KAGoldberg11 2 Posted November 21, 2016 Share Posted November 21, 2016 How secure are the notes stored in Evernote? Is there a way to make sure the files stored in the Evernote directory structure on the local hard drive are encrypted? If I store company documents, including peoples SSNs, and personally identifiable information, how secure are they? When a notebook is shared with another Evernote user, does the data pass back and forth as SSH? Thanks Link to comment
Level 5 jbenson2 2,147 Posted November 21, 2016 Level 5 Share Posted November 21, 2016 Here is some Evernote information that might be helpful. Evernote’s Three Laws of Data Protection http://blog.evernote.com/blog/2014/06/03/evernotes-three-laws-data-protection-update/ and Security overviewhttps://evernote.com/security/ and A Digest of Evernote’s Architecturehttp://blog.evernote.com/tech/2011/05/17/architectural-digest/ and Privacy Policyhttps://evernote.com/legal/privacy.php and Cookie Informationhttps://evernote.com/legal/cookies.php and Evernote Business Security (edit: link no longer works)http://evernote.com/business/features/security-and-privacy/ Link to comment
KAGoldberg11 2 Posted November 21, 2016 Author Share Posted November 21, 2016 Thank you. The last link doesn't take me to a relevant page, although I'm interested to read up on that topic! Link to comment
Level 5 jbenson2 2,147 Posted November 21, 2016 Level 5 Share Posted November 21, 2016 9 minutes ago, KAGoldberg11 said: Thank you. The last link doesn't take me to a relevant page, although I'm interested to read up on that topic! You're right. I wonder where it went. Here is a link to the information I captured before it was moved. http://www.evernote.com/l/AAKZ8BZn5aNEOo3uNdpN5qR4v35atC_yuGY/ I wish the CTO Dave Engberg stayed at Evernote. He was a wealth of information. And, in my opinion, much more open on these subjects than the current Evernote employees. Evernote is moving their database to Google at the end of this year which might negate a lot of the information in my links. Link to comment
Level 5* DTLow 5,736 Posted November 21, 2016 Level 5* Share Posted November 21, 2016 23 hours ago, KAGoldberg11 said: Is there a way to make sure the files stored in the Evernote directory structure on the local hard drive are encrypted? On my Mac, the data is stored in extremely visible format, the notes are in individual folders, and the note contents are easily viewable as html files; not encrypted. This is in my user home directory so there is a level of protection there. For sensitive information, I encrypt my data; encrypted pdfs, and Evernote has a built in encryption feature. Link to comment
KAGoldberg11 2 Posted November 21, 2016 Author Share Posted November 21, 2016 Thank you. So, I think to keep the files encrypted on my local drive, I'd have to turn on FileValue on my computer, or use an encrypted disk image (more cumbersome!) I'm intrigued by your comment "Evernote has a built-in encryption feature." Could you point me to where I could learn more about that. Is it a premium feature, or a selectable option? Link to comment
Level 5* DTLow 5,736 Posted November 21, 2016 Level 5* Share Posted November 21, 2016 6 minutes ago, KAGoldberg11 said: I'm intrigued by your comment "Evernote has a built-in encryption feature." Could you point me to where I could learn more about that. Is it a premium feature, or a selectable option? On my Mac, I just select text and right click It's documented here https://evernote.com/security/ Encrypted Text Within a Note If you are using an Evernote desktop client, such as Windows Desktop and Evernote for Mac, you can encrypt any text inside a note to add an extra level of protection to private information. Evernote uses AES (Advanced Encryption Standard) with a 128-bit key to encrypt text you select. When you encrypt text, we prompt you for a passphrase. We take your passphrase along with a unique salt and use PBKDF2 with 50,000 rounds of SHA-256 to derive a 128-bit AES key. We use this key, along with an initialization vector, to encrypt your data in CBC (Cipher Block Chaining) mode. We never receive a copy of this key or your passphrase and don’t use any escrow mechanism to recover your encrypted data. This means that if you forget your passphrase, we cannot recover your data. Link to comment
Level 5* jefito 5,589 Posted November 21, 2016 Level 5* Share Posted November 21, 2016 48 minutes ago, jbenson2 said: I wish the CTO Dave Engberg stayed at Evernote. He was a wealth of information. Sure was, but unfortunately his activity in the forums dropped off considerably in his last few years. He did write a fair number of Evernote blog entries also. Fortunately, pretty much all of @KAGoldberg11's questions can be answered by forum users like us and via publicly available information. With respect to the question of shared notebooks, that's covered by the 3 Laws page: "Communications between Evernote clients and servers (and between our various data centers) are all encrypted.". Since a shared notebook is synced through the Evernote servers, like any other notebook, it follows that those are encrypted over the wires. The data does not go directly between the users. It's pretty well known that Evernote data is not encrypted on user devices, unless you take special steps to encrypt it yourself (encrypted text in notes, encrypting the data using a third-party or OS facility, etc.). Link to comment
KAGoldberg11 2 Posted November 21, 2016 Author Share Posted November 21, 2016 Thanks to all for the very good information and timely responses. I didn't know about encrypting text in-line. That's a nice feature. I appreciate the help! Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.