Jump to content

Encryption (Again - sorry!)


Go to solution Solved by PinkElephant,

Recommended Posts

I have questions about encryption at several levels, have searched the forums, and not found a clear answer (or missed it), so please forgive me if this has been asked and answered elsewhere.

  1. Are the databases encrypted on the server, such that if the site was hacked, my information is still protected?
  2. Are local copies encrypted in any way such that if I were hacked, my information is still protected?  I have local client 10.4.4
  3. Is it possible to encrypt just notebooks?
  4. Is it possible to encrypt a note other than selecting all the text and doing so?

Hope I don't raise a ruckus here, but I'm still not clear on all this.

Thanks - Richard 

Link to post
  • Level 5*
9 minutes ago, Richard_GG said:

Are the databases encrypted on the server, such that if the site was hacked, my information is still protected?

Data is "encrypted at rest"

>>Are local copies encrypted in any way such that if I were hacked, my information is still protected?  I have local client 10.4.4
    Is it possible to encrypt just notebooks?

Not supported by Evernote    
I have FileVault enabled on my Mac (disk encryption)

>>Is it possible to encrypt a note other than selecting all the text and doing so?

I use the native encryption of attachments; pdfs, MS office documents, ...

Link to post
  • Level 5*
3 minutes ago, Richard_GG said:

Sorry, what does that mean?  ("encrypted at rest")

I'm not an encryption expert but my info is: Encryption at rest is a key protection against a data breach.
If the hackers get in, they can't access the data

>>Also, If you use local encryption for EN local data, how does EN get to it?

It's transparent, based on my login to the device

Link to post
  • Level 5
  • Solution

There is no data hackers could get at - unless they get access to your account.

EN data is stored on massive servers (rented from Google, as of last notice) and spread over several data centers for availability even in case of maintenance or other problems. For everybody approaching this at the bare data level it is a lot of „bit snow“.

The picture changes when accessed through a client or API (interface). Then the server software reconstructs the stored information and serves it to the client. Communication is secured by the usual means (SSL/TLS).

To avoid breaches into this access, the rules are simple: Use a strong, unique password for your account, plus enable 2FA (better based on an app than on a message). If possible don‘t log in on public computers, in hotels or at work. Avoid open WIFi networks. Use the mobile client instead, or run the connection through a trustworthy VPN service. This will still not protect you against malware installed on the computer itself.

These security and privacy measures are no different than those for other services, like e-mail or online banking.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...