ZERO-KNOWLEDGE!!!

[glenn-lincoln 3]

Evernote has a large page convincing people of it's security. Everybody's information is secure, right? Has anyone noticed that hacking large companies data is becoming MUCH more frequent?! Today, Equifax said that it may have been hacked again. Yahoo was hacked recently releasing info on 300 billion accounts. But here's the thing, if Evernote gets compromised, you lose a LOT more than just a username and password, you lose everything! Evernote NEEDS to adopt a ZERO KNOWLEDGE encryption, meaning that not even employees of the company can see what is on people's accounts, and if someone were to hack EVERNOTE, all they would get is encrypted info. Evernote will say that that's all people would get now, but if employees can see the data, hackers will be able to see the data. The data needs to be encrypted on the desktop, and needs to stay encrypted in the cloud. No matter how good Evernote's encryption is, it will be hacked at some point. PLEASE adopt zero-knowledge!

[upnix 36]

18 hours ago, DTLow said:

Now I’m concerned about Evernote employees accessing  my data.  Do you have any details on this?

Of course I know Evernote accesses my data for server side functions like OCR and search indexing

There was also a Machine Learning Project, but I’m not opted-in for that

I think that the claim that your Evernote data "at rest" is encrypted is pretty useless. Where this would protect you is if someone walked into the data center and walked away with hardware. Evernote (the company) is certainly able to read your data without you supplying the password; as you mention they OCR and index your content.

Encrypting your data is at odds with what Evernote is trying to do, which is allow you to access your data everywhere, provide useful search results, and collaborate with other people. If your data is unreadable without your password, they can't do these things.

I can think of lots of solutions, but, they would certainly be a headache for Evernote.

1. Let the client index content, keep all data sent to Evernote encrypted
   1. You still have to trust Evernote isn't swiping your key or sending unencrypted data back
   2. Any improvements to search/index/OCR would have to be pushed out with software updates
   3. Might be that some of the best machine learning approaches require access to resources that can't be pushed out to end users
   4. Still possible to use the web client, but browser must perform encryption/decryption
   5. I think Apple is trying to take this approach, in contrast to Google, for things like photo recognition/searching
2. Searchable encryption - Varying implementations with variable effectiveness
   1. The short version is, you send encrypted data, you send encrypted searches, Evernote sends encrypted data back to you
   2. In all versions, there's a lot more overhead.
   3. I don't know what it means for various machine learning approaches EN might want to use
3. Just let us choose notebooks and/or notes to encrypt, with the understanding that some search or sharing features will be absent
   1. Make it easier than the current "encrypt selected text". Use the macOS KeyChain, for example, so we don't have to remember many different passwords
   2. Put a nice little lock/unlock icon on the notebooks.

If the features Evernote wants to offer us by parsing our notes are so compelling they shouldn't have to worry about users encrypting all notes. 95% of my notes I'd love to have them rummage through so they can make my life easier. That 5% though - why not make it a natural fit to put - and keep - that private data in Evernote too, rather than letting it add fuel to the "leaving Evernote" fire?

[jefito 5,589]

6 hours ago, coldcoast said:

How is evernote storing user data unencrypted?? This is horrible... so many people use it to receipts, private documents, etc, etc -> that's bad news if that data is just sitting there waiting to get compromised.

Do you have specific questions that aren't answered by https://evernote.com/security/?

[coldcoast 5]

How is evernote storing user data unencrypted?? This is horrible... so many people use it to receipts, private documents, etc, etc -> that's bad news if that data is just sitting there waiting to get compromised.

[upnix 36]

31 minutes ago, jefito said:

If I want to encrypt something in Evernote, I can already do it two ways: either encrypt a section of text in a note, or add an encrypted attachment (the latter's that's pretty much how I'd do it in Google Drive or DropBox).  Evernote won't be able to index either. It may be less convenient than having something like an encrypted note or notebook, but my use case is way less than 5% of my notes. For me, the inconvenience not even close to being something that I'd leave Evernote over. Other users may differ; I think that Evernote has accepted that they'll some some customers over it. But most of the "leaving Evernote fire" that I've seen is mainly melodrama anyhow...

So, I guess there are a few reasons I don't consider this enough.

• First, is that each independently encrypted section of text asks for a password. Sounds like that doesn't bother you, but if I'm flipping through notes, I don't want to have to decrypt repeatedly just to browse. As well, I feel it works against using strong passwords as I'm likely to just pick some easy password for everything.
• Second, I can only encrypt text. I can't just blanket highlight and encrypt everything. I can't encrypt if there's an attachment, image, or table (and maybe even more stuff). I'm surely not going to separately encrypt around these things in my notes, just to make sure I get all the text.
• Not an objective reason, but, I don't really trust it. It appears at one point Evernote had an official statement about the implementation (Actually in a post of yours: https://discussion.evernote.com/topic/106326-evernote-encryption/?do=findComment&comment=466895) but they've since removed it (https://evernote.com/security/).

Encrypting attachments sounds like a good approach, but, it does kind of break most workflows. For a new document I'd have to save it to the file system, attach it in Evernote, then delete it from the file system (or risk forgetting which copy was the current one).

 

As for the "leaving Evernote fire," I guess, maybe it's just the places I hang out, but it feels like its been a pretty persistent sentiment in a lot of places for over a year now. Lack of note security I see cited often. I agree with your impression of it, however.

[DTLow 5,736]

25 minutes ago, glenn-lincoln said:

So, the most interesting thing I heard mentioned is that there may be an option for using Evernote on my computer without sending stuff to the cloud, is that right? I can do my own backups and I am willing to sacrifice the ability to have my info on different devices. Would this accomplish what I want?

If I did this, would the search function and other functions originate on my computer, or will my computer still be sending info to the cloud?

I think you’re referring to the Local Notebook feature of the Win/Mac platforms

As per the name, data in Local Notebooks is not sync’d to the servers (or your other devices); it remains on the local device.

Yes, text is still indexed for searching but there is no server side processing like OCR

Just be aware that you must back up your data.  Local Notebooks are ignored by Evernote, and will be lost if the database is rebuilt

>>Would this accomplish what I want?

This discussion is about encryption.  You should still encrypt your sensitive data

[upnix 36]

8 minutes ago, glenn-lincoln said:

So, the most interesting thing I heard mentioned is that there may be an option for using Evernote on my computer without sending stuff to the cloud, is that right? I can do my own backups and I am willing to sacrifice the ability to have my info on different devices. Would this accomplish what I want?

If I did this, would the search function and other functions originate on my computer, or will my computer still be sending info to the cloud?

On macOS you can create local notebooks by holding down alt, clicking File, then going "New Local Notebook." I'm sure some equivalent exists for the Windows client. This notebook is still searchable on your local client, but things like PDF searching won't work (Maybe all attachments?).

Like you've identified, you'll need to do your own backups.

I consider this a weak solution though, as I've had my local only notebooks uploaded after a client upgrade to a beta version. I don't recall if there was a production version that this bug existed in. There were other people who stated this had happened at an earlier point in time as well. I deleted those notebooks right away, but for all I know they're still up in the cloud somewhere, likely as a backup. So, I consider that data to have gotten out.

[glenn-lincoln 3]

So, the most interesting thing I heard mentioned is that there may be an option for using Evernote on my computer without sending stuff to the cloud, is that right? I can do my own backups and I am willing to sacrifice the ability to have my info on different devices. Would this accomplish what I want?

If I did this, would the search function and other functions originate on my computer, or will my computer still be sending info to the cloud?

[jefito 5,589]

1 hour ago, upnix said:

If the features Evernote wants to offer us by parsing our notes are so compelling they shouldn't have to worry about users encrypting all notes. 95% of my notes I'd love to have them rummage through so they can make my life easier. That 5% though - why not make it a natural fit to put - and keep - that private data in Evernote too, rather than letting it add fuel to the "leaving Evernote" fire?

If I want to encrypt something in Evernote, I can already do it two ways: either encrypt a section of text in a note, or add an encrypted attachment (the latter's that's pretty much how I'd do it in Google Drive or DropBox).  Evernote won't be able to index either. It may be less convenient than having something like an encrypted note or notebook, but my use case is way less than 5% of my notes. For me, the inconvenience not even close to being something that I'd leave Evernote over. Other users may differ; I think that Evernote has accepted that they'll some some customers over it. But most of the "leaving Evernote fire" that I've seen is mainly melodrama anyhow...

[DTLow 5,736]

11 minutes ago, upnix said:

I think that the claim that your Evernote data "at rest" is encrypted is pretty useless. Where this would protect you is if someone walked into the data center and walked away with hardware.

I think encryption at rest is important, both personally and in the data center

If someone walks away with the hardware, all they have is encrypted data

[DTLow 5,736]

19 minutes ago, glenn-lincoln said:

I will look into the Saferoom plugin.

I agree that anyone storing documents in the cloud should encrypt their sensitive data

The Saferoom approach doesn't appeal to me
I want something less obtrusive, and not locked into Evernote
My process is to use encrypted attachments as per the example at the right
Many document formats support native encryption; pdf, office/iwork, ...

[glenn-lincoln 3]

Thanks Jefito. That was helpful in that it confirmed what I was saying. No Zero-knowledge and yes, Evernote AND Google employees can read the information stored in people's Evernote account. Also, they go on to say they have no plans to address this issue. Now that my concerns are confirmed, I have to think twice about Evernote, which really sucks because I love it. The way Evernote should work is that everyone (at least those who care about this) should work through the desktop client. The data would then be encrypted on the desktop and all search functions etc happen on the client's computer, not the cloud. If people choose to store the data in the cloud, that is fine, but the cloud is only for encrypted storage and for using the data across different devices. Before giving up on Evernote I will look into the Saferoom plugin.

FYI, here's the screenshot captured from the discussion recommended by Jefito.

[jefito 5,589]

Probably best to start here: 

Look for posts by benmc and Rich Tener in particular, as they're Evernote employees.

[glenn-lincoln 3]

I'm not saying that they are looking, but I've been studying privacy a lot lately, and if they don't say zero-knowledge then the people in the company can see the data. And, like I said, if the employees can see the data, then hackers can get the data. This is why I've recently changed from dropbox to sync.com. Also, I don't want to sound like an expert in this regard, but as I said, I've been studying it. Look at Sync.com and what they say: https://www.sync.com/features/

I also like this podcast: https://privacy-training.com/podcast.html

I don't want to piss Evernote off by bringing this up, because I LOVE Evernote, but I'm considering not using it because of this issue. I know there is a solution with SafeRoom Desktop, which will encrypt things before it gets to Evernote, but this seems clunky. I wish Evernote would change how they do things.

[DTLow 5,736]

2 hours ago, glenn-lincoln said:

If Evernote employees can see the data, which they can,

Now I’m concerned about Evernote employees accessing  my data.  Do you have any details on this?

Of course I know Evernote accesses my data for server side functions like OCR and search indexing

There was also a Machine Learning Project, but I’m not opted-in for that

[glenn-lincoln 3]

1 hour ago, DTLow said:

>>if someone were to hack EVERNOTE, all they would get is encrypted info.

That is my understanding of the current security on stored data

If Evernote employees can see the data, which they can, hackers could get the data.

[DTLow 5,736]

3 hours ago, glenn-lincoln said:

The data needs to be encrypted on the desktop, and needs to stay encrypted in the cloud.

The data in Evernote is “encrypted at rest” on the servers.

I use personal “zero knowledge encryption” for my sensitive data, and make use of my device security options.

>>if someone were to hack EVERNOTE, all they would get is encrypted info.

That is my understanding of the current security on stored data