe and sound at home. The concern here is that those ninjas could access your data because it isn't encrypted on the servers. This is a separate issue (in my mind) from having "control".

In the context of this discussion, I would like to see finer grain control over how our data is stored: the ability to "wall off" certain notebooks in your account from third party apps if you choose to give them access to your account, the ability to encrypt notebooks, the ability to lock notes, etc., but this is so far beyond what anyone else offers that I think it is reasonable to expect such features to take time to implement, if they are implemented at all. This is a new frontier.

As far as the privacy policy, I think it is pretty clear. Your public information will be shared under certain circumstances, and your Evernote data will be shared (probably with government entities) if there is a legal obligation to do so ( Unfortunately, within the surveillance state that the US has become -- this is where Evernote's servers are located -- the government now has its hands in everything, and there is nothing Evernote can do about this, so if you are doing something that you don't want the government to see, then you should encrypt it yourself). I think the privacy policy is consistent with others I have seen.

http://www.evernote.com/about/privacy/

Link to comment

Okay. I'll post something here.

The Evernote idea is about extending your brain. I decide when and to whom to share stuff in my brain. If Evernote is really about extending my brain, then I should have full control over the content in Evernote forever.

Phil Libin has committed Evernote to be a 100 year company and said that he envisioned working at Evernote for the rest of his life, according to statements he made an interview at Stanford University which can be heard through Entrepreneurial Thought Leaders series entitled "No Exit Strategy for Your Life's Work - Phil Libin (Evernote)" dated 10/12/2011. Description in image below.

post-89840-0-74725000-1335103488_thumb.j

I think if Phil Libin can make the 100 year company commitment, he can make the your data is yours forever commitment too.

Evernote's "Three Laws of Data Protection" posted by Phil Libin on March 24, 2011, is this kind of commitment. Now, is this language also in the Evernote privacy policy?

I'm going to read it.

I think it is pretty clear that you have a lot of control over your data (I am not sure what "full" means). Practically speaking, you can export your content anytime. The master copy (so-to-speak) of your data is held in your computer and is completely under your control. And, you can access your data from just about any computer platform. If Evernote's servers are captured in a midnight raid by ninjas dressed in Disney character outfits, you'll have everything safe and sound at home. The concern here is that those ninjas could access your data because it isn't encrypted on the servers. This is a separate issue (in my mind) from having "control".

In the context of this discussion, I would like to see finer grain control: the ability to "wall off" certain notebooks in your account from third party apps if you choose to give them access to your account, the ability to encrypt notebooks, the ability to lock notes, etc., but this is so far beyond what anyone else offers that I think it is reasonable to expect such features to take time to implement, if they are implemented at all. This is a new frontier.

As far as the privacy policy, I think it is pretty clear. Your public information will be shared under certain circumstances, and your Evernote data will be shared (probably with government entities) if there is a legal obligation to do so ( Unfortunately, within the surveillance state that the US has become -- this is where Evernote's servers are located -- the government now has its hands in everything, and there is nothing Evernote can do about this, so if you are doing something that you don't want the government to see, then you should encrypt it yourself). I think the privacy policy is consistent with others I have seen.

http://www.evernote.com/about/privacy/

This discussion has gotten so serious. Funny thing is I use Evernote in part because I believe in the CEO's approach. 100 year company? Who does this? Evernote. Cool.

Now, where are those ninja dressed in Disney character outfits? I want to see this. I guess the only thing that I would hope should these ninja steel Evernote servers is that Evernote have the darn ninja on video and have gps tracking devices on the servers. This way we have video footage for the navy seals to plan a counter attack and some gps beacons blipping so they know where to start looking.

Now back to more seriousness, it's reasonable to expect Evernote to keep stuff private, perhaps not certainly private, though we should expect reasonably private. Phil Libin provides us with a reasonable statement of what we can expect in "Three Laws of Data Protection". And this is especially important in that Evernote wants to be the extension of all of our brains.

Link to comment
  • 3 months later...

This forum has been very helpful. Thank you.

My summarization is this. IF it is personal information or confidential, keep it local and keep it backed up.

But what about the "don't worry about it" and the "no different than in a locked file cabinet in your house" replies. I respect your opinions, but there is a significant difference between the secure/encrypted cloud and the locked file cabinet in my house.

At home if somebody breaks in, I know about it pretty darn quick. In the cloud, I may not know about it for days or weeks. The new approach is to collect the information over long periods of time.

But bigger difference yet is that information in my locked file in my house is not desired by most that will break in. Physical thieves want stuff they can dispose of instantly (TV, computer, jewelry). Cyber thieves will wipe you out before you know it. Yes, there are monitoring companies that will notify you and help put your life back together, but your sensitive data is out there for anyone that wants to access it.

After thinking about this more and more, bills, records, medical information and the like will be scanned and stored locally. Recipes, articles and other information that I've obtained publicly will be scanned and/or stored/sent to EN. Which by the way, I am learning to use and absolutely love. Wish it had a calendar and reminder native to the application; with which I would do away with 3 other applications on my web enabled devices, which would be awesome.

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...