Jump to content
  • 2

Request: encrypt all notes on disk


John Smith Bobs

Idea

All notes should be encrypted on disk because notes also store personal information 

We can't rely on the computer security alone, when it is owned by IT employees at work for example 

This idea might not popular because most users do not know about security. 

OneNote has notebook aes128 encryption 

This is a request that is linked to the pin lock request (or double auth) 

Link to comment

6 replies to this idea

Recommended Posts

  • 0
  • Level 5*
On 3/30/2019 at 7:02 PM, John Smith Bobs said:

All notes should be encrypted on disk because notes also store personal information 

Hi.  Notes saved on disk are also protected by the device's password if it's locked,  and Evernote's separate 2-factor login.  That said,  if a device is company-owned,  the chances are that having additional password security won't prevent unwanted access.. which is why I don't ever suggest keeping personal accounts on work machines.  Use mobile access or a separate basic account and web access for personal information.

On 3/30/2019 at 7:02 PM, John Smith Bobs said:

This idea might not popular because most users do not know about security.

Most users seem pretty savvy about security issues.  There are other threads on this too.

On 3/30/2019 at 7:02 PM, John Smith Bobs said:

OneNote has notebook aes128 encryption 

OneNote doesn't appear to search notes and attachments in quite the same detail as Evernote.

Even if the search issue were solved,  Evernote might find it hard to seamlessly convert 250M (or so) currently active accounts from unencrypted to (optional?) encryption with crashing their current infrastructure.  

Link to comment
  • 0
  • Level 5*
On 3/30/2019 at 12:02 PM, John Smith Bobs said:

All notes should be encrypted on disk because notes also store personal information 

I'm not concerned about my grocery list and such, but I make sure any sensitive data is encrypted.

Evernote has a text encryption feature, and I use the native encryption of attachments.

Link to comment
  • 0
  • Level 5*
On 3/30/2019 at 12:02 PM, John Smith Bobs said:

All notes should be encrypted on disk because notes also store personal information 

We can't rely on the computer security alone, when it is owned by IT employees at work for example 

This idea might not popular because most users do not know about security. 

OneNote has notebook aes128 encryption 

This is a request that is linked to the pin lock request (or double auth) 

OneNote's encryption is not at the database level, but when you manually password protect a section.

If you cannot rely on computer security you should only use Evernote on the web. Evernote on the PC and Mac is not designed to keep your data secure from a user that has full admin rights to your PC, and that goes beyond encrypting the database. 

If you use the web version with 2 factor authentication, and tell it NOT to remember this PC for 30 days when logging in, then when the browser window is closed, even a domain admin could not get in.

However, if your IT department has installed an encryption certificate on your PC to read your encrypted traffic, as many IT departments do, then all bets are off. Even encryption between the PC client and server would be in the clear to anyone in your IT department monitoring your traffic from their home in their PJ's.

Link to comment
  • 0
  • Level 5

What is physically on a company computer is practically owned by the company. This includes means to have access to all data even when the employees are asked to encrypt. It is no problem (even quite normal) in a managed IT-environment to save a general key to all data in the IT department.  Who controls the certificates installed will have access.

So I would rather rethink my usage of any service by local means when on the job.

The first, best and only „clean“ solution would be to use a mobile device (if allowed by riding the WLAN-Waves of the company, maybe protected through your private VPN-solution).

The next option is to use the web access into your privat EN account. One should be aware that whatever goes up or down can be read by others with admin access to the machine ! And especially on windows machines a data trail will be left even after logging out. On top of all, if someone from IT installs a keylogger or a screengrabber, you will not even notice that all and everything you do is monitored and recorded.

I would never - ever install any private IT-service on a computer owned by my employer, even when I will introduce my login information every time I use it.

And finally: It is practically everywhere and anytime a violation of your work contract to copy any professional information into a private (cloud) service. One can be fired just for trying to do. So do your job, and keep your private life private.

  • Like 1
Link to comment
  • 0
  • Level 5*
4 hours ago, PinkElephant said:

The first, best and only „clean“ solution would be to use a mobile device (if allowed by riding the WLAN-Waves of the company, maybe protected through your private VPN-solution).

Either that, or don't connect to the Wifi and just use LTE. That is the only way you can guarantee security. Even if you use their Wifi with your VPN, they may block VPN traffic, and if you disconnect the VPN and it stays connected to wifi, your apps, like Evernote, will continue to sync in the background, and that is open to being decrypted by your IT department.

Once you use IT resources, be it a computer, phone, or just their network access, you are agreeing to having your traffic decrypted while it is on their network before it is re-encrypted to go to the internet.

  • Like 2
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...