Jump to content

note history vs encrypted text security issue

Recommended Posts

Evernote Team and Users,

I use the encrypted text feature to encrypt sensitive information in evernote. 

But I've noticed that the "note history" (control-shift-i -> view note history), will have historical versions with the text unencrypted, which defeats the purpose of encrypting the text.

How can I work around this problem ?

Is there a way to delete the note history ?  If so, could I delete only some of entries in note history, or is it all or nothing ?

Maybe I need to create a new note, encrypt the text immediately, and then permanently delete the old note ?  not fun.

Other ideas ?

Also, is there a way to search the note history of all my notes ?  I'd like to search for strings that might reveal important information.

Link to comment

Following up to my own post...

First, it seems that note history is a premium feature, I recently updated to premium, which explains why I did not notice the issue before.

It seems that when I search, evernote searches the note history as well.  That is search will find notes that include the search terms, if the search terms show up in the history, even if those terms are not in the current version of the note.  This is good, although not real obvious as implemented. This is good because if gives the opportunity to search history for confidential information -- so that action can be taken to protect that information. [Update: I was wrong, there doesn't seem to be a way to search history?]

Currently what I'm doing is encrypting the text in my note, and then to be sure the unencrypted version is not available in history, I duplicate the note, then permanently delete the original note (along with its history).  I've noticed the history is not copied when a note is duplicated. Tedious but it gets the job done. 

Is there a better way ?

Some ideas that might improve usability / security:

* evernote could warn user when the encrypt text that history may contain unencrypted version, and offer user option to delete history.

* evenote could keep history encrypted and password protected.

* (unrelated to original issue) when duplicating a note it might be nice if there was an option to also duplicate the history.  I'd leave the default as-is (no history duplication), or prompt every time so user is aware of history situation on the new note.

Edited by clr
Link to comment
  • Level 5*

Hi.  One of Evernote's major features is the document history which saves (if it has time) a previous version of a note when changes are made.  The benefit being (for me anyway) that any occasional mistakes can be retrieved by a visit to the History.  However the existence of the feature means that if you create a note which is later encrypted,  there's a pretty good chance that your initial content is in History somewhere in full plain text.

There are a couple of ways to avoid this - 

  1. use an external word processor (or spreadsheet etc) - many offer the option to encrypt and password protect individual files,  which can then be attached to a note*.
  2. create a note template containing a paragraph of random text that has already been encrypted.  Duplicate the note, unencrypt the paragraph,  and copy/ paste your external plain text content into the space.  When you exit the note it should be re-encrypted.*

* in both cases, and as far as I know,  the content will not be indexed for searches either!

As far as your existing situation is concerned - I know of no way to delete Note History other than to move the note(s) to a different notebook or to delete the original note,  having copy and pasted the encrypted content to another new note. (NB I've never tried to move content like this,  and I'd worry that the encryption might be unusable afterward!!)

AFAIK also - Note History is not searchable,  though your experience is clearly different.  You'd have to contact Support to get some insider information on this!


  • Like 1
  • Thanks 1
Link to comment
  • Level 5

When I tried a few weeks ago, moving the note to another notebook did not erase note history.

The only way to do so was to duplicate the note, and delete the original note. Don’t forget to erase it a second time from the trash !

  • Like 1
  • Thanks 1
Link to comment

This is one of the various reasons why EN 10 is flipping useless compared to EN 6. On EN6 we can disable automatic sync, to avoid any encrypted text getting uploaded in its unencrypted state. Consider that between the time you create some content in EN and encrypt it, it may already have been uploaded and in EN10 there is no control over this process.

This and the removal of local notebooks means it's very difficult to secure any data that goes up to EN's servers. Encrypted file attachments in notes aren't useful to me, though I accept that's a decent enough workaround for others.

I've had enough - been with EN since 2007 but I'm reluctantly shifting everything to Joplin and will let my sub lapse when it's due for renewal in April.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...