(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing

Kurt Cubic · April 17, 2008

Hi

Great tool!

I´m planning to store some personal information - bank-account pincodes etc. - in some encrypted notes!

Then i´m wondering - how strong is the encryption in Evernote? I don´t know much about the tecnical details of encryption, so - please - express yourself in plain language!

Lars

engberg · April 17, 2008

We are using a mature, standard encryption algorithm (RC2) with a "key strength" of 64 bits. This is the maximum security allowed by the US Government's Commerce Department in software that is exported outside the US. (Allowing people to download software is considered an "export" by the government.)

This level of strength, combined with the general obscurity of our technology (no off-the-shelf tools for attackers), means that the average person wouldn't have a way to get at your encrypted content if you choose a strong encryption passphrase (i.e. no words from the dictionary, etc.). This level would not protect against a concerted effort by a government agency or other organization willing to put in a few engineer-weeks of work and lots of computing cycles.

I personally consider this to be strong enough for me to store my encrypted passwords and credit card numbers in Evernote, but this is not because I think that the encryption is "uncrackable." Rather, I feel that the level of effort required for someone to get this data would be a lot higher than the value they would get from a successful attack.

On the other hand, we feel that individual users should have the tools to make their own decisions about security and privacy. This level of cryptographic protection may not be appropriate for all users' data.

whiteks · April 17, 2008

We are using a mature, standard encryption algorithm (RC2) with a "key strength" of 64 bits. This is the maximum security allowed by the US Government's Commerce Department in software that is exported outside the US. (Allowing people to download software is considered an "export" by the government.)

I am not a lawyer... in fact, I am a 'Product Associate' for the company I work for... but you may want to revisit the export restrictions since I think 64-bit RC2 is a little old. Our 'flagship' product is a password manager which uses 256-bit AES encryption, and we can export it to anywhere that's not on the control list of "countries the united states doesn't like".

(These are my words; I had to look into this stuff once and it was really confusing.)

Arbitrary · April 17, 2008

Will there be a strong encryption option for those of us in the US and other countries deemed nonthreatening by our government?

engberg · April 17, 2008

I am not a lawyer... in fact, I am a 'Product Associate' for the company I work for... but you may want to revisit the export restrictions since I think 64-bit RC2 is a little old. Our 'flagship' product is a password manager which uses 256-bit AES encryption, and we can export it to anywhere that's not on the control list of "countries the united states doesn't like".

Thanks for the feedback. The government relaxed things a bit in 2004, but symmetric encryption over 64 bits still requires an explicit review and approval by Commerce (http://www.bis.doc.gov/encryption/massmarket_keys64bitsnup.html). We're working through this process ...

Thanks

engberg · April 17, 2008

Oh, forgot to mention a more important factor than the raw cryptographic key length ... (sorry, Kurt, this part is going to be heavily technical.)

Encryption within notes is based off of a user passphrase, which we use to derive the 64-bit key (via MD5). At some point, the length of this derived key is less relevant than the strength of your secret passphrase, since an attacker can just try every possible passphrase instead of every low-level key.

A 64-bit key is as "strong" as an 9 to 11 character password, depending how you restrict your typing. (I.e. the entropy of a 64-bit key with 2^64 possibilities is about the same as a 9 character ASCII password with 128^9 possible combinations.)

Taking the same 9 character ASCII password and using it to derive a 512-bit AES key doesn't actually make it any stronger against an attacker who is just going to try every possible password (instead of every possible AES key). You can obscure the algorithm or throw in some extra key material from the application, but this doesn't add any real security in the cryptoanalytical sense, since a determined attacker can reverse-engineer this stuff out of your desktop app.

So unless you're choosing a really long and truly random passphrase, using more bits doesn't actually help much.

The cryptographer Bruce Schneier has done some good analysis on the topic (e.g. http://www.schneier.com/blog/archives/2006/12/realworld_passw.html), and there's a fundamental problem with passwords -- computers to crack passwords keep getting faster and our brains don't get any better at remembering long, random things. Unfortunately, the secure alternatives (hardware encryption tokens, etc.) are a lot less convenient to use.

Kurt Cubic · April 17, 2008

I personally consider this to be strong enough for me to store my encrypted passwords and credit card numbers in Evernote, but this is not because I think that the encryption is "uncrackable." Rather, I feel that the level of effort required for someone to get this data would be a lot higher than the value they would get from a successful attack.

Thanks - this is what I needed! And once again - great application - I use it everyday!

One suggestion, though: It would be great to have the opportunity to organize notes in a truly tree-like structure - in folders i folders - just like files on a drive!

Lars

crane · April 17, 2008

One suggestion, though: It would be great to have the opportunity to organize notes in a truly tree-like structure - in folders i folders - just like files on a drive!
Lars

Check out EN 2.2.

bpm32 · April 6, 2009

This has probably already been covered, but I'm a bit too upset to look at the moment. I also want to bring this to light again.

By accident, I just discovered for myself that anyone with access to my machine can have access to my Evernote database (using the cliet). I opened Evernote - which asked me for my login and password. I entered the correct username, but mistyped my password. Evernote eagerly opened my database but informed me that the syncronization failed. Bottom line, if a person knows my username (which seems to be remembered by EN via the dropdown list), they can have full access to the database. (Note: I don't even have to enter a password - just my username to access my db.)

I am sure I'll hear about how the previous version was never secure, or how if I don't want to give anyone access then I should keep it on a memory stick, bla bla bla. I know we have the opportunity to encrypt sensitive information - but to some degree, I feel a good part of the db is sensitive.

If a simple word document can be protected, why not this db? My wish seems simple: if the u/n and p/w aren't a match, don't let me in.

Thanks for hearing me out on my rant.

Brian

Note: this is on the windows client - I do not have a Mac.

engberg · April 6, 2009

If you are worried about people gaining access to your personal computer, then you should protect all of your important files by turning on the hard drive encryption feature of your OS or else use a third-party encryption product such as the excellent free TrueCrypt software. This can be used to provide consistent protection for your Evernote database along with your office documents, your mail storage, temporary browser files, personal photos, scans, etc.

This gives you much better security than relying on every vendor to build their own bullet-proof encryption system into every document that is stored on your drive.

BurgersNFries · April 6, 2009

Brian, I agree 100% with DAVE Engberg. Your complaint is similar to leaving your wallet on your desk & getting mad b/c while you were down the hall getting more coffee, that someone came in & got your credit card info. I work from home & leave my computer on 24/7. All my sensitive data is stored on Truecrypted drives. On the rare occasion when I store sensitive data on a non-Truecrypted drive, I Axcrypt it.

Additionally, any programs I don't want someone to be able to open, I use Super Exe Lock by Superlogix. This allows you to password protect the program itself. So if you don't want anyone invoking EN on your computer, you could use a similar program. Make sure when you leave your computer, the programs are not open. Of course, this doesn't prevent anyone from making a copy of your EN files, taking it to another computer & downloading/installing EN. THAT's why you'd want the EN files encrypted (IE Truecrypt.) And similarly, when you leave for any length of time, you'd want to dismount the TC drive/container.

BurgersNFries · April 6, 2009

BTW Brian, when you say "If a simple word document can be protected", you do know that MS document passwords are pretty useless, right? I mean, a quick Google will point you to a plethora of programs you can download & buy (for not that much $$) that will break the password. Pretty much the only thing MS document passwords are for is to keep a lightweight nib from getting into the document. But don't use a password protected MS document to store sensitive data such as credit card numbers, passwords, etc.

bpm32 · April 6, 2009

I'm really not looking for anything that will encrypt my data. I'm not guarding anything major here.

Case in point - if I want to keep a gift list on here, if someone in the house gets snoopy and looks around, they can have full access.

At the very least, I believe there should be something that would keep prying eyes from opening a database. I understand if I want to keep everyone else out, I can use TrueCrypt. That solution just seems like overkill to remedy something that should be in place already. I don't believe the tagline - "We're your external brain" makes sense here - nobody has access to my brain - not like they do with EN.

The prevention of lightweight nibbing is good enough for me. Again, I'm not trying to guard national secrets here for crying out loud.

engberg · April 7, 2009

If you just want light password protection, you may want to use the password locking screen saver on your Windows box to make sure that no one can get to any of your applications without entering your Windows account password. This isn't 100% protection against someone with physical access to your computer, but will provide a bit more protection than you're describing, since someone couldn't just trivially copy off your database file onto a USB drive, etc.

csablan · May 21, 2009

So I share a computer with other people and have installed EVERNOTE.

It seems that when i log out, ALL of my info is avail for everyone to see!

Even though that login screen comes up, it us just meant to synch, it doesn't protect against privacy.

anyone know how to keep Evernote private on a computer so you can LOG out and others can't look at your info?

geechorama · May 21, 2009

The best way to do this on a Mac is to create separate OS X user accounts for each person using the machine.

CentralAla · May 21, 2009

I noticed this myself & did not like. I have created a TrueCrypt volume to store my DB in & pointed EverNote to that.

themoules · May 22, 2009

Good idea about truecrypt. I already use it for business files on my Mac.

However My data is stored in User Name/Library/Application Support/Evernote/data/

Where should I put the Truecrypt Volume & if it is to be in a new location how do I move the file location in Evernote for Mac?

Many thanks for any help you can give.

MrT · May 22, 2009

I like the idea about using TrueCrypt .. but why is it "better", than this?

The best way to do this on a Mac is to create separate OS X user accounts for each person using the machine.

Obviously if you have top secret stuff or company related material that can NEVER get into the hands of strangers, then encryption is the way to go. But for personal use, note taking etc., shouldn't multiple OS X user accounts be enough security? User "john" shouldn't be able to access evernote db files from user "jane", when only "john" is logged in, right?

CentralAla · May 26, 2009

Regarding the OSX user accounts, I'm not a Mac user (I know....blasphemy) so I'm not certain if it works the same as follows. Your mileage may vary....On Windows, any admin account can access any users documents folder by browsing to it. Simply clicking on the EN DB there with an admin logon launches that information & reveals all.....the password is only necessary to synch back to the servers. This is problematic if you work with a bunch of propellerheads (like me) and everybody knows the admin logon or a 'secret' way to get into your machine or how to jazz around with the Windows registry.

Using an encrypted volume is easy & defeats these jokesters. There are online videos & worlds of info on the details of using TrueCrypt, but here's how I did it. Create a TrueCrypt volume big enough to hold your DB plus some....give it some room to grow. This encrypted volume can be anywhere....like on a thumb drive, in the cloud, network drive, etc. Once the TrueCrypt volume is created, mount it & copy your DB into it since it works just like any other folder or drive. My new volume is setup as the P drive, so I launched EN, went into Tools >> Options and changed the EN Local Files option to point to this new location. Mine says P:\My EverNote Files (the database folder is understood it seems).

Now each time you want to use EN, launch & mount your truecrypt volume first so that EN will have something to look at. When you're done with EN & have exited, just unmount the TrueCrypt volume to secure your data. You can also setup the TrueCrypt options to dismount at logoff automatically or start at logon, etc. Personally, I use a batch file that mounts the volume, starts EN & then auto-dismounts when I exit EN. Everything is secure & synchs & all is well. If you're really paranoid, you can also go ahead & start fresh & install EN into this TrueCrypt volume so that it can't even be seen until the volume is mounted. That worked ok for me, but there were a couple of things I didn't care for, so I took that part out & only pointed to the DB there instead.

MrT · May 26, 2009

I don't see any where in Evernote for Mac settings that you can define where it should store all the files. Maybe somebody else know?

engberg · May 27, 2009

We don't expose a UI option for moving your note database to a different location, but if you quit Evernote completely, and are a bit technical, you could move this folder:

~/Library/Application Support/Evernote

to a different location and replace it with a symbolic link to the new location.

stuartleitch · September 6, 2009

Hi,

I've been reading around a few threads on these forums, all around the issue of users wishing to hide the details of their EN notebooks from prying eyes. These all seem to descend into other users saying "Use TrueCrypt" or some other solution to secure the locally stored data, and locking your computer to prevent casual access to your running system. That's just not the issue (for me at least) I want EN to be my external brain, but it has to be acknowledged that some thoughts are private. I don't want my payslips, bank statements, receipts, company accounts stored in plaintext. I do want to access them on all my computers, and at work (via web), and on my iPhone. EN is fabulous for providing the ubiquity of access, but I'd like the privacy to be a bit stronger. I realise that this makes it next to impossible to index / image recognise these files, but that's the side of the trade-off I'm comfortable with. I'll ensure that the files are well titled and tagged to ensure that I can search for them. I guess you could locally index the files without ever loading the password to central servers, to allow rich search in the desktop clients.

An example given was that 'Brian' was complaining that someone got his credit card details when he left his wallet unattended on his desk. I see this the complete opposite way. I wouldn't leave my payslip on my desk at work, it goes in a locked drawer. I expect the same level of security for electronic documents. And again, I don't expect mil-spec encryption. You could probably bust the lock of my desk drawer in 10 seconds, but you'd have to decide that it was worth your effort, that's the level of security I'm looking for.

At present I have a local notebook (on the mac so no Image Recognition anyway) for sensitive notes. I password protect my sensitive PDFs if they're going to be on a shared notebook, but iPhone cannot open them. This adds a bit of inconvenience to my workflow, which is what EN has been fabulous at simplifying.

The encrypt text feature isn't for me because the sensitive information is stored in images. I'd love the same feature at the note attachment level, that would do it!

Sorry for the length of the post!

Stuart

ruudhein · September 7, 2009

to some degree, I feel a good part of the db is sensitive.

Then switch to something else, seriously.

Spend 100+ posts convincing Evernote to password protect your db... then realize it take a simple (free) SQlite db manager (like ...uh... a basic Firefox plugin)... to have full access to the db.

Oops.

ps: I get the whole password thing. Just saying...

BurgersNFries · September 7, 2009

to some degree, I feel a good part of the db is sensitive.
Then switch to something else, seriously.

Agreed. I find it interesting that with identity theft such a big deal today, that so many people think if an application has a password, all their sensitive data is "secure." Password protected Word documents, PDFs, etc are so easy to crack. Heck, even if you put a password on Quicken, the images you scan into Quicken don't even have to be cracked. They are just sitting out there for someone to open in any image viewer. You don't even need the Quicken password!

Bottom line, if you're going to store sensitive data such as bank/credit card statements, passwords, social security numbers, etc the data needs to be encrypted with a strong password. It may take an hour or two up front to learn how to use something like Truecrypt. But the software is free and once you have your hard drive encrypted, it takes all of about 30-60 seconds to unlock it for your use. (There are hotkeys you can use to simplify the process. Plus, I store the TC password for additional drives in a password manager. So that 30-60 seconds includes unlocking the password manager, getting the TC password. copying it & pasting it into TC. Since I remember the TC password for my boot drive, that takes even less time - only the ~10 seconds it takes to type it in.) You can even encrypt part of a drive, so you only need to unlock that part of the drive if you're going to be doing something like banking. You can then "lock" it back up when done with your banking. That way if you just want to do some net surfing, you can skip the extra 30-60 seconds it takes. If you're not willing to do this, then you shouldn't be storing that stuff on your computer.

jbenson2 · September 7, 2009

Let's say I don't want to go the TrueCrypt method... but I restrict access to my computer with a password; and move my sensitive notes to an unsynchronized local notebook:

Those notes will not be searchable by Evernote, but they are fairly well protected from the bad guys, right?

If my assumption is correct, the unsynchronized local notebook seems like the way to go. Are there any other drawbacks or weaknesses to this plan?

BurgersNFries · September 7, 2009

Let's say I don't want to go the TrueCrypt method... but I restrict access to my computer with a password; and move my sensitive notes to an unsynchronized local notebook:
Those notes will not be searchable by Evernote, but they are fairly well protected from the bad guys, right?
If my assumption is correct, the unsynchronized local notebook seems like the way to go. Are there any other drawbacks or weaknesses to this plan?

Nope - your notes are not protected. I don't need to log onto your computer to access files from your hard drive. IE, I just set up your hard drive as another drive on my computer & then I have access to all your data files.

BurgersNFries · September 7, 2009

Here's some info about using Evernote with Truecrypt.

http://www.40tech.com/2009/09/01/4-steps-to-secure-evernote-on-a-shared-computer/

jbenson2 · September 7, 2009

Thanks for the link. TrueCrypt looks like the ideal solution.

BurgersNFries · September 7, 2009

You're welcome!

jbenson2 · September 8, 2009

I was re-playing the Evernote Podcast #8. There was an interesting question about security.

Question: Are the iPhone apps connections encrypted for Premium users?

Answer by Phil Lubin - Evernote CEO:

For free users, all your authentication connections go over SSL and are encrypted whenever you log in.

For premium connections all of your connections, all of your traffic to and from any client, are encrypted, including the web, iPhone, Windows Mac, Windows Mobile, everything.

BurgersNFries · September 8, 2009

I was re-playing the Evernote Podcast #8. There was an interesting question about security.
Question: Are the iPhone apps connections encrypted for Premium users?

Answer by Phil Lubin - Evernote CEO:

For free users, all your authentication connections go over SSL and are encrypted whenever you log in.

For premium connections all of your connections, all of your traffic to and from any client, are encrypted, including the web, iPhone, Windows Mac, Windows Mobile, everything.

Key word is connections. I believe that's the same thing as when you're doing your banking, you want to check your web browser to make sure the connection is secure. Whereas if you're simply Googling "pizza joint", it doesn't need to be a secure connection. Nefarious people can use "sniffers" to capture the data that's sent over unsecured connections, such as WIFI. The secure connection means that is either not possible or much harder to crack (not sure which.) This doesn't mean your Evernote data is encrypted/secure. IE, if someone were to hack into EN servers (small chance of that happening, but...it could), they would have access to all your notes. Or if someone stole your computer, they'd have access to all your EN files on your hard drive, unless they are encrypted (and not mounted.)

I have to admit, since I leave my desktop on 24/7 and use two encrypted drives much of the time, I leave them mounted 24/7. That does leave a security breach, but I'm counting on any thieves not sitting down at my desktop. I figure they are going to quickly unplug everything, pack it up & get out as quickly as possible. Once they do that, the encrypted drives are no longer mounted, so I'm ok.

engberg · September 8, 2009

Correct - like a secure banking site, we encrypt the connections via SSL so that someone on your network can't see your data go by. Your checking balance is not encrypted in your bank's databases, however, and your notes are not encrypted within Evernote. You can, of course, encrypt text in a note, or a Premium user can encrypt a file on their computer and add this encrypted file to Evernote as an attachment.

stuartleitch · September 8, 2009

You can also password protect your PDFs which will give some security to your scanned documents, at the cost of no image recognition or indexing by Evernote.

I liken this kind of security to a car journey:

[*:14oioc5u]At home the car's in my garage, protected by a gate, a locked garage door and a burglar alarm; I don't even lock the car doors. (Akin to TrueCrypt/BitLocker/FileVault...)
[*:14oioc5u]While driving I lock the doors, to prevent being carjacked in Glasgow :-) (Akin to SSL)
[*:14oioc5u]When I'm parked in my company's private (secure) parking lot, I lock the doors, enable the immobiliser and the alarm because I can't control who has access to the lot (rogue employee, intruder) (Akin to having an encrypted note, which Evernote doesn't really provide)

For me saying "use TrueCrypt" is like saying add another lock to the Garage door, that's not where my data's most vulnerable. And saying "Don't store sensitive data" is like saying leave the car at home, that's not where my data's most useful. I know that a determined car-thief can gain access to the company parking lot, and defeat the lock, alarm and immobiliser, but that's a lot of effort for a 8 year old banger. I'll take that risk because it's useful to have my car be mobile ;-)

My present solution is to password protect all sensitive PDFs before adding to Evernote, but I may forget occasionally. It would be fantastic if Evernote would encrypt all notes in a particular notebook, or all notes with a particular tag. In fact, I'm working on a AppleScript which will identify PDFs with the tag "secure" which are not encrypted and Growl notify me. Additionally I'll build folder actions which password protect certain PDFs then add them to Evernote. Unfortunately the iPhone cannot display encrypted PDFs, which is a bit of a limitation.

EDIT: Incidentally, as a Core Banking systems analyst, I can say that your Bank Balance may not be encrypted, but the relationship between you and that balance is not transparent. i.e you couldn't just search for your name or account number and see the balance. This is true at all the banks I've worked for where I would consider depositing money, there are others...

engberg · September 8, 2009

stuart -

You sure make Glasgow sound like a scary place. ;-)

Re: banks ... I don't want to belabor the comparison too much, but we follow a similar model with your data in Evernote. All identifying information about your account (username, email address, personal name, payment history, etc.) is stored in a secure user database that is physically separate from the databases that contain that data within your account. Your notes are just marked with a numeric identifier that says "user #1234678".

Thanks

stuartleitch · September 8, 2009

And that makes me feel a little bit better, because it's harder for someone to target my files specifically. However, I may store a PDF of a business plan or proposal, because it's so handy to have these quickly accessible, and the info in there may be sensitive even separated from my user id. I love Evernote, and want to use it to its full potential, but worry a little about the following scenarios:

[*:2f5xcrg6]A hacker gains access to evernote data storage. Unlikely, but it must be a goldmine for ID thieves, so I'm sure someone is trying...
[*:2f5xcrg6]A rogue employee searches the uber-index for documents containing a credit card number and CV2 number...
[*:2f5xcrg6]As evernote grows and is ever more successful, you need to upgrade all your storage. Someone fails to wipe a hard disk before binning it.
[*:2f5xcrg6]As the credit crunch bites evernote struggles for revenue and realises that syphoning data of to 'nefarious' individuals could provide much needed cashflow.
[*:2f5xcrg6]Space Aliens teleport.....oops one paranoia too many!

engberg · September 9, 2009

I agree ... if you have particular concerns about some of the data in your account, then an encrypted file like a password-protected PDF is a good solution.

It's hard to prove a negative ("Your data could never be stolen from Evernote..."), but we do make moderate efforts to mitigate these risks through a layered set of security policies and technologies. Random examples from your comments:

There's no uber-index of contents of accounts ... we maintain separate user search indices of each user on decentralized storage with no cross-access between individual servers.

Physical access to all storage (online and offline-backup) requires multiple authentication factors in protected facilities, and is restricted to only the four full-time IT/Operations staff that maintain the servers. Even Phil, the CEO, doesn't have passcards and keys to the data center. Security policy says that the departure of any such staff will result in full rekey and change of all passwords, etc.

Our Privacy Policy and Terms of Service restrict what we can (and would) do with your data ... in particular, we have never (and will never) give your own data to other parties. This may make our life a bit more difficult in the short term (e.g. we don't let Google look at your notes to give us relevant ads), but we're in this for the "long haul", and we see the pay-off in customer loyalty and conversion to Premium over time. All of our user conversion graphs slope pleasantly up and to the right ...

We've negotiated treaties with all known inter-stellar parties of interest, and regard these to be binding under galactic arbitration.

thanks....

dan7000 · September 10, 2009

It's funny that the new Evernote home page shows an image of a "litigation argument" being stored in Evernote:

Or, maybe it's not so funny: a lawyer storing information in unencrypted, synched evernote storage is running the risk of waiving work product protection for his litigation argument.

I would *love* to be able to use synched evernote storage for my work, but alas, it's simply too insecure -- EN's business plan clearly does not contemplate becoming the storage medium for important corporate or legal materials. Instead, it seeks to be a medium for storage of non-private personal information.

That's OK, but they should be careful not to advertise otherwise, as they appear to be doing on the homepage.

shimra · September 10, 2009

It's funny that the new Evernote home page shows an image of a "litigation argument" being stored in Evernote:
[attachment=0]tmp.jpg[/attachment]
Or, maybe it's not so funny: a lawyer storing information in unencrypted, synched evernote storage is running the risk of waiving work product protection for his litigation argument.

Yeah but, how would this actually be waved in practice? The opposing side asks for his work product, he says its privileged, and thats the end of discussion in most cases, yes?

Is a judge really going to say "Well, lets here more about how you store your notes. Is in in a notebook, do you read it on the train, do you store it in a locked safe? Is it encryped on your computer's hard drive? Do you run a virus scan on the operating system? Is it connected to the internet? Is there a copy on your iphone?"

Would a judge really do that? Seems sort of silly.

Yeah, I suppose someone could hack Evernote and post the notes on the internet, but they would be facing some serious criminal charges no? What are the odds of this occurring over the course of litigation?

venture · September 10, 2009

Where I practice law, failure to make documents unhackable does not constitute a waiver. That said, I'm still careful about the information I put in Evernote. I do use it for strategies and reminders, but don't put any identifiable client information in it. That's more for privacy concerns than anything.

dan7000 · September 13, 2009

here's an article that discusses this issue with respect to whether you have violated a client's confidentiality by storing a client's information in the cloud. It explains that,

at least two states (Nevada and New Jersey) have issued ethics opinions discussing the use of third party vendors to store client files and documents and electronic form. With respect to confidentiality, the opinions appear to suggest that using third party vendors is OK so long as the lawyer exercises reasonable care to learn about how the vendors store the documents and to ensure the service agreements require the vendor to preserve the confidentiality and security of the materials. (In Oregon, you may want to look at Oregon Ethics Op. 2005-41 for guidance, which states that law firm may contract with recycling service to dispose of office files but must take reasonable care to prevent the disclosure or use of confidential client information, and further must instruct company about the lawyers’ duty of confidentiality and the company must agree to safeguard all such materials.)

It seems to me that EN does not meet these standards. They have not promised to preserve the confidentiality and security of our information - on the contrary, they have expressly stated that they do not promise the information will remain confidential or secure. Thus, it seems that at least in NY or NJ, you would violate ethical requirements by storing client information on synched EN notebooks.

jbenson2 · September 13, 2009

Dan700 said
It seems to me that EN does not meet these standards. They have not promised to preserve the confidentiality and security of our information - on the contrary, they have expressly stated that they do not promise the information will remain confidential or secure.

Those are some rather inflamatory statements.

expressly stated... ?

Care to retract your charge?

How about a source for your comment that Evernote said they won't keep our info secure?

shimra · September 13, 2009

It seems to me that EN does not meet these standards. They have not promised to preserve the confidentiality and security of our information - on the contrary, they have expressly stated that they do not promise the information will remain confidential or secure. Thus, it seems that at least in NY or NJ, you would violate ethical requirements by storing client information on synched EN notebooks.

Well, you initially mentioned attorney work product in litigation, and I don't think the ethic opinion has much to do with work product evidence rules. Separate source of law, right?

I suspect if embarassing client information not available to the public is put on Evernote, and the Evernote system is hacked, an attorney could get in trouble if word gets out.

But I also suspect that clients and attorneys do actually communicate through nonsecure email and the postal service, and its unclear to me that this is any different than using Evernote in terms of third party access.

Surely the post office or fedex provides no guarantee that mail will not be lost or stolen?

Snail mail is not encrypted before transmission, no?

I'm not a practicing attorney, and if I was, I don't think that I would use Evernote for embarrasing client information- but just like, with email or fedex, you probably have to weigh the probability of information leakage with how sensitive the information is.

And while the ethics opinion are a fascinating academic exercise, I'd be curious to know, in the real world, how a client advice letter sent through fedex is more secure than Evernote... perhaps you think Evernote's privacy policy is not good enough?

BurgersNFries · September 13, 2009

But I also suspect that clients and attorneys do actually communicate through nonsecure email and the postal service, and its unclear to me that this is any different than using Evernote in terms of third party access.

I don't know much (anything?) about litigation but I think Shimra is correct in this point. IIRC, Evernote does state they have the same level of security as email. And we're always prompted to not send sensitive info (IE credit card numbers, social security numbers, etc.) via email. I think I recall Dave Engberg stating if you wouldn't send certain info via email, then you shouldn't store it in Evernote. I'm sure he'll correct me if I'm wrong.

And the inverse...if you'd send it in an email, it should (operative word being should) be ok to store in Evernote.

engberg · September 13, 2009

Yes, we try to be clear about what our software and servers do, and then you can make your own decision about whether that's appropriate for an individual task. This is similar to email ... you should choose which information you want to send via email, and what requires a secure courier or some other mechanism.

We specifically do not claim to have any vertical industry certifications (e.g. HIPAA for US medical usage) that may govern your professional usage of Evernote.

jbenson2 · September 14, 2009

I guess after reading between-the-lines of Dave Engberg's mea culpa, I will have to eat crow and apologize for my comments about what Dan700 said.

Dan700 said:
It seems to me that EN does not meet these standards. They have not promised to preserve the confidentiality and security of our information - on the contrary, they have expressly stated that they do not promise the information will remain confidential or secure.

I don't want to kick a dead issue, but with the many security related comments in the forum, there must be a loophole somewhere. :

* If I use heavy security to maintain my personal computer

* And as Phil Lubin said - all of my connections, and traffic to and from any client, are encrypted, including the web, iPhone, Windows Mac, Windows Mobile, everything.

* And Evernote maintains their strong privacy policy at their server farm.

Where is the weak link for premium users?

shimra · September 14, 2009

I guess after reading between-the-lines of Dave Engberg's mea culpa, I will have to eat crow and apologize for my comments about what Dan700 said.
Dan700 said:
It seems to me that EN does not meet these standards. They have not promised to preserve the confidentiality and security of our information - on the contrary, they have expressly stated that they do not promise the information will remain confidential or secure.
I don't want to kick a dead issue, but with the many security related comments in the forum, there must be a loophole somewhere. :
* If I use heavy security to maintain my personal computer

* And as Phil Lubin said - all of my connections, and traffic to and from any client, are encrypted, including the web, iPhone, Windows Mac, Windows Mobile, everything.
* And Evernote maintains their strong privacy policy at their server farm.
Where is the weak link for premium users?

The notes are not encrypted on Evernote's server. Also, I believe the encrypt note option uses weak encryption.

A more secure option for an attorney would be to use a drive like Truecrypt and a syncing service. With this technique, in theory, the hosting service would not be able to read the content under any circumstances.

In theory, if a host is hacked, a hacker would not be able to read the contents of the Truecrypt drive.

Evernote's privacy policy is not perfect either, though its almost identical to gmail's.

jbenson2 · September 14, 2009

The TrueCrypt option sounds enticing, but it raises some questions.

1.) How does the iPhone EN module handle the encrypted data?

2.) If just one of my notes is edited, won't the entire database have to be synch'ed? (in my case 0.5 GB and growing)

3.) I presume the Evernote image-recognition capability does not work on the encrypted images.

4.) Other than a back-up service, are there any benefits to using Evernote if everything is encrypted?

engberg · September 14, 2009

I've compiled our suggestions about protecting data on your own hard drive into a Knowledge Base article:

http://www.evernote.com/pub/ensupport/f ... 4cd3d7b46e

shimra · September 14, 2009

The TrueCrypt option sounds enticing, but it raises some questions.
1.) How does the iPhone EN module handle the encrypted data?
2.) If just one of my notes is edited, won't the entire database have to be synch'ed? (in my case 0.5 GB and growing)
3.) I presume the Evernote image-recognition capability does not work on the encrypted images.
4.) Other than a back-up service, are there any benefits to using Evernote if everything is encrypted?

Truecrypt is an unrelated program. I wasn't talking about specifically using it with Evernote. I was saying that you could, in theory, try combining Truecrypt with a file syncing service in order to sync legal records. My point was that there are more secure solutions available than Evernote.

themoules · September 15, 2009

you could move this folder:
~/Library/Application Support/Evernote
to a different location and replace it with a symbolic link to the new location.

Brilliant idea for Truecrypt and Evernote as discussed on Podcast 10. However I'm a little stumped over how to make the "symbolic link"

Any chance someone could please point me in the right direction as to how to do the symbolic link.

The Mac path is.....

Macintosh HD/Users/keith/Library/Application Support/Evernote/Data

The mounted Truecrypt path is....

ENOTE/Evernote/Data

Many thanks.

engberg · September 15, 2009

Again, this "symbolic link" trick isn't something that we test in QA, and isn't supported, but several people have reported that it works for them. You'd need to do something like:

Quit Evernote from the Menu Bar icon

Move the whole "Evernote" directory from within your home directory, "Library" / "Application Support"

Move this to your desired new location (e.g. "ENOTE/Evernote")

From the Terminal, use the 'ln -s' command to make a symbolic link from the new location into the old location, e.g.:

ln -s /ENOTE/Evernote /Users/keith/Library/Application\ Support/Evernote

This is a low-level "Unix" command, and I don't think there's any equivalent option in the UI to create a symbolic link.

venture · September 15, 2009

All TrueCrypt does is encrypt your data (by encrypting the portion of the drive it is on) when you're not using it. You need to "mount" that drive to unencrypt it before you fire up Evernote, and then "unmount" the drive after you exit Evernote.

BurgersNFries · September 15, 2009

The TrueCrypt option sounds enticing, but it raises some questions.
1.) How does the iPhone EN module handle the encrypted data?

2.) If just one of my notes is edited, won't the entire database have to be synch'ed? (in my case 0.5 GB and growing)

3.) I presume the Evernote image-recognition capability does not work on the encrypted images.

4.) Other than a back-up service, are there any benefits to using Evernote if everything is encrypted?

I don't understand #4...??? If you meant to say "Truecrypt" instead of "Evernote", as shimra pointed out, only the transmission of the data in secure/encrypted. Not the data on EN servers or on your hard drive(s). So if either the EN servers got hacked or someone got their grubby little paws on your hard drive(s) and they were not encrypted, they have total access to your notes.

All TrueCrypt does is encrypt your data (by encrypting the portion of the drive it is on) when you're not using it. You need to "mount" that drive to unencrypt it before you fire up Evernote, and then "unmount" the drive after you exit Evernote.

What he said. Using Truecrypt should not interfere with any programs or functionality including backups (Carbonite, Mozy, Jungle Disk, regular ol' backups, etc), if the drives are mounted when you're trying to access them. I have my Outlook files, OneNote files (yes, I use ON in addition to EN - I think they work well for different purposes), Quicken, NeatReceipt files, Word & Excel documents, etc all on TC encrypted drives. Of course, since TC is such a good encryption program, you do have to be very careful about remembering your password. If you forget it, you are SOL. (As my father used to say & I won't elaborate on what it stands for!)

jbenson2 · September 15, 2009

Venture and BurgersNFries, You've answered my main question. Thank you. My home computer is buttoned down very tightly. So the weakness for me using the premium program is at the other end: the Evernote staff and their servers. Personally, I don't think that is much of a risk.

Also, thanks for helping explain the mounting and unmounting concept.

The difficulty I have with TrueCrypt and Evernote is grasping the big picture.

1.) Evernote maintains my master database on their servers.

2.) I have a duplicate database on my local computer which gets sync'd to the Evernote servers.

So does TrueCrypt encrypt two duplicate, but separate databases, every time I close Evernote?

shimra · September 15, 2009

Venture and BurgersNFries, You've answered my main question. Thank you. My home computer is buttoned down very tightly. So the weakness for me using the premium program is at the other end: the Evernote staff and their servers. Personally, I don't think that is much of a risk.
Also, thanks for helping explain the mounting and unmounting concept.
The difficulty I have with TrueCrypt and Evernote is grasping the big picture.
1.) Evernote maintains my master database on their servers.
2.) I have a duplicate database on my local computer which gets sync'd to the Evernote servers.
So does TrueCrypt encrypt two duplicate, but separate databases, every time I close Evernote?

Truecrypt would only encrypt the version on your hard drive, the version on the Evernote server would not be encrypted. When you mount a truecrypt drive, you decrypt it temporarily. The decrypted data would be what is sent to Evernote.

In order to have your data more secure, you'd have to do without the Evernote sync service.

jbenson2 · September 15, 2009

Shirma

Thank you - the light bulb just came on. I understand now.

TrueCrypt will help protect my data on my home computer which is quite secure right now, but my data is unencrypted and available to Evernote staff and people who might break into the Evernote servers over which I have no control.

BurgersNFries · September 15, 2009

Shirma
Thank you - the light bulb just came on. I understand now.
TrueCrypt will help protect my data on my home computer which is quite secure right now, but my data is unencrypted and available to Evernote staff and people who might break into the Evernote servers over which I have no control.

Correct!!! My main computer is a desktop computer, so my main concern with data on it is if someone were to break into our home & steal the equipment. So I have two TC'd drives that have not only sensitive data, but also data that may not be sensitive but I wouldn't want a "creepy weird" person having access to. IE, you don't want someone Photoshopping your face onto a porn photo & emailing it to all your friends, probably.

themoules · September 16, 2009

Sorry Dave thanks for trying but everything got accepted Ok in Terminal and the link appeared where the Evernote folder had been in Application Support. However on trying to open Evernote I just got a "File not found" error. I wondered if it just couldn't find the Truecrypt ENOTE/Evernote Volume.

I guess I will just have to use Evernote on my old windows laptop which is easy to set up with Truecrypt as it is just the one data file.

Thanks again for taking the time to try and help.

engberg · September 17, 2009

You may want to try enabling the Mac FileVault instead. This will encrypt your whole Mac "home" directory, which will include your Evernote database. This is relatively easy to set up.

themoules · September 17, 2009

Been there, done that with File Vault.

However file sharing with just certain Co Workers was an issue.

What I really wanted was just encryption on the Evernote Folder not the whole User Profile.

janmanzer411 · September 18, 2009

Shirma
Thank you - the light bulb just came on. I understand now.
TrueCrypt will help protect my data on my home computer which is quite secure right now, but my data is unencrypted and available to Evernote staff and people who might break into the Evernote servers over which I have no control.

Indeed. If our data is unencrypted, there is a possibility of an exposure.

drmrbrewer · September 20, 2009

It's probably suggested somewhere in the discussion above, but why can't evernote just use truecrypt or equivalent on the data stored at the evernote premises? That way, if anyone did break in and walk away with our data, they wouldn't be able to read it...

Mike

shimra · September 21, 2009

It's probably suggested somewhere in the discussion above, but why can't evernote just use truecrypt or equivalent on the data stored at the evernote premises? That way, if anyone did break in and walk away with our data, they wouldn't be able to read it...
Mike

I think it would be hard, if not impossible, to design a searchable web service where the host doesn't have access to the user's data. Evernote needs unencrypted access to the data to display it on the web and make it searchable.

If I encrypt a file and upload it to gmail, I can save it as an attachment, but gmail can't index it or display it in search results, because without my password, gmail has no idea what the contents are.

I think its an issue of convenience versus security.

drmrbrewer · September 21, 2009

I think it would be hard, if not impossible, to design a searchable web service where the host doesn't have access to the user's data. Evernote needs unencrypted access to the data to display it on the web and make it searchable.

I wasn't suggesting encryption right from the user end. I was suggesting that there is a software security layer at the evernote side, which encrypts our data before committing it to disk, and decrypts it as it comes off. That way, if someone walks away with the evernote disks, they can't do anything with the data. However, this would still allow evernote to index / ocr / etc our data, because the encryption/decryption layer is within the evernote environment -- so we get the benefits of searchability, with some added security.

I'm no expert on what TrueCrypt does, but isn't it similar to the above? From their webpage: Encryption is automatic, real-time (on-the-fly) and transparent.

I appreciate that someone could also steal the decryption part of the system, but presumably TrueCrypt must offer some degree of protection or nobody would use it...

If our data truly is sitting there in its raw, unencrypted format, it does make me a little nervous about storing anything other than tame web clips from internet shopping sites.

Mike

BurgersNFries · September 21, 2009

but presumably TrueCrypt must offer some degree of protection or nobody would use it...
If our data truly is sitting there in its raw, unencrypted format, it does make me a little nervous about storing anything other than tame web clips from internet shopping sites.

The degree of protection that TC offers is that (presumably) the password is very strong & is not stored on the computer system. It's either in your head or in your password manager (password managers also encrypt their data.) If you store the encryption/decryption password someplace that's automated, it defeats the purpose of encryption/decryption.

I have no problem using Evernote for archiving old emails, storing recipes, computer & iPhone tips & tricks, a change log for work, scans of tech manuals I use for work, etc. I do not use it for storing bills, receipts, bank/credit card statements, etc. Those are stored on a TC'd drive & backed up nightly to Jungle Disk (which does allow encryption.)

drmrbrewer · September 21, 2009

I guess I was envisaging an arrangement whereby the data actually physically stored on the drives is encrypted, and that automatic decryption would take place some way remote from the drives. Perhaps in a separate room, or even a separate building. That way, some extra degree of sophistication would be required by someone to read the data on the drives -- they would need to know to put the two pieces back together again, and how to do that, in order to get anything useful. So if someone swipes one piece but not the other, they cannot read our data.

As you can tell, I'm no security expert but there must be a way of operating a system such as evernote's that has a higher level of security than just putting open data in a locked room. I don't suppose that evernote are able to guarantee physical security to the level of Fort Knox, but there must be relatively simple electronic methods to increase security. The evernote privacy policy does say "Your personal information and data stored in our systems is protected by various physical, electronic and procedural safeguards".

Mike

BurgersNFries · September 21, 2009

Evernote has always maintained they have the same level of security as email. We are always instructed to not send sensitive data through email, such as credit card numbers, SSNs, etc. So if you trust the info to email, you should be able to trust it to Evernote.

The only way a company can guarantee high security is if they don't have access to the encryption password. Even then, I'm not sure how much they guarantee it b/c the stronger your password, the more difficult it is to decrypt the data. Yet if someone wanted your info badly enough, they can use "brute force" to discover your password. It just takes a lot longer & they have to want it very badly.

It doesn't matter if the password were stored on another computer in another building or even another state. Hackers can figure that out. And hacking into a computer that's 2500 miles away from you is just as easy as hacking into a computer that's across the street from you, assuming the level of security is the same. Physical location has no bearing on how easy/difficult it is to hack into a computer.

drmrbrewer · September 21, 2009

Physical location has no bearing on how easy/difficult it is to hack into a computer.

You're right of course. I'm thinking of the good old days with some guy wearing a black outfit and a balaclava smashing into a building and running off with a bit of physical kit. I don't suppose that is the weak point any more.

Mike

BurgersNFries · September 21, 2009

I'm thinking of the good old days with some guy wearing a black outfit and a balaclava smashing into a building and running off with a bit of physical kit.

jbenson2 · September 21, 2009

So Evernote is my external brain, but I'll need a 3rd brain to remember where I put all the stuff not allowed - stuff like credit card numbers and bills, SSN's, medical records, bank statements, business information, customer info, mortgage information, insurance policies, pension information, 401(k) documents, purchase and sale details, automobile titles, tax records, marriage certificates, etc.

So much for the paperless office.

p.s. kind of kills the need to maintain a premium account.

BurgersNFries · September 21, 2009

So Evernote is my external brain, but I'll need a 3rd brain to remember where I put all the stuff not allowed - stuff like credit card numbers and bills, SSN's, medical records, bank statements, business information, customer info, mortgage information, insurance policies, pension information, 401(k) documents, purchase and sale details, automobile titles, tax records, marriage certificates, etc.
So much for the paperless office.

.

Not at all. I'm mostly paperless but scan tax returns, bills, statements, etc into PDFs (or just d/l them from the bank's website) or NeatReceipts. Those files are stored on encrypted drives & backed up to Jungle Disk. I am careful about using folders & file names to organize & retrieve them & Paperport to help organize PDFs. In fact, a few times, when I've had to retrieve something from a year before, it's been MUCH faster to pull it off the hard drive instead of digging out last years file folders.

I have the world's worst memory, which is why I started using PDAs ~8 years ago. Basically, if it's sensitive data I want to have with me (SSNs, bank account numbers, credit card numbers, pins & passwords), those go into a password manager that is accessible either via my computer or my PDA or (now) iPhone. Sensitive docs are scanned as PDFs using Paperport & by using meaningful folder names & document names. Thermal receipts are scanned into Neatreceipts. Everything else goes into Evernote.

Here's an example of how I use folder/file names for PDFs. Say my initials are SRS and my husband's initials are RDS. We also have seperate credit cards.

BILLS --> 2009 --> CC (for credit cards) --> AMEX_SRS and AMEX_RDS. Then my recent AMEX statement would be in the BILLS/2009/CC/AMEX_SRS folder & the name of the PDF would be AMEX_SRS_YYYYMMDD where YYYYMMDD is the closing date of the statement. And it sounds more complex than it really is. If I wanted to refer to something on my husband's Chase credit card from 4/5/2007, I'd go to BILLS/2007/CC/CHASE_RDS & find the statement with a closing date on or after 20070405. Using the YYYYMMDD format insures the files/statements are sorted in chronological order if you do a sort by file name.

As to a premium account, I guess I have a lot of stuff I want to remember & it takes more than 40 mg per month. Plus, since I don't mind paying for something I use each & every day, I don't mind spending the ~$46 per year to help EN make some money back.

drmrbrewer · September 21, 2009

p.s. kind of kills the need to maintain a premium account.

I'd agree that data security is something that evernote should look at more carefully, or at least there should be some more reassuring noises coming from evernote's direction. My guess is that the number of users with 500 MB worth of exclusively non-sensitive information each month is a LOT LOT less than the number of users with 500 MB worth of non-sensitive + sensitive information each month, with clear implications for revenue.

Mike

BurgersNFries · September 21, 2009

p.s. kind of kills the need to maintain a premium account.
I'd agree that data security is something that evernote should look at more carefully, or at least there should be some more reassuring noises coming from evernote's direction. My guess is that the number of users with 500 MB worth of exclusively non-sensitive information each month is a LOT LOT less than the number of users with 500 MB worth of non-sensitive + sensitive information each month, with clear implications for revenue.
Mike

If you search through out the message board (including this thread), you'll see Dave Engberg (Evernote) has responded regularly to the threads on security. They have always maintained they have the same level of security as email & have never claimed to be a secure "backup" site where you should load all your sensitive data w/o encrypting it. However, that doesn't mean they allow unrestricted access to their servers, or have little/no security as far as accessing their servers go just as your email servers do not. And the chances of their servers getting hacked are minimal, just as with your email server, be it Cox, Gmail, AOL, Yahoo, etc. If someone were to hack into Gmail's email servers or AOL's email servers or Yahoo's email servers, any emails you have sitting out there will be viewable by the hackers b/c it is not encrypted. That is why you are not supposed to send any sensitive info via email. (Well, one of the reasons...not even getting into WIFI sniffers.)

EN does allow some encryption of text (search the message board.) But since you have to select the text & encrypt it, if you do this very often, it's much more of pain than having an encrypted hard drive that gets backed up to a site whose focus is secure backup.

I may not have 500 mg worth of non sensitive data I want to upload every month but I do have more than 40 mg/month that I upload. But that's me & may not apply to you. So you may well be more than happy with a free version. (shrug)

engberg · September 21, 2009

There's some more information about the topic here:

http://blog.evernote.com/2008/04/15/eve ... -security/

viewtopic.php?f=30&t=9583&p=37567#p46892

viewtopic.php?f=30&t=9583&p=37567#p46912

jbenson2 · September 22, 2009

Dave,

Bravo!

Thank you very much for supplying all those links. I've pasted them into my Evernote for future reference.

Some of the key points that give me much more confidence are:

* [Evernote] mitigates these risks through a layered set of security policies and technologies.

* Your login information is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

* There's no uber-index of contents of accounts ... we maintain separate user search indices of each user on decentralized storage with no cross-access between individual servers.

* Like a secure banking site, we encrypt the connections via SSL so that someone on your network can't see your data go by. Your checking balance is not encrypted in your bank's databases, however, and your notes are not encrypted within Evernote.

* Our Privacy Policy and Terms of Service restrict what we can (and would) do with your data ... in particular, we have never (and will never) give your own data to other parties.

* When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel.

* Physical access to all storage (online and offline-backup) requires multiple authentication factors in protected facilities, and is restricted to only the four full-time IT/Operations staff that maintain the servers.

* Even Phil, the CEO, doesn't have passcards and keys to the data center. Security policy says that the departure of any such staff will result in full rekey and change of all passwords, etc.

* Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers.

* If you have some notes that you only want to access from a single computer, you can place these into a "Local Notebook" on our Windows or Mac client. Notes in a Local Notebook are never transmitted to our service, so they aren't accessible from the web, or from your other computers.

BurgersNFries · September 22, 2009

Some of the key points that give me much more confidence are:

...snip...

* Even Phil, the CEO, doesn't have passcards and keys to the data center.

What? You don't trust Phil?

jbenson2 · September 22, 2009

BurgesNFries - Great response!

At my last sales meeting, the CEO of my company gave a speech. I planned to have each of the speakers control their presentation with a mouse on the podium.

To my shock, I found during the rehearsal the day before, that the CEO had no idea how to use a mouse. He tried to hold the mouse with just his finger tips, his palm way up in the air and make stabbing motions at the mouse button. I gave him a 30 minute cram course. He kept hitting the right mouse button, so I snapped it off to make sure he only had one option - the left mouse button.

I think Phil is much more computer-savvy.

engberg · September 22, 2009

Unfortunately, Phil's pretty sharp ... I think he knows more about SQL than I do. He's pretty hard to trick.

But if he loses his wallet, we don't need to scramble to cancel his access card, etc. We're on a need-to-know basis, and server maintenance doesn't fall within his job description.

BurgersNFries · September 22, 2009

I think Phil is much more computer-savvy.

As someone who's been in IT development/support for over 34 years, I wasn't sure if the original posting about the Phil lockout was to make the EN users feel better or the IT/dev team to feel better. (In reality, I'm guessing he is indeed much more computer savvy!)

(2000 year old man, anyone? "Oh, Phillip." "The leader of our tribe.")

(I'm probably way older than you all but it is on CD now...)

mikelisa · September 25, 2009

Dave,

Firstly, thank you for your presence here, and openness in answering endless questions. That is not common among software makers and is MUCH appreciated.

I wonder if you could explain security once more. The explanations so far have my head spinning ;-)

I think the problem is that there are different "kinds" of security ... or maybe different "points" where security is an issue.

Your most often published information seems to focus on the areas of:

1. Transmitting information to and from your server and,

2. Human security at your data center

Much of the conversation in this thread has been about:

3. Security of data on the local PC

4. Security of access to the Evernote program on the local PC

The security concern I have, and would really like to see discussed/explained in more detail (or more clearly, perhaps) is:

5. Security of the data on the web.

IOW, if I have a picture of my driver's license and Passport and Social Security Card accessible to ME on the web, how accessible is it to others? (In the absence of my ability to encrypt a picture or scan.)

Now before you all suck in your breath in horror ;-) consider that this is PRECISELY the way Evernote is marketed... as a place to upload and store ALL of your information so you can get at it in an instant. And it makes loads of sense to have that kind of information there. Suppose I'm traveling and I lose my wallet. Hey, I can get on to Evernote, anywhere in the world I have web access, and have all of my credit card accounts to call and cancel my cards, etc.

Even when it comes down to uploading a scan (or picture) of an airline ticket, do I really have to scour the document to see what kind of compromising information might have been printed on it? Can you see where that would make it problematic to just use, without a lot of fussing? What information CAN I feel safe uploading. As someone here said, if all you can upload is the trivial and unimportant stuff, who needs it? Sure I can upload business cards, no problem. Labels on wine or sake bottles? Go for it. White board presentations? YAY (But do rework that demo so that the flash does not obscure and make useless the information in the picture ;-) But how useful is that in the grand scheme of things? I love uploading tagged photos. I love having business cards there so I can trash them. But I don't care about wine lables or white boards ;-) What I really need is a secure home for my sensitive personal information that allows me universal access. THAT is the big attraction to Evernote. THAT is why, as much as I really love OneNote, It is not useful to me as a repository of data.

So, to reiterate, my question is: "How exposed am I to hackers trolling the Evernote website or trying to in other ways break into my Evernote account... ON THE WEB?" (Of course, assuming I take care choosing a good password and ID.)

mikelisa · September 25, 2009

Ooops, reading over the question I just posted I now realize that my Evernote ID was necessary to post this question so that is one level of security lost to me. That seems an easy thing to solve, no? I mean, do we really have to sign up for a second Evernote account just to keep the primary logon ID secure? Or did I make some kind of mistake here?

engberg · September 25, 2009

mikelisa -

Your data is protected on Evernote's servers using a layered set of physical and IT security technology and procedures. You can't see my notes for similar reasons that you can't see my banking information if you're online at the same bank as me ... our application was built from the ground up so that you can only access your data after you have affirmatively authenticated yourself, and you can only access it through controlled mechanisms.

Thanks

bpm32 · September 26, 2009

Instead of typing this into Terminal:

ln -s /ENOTE/Evernote /Users/keith/Library/Application\ Support/Evernote

try this:

ln -s /Volumes/ENOTE/Evernote /Users/keith/Library/Application\ Support/Evernote

It took me quite a bit of searching, but with adding "/Volumes" to the beginning of the path, it finally worked for me.

Quoted from lifehacker website:

Another easy way to do this with Terminal is type the ln -s part, then from Finder drag the folder/file that you want into the Terminal window then drag the Dropbox folder and hit return.

/quote

HTH

Brian

drmrbrewer · September 26, 2009

presumably you have a mechanism in place to detect an attempt to hack in -- at the most basic level by using a known username and trying different passwords in turn?

Mike

horrie66 · October 3, 2009

Evernote should consider being able to put a password lock on a single note. For example I want to keep my Bank Statements secured in Evernote. There surely MUST be an option for locking a note by password.

jbenson2 · October 3, 2009

Horrie66 said:
Evernote should consider being able to put a password lock on a single note. For example I want to keep my Bank Statements secured in Evernote. There surely MUST be an option for locking a note by password.

Try using the search option. This issue has been brought up many times. You can encrypt text inside a note. You cannot use Evernote to lock a PDF note.

A quick and easy solution is to create a local notebook and store your bank statements there. The local notebook won't synchronize so only you will have access to it.

themoules · October 4, 2009

Jbenson2 said,
A quick and easy solution is to create a local notebook and store your bank statements there. The local notebook won't synchronize so only you will have access to it.

No good if you want to access the notes on more than one computer though.

I tried bpm32's advice on symbolic links but found it too cumbersome.

Running Evernote on a pc within a TrueCrypt volume is so easy. I just wish Evernote for Mac could do the same. :?

jbenson2 · October 4, 2009

No good if you want to access the notes on more than one computer though.

True, but the posting is how to keep private documents Evernote secured.

Restricting the document to one computer is an effective way to increase the privacy controls.

I want the private documents to be viewed only on my home computer, not on my laptop or my work computer.

themoules · October 4, 2009

Yes, we all have different needs for Evernote. For me the greatest advantage is being able to access my notes anywhere so Local Notebooks aren't for me. For now I only use the web client at work which I find cumbersome compared to the Desktop Client but at least others can't see personal details etc.

Dave & his team do a great job in trying to keep us all happy. Impossible but they do try......

BurgersNFries · October 4, 2009

Dave & his team do a great job in trying to keep us all happy. Impossible but they do try......

Agree 100%!

Pete248 · October 5, 2009

If you get true notebook sharing working on all clients, this might be obsolete.

Otherwise I'd like to see the ability to add a password protection to individual notebooks, so people/small companies could share an account but still have the ability to keep some notebooks private.

Even on a not-shared account, this would be helpful as well to "hide" some notebooks on some clients, i.e. hide notebooks in the mobile client, which are never accessed from the mobile client due to size, content etc.. Would make browsing on a mobile client a bit easier.

Akhiles · October 16, 2009

I just read the security policy linked in an earlier post so I will omit that question.

I am moving my data to the web version. How reliably is the EN server data backed up? Just a few days ago Microsoft and subsidiary Danger, had informed Sidekick users that all their synced data -- contacts, calendar entries, to-do lists and photos -- had been lost. And that their Best option was to keep their devices off, so that syncing didn't suck any remaining data into oblivion. Also, that they were unlikely to be able to recover the data.

Of course, they did regret any and all inconvenience this matter had caused.

“The Cloud” concept has always made me cringe. So as I prepare to join the EN cloud, this little reminder occurred. Even Visa and MasterCard sign me up for free identity theft protection about once a year, because their databases get compromised. So, if Microsoft can not keep their servers backed up properly, Visa and MasterCard can not secure their data, what can you tell me that would make me feel warm and fuzzy about your servers? Thank you.

BurgersNFries · October 16, 2009

Discussed as recently as yesterday:

viewtopic.php?f=30&t=12525#p49947

Speedie · October 17, 2009

How reliably is the EN server data backed up?

I would ask how reliably do you back up your own data? I would never rely 100% on any 3rd party. As long as what's in the 'cloud' is also on my hard drive, it gets backed-up via my own system along with everything else, Evernote database included. I don't think I would use any cloud based system that didn't allow me to also store the data locally.

_J_ · November 21, 2009

Instead of typing this into Terminal:
ln -s /ENOTE/Evernote /Users/keith/Library/Application\ Support/Evernote

try this:

ln -s /Volumes/ENOTE/Evernote /Users/keith/Library/Application\ Support/Evernote

It took me quite a bit of searching, but with adding "/Volumes" to the beginning of the path, it finally worked for me.

Quoted from lifehacker website:

Another easy way to do this with Terminal is type the ln -s part, then from Finder drag the folder/file that you want into the Terminal window then drag the Dropbox folder and hit return.

/quote

HTH

Brian

Thanks Brian, this works for me (with two small comments: make sure both Evernote and the Evernote clipper/helper have both exited before doing this, and after executing it replace the 'Evernote' folder (in Library/Application Support) with the newly created symbolic link. Cool tip from LifeHacker too..

I actually used this to move my EN database to an encrypted sparse disk image bundle (created via Apple's Disk Utility) - now my notes database lives encrypted on my laptop (and unencrypted on EN's servers but oh well.. they seem like responsible folks ).

Btw, I'm less concerned with other users gaining access (which I manage via User accounts, password req on waking, etc), and more with somebody stealing the laptop and deciding to access the drive directly before taking it to market... not sure others are more relaxed about this, but if you use EN extensively it's worth thinking about (evil guys couldn't get into your online account unless your password/keychain has been compromised, but your notes normally live unencrypted on your local HD).

Of course, if you use Filevault you don't have to worry about this, doing it this way (using Truecrypt or apple's own disk utility) is essentially a more focused application of the same concept (I find Filevault's blanket approach slows my system down at least wrt start-up and shutdown).

Hope this clears things up further for others, took me a while to find this tip and get this done...

_J_ · November 23, 2009

One more thing: you'll probably want to move the various Evernote-related files from ~/Library/Caches

com.evernote.Evernote

com.evernote.EvernoteHelper

com.evernote.EvernoteThumbnailer

/Metadata/com.evernote.Evernote

to the encrypted disk image (and create symbolic links using ln -s as described earlier)

Not sure about first 3 items, but if you don't move the 4th one (Library/Caches/Metadata/com.evernote.Evernote), you may as well not bother (fully legible notes are available in this folder)

The more I look into this properly, the more I start to respect Apple's Filevault approach of simply encrypting the entire Home folder... if it didn't slow my system down, ***** up my time machine routine, and raise the spectre of losing access to my entire account if the bundle gets corrupted... it would be a lot easier!

Hope this helps

J

BurgersNFries · November 23, 2009

Btw, I'm less concerned with other users gaining access (which I manage via User accounts, password req on waking, etc), and more with somebody stealing the laptop and deciding to access the drive directly before taking it to market... not sure others are more relaxed about this, but if you use EN extensively it's worth thinking about (evil guys couldn't get into your online account unless your password/keychain has been compromised, but your notes normally live unencrypted on your local HD).

Absolutely! In my case, I work from home & have a work supplied desktop in addition to my netbook. Although I live in a "good" neighborhood, there's always the chance of a break in. Since I store so much information on my computer (my husband calls me "computer bound") and much of it is sensitive data (mostly b/c I'm as paperless as possible), my concern is if someone were to break in & take the computer equipment. So I have two large, Truecrypted containers where all my important & sensitive data is stored, including my EN database. I have to admit I leave the TC'd drives mounted 24/7 (just as I do my computer) b/c I figure burglars aren't going to sit down at the computer & see if there are any TC drives mounted & copy the files from the TC drives to a non-TC'd drive. I imagine it would go down more like this: break in, unplug all devices, load into van, get out ASAP. By that time, they'd need my TC password, which is stored in my password manager, in order to mount the drives or else use the brute force method. And since I have never worked for the CIA, I figure my sensitive info isn't worth their time to brute force their way into my data, so the drives will simply be reformatted & used/sold.

Here's a thread where security is discussed:

viewtopic.php?f=30&t=9583&hilit=wide+open+databases

Levi · November 28, 2009

Evernote, you are doing fine with protecting my data. I figure it is up to me to decide what level of risk I can live with regarding use of "the cloud" to store my data.

What I would like in Evernote regarding ?security? is the ability to hide the text of a note so that the guy in the next cubicle can't read the text of a personal note while I am showing him the text of a business related note.

That is sort of there with "Encrypt Selected Text" but that functionality is not convenient for a note that is frequently updated: Create note >> Protect note and enter password twice. To edit the note I must remove protection (enter password) then edit, then enter password twice again to protect it again.

Could that process be made simpler? Easier editing of protected notes?

BurgersNFries · November 28, 2009

What I would like in Evernote regarding ?security? is the ability to hide the text of a note so that the guy in the next cubicle can't read the text of a personal note while I am showing him the text of a business related note.

Or...you could simply open the note you want to show him full screen, before you have him look at your screen. NBD.

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing

Recommended Posts

Kurt Cubic 0

Link to comment

engberg 89

Link to comment

whiteks 0

Link to comment

Arbitrary 0

Link to comment

engberg 89

Link to comment

engberg 89

Link to comment

Kurt Cubic 0

Link to comment

crane 40

Link to comment

bpm32 2

Link to comment

engberg 89

Link to comment

BurgersNFries 2,407

Link to comment

BurgersNFries 2,407

Link to comment

bpm32 2

Link to comment

engberg 89

Link to comment

csablan 2

Link to comment

geechorama 1

Link to comment

CentralAla 17

Link to comment

themoules 3

Link to comment

MrT 1

Link to comment

CentralAla 17

Link to comment

MrT 1

Link to comment

engberg 89

Link to comment

stuartleitch 0

Link to comment

ruudhein 29

Link to comment

BurgersNFries 2,407

Link to comment

jbenson2 2,147

Link to comment

BurgersNFries 2,407

Link to comment

BurgersNFries 2,407

Link to comment

jbenson2 2,147

Link to comment

BurgersNFries 2,407

Link to comment

jbenson2 2,147

Link to comment

BurgersNFries 2,407

Link to comment

engberg 89

Link to comment

stuartleitch 0

Link to comment

engberg 89

Link to comment

stuartleitch 0

Link to comment

engberg 89

Link to comment

dan7000 26

Link to comment

shimra 14

Link to comment