What happens with UNencrypted text before it's encrypted?

[EvaluatingEvernote 3]

If I have text in a note, and don't encrypt it for a while (hours, days, weeks, whatever), but then finally encrypt it, does that mean that Evernote still has on its servers the discoverable text from when it wasn't encrypted? And, if it's still on Evernote's servers, then after it's encrypted, when will it drop off Evernote's servers?

[DTLow 5,736]

55 minutes ago, EvaluatingEvernote said:

when will it drop off Evernote's servers?

It will drop off some backup servers, however the Note History backup is perpetual

[EvaluatingEvernote 3]

Thank you, but I don't understand what you mean by "the Note History backup is perpetual." Does that mean that EVERY version of every note is perpetually retained? Or that as each note is changed it's again backed up (and writes over the old note?)?

I think this would be very helpful for all interested users to fully understand just how secure their encrypted text is, so your help answering this is greatly appreciated.

[DTLow 5,736]

17 minutes ago, EvaluatingEvernote said:

Does that mean that EVERY version of every note is perpetually retained?

An example is a note I update weekly
Looking at the Note History for that note, I see entries back to 2015

[EvaluatingEvernote 3]

Very interesting. Indeed, I just created a test note, then minutes later encrypted some of its text, then a while later was able to restore the version of the note before the text was encrypted, and in fact the text I wanted to be hidden was plainly visible again.

This makes the encryption feature far less secure than one would imagine, and seems to defeat the purpose of even having such a feature.

I wonder how many users realize that their encrypted text is so easily discoverable. 

[DTLow 5,736]

5 hours ago, EvaluatingEvernote said:

so easily discoverable

Easy to restore only if you have the account id and password

In the Legacy product, we can use a Local Notebook for encryption before moving the note to a sync'd notebook

[eric99 985]

I disconnect my network before entering and encrypting the text

 

[eric99 985]

3 hours ago, EvaluatingEvernote said:

Very interesting. Indeed, I just created a test note, then minutes later encrypted some of its text, then a while later was able to restore the version of the note before the text was encrypted, and in fact the text I wanted to be hidden was plainly visible again.

This makes the encryption feature far less secure than one would imagine, and seems to defeat the purpose of even having such a feature.

I wonder how many users realize that their encrypted text is so easily discoverable. 

Can you please redo this test when you create an encrypted test note with disconnected network?

[gazumped 11,697]

Or lessee...

1. create your note content in a word-processor that will password-protect the file and attach it to a note
2. print the WP content as an encrypted PDF file and attach it
3. create a note with two lines of 'holding' text spaced fairly widely apart...
   
   ...like this.  Select both lines and the space between.  Encrypt the text and sync it.
   
   Then decrypt the paragraphs and copy/ paste your content between the original lines.

Encryption is a text-only feature anyway - I prefer encrypted PDF files which can also hold images and graphics. 

[EvaluatingEvernote 3]

11 hours ago, DTLow said:

In the Legacy product, we can use a Local Notebook for encryption before moving the note to a sync'd notebook

Interesting. But for new users who assume that the latest Evernote is the best Evernote, or who simply don't want to onboard to a legacy product, then those users (including me) will have the illusion of secure text when it's encrypted, but really it's not secure.

[gazumped 11,697]

Hi. As has already been pointed out,  someone has to be in a position to log into your account as you before being able to look at note history.  If they have that much access, you have bigger problems than potentially having a decade-old note decrypted.  The answer appears to be the same as for general security - a unique password, 2 factor authorisation, and locking access to the account when not using it.

[EvaluatingEvernote 3]

10 hours ago, eric99 said:

Can you please redo this test when you create an encrypted test note with disconnected network?

I did what you suggested above, twice. In both cases, there was only one previous version in the note history, and that version of the note had only the note's title, nothing else. And, in both cases, the encrypted text was not in the note history. So, I guess for users who will go to the trouble of disconnecting from the network before writing a sensitive note, then that will work, but that type of workaround is clearly an indication that Evernote is not the right product for anyone who has any notes that are even remotely sensitive. More realistically, users won't decide a note is sensitive until after it's written, and they'll probably write it while connected to the Internet (while on a Zoom call, for example), so the opportunity to keep the note private is basically gone forever since Evernote will have it, well, forever.

Like some of you, when I used to see messages like mine above, I rolled my eyes and thought, "How silly, what do they have to hide?" Well, for various reasons I'm now completely in the other camp and now fully understand why something we didn't think needs to be hidden really does need to be hidden. Better safe than sorry is an understatement, and you shouldn't learn that until after it's too late.

As much as I wanted to go back to Evernote, and even embraced the new version that so many loyal users seem to dislike, I'm afraid I have to look for an alternative.

[DTLow 5,736]

9 minutes ago, EvaluatingEvernote said:

Evernote is not the right product for anyone who has any notes that are even remotely sensitive.

I have no problem storing sensitive data in Evernote, when it's encrypted   
I do my encryption external from Evernote; pdfs, Office/iWork documents, ...

[EvaluatingEvernote 3]

25 minutes ago, gazumped said:

someone has to be in a position to log into your account as you before being able to look at note history

Not necessarily. As long as someone's in a position to argue that they should have access to your note history, then in some cases that will be sufficient. It's not a question of who has your login credentials. Arguments to access note history in non-criminal situations are vast and becoming more common. Something that may seem unrelated but could be construed as having implications for separate decisions you or others made, for example. You'd be surprised. Or, better yet, avoid being surprised, and instead start to embrace end-to-end encryption.

[CalS 5,281]

Using the desktop version of old EN one could create and encrypt whatever within a note in a local notebook.  Then that note could be moved to a synced notebook and little risk of exposure.

Worse yet with the new version, with the dynamic syncing that now exists encrypted text can be copied to history while you are editing the text.  A bad thing.  Less than compelling design choice or compromise.