Multiple Device Problem

[oup59 1]

I use free version of Evernote which allows 2 devices. Although I only use 2 devices (phone and PC), client regularly warns me about an account based on having more than two devices. When I try to unsync devices I see my desktop PC on the device list twice. Therefore each time I had to unsync all devices and login again. Next day same problem appears. I have same issue in my phone and PC. So this is not a client issue but there is a problem with my account. 

Basically current problem enforces me to upgrade or not to use Evernote at all as dropping devices and logging again is not a smooth way of using Evernote.

Any idea/help is appreciated.

 

[gazumped 11,664]

Hi.  Odd that your PC consistently shows up twice - do you use a VPN?  Does you share the PC with someone?  Does your firewall exclude Evernote cookies?  For some reason the PC looks 'different' (or at least is not recognised) when you try to log in.  If you can work out why,  you may be able to avoid the issue.  Meantime you should be able to log in by deleting one or more entries in the device list so that your current connection will be device #2.

[DTLow 5,736]

There was a similar problem discussed here

I'm wondering if @Scott T. can confirm this was fixed, or is a completely new issue

[oup59 1]

37 minutes ago, gazumped said:

Hi.  Odd that your PC consistently shows up twice - do you use a VPN?  Does you share the PC with someone?  Does your firewall exclude Evernote cookies?  For some reason the PC looks 'different' (or at least is not recognised) when you try to log in.  If you can work out why,  you may be able to avoid the issue.  Meantime you should be able to log in by deleting one or more entries in the device list so that your current connection will be device #2.

I sometimes use VPN client of my university to access papers at home. Maybe this is the reason. Because when Evernote client notifies me about devices I check the list  to see 1. MY_PC, 2.MY_PHONE and 3. MY_PC as if my computer has been registered as two different devices.  Thanks.

[oup59 1]

26 minutes ago, DTLow said:

There was a similar problem discussed here

I'm wondering if @Scott T. can confirm this was fixed, or a completely new issue

I will try the password change trick as discussed there. Thanks.

[Scott T. 662]

9 hours ago, DTLow said:

There was a similar problem discussed here

I'm wondering if @Scott T. can confirm this was fixed, or is a completely new issue

That was a separate issue that was fixed. 

@oup59, I checked into your account and can confirm the multiple occurrences of the PC device, but nothing looks out of place at the moment. I see all the previous devices revoked and the iPhone and PC currently active. I believe the current state of your account should be good. Let me know if you still have this problem and I'll see if I can get some developer assistance on this.

[oup59 1]

On 4/20/2019 at 1:16 AM, Scott T. said:

That was a separate issue that was fixed. 

@oup59, I checked into your account and can confirm the multiple occurrences of the PC device, but nothing looks out of place at the moment. I see all the previous devices revoked and the iPhone and PC currently active. I believe the current state of your account should be good. Let me know if you still have this problem and I'll see if I can get some developer assistance on this.

Yes current status is ok but I did not connect to my VPN yet. I will check after I use VPN connection whether problem occurs or not. Thanks for the assistance. I will inform you if I need further help.

[Scott T. 662]

Thanks for the additional info @oup59. I will follow-up internally regarding how VPN can impact device count. We shouldn't be taking IP into account for devices, since it's just as possible for a desktop (i.e. laptop) to change IPs regularly like a mobile device would. But, perhaps the unique device identifier that we calculate takes something into account that changes with the VPN. I'll post again if I get more info.

[PinkElephant 8,107]

@Scott T. It may be even worse: Because many companies go out of themselves to make sure they follow you wherever you go (and press the last nickel out of your purse with superclever online marketing bullshit), it is good self defense today to cloak up everything: The IP, the device-ID, any markers they set on your device etc. I once browsed for a medical condition related to my mother‘s wellbeing. You do NOT want to know what adds I‘ve got until I resetted everything including all cookies, browser histories etc.

If you want to surf around following your interests without being followed, you better take precautions. And these measures will go against the attempt from you guys to count the number of devices !

So maybe it is time to rethink the restrictions applied to the BASIC accounts (Hint: I am paying user, and I am not eager to change this, because I think it is fair money for what I get). Functionality can be restricted without the need to identify devices.

 

[Scott T. 662]

@PinkElephant I totally understand what you're saying and I'm aware of more people using VPNs to obscure their internet activity. I was just discussing that with one of my coworkers. I'm not too familiar with the paid VPN providers (like NordVPN). Do you know what specific information they obscure? I'm still trying to get information from the team, but if the VPNs are somehow modifying something like the MAC address or machine ID (I think this is a unique ID generated by Windows at installation time), I could definitely see that causing us to identify the client as a different device. We need to be able to track it somehow, at least for our current design. To your point, perhaps unique devices should be reconsidered given the changes in how users connect to the internet, but that kind of decision is above my level.

[oup59 1]

1 hour ago, Scott T. said:

Thanks for the additional info @oup59. I will follow-up internally regarding how VPN can impact device count. We shouldn't be taking IP into account for devices, since it's just as possible for a desktop (i.e. laptop) to change IPs regularly like a mobile device would. But, perhaps the unique device identifier that we calculate takes something into account that changes with the VPN. I'll post again if I get more info.

Thanks for the effort. I specifically connected to VPN and then synched my Evernote account to see if I can replicate the problem occured last time. It generally happens the next day. I will report if/what happens.

[CalS 5,280]

13 minutes ago, Scott T. said:

@PinkElephant I totally understand what you're saying and I'm aware of more people using VPNs to obscure their internet activity. I was just discussing that with one of my coworkers. I'm not too familiar with the paid VPN providers (like NordVPN). Do you know what specific information they obscure? I'm still trying to get information from the team, but if the VPNs are somehow modifying something like the MAC address or machine ID (I think this is a unique ID generated by Windows at installation time), I could definitely see that causing us to identify the client as a different device. We need to be able to track it somehow, at least for our current design. To your point, perhaps unique devices should be reconsidered given the changes in how users connect to the internet, but that kind of decision is above my level.

No expert, but I think VPNs give you a different IP address but don't change your MAC address.  There are other tools for that if one is so inclined.  Could be wrong though....

[PinkElephant 8,107]

Hi, I am using TunnelBear as VPN service (paid ...). I am not aware what ID they replace, and what they leave intact. They will not put themselves into the  content of a HTTPS-communication, but maybe there is some stuff in the „electronic enevelope“ that wraps around the encrypted data. For sure they replace the IP and location of the reentry to the open internet. And I have never gotten any foul smelling junk after using their service, so I think they are effective.

My usecase is to protect my communication when I login to services on an open Hotspot. Cafés, Hotels, the WLAN on airports and the Train etc. In this szenario  you can never be sure if somebody hijacks the hotspot, putting himself in the middle and grabbing everything that you send and receive. Or (much less often) the service owner himself will grab what goes on. So I tunnel and let them record electronic gibberish.

But because this may be not good enough any more, there are services like DNScloak that will protect which DNS adress you are looking up (just search for it on the App Store), and other tools that actively replace whatever ID you send in your data stream by plausible, but fake and one-time ID to make sure no one can place a bracket on what you do. 

And the Browsers are getting better in hiding your ID, plus plugins that take this further. All this is driven by the massive, data-driven approach by companies to maximize the bucks they make on online business.

Just one example for this: Try to book a specific service like a flight ticket, event or something, at the same time, one by a modest desktop using something older like Win7, then by a fancy new MacBookPro and by an iPhone XS. Chances are you get different prices for the same service, based on the analysis of your data and your presumed purchasing power. And then do the same, using a VPN to move the point of entry to the internet from Germany or The Netherlands to Italy or Spain. More other prices, again. 

So I think a valid device ID is only possible when users accepts it, and places it on their device like a token or certificate. Then you can communicate with this snippet of ID information, and link up to it. This means you could restrict to „no more than 2 devices linked up at the same time“ for a BASIC account. The user could still try to move the token around, but honestly: Who would do this permanently instead of paying the Premium Account, and that‘s it.

[PinkElephant 8,107]

The MAC Adress is specific to the communication equipment you use, not to the device itself. The device carries an ID that is not a MAC adress, for example called IMEI in case of a mobile device.

If you use a WLAN card / modem, it will have it‘s own MAC ID, and it is different to the one on the Ethernet port. So if you link up in the office through an Ethernet cable, but at home via WLAN, there will be 2 different MAC addresses showing up. If you put an external USB-WLAN-connector on such a device, a third MAC-ID is transmitting, etc.

Only a device that is WLAN- or Ethernet-only will only have just 1 MAC adress.

And yes, the bluetooth-Modem has an own MAC adress himself.

MAC IDs are seen as fixed (firmware-generated), but as everything in an electronic message, this ID can be modified by software specialized for this. Some VPN services have this ability build into the service, to add an additional layer of protection.

About Evernote and syncing: I never had any problems syncing through a stable VPN tunnel. If the tunnel is not stable, this will lead to sync problems, but this will lead to problems on all other services as well. I have experienced hotspots that were set up intentionally to block VPNs (most by closing Ports usually needed by the VPN), and others that try to shake the VPN out (I think by disrupting the connection for short periods, to make the VPN software loose contact).

One may think about non-malicious motivations to prevent VPN usage on a non-encrypted hotspot. I simply quit using such services.

By the way: Even if the hotspot you use is encrypted, but is out of your control, you should still use your VPN. On each encrypted hotspot, the owner of the router can grab everything that will go through his device. For the owner himself, the link is never really (unbreakably) encrypted. So if you do not trust the owner of the hotspot you are using, switch on the VPN, and be safe.