Jump to content

Is Evernote safe for personal or private data?


p31

Recommended Posts

I’ll just explain a bit about the situation here:

I’ve been using Evernote for storing personal data (eg private journals, notes etc but no personal password or financial info) and recently I’ve been concerned about whether Evernote is actually safe because it uses Google cloud to store data. First of all, is this cloud service safe? If data is stored there, is it in an “open” or “closed” format? And is it accessible by other people easily?
(Here is their security policy: https://evernote.com/security)

Second of all, I understand from Evernote’s privacy policy that though they use end-to-end encryption, this depends on whether the user selects a portion of the note to encrypt. If the user does not, it may not be encrypted when it goes to the cloud. I’m not sure what this means and whether that means the data is in “open” format in the cloud and people can get access to it if the user doesn’t encrypt text from their end. Will other people be able to access such data in the cloud easily?
(End to end encryption in Evernote: https://evernote.com/security/tips)

Third, I understand it’s possible to encrypt data from our end before it goes to the cloud (eg by using Saferoom or other encryption tools). But is it possible for data that is already in the cloud to be encrypted? Eg, I already have many notes in Evernote that have been synced to the cloud. I can start encrypting new notes now before they get synced to the cloud. But can the data already “up there” be encrypted from my end too?

Lastly, if data is deleted from my end (eg lets say i choose to delete my whole account and all my notes inside) - can the data be deleted from the cloud too? Or will it remain there “forever”?

Overall In the case of Evernote, is the security good enough for private journals (definitely don’t want people to be reading it)? What kind of note app would you recommend if we want to keep our data Super safe from prying eyes?

 

Link to comment
  • Level 5*

Hi. On the basis that banks and governments seem to be routinely hacked these days,  I'd say it's impossible to judge whether anything you store online is ultimately safe.  The only question you can ask is "Is it safe enough"

I'm still using the Legacy version of Evernote which supports local (i.e. unsynced) notebooks, and my bank statements,  medical records and other stuff goes in there.  If/ when I transition to EN10 (and if they haven't reconsidered not supporting local notebooks!) I'll probably use a standard flat file database to hold my records,  with links to that data in my Evernote index.

Routine clips, correspondence, emails and everything else gets stored in Evernote and moved to Evernote's private area of Google's server farms.  Evernote might as well use Amazon / Microsoft or any other commercial server farm provider - they're all heavily secured and encrypted areas that should be as safe as anything can be.

It's possible to add extra layers of encryption like Evernote provides for specific areas of text,  or by encrypting PDFs and other file formats using third party products.

If your unencrypted data is already in Evernote,  then it already exists in multiple,  but still secure,  places.  There's a Note History function which records previous versions of your notes back to their creation,  so even if you encrypt something you type in a new note,  the chances are the plain text version still exists as copy No.1 - and no,  the copies can't be purged.  If you were to delete all notes from your account and close it down,  the backup processes would gradually overwrite the old data and destroy your content - but I'd think it might take a while.

You need to do your part too - have 2FA active on your account,  use a unique password with Evernote,  save anything you're especially concerned about on one device and offline,  and use the encryption in your word-processor if you create documents (with more unique passwords...) - and keep your World Domination plans on paper and in a locked desk drawer...  🤫

These links may be useful to you...

 

 

  • Like 1
Link to comment

I would say no. Because I JUST received an email from Evernote about a potential security breach in Russia. I logined to my account after not being logged in for 2 years, and what I found was that since at least July 2020, people from over 20 different countries have been logging into my account. Thankfully, I didn't have any sensitive information in my notes. But why was there such a delay? The countries were all over the place and all on different devices; China, Russia, Romania, Nepal. Umm like what? Why was I just emailed NOW? 

Link to comment
  • Level 5*
On 2/9/2021 at 2:55 PM, EffEverNote said:

I would say no. Because I JUST received an email from Evernote about a potential security breach in Russia. I logined to my account after not being logged in for 2 years, and what I found was that since at least July 2020, people from over 20 different countries have been logging into my account. Thankfully, I didn't have any sensitive information in my notes. But why was there such a delay? The countries were all over the place and all on different devices; China, Russia, Romania, Nepal. Umm like what? Why was I just emailed NOW? 

If someone logs into your account using your credentials stolen from a password used on other sites and leaked onto the web (See https://www.techradar.com/uk/news/more-than-three-billion-emails-and-passwords-were-just-leaked-online) Evernote has no way to tell whether this is you and you're travelling around,  or someone else trying to hack your account.  They do operate other checks on access which from time to time get lucky and realise that an access might be unauthorised,  which is when they write to you.  But if you don't use a secure unique password for your Evernote access,  plus 2FA access so at least you know when someone tries - and change your passwords frequently - there's not  much more they can do to protect you.

Link to comment
18 minutes ago, gazumped said:

and change your passwords frequently

This is seen as bad practice, it doesn't help you in staying safe from unwanted visitors. Unique, strong passwords, don't share or write down your passwords and 2FA enabled is the way to go + security levels from Evernote should keep you safe. But no guarantees.. .

  • Like 2
Link to comment
  • 1 year later...

No information uploaded to the server can guarantee your privacy, regardless of the company's claims.

So I recommend you to use Evernote Legacy, which has an option to save data only on your computer.

Not sure why the new version of Evernote removed this feature. Maybe this company needs to snoop on your privacy (for AI training?).

Link to comment
  • Level 5

@ArjenC If the changed password is again strong & unique, nothing speaks against changing it. But I agree, it does not really add much to account security as long as the password was „good“ initially.

Plus it is a question of effort - my password manager is now holding beyond 300 logins. Changing them all would take a long rainy weekend, for not much gain.

Link to comment
  • Level 5*
7 hours ago, g2mXagent said:

Maybe this company needs to snoop on your privacy (for AI training?).

How does Evernote use my personal information and data?

No snooping or training involved.  Evernote take user data seriously.

Using Legacy is very much a short term work-around to privacy concerns - you may lose the feature at some time 'soon'.  Easier to keep the private data on a local hard drive and maintain an index in Evernote.

Link to comment
  • Level 5

The AI training (if you can call it AI) is done by yourself. 

Just enable the "Smart Filing" feature, and it will initially drive you nuts. It will drop notes all over the account, use seemingly random tags etc. This is because it needs to learn your individual patterns first. There is not advance front loading, it starts with zero knowledge.

This will improve over some days and weeks, and hopefully you will find it useful after you completed the training.

Speaking about "confidential information": Most of us may have read too many bad novels about data stolen and identities captured. In fact most of what we store (in many cases everything) is of no interest but for ourselves. And for the few things that may be confidential: Do we really need to store them online ?

If yes (I do): You can create an encrypted container on your drive, and store them there. Or you can create such a container, and upload it - encrypted - into EN or any other cloud service.

Link to comment
在 2022/9/28 在 AM4點14分, gazumped說:

Easier to keep the private data on a local hard drive and maintain an index in Evernote.

How?

The Legacy version is good.

Some notes I will choose to sync to the cloud. Such as math class notes, and some software uses experience. This way I can read the notes elsewhere.

I will store some notes locally, such as diaries and financial tables. I don't want to share this information, I want to make sure that only me can read these notebooks.

In the new version, I had to choose between syncing everything, or nothing. Too hard to decide.

Link to comment
  • Level 5*
2 hours ago, g2mXagent said:

How?

If you save your data as files in a folder structure on a local hard drive,  or in the (less secure) Cloud,  it's possible to save a link directly to that file into an Evernote.  The file is not 'attached' to the note,  but it is still accessible from it.

Use a descriptive file name / tags or add an executive summary to the note and your data is still easily searchable and accessible,  even if the full note content is not available until the file is opened in local software.

  • Thanks 1
Link to comment
21 小時前, gazumped說:

If you save your data as files in a folder structure on a local hard drive,  or in the (less secure) Cloud,  it's possible to save a link directly to that file into an Evernote.  The file is not 'attached' to the note,  but it is still accessible from it.

I'd rather turn off sync and block Evernote in the firewall.

Link to comment
  • Level 5

LOL

Using a cloud service and blocking its access to the cloud is complete nonsense. EN does some jobs on the server, like OCR and building the search index. Block it, and you don’t even have an intelligent typewriter.

Who wants a locally hosted solution can take a look at Apple Notes (it has a on device option, not syncing to the iCloud) or DevonThink (hosting everything in local databases, Mac only). Or at one of the NAS providers, like Synology NoteStation.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...