(Archived) Free version - per Evernote - no SSL encryption?

[jbenson2 2,147]

Hmm, after cancelling my Premium service, I noticed Evernote's retention attempt that indicated SSL encryption is only available to Premium users.

Perhaps it is just a typo, or perhaps something a bit more devious to retain departing Premium users.

Screen grab from today:
http://www.evernote.com/shard/s2/sh/555fbe1c-84e3-4e46-a98d-8c3177aa77ca/1c0593547b87ab1c1b46a3758321d770
 

[Metrodon 2,184]

I'm pretty sure that they have been all SSL for sometime now. 

 

Their documentation for most things is still pretty dreadful, looks like you've found another error.

 

What you going to use instead JB?

[gazumped 11,652]

Interesting - like Metrodon I thought everyone enjoyed the SSL connection.  Rather begs the question of what's happening on 2FA and other added security issues..

[GrumpyMonkey 4,319]

In Podcast #26 they said SSL for everyone. This looks like a documentation problem, and if you read my posts on this forum, you know how woefully inadequate I think the documentation is, so I am not surprised.

 

Why cancel your Premium subscription?

[BurgersNFries 2,407]

I'm pretty sure that they have been all SSL for sometime now.

Yup. Since at least early 2011.

http://discussion.evernote.com/topic/13393-firesheep/?p=76780

http://discussion.evernote.com/topic/13393-firesheep/?p=76942

[jbenson2 2,147]

I'm pretty sure that they have been all SSL for sometime now. 

 

Their documentation for most things is still pretty dreadful, looks like you've found another error.

 

What you going to use instead JB?

 

 

Metrodon,

I completely agree with you. Everything I have seen on the forum indicates the free user gets SSL also.

In my opinion, either Evernote let this cancellation suggestion slip through the cracks, or they are trying to trick the users from cancelling.

 

Alternate use? Still evaluating - I'll continue to maintain the free version. There are lot of competitors who have hit the market recently. Each has their own weakness.

[jbenson2 2,147]

In Podcast #26 they said SSL for everyone. This looks like a documentation problem, and if you read my posts on this forum, you know how woefully inadequate I think the documentation is, so I am not surprised.

 

Why cancel your Premium subscription?

Thanks Grumpy.

Podcast #26 was created over a year ago. One would think they would clean up their own web comments a bit faster. Unless they decided not to make the change to their Premium user retention page on purpose.

 

 

Why cancel?

I considered my annual Premium payments to be a way of saying "Way to go, guys".

I no longer have that belief.

 

 

My specific reasons for cancelling:

http://www.evernote.com/shard/s2/sh/7fca5d8a-acb7-49a0-9601-b1da5a55990e/d820ef1cf4576e6047a94b9f4e03fea4

[heather 604]

John, thanks for elaborating on your reasons for canceling your membership.

 

I do want to comment on a few of them.

 

First:

 

As a longtime member, you are well aware that it takes time to develop features *properly*. We are simply unable to roll out something overnight and have it be *good*, much less *great*. Due Dates are one of those things, and yes, it has taken us 3 years, but if you want to look around the boards *right now*, you might actually notice something surprising about that.

 

As for enhanced Security, we have been working on that for quite some time as well. It is unfortunate that our changes were not yet available in March, but it would be foolish to release unfinished code, especially in that arena.

 

Yes, there are people who didn't like the changes we made to Evernote for Mac and Skitch 2.0. 5 years ago, we had users who had a similar reaction to the direction we took with Evernote 3. If we didn't take risks as a company we wouldn't be able to grow.

 

The Windows 2732 error is a bug in one particular version of the client. It has been *fixed*. It doesn't exist anymore in the current versions. The reason its still showing up is because there are people who haven't upgraded past the version that has it.

 

We just completed a 6 month overhaul project of our Knowledgebase 2 weeks ago. We redesigned it from the ground up, including searching, and put in new content and pruned out the old. 

 

And as for our support on your recent case, I have reported the Level 1 team that assisted you to their manager so that they can be reviewed. I see that the Level 2 rep that assisted you sent all the information to the development team.

 

Your criticism of us as a company who are in over are heads is your own personal opinion based on what little you do see. It is what you *don't* see that disproves that.

[jbenson2 2,147]

Heather,

 

I do appreciate you taking the time to add your comments to support the Evernote-side.

 

From the user-side, and as a long time Evernote supporter who has dealt with these issues on a daily basis, I disagree with most of your rebuttals. I have a lot of personal and important data in Evernote. I have not upgraded since February due to the Windows 2732 error which as you pointed out still affects users with Windows 64-Bit systems (who have not upgraded). Support told me to just go ahead and upgrade, but I don't want to resort to the suggested registry hacks and 3rd party uninstallers previously mentioned.

 

I stand by my comments. Those issues, most of them quite recent, remain the reason why I cancelled my subscription with Evernote.

 

We will have to agree to disagree.

[heather 604]

Just curious, but have you tried running the .msi file in your temp directory to get past your 2732 error? (Without a registry edit needed) Some people said that worked for them.

 

Without upgrading, you really will never see Due Dates appear, so its kind of a self-fulfilling prophecy.

[jbenson2 2,147]

 Without upgrading, you really will never see Due Dates appear, so its kind of a self-fulfilling prophecy.

 

Good one!

Heather, you are very persuasive.  Thank you

[JMichaelTX 4,117]

John, thanks for elaborating on your reasons for canceling your membership.

 

I do want to comment on a few of them.

 

Heather, neither you nor anyone from Evernote has responded to the main question of this thread:  Does the EN Free version include SSL encryption?  Is the Free Version any less secure than the Premium version?

 

If it does, how do you explain the web page displayed when the user cancels Premium service?

[heather 604]

Ahh, thought that was answered above pretty clearly by Metrodon, GM and B&F.

 

Yes, all users have SSL. This was a typo within the code of the web service (where the website is basically a bunch of pages, the "service" is a program in its own right and not as easy to change). It's being corrected.

[JMichaelTX 4,117]

Ahh, thought that was answered above pretty clearly by Metrodon, GM and B&F.

 

Yes, all users have SSL. This was a typo within the code of the web service (where the website is basically a bunch of pages, the "service" is a program in its own right and not as easy to change). It's being corrected.

 

Regardless of the clarity, none of those people are Evernote employees, and cannot know for sure what Evernote does.

When the official web page contradicts what someone "thinks" most people tend to believe the official web page.

 

I fully understand the difference between static web pages and web services that feed web pages.  If you have designed your web site to embed text within the web service program, then I would suggest you have a bad design.  Most modern web sites that are dynamic allow the text to be easily and quickly changed by authorized personnel (not programmers).  The Web Service simply delivers the text, it is NOT hard coded into the program.

 

In any case, it suggests very poor QC on the part of Evernote.

 

You announced the change (that Free accounts are also provided with SSL) well over a year ago in Podcast #26.  One would think that within a year you could get your web site updated.

[heather 604]

This is a user forum, and users (quite knowledgable ones) reply to other users on it. Evernote employees do not respond to every post, especially not ones that have already been answered. We do read them, however and file bug reports, etc.

 

Evernote Employees are fallible. We make mistakes. There are bugs and users point them out and we fix them. 

[chris233 0]

SSL protocol secures only the data transmission. It does not mean the content is stored that way. The only option to protect sensible data is via "encrypt selected text" in the desktop application, which is not very practical. What we need is an optional full AES encryption of whole notebooks. I'm sure people would pay for it

[GrumpyMonkey 4,319]

SSL protocol secures only the data transmission. It does not mean the content is stored that way. The only option to protect sensible data is via "encrypt selected text" in the desktop application

Hi. This thread is just about SSL. To clarify: Evernote does not encrypt the data it stores, and they do not encrypt it on your desktop.

Fortunately, you have a lot of security options:

(1) If you password protect your computer and encrypt your hard drive, then that may be sufficient for safeguarding your sensitive information.

(2) The next step might be to encrypt selected text, so that the data on Evernote's servers is encrypted as well, but I think even Evernote would agree that the encryption algorithm is outdated and pretty weak.

(3) The most secure step would be to keep the sensitive notes in a local notebook (only on your drive), and in combination with a password protected computer with an encrypted hard drive, this is a pretty secure solution.

If you search the forums, you will find a lot of discussions about all three options.