Level 5* s2sailor 2,440 Posted December 19, 2016 Level 5* Share Posted December 19, 2016 4 hours ago, jefito said: But I'll be happy to amend if provided a clear reference that what I said isn't true. This blog post mentions encryption at rest. To clarify, this is an improvement over what we had before the migration to Google's service, which was no encryption at rest, but Evernote and/or Google are holding the encryption keys. What has been requested in this forum is for zero knowledge, client side, encryption where only we have knowledge of the keys and not EN or Google. Link to comment
Errantflyer 0 Posted December 19, 2016 Share Posted December 19, 2016 Congrats on your association with Google. You can either be a subscription service or a data mining service. In the rush to monetize Evernote do not make the mistake of trying to do both. Evernote now has the potential to integrate calendars and all the other Google functionality into a new era of data management. Don't let corporate greed sidetrack you! Provide a secure and seamless data manager and we will pay for the service. Attempting to data mine us will drive us away... Link to comment
MRJ 16 Posted December 19, 2016 Share Posted December 19, 2016 3 hours ago, GrumpyMonkey said: actually, i believe our content is now stored ENCRYPTED on GOOGLE'S SERVERS. Evernote's servers were retired. Of course, Google and Evernote hold the encryption keys, so that is a security measure to keep out unauthorized access by non-employees. Well that Mini FAQ looked so authoritative and official. But was it wrong? I am now confused about the level of encryption used at Evernote. Link to comment
Level 5* DTLow 5,744 Posted December 19, 2016 Level 5* Share Posted December 19, 2016 16 minutes ago, MRJ said: I am now confused about the level of encryption used at Evernote. The encryption-at-rest isn't the client-side encryption being demanded in this discussion Currently, Evernote only offers encryption for selected text (desktop platforms) For full note encryption, you need to use third party products - I use pdf format, encrypted on my Mac Link to comment
Level 5* jefito 5,598 Posted December 19, 2016 Level 5* Share Posted December 19, 2016 27 minutes ago, MRJ said: Well that Mini FAQ looked so authoritative and official. But was it wrong? I am now confused about the level of encryption used at Evernote. I am not an official Evernote representative, just an Evernote user like you. The Mini FAQ was meant to be a summary of sorts as to where we are with the privacy situation, plus some tips as to keeping on topic here. It isn't pretending to be definitive, just the view from my chair, and if anyone has more definitive information, I'll gladly add it. Link to comment
Level 5* jefito 5,598 Posted December 19, 2016 Level 5* Share Posted December 19, 2016 3 hours ago, Sasha vonAgra said: Ya, EN - I'm not sure what you were thinking. Do you think we use EN to store our grocery lists and need machine learning to predict when I'll need more eggs? I use EN to store my multi-million dollar-making ideas, of course I don't want anyone snooping around all that $$$!!! So don't opt in. Link to comment
Level 5* DTLow 5,744 Posted December 19, 2016 Level 5* Share Posted December 19, 2016 4 hours ago, Sasha vonAgra said: Do you think we use EN to store our grocery lists and need machine learning to predict when I'll need more eggs? I use EN to store my multi-million dollar-making ideas, of course I don't want anyone snooping around all that $$$!!! Not to mention my top secret plans to take over the world So, you probably won't be participating in the ML program That's valid - it wasn't intended for every user; hense the opt in/out option I'd also encourage everyone to encrypt your private data if you're uploading to the cloud Link to comment
Level 5* gustavgi 311 Posted December 19, 2016 Level 5* Share Posted December 19, 2016 19 hours ago, Malakay said: If a government requests acces to my notes, you should exhaust every reasonable measure to prevent this. Only after you have done this may you grant access. You may not read my notes because you suspect a violation of Terms of Service. If you suspect I am violating the Terms of Service, then disable my account. If you want, send me a dump of the data in encrypted format, and close my account. You have this freedom. Again, I never want anyone reading my notes unless I have given them explicit permission. This includes Evernote employees, or employees of organizations you collaborate with. Just because Evernote are open and transparent about the fact that your privacy has some theoretical limitations, it should in no way be interpreted as Evernote not fighting for you and your integrity when it all comes down... Also, a company which hosts a customers data in the cloud can't disable an account just because they suspect a violation of terms. Not being able to access one's data in the cloud could mean a huge financial loss for a customers business etc. and thus a huge liability for Evernote if the don't have solid reasons to disable the account. And there would be no solid reasons if they don't have access to the data. In comparison, just looking at a users data rarely means any measurable damage. And the user will also never have a case if the user never notices that their data has been accessed. Everyone in here are therefore very naive to think that services which doesn't have this type of transparent privacy policy limitations would never access customers data. Pretty much the only consequence of people suddenly finding out that Apple have secretly accessed customer data for years, would be the bad press that would follow... Link to comment
eric99 1,081 Posted December 19, 2016 Share Posted December 19, 2016 https://blog.evernote.com/blog/2016/12/19/evernotes-action-plan-privacy/ Link to comment
JohnLongney 83 Posted December 19, 2016 Share Posted December 19, 2016 Following his statement I'd say on thing I am confident is that Mr. Chris O'Neill either grasped the situation himself or was very quickly made aware of.his team's false judgement. Either the 'product' changes to what customers expect in more than one way or the 'product' will not be 'bought' again. In the spirit of hopefully wise recognition that the trusting users, aka sheep, are usually eager enough just to graze peacefully by themselves, but once one or two spot a wolf lurking around they bond together and at least try and make their points. Link to comment
Level 5* gazumped 12,064 Posted December 20, 2016 Level 5* Share Posted December 20, 2016 Since Evernote reversed their initial decision and made the new features an 'opt in' choice, the position on privacy remains exactly what you signed up for when you first joined the service. A number of people have said on social media and here that they're now sticking with Evernote - because, for the moment at least, it still delivers a unique mix of features. Link to comment
Ex_User 10 Posted December 20, 2016 Share Posted December 20, 2016 I don't think that people are staying with Evernote after all these ... stunts. I'm pretty sure that many users including long-term ones are leaving because "If you had once lost the trust of your people, you will lose their respect forever". Link to comment
Level 5* gazumped 12,064 Posted December 20, 2016 Level 5* Share Posted December 20, 2016 11 hours ago, Ex_User said: I'm pretty sure that many users including long-term ones are leaving If you check the responses, the complainants were dropping out - presumably having closed their accounts - and the 'remainers' are still posting. There's more support out there than not. The latest blog item should have rescued some that were on the fence... https://blog.evernote.com/blog/2016/12/19/evernotes-action-plan-privacy/ ...and might bring back some who have looked at the competition and can't see anything more effective out there for their use case. Have to say I'm impressed with the CEO's damage control - he's really taking charge. Link to comment
Level 5* DTLow 5,744 Posted December 20, 2016 Level 5* Share Posted December 20, 2016 11 minutes ago, gazumped said: the complainants were dropping out - presumably having closed their accounts - and the 'remainers' are still posting For example @Ex_User How can we miss you when you won't go Link to comment
eric99 1,081 Posted December 20, 2016 Share Posted December 20, 2016 21 minutes ago, gazumped said: If you check the responses, the complainants were dropping out - presumably having closed their accounts - and the 'remainers' are still posting. There's more support out there than not. The latest blog item should have rescued some that were on the fence... https://blog.evernote.com/blog/2016/12/19/evernotes-action-plan-privacy/ ...and might bring back some who have looked at the competition and can't see anything more effective out there for their use case. Have to say I'm impressed with the CEO's damage control - he's really taking charge. Especially this statement is very promising: "...I’ve asked Josh Zerkel, our Director of Community, to establish a new Evernote Customer and Community Advisory Board that will meet quarterly. This group will provide a systematic way to inject customer feedback into major decisions. The first of these panels will meet in February in San Francisco. If you would like to be part of the discussion, contact us at community@evernote.com. ..." Link to comment
Level 5* DTLow 5,744 Posted December 20, 2016 Level 5* Share Posted December 20, 2016 21 hours ago, Errantflyer said: Congrats on your association with Google. You can either be a subscription service or a data mining service. That FUD has already been discussed in another topic Yes, Evernote is using the server services of Google Cloud There's no connection with data mining Link to comment
raindancer 2 Posted December 20, 2016 Share Posted December 20, 2016 Evernote team, I just wanted to say "thank you" for listening to what appears to be a lot of people's concerns, my own included. When you sent out that notice about the changes in data privacy I was worried - I manage my business and in fact, my personal life with Evernote, your simple data laws and promises of keeping our information secure and private had made me a longtime paying customer and the change had me concerned. Your listening and reversal on the changes you were proposing mean a lot to me and your loyal fans and customers. I can certainly respect you wanting to keep evolving the product - and appreciate that you will do this in a way that keeps us secure and private. Thank you for listening to us. Link to comment
Level 5* DTLow 5,744 Posted December 20, 2016 Level 5* Share Posted December 20, 2016 34 minutes ago, raindancer said: When you sent out that notice about the changes in data privacy I was worried Personally, my take on reading the notice was - If I was concerned about my privacy, I needed to opt-out of the ML program Minor annoyance; the default should have been opt-out (they fixed that) No worries; No panic; No Alarms I wasn't concerned because my private data was already secured with encryption Link to comment
JBRA 0 Posted December 20, 2016 Share Posted December 20, 2016 Hi, As a foreign (french), free basic user for 6 years, I have little to say since I did not bring any cash to EN. My main feeling was about trust and untrust. I thought about this for 2 days, sought for other solutions accurate to my needs. I finally closed my account yesterday. Link to comment
Byter_1 23 Posted December 20, 2016 Share Posted December 20, 2016 5 hours ago, gazumped said: The latest blog item should have rescued some that were on the fence... https://blog.evernote.com/blog/2016/12/19/evernotes-action-plan-privacy/ ...and might bring back some who have looked at the competition and can't see anything more effective out there for their use case. Have to say I'm impressed with the CEO's damage control - he's really taking charge. I resemble this remark : ^). Also checked competitors privacy policy. This is good as it gets for a notes program that does what I need. Link to comment
LizzieX 0 Posted December 22, 2016 Share Posted December 22, 2016 I am very glad to hear that you are not implementing this change. I have paid for a Premium Account since you began offering it specifically because I want the reliability and the security and privacy Evernote offers. The minute I heard about the change, I was planning to bail on Evernote. I'm glad to hear that you have rethought the policy. Link to comment
The Settler 0 Posted December 23, 2016 Share Posted December 23, 2016 You guys are smart People... Business Intent is all about considering all the voices of your key stakeholder and understand where the capabilities of your company and products should be ... You are wise to listed to your key stakeholders.... There are so many more improvements you can make to make your product even more awesome by listening. Thanks for taking your stakeholders concerns on board. Love and Happiness from a loyal customer. xox Stefan Link to comment
ExNihilo 26 Posted December 23, 2016 Share Posted December 23, 2016 Privacy aside, there is no comparable service that delivers the flexibility of Evernote. I use OneNote occasionally and was surprised to see that when you clip web selections it does so as a screenprint... no text, no graphic elements, uneditable... just a picture. OneNote wins on organizational capability, but for data collection and retrieval Evernote comes out on top for me. So then, I have to grapple with usability versus privacy (and that's not to say OneNote et.al. offers a better privacy). I'd be content with individual Notebook encryption where I manage the encryption key for the relatively few "sensitive" areas I manage, That should be easy to do, and while I'd give up web access/search for encrypted notebooks, I think that's acceptable if I can locally mount (decrypt) and search encrypted notebooks. Link to comment
Level 5* DTLow 5,744 Posted December 23, 2016 Level 5* Share Posted December 23, 2016 On 2016-12-19 at 2:48 PM, JohnLongney said: In the spirit of hopefully wise recognition that the trusting users, aka sheep, are usually eager enough just to graze peacefully by themselves, but once one or two spot a wolf lurking around they bond together and at least try and make their points. Sheep are usually satisfied to graze peacefully in the herd But then something sets them off, rarely a wolf or danger, just something like a noise or a bird flying by Then the herd will run themselfs ragged - comments like; its a disaster, bombs going off, tipping point - then the news agency start writing FUD, and the sheep run harder Finally, the sheep slow down, and then graze peacefully But then something sets them off ... ----------------------------------------------------------- I'd like to call myself a wolf, but I'm just one of the sheep However, I'm the one saying, Hold on everyone, Is there really a reason for running I'll probably end up eaten by a wolf I am a long time Mac user (even during the periods when they said Apple was doomed) and a long time Evernote user (even during the periods when they said Evernote was doomed) Link to comment
MRJ 16 Posted December 23, 2016 Share Posted December 23, 2016 What *are* you talking about. (answer not required or desired) Link to comment
JohnLongney 83 Posted December 23, 2016 Share Posted December 23, 2016 @DTLow2 I fully respect and value your loyalty and trust, because in day-to-day life both do help to make us (humans) to go through our lives in a way which cannot be valued highly enough. Both provide the ingredients which all (at least the majority) of us need. I knew and used Microsoft OS and Microsoft software since I first had contact with a personal computer and before that it had been IBM mainframes. Mac's did not come into consideration at work because Apple did not support and offer software that was necessary for the business. In other words, in my earlier electronic data processing years, the trust and hope in the MS world was as far as my horizon went. That company certainly helped my sorts in their daily lives to a degree which only those who knew the days before can really appreciate. Over time, my awe for programmers and hardware engineers went down at a very slow pace. My trust in companies went down quicker because it became apparent that the basic laws for making a company rich, very rich, in the end immorally rich, meant that the customer rarely got the very best product , usually only what was either somewhat better or cheaper or at worst when there was no real choice (monopoly). I had also been working for a company whose greed for profit grew over time, first very moderately but as time went by there seemed to be no limits. They (it still say 'we') had products in the range which made them world-leaders in a specialist field. The greedy side showed itself with staff reductions, income cuts for most, but a lot more money awarded to so-called chairmen. Personal service/assistance to customers was also cut down to the minimum, this in consequence making the lives of a lot a number of contacts in other companies very difficult. My former employer was not a start-up company but with history from just before WW2. When, so to speak, the last of the founder family had gone and managers took over leadership the changes set in. Expansion and increasing more profits was the target. How does this relate to Evernote? Well, it does in as much as the words/messages/statements by those company chairmen over time became more and more wishy-washy as I still view the latest statement of withdrawal from notes being evaluated personally by staff. Standards of electronic data protection are nothing new. As such, though EN started off differently, its evolution into a genuinely unique application with world-wide usage meant more than just providing faster, bigger servers but keeping up with data protection standards. Numerous requests for improvement of the actual note-taking app , so it seems to me, were often ignored or got a 'maybe, some time later' response. Ignorant, monopolist behaviour paired with the now obvious intent to expand business, making more money. Because of neglect to long-standing customer wishes, at the same time delving into spheres where professionals would have made themselves thoroughly acquainted with the risks prior to talking about it publicly and implementing it to the extent that practical tests were on the schedule, I do not put an ounce of trust into the capabilities of such managers. I do not question the individuals as such, but all practical experience taught me to forestall damage to my personal interests than to suffer damage. Btw: I am totally disillusioned with MS products. Loyalty only goes so far. Link to comment
Level 5* DTLow 5,744 Posted December 23, 2016 Level 5* Share Posted December 23, 2016 On 2016-12-23 at 0:58 PM, JohnLongney said: I knew and used Microsoft OS and Microsoft software since I first had contact with a personal computer and before that it had been IBM mainframes. Mac's did not come into consideration at work because Apple did not support and offer software that was necessary for the business. That was always my situation too. IBM and Microsoft at work But I was always looking at Apple. Then my daughter got artsy in college and only a Mac would do, and by then Apple was converting to intel chips and becoming more mainstream >>I fully respect and value your loyalty and trust I should point out that I maintain backups, encrypt my personal data, and I've had an exit strategy since day 1 I've gone through too many software/services to be emotional about any product When Evernote no longer serves my needs I will move on with no regrets or looking back Link to comment
GlitterBard 0 Posted December 24, 2016 Share Posted December 24, 2016 Some people use Evernote for their work. I myself am concerned about employee access (current and future) as I am a writer. When I am unable to access my computer or do not have pen and paper at my access, I put ideas or pages of writing (as sudden inspiration can strike anywhere) into my Evernote account. This is a concern as all works of a writer that are in their infancy stages are clearly not yet able to be copyrighted nor trademarked for the author's protection and therefore, in this situation with Evernote, this is putting the integrity of the article/piece/book at risk, as well as it is leaving the author a possible subject to someone trying to claim the author's work as their own (be it an employee of Evernote or anyone that they may recant the author's work to or make it visible to). This being the case, authors such as myself are concerned with how we are able to protect our precious work as Evernote users. Merely stating that "...no employees will be reading note content as part of this process unless users opt in" is insufficient. What security and preventative measures is Evernote currently enforcing to ensure that this is not an issue among the Evernote staff? What security and preventative measures will Evernote enforce in the future to ensure that this will not be an issue among the Evernote staff in the future? Yes, most companies do their best to hire honest and moral staff members that will uphold the integrity of the company that they work for, but realistically there have been companies that end up in the news reports and have legal actions taken against them for the immoral and/or illegal actions of their employee(s). This being the case, it would be nice to know what Evernote is currently doing in regards to this and what Evernote's future plans are. Perhaps, Evernote should offer encryption and decryption of the users notes (be it based on an opt-in option, as certainly many Evernote users will not care if employees have access to their grocery lists or to do lists). This would afford many users the opportunity to help further protect the notes they have in their Evernote accounts and provide them with a high level of confidence and trust in Evernote, and in the wake of the current privacy concerns, this would serve to restore the users faith in Evernote truly doing everything possible to ensure the highest level of privacy for the Evernote users. Link to comment
Level 5* EdH 1,670 Posted December 24, 2016 Level 5* Share Posted December 24, 2016 On 12/23/2016 at 8:11 AM, ExNihilo said: Privacy aside, there is no comparable service that delivers the flexibility of Evernote. I use OneNote occasionally and was surprised to see that when you clip web selections it does so as a screenprint... no text, no graphic elements, uneditable... just a picture. OneNote wins on organizational capability, There are a lot of other OneNote shortcomings. By winning on org capability, how so? Between notebooks and tags, I am pretty organized in EN, and I cannot do tags in onenote, which is infuriating. Link to comment
Level 5* jefito 5,598 Posted December 24, 2016 Level 5* Share Posted December 24, 2016 4 hours ago, EdH said: There are a lot of other OneNote shortcomings. By winning on org capability, how so? Between notebooks and tags, I am pretty organized in EN, and I cannot do tags in onenote, which is infuriating. I think it's horses for courses; no such thing as an absolute winner. Some people prefer tags, some, subnotebooks, and some want it all. I am a member of the first group, so Evernote "wins" for me (OneNote tagging is kinda feeble). Also, I was definitely disappointed with the OneNote Evernote import process, which made hamburger out of my fine Evernote steak. Link to comment
Jean2 0 Posted December 25, 2016 Share Posted December 25, 2016 I've been a paying Evernote user since your early years. I stopped by to look for tech support and chanced upon the Privacy Policy announcement. I am relieved that Evernote will take our data security seriously. Next to Apple (more safe than a Safety Deposit box in the bank), I trusted Evernote next-in-line with my data and would have been very disturbed to learn if there are any developments otherwise. Thank you. Link to comment
DAC78 0 Posted December 26, 2016 Share Posted December 26, 2016 Why not do a promotion where by opting into this information sharing "program" those participants get a free upgrade in service? It would be a win/win proposition. Wouldn't have to be permanent but should be worthwhile. Link to comment
MRJ 16 Posted December 27, 2016 Share Posted December 27, 2016 19 hours ago, DAC78 said: Why not do a promotion where by opting into this information sharing "program" those participants get a free upgrade in service? It would be a win/win proposition. Wouldn't have to be permanent but should be worthwhile. Because they're broke and need the money. And, like many "improvements" they've made in the past, this could turn out to be another that doesn't result in new customers and more income. Link to comment
Level 5* DTLow 5,744 Posted December 27, 2016 Level 5* Share Posted December 27, 2016 12 minutes ago, MRJ said: Because they're broke and need the money. Can you provide the source for this information? Link to comment
Level 5 Dave-in-Decatur 4,006 Posted December 27, 2016 Level 5 Share Posted December 27, 2016 On 12/17/2016 at 10:44 AM, Dave-in-Decatur said: A bit late to this party, but having posted a bit on the previous thread, I just want to say that I appreciate Evernote doing the right thing--without, I should point out, having yet done the wrong thing, only announced that they were going to start doing it in January. As corporate apologies, retractions, and resets go, this is actually pretty impressive. It also demonstrates that they do pay some attention to what we say here. So, glad I didn't panic and leave; I didn't even get around to opting out yet. Speaking of which, I notice that when I look at my Personal Settings, the option "Improved Experience: Allow Evernote to use my data to improve my experience" is still there, and with the checkbox still checked. Should be gone, eh? or at least unchecked by default (= opt in)? What's up with that? UPDATE: The "Improved Experience" box is now gone; it may have disappeared soon after I wrote the above, but I haven't checked since before Christmas. Link to comment
txscott 8 Posted December 30, 2016 Share Posted December 30, 2016 Evernote would rule the note world with one feature: encryption in transit and at rest. Nobody wants anybody in their notes for any reasons. Not to give you suggestions for other things you might like, not for anything. The encryption key needs to be on my local machine, searches need to be done there (you don't need to know what I'm searching for). You should sell integrated software and storage, not social ***** nobody wants, not collaboration, just notes I can count on to be my notes and only my notes. Link to comment
Level 5* DTLow 5,744 Posted December 30, 2016 Level 5* Share Posted December 30, 2016 12 hours ago, txscott said: Evernote would rule the note world with one feature: encryption in transit and at rest. I don't know about in transit, but I know Evernote has just implemented encryption at rest edited: Evernote uses encryption in transit - see https://evernote.com/security/ Client side notebook encryption is a feature request - you could add your vote here I'd want it to be optional - I'm not willing to pass on the server side features - I don't want to be locked into Evernote because of encrypted data For the data I want secure, I'm already encrypting my data Link to comment
Level 5* jefito 5,598 Posted December 30, 2016 Level 5* Share Posted December 30, 2016 11 hours ago, txscott said: Evernote would rule the note world with one feature: encryption in transit and at rest. As far as I understand it, Evernote already has both of these, assuming that 'at rest' doesn't include times when the service is accessing your notes for indexing purposes. What it doesn't have is more advanced encryption facilities, like encrypt a whole note or a whole notebook. Link to comment
JSG 0 Posted January 1, 2017 Share Posted January 1, 2017 Thanks for revisiting your policy. It was a serious mistake, and I would certainly have cancelled my subscription and -- with great regret -- ceased using Evernote if you hadn't changed your minds. However, I am still rather concerned (forgive me if this has been raised elsewhere in the discussion -- I've not read all 10 pages) at the implications of Evernote employees do not and will not read your notes without your express permission. What measures, if any, do you have in place to protect my data if I don't give express permission for your employees to access it? Or are they simply expected to comply with the company's policy? Link to comment
Cheryl 2017 0 Posted January 2, 2017 Share Posted January 2, 2017 I have been an Evernote user since 2009 and a premium user until just recently. I'm pleased to see that Evernote has decided to make customer privacy a priority. Over the past year or so, you guys have drastically increased your service fees while making plans to intrude on customer privacy. Those two actions, combined, raised my concern to the point that I decided to deactivate my account. In fact, that's why I came to the site today. I will consider not deactivating the account, but honestly, I am a bit apprehensive about continuing my relationship with Evernote. Having strayed so far from what I perceived to be your vision - an affordable, private note taking service. I'm just not sure if I continue to fit within your customer profile. Link to comment
Level 5* gazumped 12,064 Posted January 2, 2017 Level 5* Share Posted January 2, 2017 Hi. This is a user forum although Evernote staff do lean in from time to time with updates and feedback. If you're looking for a direct dialogue with the company I'd recommend you contact support directly if you can, or message them on Twitter Any answers you get here will be user opinions... Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 On 1/2/2017 at 8:45 AM, JSG said: Thanks for revisiting your policy. It was a serious mistake, and I would certainly have cancelled my subscription and -- with great regret -- ceased using Evernote if you hadn't changed your minds. However, I am still rather concerned (forgive me if this has been raised elsewhere in the discussion -- I've not read all 10 pages) at the implications of Evernote employees do not and will not read your notes without your express permission. What measures, if any, do you have in place to protect my data if I don't give express permission for your employees to access it? Or are they simply expected to comply with the company's policy? This is a problem faced by just about any company that handles our data, and I don't know many that have addressed it very well, except to offer some kind of "zero-knowledge" encryption that puts the encryption keys in the hands of the users. Some of Evernote's competitors do this to varying degrees, and I think this is the only way to ensure that the data is protected from unauthorized access (by employees or hackers who gain entry somehow). After all, even the NSA couldn't stop one of its employees from taking off with some of the most sensitive information that exists on the planet. We can hardly expect Evernote / Google (where Evernote lives) to do better. They won't claim they can stop unauthorized access, because that is impossible -- the best they can do is try their best to prevent it, and that isn't good enough for my data. Unfortunately, once your data is out, it is out. You'll get nothing more than an apology from Evernote (or any other company handling your data). And, you probably won't learn about it until months or years after the event. In my opinion, it is in everyone's best interest to have an encrypted notebook where you can keep sensitive data. If Evernote has a security incident of some kind (they have been hacked in the past), a lot of us will rest easier knowing that our sensitive data is protected. If I am able to store everything (including sensitive data) in Evernote, I am more likely to continue as a Premium member and to make more use of the service. Heck, if Evernote did that, I'd even be happy to opt into this machine learning thing, because I'd be comfortable feeding my not-so-sensitive data into it, though I'll never be comfortable having any employees rifling through it. Sorry. That's just not OK. Link to comment
Level 5* gazumped 12,064 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 48 minutes ago, GrumpyMonkey said: I'll never be comfortable having any employees rifling through it. I've mentioned before that a long time ago in the early days of internet services (a couple of years at least ) I worked in a tech centre where all the staff had pretty much complete access to a few hundred thousand users' email accounts and web pages. I even got asked by one user to read his email to him! (Long story...unfixable desktop) This was before data privacy became enshrined in law around the world, but even so 'the management' had rules in place about unnecessary access to customer accounts and checks and balances to enforce it. In my direct experience one very competent tech got fired because 'to help him give better customer service' he had a log book of customer names and log-in details in his desk. While he was seriously dumb to do so, I knew the guy and doubt he had any dubious intentions. TL:DR - we were all too busy, well supervised and generally disinterested in what anyone kept in their account. (And what content we did see was pretty boring, for the most part...) The one area of active intervention was the Net Security group - when I worked there we checked user accounts that topped the list of upload or download volumes, or had been complained about by other net users or ISPs, for reasons of porn, spam or copyright shenanigans. With much more active privacy regulations now, I think Evernote is falling foul of their honest intention to disclose areas where they might need limited access under strict supervision and -in some cases- with direct permission to look at user accounts either for tech support or possible infringement reasons. There is no "rifling" involved here - the CEO reckoned this would apply to a very limited number of employees and he was taking personal charge of exactly who would be accessing accounts, and exactly how they would do it! Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 I don't consider email to be private, especially using Gmail, which is feeding Google's data mining Skynet thingy anyhow, so I assume some entities there, silicon and carbon based, know all of my Amazon order histories, and can therefore work even better than Amazon's Alexa/Hal experiment to spam me more effectively. However, I still don't think I want humans digging through my stuff. Not even ones as nice as you Gaz While you have actual experience and insight to offer, I can only counter with tinfoil hat paranoid delusions. It seems to me that the most amazing system of checks and balances complete with an infinite supply of incentives to maintain public trust are ultimately just words on paper, as the NSA discovered in 2013. I am sure Snowden broke some rules, and that his desk has been cleaned out, and he is not welcome back. But, the damage has been done. We are humans, after all, and the best solution, in my opinion, is to hand the keys over to users and give them control over their data. It is a strategy competitors have successfully employed. It is technically feasible (I have all my data encrypted, syncing nicely, and completely searchable, even on my phone). I prefer encryption to "trust." As a more concrete example of what I am talking about, if Snowden seems a bit larger than life (material for multiple movies), I'd suggest looking no further than where our data is currently housed at Google (Evernote moved our data there a couple of months ago). A Google engineer broke the rules and was fired back in 2010. Technically, then, everything worked as it was supposed to, except for the fact that he was able to stalk until caught. http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-on-chats My point isn't that Google is evil, that the ex-Googler / current CEO is a Google plant here to suck up our data into G-Skynet thingy, or that "all your bases are belong to us." I'm merely suggesting that in 2017, when so many platforms are moving to zero-knowledge encryption, and Evernote invites us to keep everything, including sensitive data, inside the app, that they provide a level of security commensurate with an "external brain." This dodgy (opt-out was a terrible idea, as was the cryptic language next to the buried opt-out radio button) machine language, employee access to notes thing would probably not have blown up as much if encrypted notebooks existed. Or, at least, it would have given the privacy-minded an option. For me, it's simple: encrypted notebooks and selective sync. Those two features would make my Premium re-up a no-brainer. I'd keep dumping data into Evernote, and Evernote would have more information to power its To-do List version of Skynet (it needs a name to match Siri, Cortana, and Alexa; GLaDOS? -- it doesn't end in a vowel, but it does offer cake). It's a win-win for everyone. Link to comment
Level 5* gazumped 12,064 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 I'll confess it was that word "rifling" that got me riled on behalf of all supremely professional tech support grunts everywhere. Your link though trumps my rile - I seem to recall almost this exact statement almost from Evernote HQ recently... Quote We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls–for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective. That said, a limited number of people will always need to access these systems if we are to operate them properly–which is why we take any breach so seriously." — Bill Coughran, Senior Vice President, Engineering, Google If that still means folk can get away with the sort of abuses that are reported, then I just went back to being concerned... Of course the Google that stores our records isn't (quite) the same as the search, email and advertising giant that is the Googleplex. Maybe they have different engineers. Maybe. Link to comment
Level 5* CalS 5,307 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 I would REALLY like all of the above features as well. Meantime, if I don't want it seen it doesn't go into the cloud unless it is encrypted and EN still provides value to me. My tinfoil hat says if they want it they will magically lift if from my local disk with some sort of Death Star tech, or hack my financial institutions and get everybody else s at the same time. Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 47 minutes ago, gazumped said: I'll confess it was that word "rifling" that got me riled on behalf of all supremely professional tech support grunts everywhere. Your link though trumps my rile - I seem to recall almost this exact statement almost from Evernote HQ recently... If that still means folk can get away with the sort of abuses that are reported, then I just went back to being concerned... Of course the Google that stores our records isn't (quite) the same as the search, email and advertising giant that is the Googleplex. Maybe they have different engineers. Maybe. Of course it wasn't a dart thrown at you professionals. I am sure there are plenty (mostly?) of staff with high levels of integrity out there. But, all it takes is that new guy over there who kept a hand-written log, just in case, to undermine everything. We're human. This stuff happens, even when it isn't nefarious. As for "rifling," that is what the human element of folks looking at our "anonymized" notes amounts to in my opinion. In fact, I will go a step further and say that no one at any company should ever be given so much power. It is, frankly speaking, an obscene level of surveillance capability (in the Foulcauldian sense of a Panopticon -- you don't even need to be watching to make it deviously effective). Not just in Evernote, but in any of these tech, cloud company things. We shouldn't have to "hope" or "trust" some unknown entity (how many of us know who is on the other end, and even if your best friend was hanging out there, would you want them to have this kind of access?). I actually don't think any of these companies are "evil." However, I do think that otherwise "good" people or "organizations" sometimes do really stupid, insensitive, immoral, or illegal things unintentionally, or in pursuit of a "higher" good. For example, I am sure that Microsoft had good intentions when it "rifled" through someone's Inbox in 2014 looking for a wrongdoer, when Harvard "rifled" through faculty inboxes looking for a wrongdoer, NSA staff "rifled" through treasure troves of surveillance data on love interests, the Ashley Madison hackers let all of us "rifle" through the private lives of others, or Evernote promised to secure our accounts against hackers but failed in 2013. In all of these cases, zero-knowledge encryption could have helped protect the end users and minimized the damage to the companies involved. But, I think some companies see more incentive in having access to the data rather than handing over the keys to users -- after all, massive companies like Facebook and Google were made possible by having control over our data. The thing that bugs me is that a solution already exists. It is there to be implemented at any time, and has been for many years. Why has Evernote stubbornly resisted offering better encryption than they started off with in 2008, nearly a decade ago? Sure, they upgraded the level of encryption, but it is still clumsy, unworkable on some platforms (last I checked), only applies to text, and doesn't scale (who is going to click to encrypt text blocks one at a time for tens of thousands of notes?). I think they have ML stuff in mind, and that is why they don't want to do it. What they may not realize is that I would be more likely to upload more data into the service if I could keep portions of it encrypted. It's a win-win for everyone, in my opinion. While they dither, their competitors have already implemented some fantastic encryption options. In 2008, they were about as safe / secure (unsafe / unsecure) as everyone else, but now they are way behind the curve, and if they are contemplating a Facebook or Google kind of manipulation of our data for our "benefit" while providing no better encryption options (encrypted notebooks), then I think they'll find people are a lot less willing to go along with the scheme these days, especially for an "external brain." Unfortunately, even if encryption is implemented, they might try to nerf it by making it only accessible on desktops, non searchable, or some other dis-incentive. I hope not, but I guess we'll have to wait and see. While they hang out in meetings mulling this over, I suggest they open up their phones and give a try to Apple Notes. That is some "sexy" encryption (almost effortless for the user), and if they could do it like that at the notebook level with searching, it'd be something really beautiful (and a step beyond most -- not all -- of their competitors). Link to comment
JohnLongney 83 Posted January 4, 2017 Share Posted January 4, 2017 If Evernote decision makers had more awareness, they'd at least comply with EU standards. Howewer, a company pathetically failing in making Mac and Win "one" experience must surely lack the brain power needed to focus on essential steps beyond the next annual report. Voice recognition as target feature because even now1/4 of Google search is done by voice and in order to save us from 'information overload' EN need to go into this too, make me think 'perhaps it's the climate, Google glasses or whatever' but to me this kind of approach does not inspire real hope. Smartphone for note-taking? I wonder how many who text in this forum use phone in preference to tablet, notebook or desktop. To grant users the chance of 'deep work' beyond 20 mins at a time without disturbance? Oh, it's like that. Too bad that in a good number of real tasks the chance of a quick break every 2 hours is deemed quite desirable. Link to comment
Level 5* DTLow 5,744 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 28 minutes ago, JohnLongney said: If Evernote decision makers had more awareness, they'd at least comply with EU standards. Would you care to explain what "EU Standards" are and how it apples to the discussion Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 4, 2017 Level 5* Share Posted January 4, 2017 2 hours ago, JohnLongney said: If Evernote decision makers had more awareness, they'd at least comply with EU standards. Howewer, a company pathetically failing in making Mac and Win "one" experience must surely lack the brain power needed to focus on essential steps beyond the next annual report. Voice recognition as target feature because even now1/4 of Google search is done by voice and in order to save us from 'information overload' EN need to go into this too, make me think 'perhaps it's the climate, Google glasses or whatever' but to me this kind of approach does not inspire real hope. Smartphone for note-taking? I wonder how many who text in this forum use phone in preference to tablet, notebook or desktop. To grant users the chance of 'deep work' beyond 20 mins at a time without disturbance? Oh, it's like that. Too bad that in a good number of real tasks the chance of a quick break every 2 hours is deemed quite desirable. Hi. Evernote does comply with EU regulations, and that is why they are able to operate there. See the privacy policy for more. They've never claimed, as far as I know, that Windows and Mac would be one experience. Did I miss something? Lots of users, including me, do work on the phone. My colleagues have written parts of books that way. I think Evernote's accessibility on every major platform is one of its distinguishing characteristics, and a huge draw for many folks. As you can see elsewhere in this thread, I am trying to call Evernote out for its shortcomings. However, we need to give credit where credit is due -- Evernote has done a lot (even if it not enough) to meet privacy expectations. There is a tradition to build on, if they choose to do so. Link to comment
alexk7110 1 Posted January 6, 2017 Share Posted January 6, 2017 I've been an Evernote user since March of 2008, yes the beta days. I was always assured that my data was strictly mine and private, then one day you announce that it "might" become available to your employees to make the service better. You can call it back a thousand times but the fact remains that you actually have a way to access my data. I was a happy paying customer till that exact moment where my trust went straight down the drain. I loved and promoted the service since the early days, you had an approachable CEO (Phil) along with a great team that would even do podcasts (which I enjoyed) to promote the service. Evernote had the 100 year company moto attached to it's name, I believed that it could actually become a reality. Too bad I won't be around as a customer to see it happen. Link to comment
Level 5* jefito 5,598 Posted January 6, 2017 Level 5* Share Posted January 6, 2017 18 minutes ago, alexk7110 said: I've been an Evernote user since March of 2008, yes the beta days. I was always assured that my data was strictly mine and private, then one day you announce that it "might" become available to your employees to make the service better. You can call it back a thousand times but the fact remains that you actually have a way to access my data But it's always been the case that your data was unencrypted on Evernote's servers since they started the service back then (I joined a little later in 2008), so Evernote employees had access to your account even back then. So what's really changed? As far as I can tell, mainly this: the rules about who accesses your data have been clarified somewhat, and that your data -- when it's not being acted upon by Evernote processes (e.g., indexing, OCR) or for explicit employee access -- will be encrypted via the Google data-at-rest facilities. So your trust that your data was not accessible to Evernote employees was never really justified. It's really how much you trust Evernote as a company not to access your data inappropriately, a very different proposition. For people who think that the possibility of any access at all is inappropriate (an entirely justifiable position), Evernote is probably not for them. Link to comment
Level 5* DTLow 5,744 Posted January 6, 2017 Level 5* Share Posted January 6, 2017 2 hours ago, alexk7110 said: You can call it back a thousand times but the fact remains that you actually have a way to access my data. I was a happy paying customer till that exact moment where my trust went straight down the drain. I always knew Evernote had access to my data In fact, one of the features I pay for is to have my data OCR'd for search purposes I encrypt my sensitive data Link to comment
Level 5* gazumped 12,064 Posted January 6, 2017 Level 5* Share Posted January 6, 2017 I think it's generally true that specific staff at every cloud based company have access to some or even most of your data - the only normally protected element is the user login - so information can't be changed. It's like your records at the doctor - you'd scream like crazy (possibly a bad metaphor to use in this context) if your personal data was ever made public - but the doctor can see it, as can nurses, IT staff, local medical technicians, dispensary staff, hospitals staff... actually the web is probably a safer place for your information! I told the story somewhere else in this thread about - some long time ago - reading a customer's email over the phone for him. A more recent example was a stint I had as a tech consultant on a medical project when we converted live patient records from one system to another. The system verified "as far as possible" that the details had been transferred correctly, but a real person had to check samples to confirm that the new records really did match the old... There's no such thing as 'untouched by human hand' in the information business - there will always be a need for selected live staff to be involved - under suitable supervision - with development and fixes. If that's not something with which you're comfortable, then it's pen and paper and filing cabinets you need for the moment. Link to comment
mz123 42 Posted January 6, 2017 Share Posted January 6, 2017 1 hour ago, gazumped said: I think it's generally true that specific staff at every cloud based company have access to some or even most of your data - the only normally protected element is the user login - so information can't be changed. It's like your records at the doctor - you'd scream like crazy (possibly a bad metaphor to use in this context) if your personal data was ever made public - but the doctor can see it, as can nurses, IT staff, local medical technicians, dispensary staff, hospitals staff... actually the web is probably a safer place for your information! I told the story somewhere else in this thread about - some long time ago - reading a customer's email over the phone for him. A more recent example was a stint I had as a tech consultant on a medical project when we converted live patient records from one system to another. The system verified "as far as possible" that the details had been transferred correctly, but a real person had to check samples to confirm that the new records really did match the old... There's no such thing as 'untouched by human hand' in the information business - there will always be a need for selected live staff to be involved - under suitable supervision - with development and fixes. If that's not something with which you're comfortable, then it's pen and paper and filing cabinets you need for the moment. This isn't strictly true. It's more a result of complacency and convention. Go look at 1Password. They are "cloud" enabled, but they can't see your data, even for troubleshooting. In theory, I could put all my Evernote notes there. It's a different product though, with a different feature set. How do they troubleshoot? Why, they use test data, that's how. Once they set up the system, they have no need to muck about in people's data. Well, there are two reasons to justify not encrypting: complacency (security and privacy take effort), and a desire to see the data for some other purpose (to mine it). The old concept of "if it's on the Internet, it's unsafe" may be convenient shorthand that largely reflects the state of the world today, but it is not how things must be. Link to comment
Level 5* gazumped 12,064 Posted January 7, 2017 Level 5* Share Posted January 7, 2017 5 hours ago, mz123 said: Go look at 1Password. They're set up to save specific information - passwords - securely, which makes them an exception, not the rule. Check out the security pages of any of Evernote's competitors. Plus I use LaspPass so I'm not familiar with 1P, but if they're broadly comparable, I'd think saving your note data to 1P might give you 1% of Evernote's features without any of the storage capacity. 5 hours ago, mz123 said: The old concept of "if it's on the Internet, it's unsafe" may be convenient shorthand that largely reflects the state of the world today, but it is not how things must be You seem to be agreeing with me that large swathes of data are visible to some staff at some time, so I'll agree with you - that's not how I like it either; I would certainly like to see full-on client-side encryption. But at the moment while the situation is better than it has been over the last 10 years, expecting your data to be hidden from all human eyes at all times is unrealistic at best. Like others here I either encrypt the stuff I think is private, and I do occasionally resort to real world paper in an old-fashioned folder. The only way to keep a secret is to not tell anyone. Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 7, 2017 Level 5* Share Posted January 7, 2017 2 hours ago, gazumped said: They're set up to save specific information - passwords - securely, which makes them an exception, not the rule. Check out the security pages of any of Evernote's competitors. Plus I use LaspPass so I'm not familiar with 1P, but if they're broadly comparable, I'd think saving your note data to 1P might give you 1% of Evernote's features without any of the storage capacity. You seem to be agreeing with me that large swathes of data are visible to some staff at some time, so I'll agree with you - that's not how I like it either; I would certainly like to see full-on client-side encryption. But at the moment while the situation is better than it has been over the last 10 years, expecting your data to be hidden from all human eyes at all times is unrealistic at best. Like others here I either encrypt the stuff I think is private, and I do occasionally resort to real world paper in an old-fashioned folder. The only way to keep a secret is to not tell anyone. I'll disagree here on a seemingly minor, but crucial point; namely, the idea that it is "unrealistic" to expect your data to be hidden from all human eyes at all times. While is true that human eyes in any "cloud" service (really, just putting your data into someone else's computer) can definitely see your data (there is no getting around that), *what* they see can either be encrypted or un-encrypted. The data can be encrypted using a key that only you have (zero-knowledge), one they have (the current scheme with Evernote on Google servers), or unencrypted (the old scheme on Evernote's servers). Only the zero-knowledge one offers protection without the need to rely on "trust," though (as pointed out already), those of us who have been around since 2008 know from the privacy policies and numerous discussions in the forums (even on a couple of podcast episodes, as I recall) that our data has always been accessible to Evernote employees. The fact is that there are major Evernote competitors with zero-knowledge encryption, so there is no need for anyone to force the square peg of a password service into the round hole of a note-taking / personal information manager. LastPass, for example, is a really great implementation, but I cannot think of anything within it that I find superior to Evernote in terms of note-taking, searching, or managing information. In fact, attachments are only attached with some trouble, and they are not especially useful once they are in there. Then again, I don't really care, because it is a password manager, not a viable alternative to Evernote. The only use I see here in this thread for it is to say that it is entirely possible to have 100% zero-knowledge encryption and a really high level of security on the cloud while still being able to do things like search your data. In some cases of actual Evernote competitors (ones built with some of the same use cases in mind), encryption is so smooth that you don't even know that everything you are doing (literally 100%) is held on someone else's servers, but encrypted, and unintelligible. I only know of one competitor who manages this feat with no loss of functionality whatsoever -- it is, therefore, possible to have encryption and search capabilities, but it is admittedly rare. It's not unrealistic at all to expect this level of privacy/security in general, though it is unrealistic to expect it from Evernote at the moment, because they have never promised such a thing beyond the encryption (zero-knowledge) of text blocks. What I hope to see someday is the expansion and improvement of Evernote's encryption so that we at least have 256-bit zero-knowledge encryption for designated notebooks. While those of us who desire this level of security / privacy wait for the day encrypted notebooks finally come to the app (a day which may never come--Evernote has actually said they are not interested in doing this, and that is why jefito was right earlier when he suggested that Evernote may not be suitable for us), the best workaround is to use PDFs that you encrypt and upload yourself (DTLow's recommended solution). Link to comment
eric99 1,081 Posted January 7, 2017 Share Posted January 7, 2017 7 hours ago, GrumpyMonkey said: In some cases of actual Evernote competitors (ones built with some of the same use cases in mind), encryption is so smooth that you don't even know that everything you are doing (literally 100%) is held on someone else's servers, but encrypted, and unintelligible. I only know of one competitor who manages this feat with no loss of functionality whatsoever -- it is, therefore, possible to have encryption and search capabilities, but it is admittedly rare. Can you please be more specific about that competitor, and if there is no loss of functionality, then why are you still here? Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 7, 2017 Level 5* Share Posted January 7, 2017 1 hour ago, eric99 said: Can you please be more specific about that competitor, and if there is no loss of functionality, then why are you still here? Hi. Turning on encryption in the app (DEVONthink) has no impact on the functionality that is in the app. For example, search works just as well with encryption on or off. My point is that other folks in the industry long ago solved the problems of syncing, encryption, and retaining functionality on mobile devices. It's not a technology issue, but a decision by Evernote not to include notebook-level encryption. It's fine, if that's what they want to do, but perhaps now, with this privacy blowback, they'll consider changing their minds. Why am I here? I want them to change their minds. Every app has its own unique strengths and weaknesses. I could go into a long list of pros and cons for my needs / use case, but the big one that stands out is that Evernote is available on every major platform while DEVONthink is only available on Apple stuff. Apple is fine for my personal use, because I can work around this limitation, but not so great for collaboration with students and colleagues. In an ideal world, I could use both apps, taking advantage of their respective strengths. But, without encryption, there is a lot that none of us can put into it. I'm responsible for maintaining the security / privacy of third-party data I handle (university, student, and colleagues) and students have their own data they don't want / shouldn't put on the cloud. With an encrypted notebook, a lot of problems would be solved. Without it? Well, Evernote is pretty limited. For me, voice technology, machine language, and all kinds of other gimmicks have never been especially appealing. What I want is something a bit more basic -- an "external brain" where I can store "everything," even sensitive stuff. Link to comment
eric99 1,081 Posted January 7, 2017 Share Posted January 7, 2017 1 hour ago, GrumpyMonkey said: Hi. Turning on encryption in the app (DEVONthink) has no impact on the functionality that is in the app. For example, search works just as well with encryption on or off. My point is that other folks in the industry long ago solved the problems of syncing, encryption, and retaining functionality on mobile devices. It's not a technology issue, but a decision by Evernote not to include notebook-level encryption. It's fine, if that's what they want to do, but perhaps now, with this privacy blowback, they'll consider changing their minds. Thanks for the great tip: when DEVONthink goes multi-platform, I will switch immediately; this is exactly what I'm looking for ! Link to comment
Level 5* CalS 5,307 Posted January 7, 2017 Level 5* Share Posted January 7, 2017 Don't want to side track the discussion, but out of interest how does DEVONthink index stuff across devices with zero knowledge encryption turned on? Just wondering how you index something you can't see. Is the encryption done locally? Link to comment
eric99 1,081 Posted January 7, 2017 Share Posted January 7, 2017 2 hours ago, csihilling said: Don't want to side track the discussion, but out of interest how does DEVONthink index stuff across devices with zero knowledge encryption turned on? Just wondering how you index something you can't see. Is the encryption done locally? As far as I understand, the whole database resides locally on each client and is synced via the cloud. Different from Evernote with it's smart servers, search functionality, indexing and OCR as well, run completely at the client side ( please correct me if I'm wrong). Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 7, 2017 Level 5* Share Posted January 7, 2017 3 hours ago, csihilling said: Don't want to side track the discussion, but out of interest how does DEVONthink index stuff across devices with zero knowledge encryption turned on? Just wondering how you index something you can't see. Is the encryption done locally? Hi. It's all done in the local client. Naturally, as you wouldn't be letting Evernote's servers see the content in an encrypted notebook, for those files you'd be missing out on many of the extraordinary services Evernote offers. That would be one trade-off, similar to the ones we make now with local notebooks. So, why not just use the existing local notebooks feature? Syncing. In effect (in my opinion), the addition if an encrypted notebook feature wouldn't be a big deal to implement as a concept, because they've already established the framework with local notebooks -- the only change would be to encrypt that stuff, sync it (probably along with its search index), and decrypt it on your mobile device. That's the theory, anyhow. The point is that we already have existing features (the existing encryption options and local noyebooks) that involve similar tradeoffs, so it isn't such a huge leap. Link to comment
eric99 1,081 Posted January 8, 2017 Share Posted January 8, 2017 10 hours ago, GrumpyMonkey said: Hi. It's all done in the local client. Naturally, as you wouldn't be letting Evernote's servers see the content in an encrypted notebook, for those files you'd be missing out on many of the extraordinary services Evernote offers. That would be one trade-off, similar to the ones we make now with local notebooks. So, why not just use the existing local notebooks feature? Syncing. In effect (in my opinion), the addition if an encrypted notebook feature wouldn't be a big deal to implement as a concept, because they've already established the framework with local notebooks -- the only change would be to encrypt that stuff, sync it (probably along with its search index), and decrypt it on your mobile device. That's the theory, anyhow. The point is that we already have existing features (the existing encryption options and local noyebooks) that involve similar tradeoffs, so it isn't such a huge leap. That's a very good idea. Have you ever proposed this to the Evernote team? Link to comment
eric99 1,081 Posted January 8, 2017 Share Posted January 8, 2017 10 hours ago, GrumpyMonkey said: Hi. It's all done in the local client. Naturally, as you wouldn't be letting Evernote's servers see the content in an encrypted notebook, for those files you'd be missing out on many of the extraordinary services Evernote offers. Why wouldn't it be possible to run these extraordinary Evernote services at the client side? It could run in background on your most powerful clients and the results (index-files...) will be synced to all your clients automatically. Link to comment
Level 5* DTLow 5,744 Posted January 8, 2017 Level 5* Share Posted January 8, 2017 2 hours ago, eric99 said: Why wouldn't it be possible to run these extraordinary Evernote services at the client side? It could run in background on your most powerful clients and the results (index-files...) will be synced to all your clients automatically. Evernote is multi platform. There are users without powerful clients; mobile device or web only Link to comment
Level 5* GrumpyMonkey 4,320 Posted January 8, 2017 Level 5* Share Posted January 8, 2017 3 hours ago, eric99 said: That's a very good idea. Have you ever proposed this to the Evernote team? Hi. Thanks! Yes, I have been bugging them about this since 2012 (as I recall) and (to their credit) developers have talked directly with me about this (and other aspects of the app). Unfortunately, they are no longer with the company, but the ones who are there now have also been frank about having no plans to implement encryption like this. It's too bad, and I don't think I have ever heard a clear reason why not, but I don't expect one. After all, it is their app, and they make decisions based on a lot of factors, many of which are internal and are not (and probably should not be) shared with users. I hope they are making the best decisions for Evernote, because I'd like to see it succeed. As for the server / client-side operations, Evernote's greatest strength (and perhaps its greatest weakness) is that it employs its servers to make the user experience as smooth and fast as possible. This has the benefit of allowing a student with an ancient iPhone to work about as efficiently as I do on my brand new one -- even to get OCR as fast as I can on my desktop. But, it also means that when you are offline you run into a lot of headaches. PDFs can't be searched, new notes are not indexed, etc. There are tradeoffs. Evernote could choose to bring some stuff client-side to help do things like the OCR for PDFs, but that would require a much larger change than the one I have suggested (simply expanding on existing features / concepts). The fact is, though, that some of their competitors are set up in such a way that no functionality whatsoever is lost, even when everything is encrypted 100%. In fact, these are so secure that some don't even need to be synced through any cloud (exposing it to eyeballs) at all (apps relying on the client side instead of the cloud can take advantage of wifi, bluetooth, or ad hoc syncing directly from one device to another), so Evernote eally needs to start moving forward in this regard. Evernote doesn't have to do it exactly the same way, but the bar has moved, and for others it isn't a question anymore about whether to have robust encryption like this or not -- they've got it already and left Evernote far behind. Heck, there is a wonderful third-party app for Evernote ("Saferoom") that has proven encryption can be done inside Evernote as well. The existence of encryption options means that we don't have to speculate about technical barriers to encryption if Evernote adopts it -- other apps have proven that it can be done already with negligible impact on existing feature. Rather, we are talking about whether development choices are going to be made or not. So far, Evernote has decided not to go this route. What I want to make clear in my posts is that this is a decision, and not some impossible, moonshot feature request. Link to comment
JCD 4 Posted October 17, 2017 Share Posted October 17, 2017 On 12/16/2016 at 10:56 AM, axw said: I think Evernote should put this announcement blogpost on top of the homepage so that people can be claimed down. Johnny-come-lately here. I agree with the above user (but would substitute "calmed" for "claimed" of course). I'm a paying customer, and have been a devoted customer for six years. However, due to the new policy stating a lapse in privacy, I've been looking for other note-storage alternatives over the year, and just today came across Zoho Notebook. While researching that very attractive alternative (and just about to jump ship), I just happened to come across the news of Evernote's backtrack to NOT allow employees to read customers' content. OK, I'm staying on. But, Evernote, you just dodged a bullet with another customer. I highly suggest you put this news on a higher priority exposure to your customer base. No telling how many others are out there in the same status as I've been. Link to comment
Level 5* DTLow 5,744 Posted October 17, 2017 Level 5* Share Posted October 17, 2017 14 minutes ago, JCD said: I just happen to come across the news of Evernote's backtrack to NOT allow employees to read customers' content. You're a little late to that tempest in a teapot To ensure my data, I use encryption. At least for the sensitive data; I don't care who is reading my grocery list I've always operated on the assumption that when uploading data to the internet my data was vulnerable. If its not Evernote employees, there's various government agencies - Hi agents, you're all Nothing Short of Awesome Link to comment
JCD 4 Posted October 17, 2017 Share Posted October 17, 2017 7 minutes ago, DTLow said: You're a little late to that tempest in a teapot To ensure my content is safe I use encryption. At least for the sensitive data; I don't care who is reading my grocery list I've always operated on the assumption that when uploading data to the internet my data was vulnerable. If its not Evernote employees, there's various government agencies - Hi NSA agents Yes, I certainly acknowledge that I've been so busy searching for alternatives, that I haven't taken the time to check back with Evernote on this reversed policy. Who'd a thunk it. Secondly, it was a tempest, but it certainly wasn't a teapot. It brought your company to a halt on this matter, and you engaged reverse thrusters. Eleven pages of discussion here and all over the rest of the internet definitely tells me your teapot had an upset. OK, that's water under the bridge; but it's encouraged me to be more vigilant as to the privacy of my data, even on Evernote. Thanks for the encryption and NSA reminders; but honestly, I did watch Snowden. Cheers, JCD Link to comment
Level 5* DTLow 5,744 Posted October 17, 2017 Level 5* Share Posted October 17, 2017 3 minutes ago, JCD said: It brought your company to a halt on this matter, and you engaged reverse thrusters. Not my company. You're posting in a user discussion forum; you and I are both users of the service Link to comment
JCD 4 Posted October 17, 2017 Share Posted October 17, 2017 4 minutes ago, DTLow said: Not my company. You're posting in a user discussion forum. You and I are both users Well, thanks for that clarification. Your earlier response sounded like an apologetic from Evernote. Thanks for actively responding on this forum with your wealth of knowledge and as one of us hoi polloi. By the way, is there a way to encrypt data WITHIN Evernote--say, just one note? I haven't dabbled on the encryption side of things except what is done automatically on the side of software/internet-based companies. Link to comment
Level 5* DTLow 5,744 Posted October 17, 2017 Level 5* Share Posted October 17, 2017 5 minutes ago, JCD said: By the way, is there a way to encrypt data WITHIN Evernote--say, just one note? There is a text encryption feature on the Win/Mac platforms Mostly I rely on encrypted attachments; pdf, office/iwork documents Link to comment
JCD 4 Posted October 17, 2017 Share Posted October 17, 2017 2 minutes ago, DTLow said: There is a text encryption feature on the Win/Mac platforms Mostly I rely on encrypted attachments; pdf, office/iworks... Thanks, I'll start digging around. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.