Jump to content

Is Evernote safe for personal or private data?


Recommended Posts

I’ll just explain a bit about the situation here:

I’ve been using Evernote for storing personal data (eg private journals, notes etc but no personal password or financial info) and recently I’ve been concerned about whether Evernote is actually safe because it uses Google cloud to store data. First of all, is this cloud service safe? If data is stored there, is it in an “open” or “closed” format? And is it accessible by other people easily?
(Here is their security policy: https://evernote.com/security)

Second of all, I understand from Evernote’s privacy policy that though they use end-to-end encryption, this depends on whether the user selects a portion of the note to encrypt. If the user does not, it may not be encrypted when it goes to the cloud. I’m not sure what this means and whether that means the data is in “open” format in the cloud and people can get access to it if the user doesn’t encrypt text from their end. Will other people be able to access such data in the cloud easily?
(End to end encryption in Evernote: https://evernote.com/security/tips)

Third, I understand it’s possible to encrypt data from our end before it goes to the cloud (eg by using Saferoom or other encryption tools). But is it possible for data that is already in the cloud to be encrypted? Eg, I already have many notes in Evernote that have been synced to the cloud. I can start encrypting new notes now before they get synced to the cloud. But can the data already “up there” be encrypted from my end too?

Lastly, if data is deleted from my end (eg lets say i choose to delete my whole account and all my notes inside) - can the data be deleted from the cloud too? Or will it remain there “forever”?

Overall In the case of Evernote, is the security good enough for private journals (definitely don’t want people to be reading it)? What kind of note app would you recommend if we want to keep our data Super safe from prying eyes?

 

Link to post
  • Level 5*

Hi. On the basis that banks and governments seem to be routinely hacked these days,  I'd say it's impossible to judge whether anything you store online is ultimately safe.  The only question you can ask is "Is it safe enough"

I'm still using the Legacy version of Evernote which supports local (i.e. unsynced) notebooks, and my bank statements,  medical records and other stuff goes in there.  If/ when I transition to EN10 (and if they haven't reconsidered not supporting local notebooks!) I'll probably use a standard flat file database to hold my records,  with links to that data in my Evernote index.

Routine clips, correspondence, emails and everything else gets stored in Evernote and moved to Evernote's private area of Google's server farms.  Evernote might as well use Amazon / Microsoft or any other commercial server farm provider - they're all heavily secured and encrypted areas that should be as safe as anything can be.

It's possible to add extra layers of encryption like Evernote provides for specific areas of text,  or by encrypting PDFs and other file formats using third party products.

If your unencrypted data is already in Evernote,  then it already exists in multiple,  but still secure,  places.  There's a Note History function which records previous versions of your notes back to their creation,  so even if you encrypt something you type in a new note,  the chances are the plain text version still exists as copy No.1 - and no,  the copies can't be purged.  If you were to delete all notes from your account and close it down,  the backup processes would gradually overwrite the old data and destroy your content - but I'd think it might take a while.

You need to do your part too - have 2FA active on your account,  use a unique password with Evernote,  save anything you're especially concerned about on one device and offline,  and use the encryption in your word-processor if you create documents (with more unique passwords...) - and keep your World Domination plans on paper and in a locked desk drawer...  🤫

These links may be useful to you...

 

 

  • Like 1
Link to post
  • Level 5

I especially like the part about the world domination plan.

Posted mine on Facebook recently to get some feedback before implementing - you think I should remove it ?

  • Haha 2
Link to post

I would say no. Because I JUST received an email from Evernote about a potential security breach in Russia. I logined to my account after not being logged in for 2 years, and what I found was that since at least July 2020, people from over 20 different countries have been logging into my account. Thankfully, I didn't have any sensitive information in my notes. But why was there such a delay? The countries were all over the place and all on different devices; China, Russia, Romania, Nepal. Umm like what? Why was I just emailed NOW? 

Link to post
  • Level 5*
On 2/9/2021 at 2:55 PM, EffEverNote said:

I would say no. Because I JUST received an email from Evernote about a potential security breach in Russia. I logined to my account after not being logged in for 2 years, and what I found was that since at least July 2020, people from over 20 different countries have been logging into my account. Thankfully, I didn't have any sensitive information in my notes. But why was there such a delay? The countries were all over the place and all on different devices; China, Russia, Romania, Nepal. Umm like what? Why was I just emailed NOW? 

If someone logs into your account using your credentials stolen from a password used on other sites and leaked onto the web (See https://www.techradar.com/uk/news/more-than-three-billion-emails-and-passwords-were-just-leaked-online) Evernote has no way to tell whether this is you and you're travelling around,  or someone else trying to hack your account.  They do operate other checks on access which from time to time get lucky and realise that an access might be unauthorised,  which is when they write to you.  But if you don't use a secure unique password for your Evernote access,  plus 2FA access so at least you know when someone tries - and change your passwords frequently - there's not  much more they can do to protect you.

Link to post
18 minutes ago, gazumped said:

and change your passwords frequently

This is seen as bad practice, it doesn't help you in staying safe from unwanted visitors. Unique, strong passwords, don't share or write down your passwords and 2FA enabled is the way to go + security levels from Evernote should keep you safe. But no guarantees.. .

  • Like 2
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...