Jump to content

Is Evernote data stored securely on client devices?

RichardG63

Recommended Posts

RichardG63

RichardG63 15

Posted
Posted

Hi,

I have been using Evernote for years: Windows, Android, and Linux client versions, and sometimes the web client.

I appreciate when using the web client this question is likely invalid.

But where the app is installed, EN syncs data from the cloud to a local file system location. I think the meta data is stored in a SQLite database, but that the note content and attachments are stored in "plainly readable" formats (similar to say HTML).

In the case that a laptop were to be lost, and it was possible to access the content of the hard drive (ie no encryption) by connecting the disk to another machine, would it be possible for a bad dude to read EN notes (on the assumption they knew where to look)?

Appreciated that the approach of keeping sensitive data in a more appropriate system is the way to go, but there's still personal, semi-sensitive data that would be inconvenient to "vault" that I'd like to know isn't easily accessible if the worst were to happen. 

Link to comment
  • Level 5
PinkElephant

PinkElephant 8,126

Posted
  • Level 5
Posted

You can look it up yourself. Everything is in a folder structure, with a lot of files. Typically 2 files per note, one with the note information, one with metadata.

As I said, like most other apps, EN relies on the build in protection concept of the OS. Enable it when you want the data to be encrypted when at rest.

Link to comment
RichardG63

RichardG63 15

Posted
  • Author
Posted

Oh thanks, if you could point me to the doc/reference that describes this I'd be grateful as I did look but no find.

Maybe that doc would also indicate where the actual files are cached locally too? 

Link to comment
  • Level 5*
gazumped

gazumped 11,677

Posted
  • Level 5*
Posted

Try C:\Users\<you>\AppData\Roaming\Evernote in Windows.  I don't know of any official documentation - Evernote recommends downloading ENEX files for backup purposes.  Settings allows you to opt out of keeping a local copy of your notes,  though that means you have to be online to use the app.

EDIT - Sorry;  should also have said that you could ask Support - most of us here are just other users. Subscribers can raise support queries here - https://help.evernote.com/hc/requests/new and all users here - https://twitter.com/evernotehelps

 

Link to comment
  • Level 5
PinkElephant

PinkElephant 8,126

Posted
  • Level 5
Posted

Basically not - all information is already posted here. 

Support will likely tell you the same.

What you can ask support would be an option to have encryption at rest. If you will get it is a completely different question. It is a rarely discussed issue in the forum.

If you can’t trust the computer you are using, usually you can’t install software either. In these cases the web client is the one you should use.

Log out, empty the cache and quit when you are done. Then everything short of a full keylogger & screen grabber will not see your notes.

Link to comment
Kheldar3211

Kheldar3211 12

Posted
Posted
On 5/6/2023 at 1:50 AM, RichardG63 said:

Hi,

I have been using Evernote for years: Windows, Android, and Linux client versions, and sometimes the web client.

I appreciate when using the web client this question is likely invalid.

But where the app is installed, EN syncs data from the cloud to a local file system location. I think the meta data is stored in a SQLite database, but that the note content and attachments are stored in "plainly readable" formats (similar to say HTML).

In the case that a laptop were to be lost, and it was possible to access the content of the hard drive (ie no encryption) by connecting the disk to another machine, would it be possible for a bad dude to read EN notes (on the assumption they knew where to look)?

Appreciated that the approach of keeping sensitive data in a more appropriate system is the way to go, but there's still personal, semi-sensitive data that would be inconvenient to "vault" that I'd like to know isn't easily accessible if the worst were to happen. 

These days whole disk encryption has no noticeable impact on systems and there's really no reason to not use it. The fact that you are worried about personal, semi-sensitive data means that you should just whole disk encrypt. I have my linux, windows and mac all encrypted and backed up. If it gets nabbed then no worries!

 

Link to comment
jasimon9

jasimon9 3

Posted
Posted

What is not working for backup:

  1. I used to just highlight all the Notes, then export them. But now it says you can only highlight 100 notes. So that will not work.
  2. I have seen where you can export a Notebook. But I have about 20 notebooks, so that is a pain.
  3. Many people say "just back up the EN data folder". Where is that? I see a lot of question about where it is, but no answer. I would be looking for the Mac location, but the answer should be both Windows and Mac locations.
  4. Other people say that your main system backup handles it. That would handle certain use cases, but not the more common ones for me, where I just want an old note.

Most useful answer would be the location of the EN data files.

Link to comment
  • Level 5
PinkElephant

PinkElephant 8,126

Posted
  • Level 5
Posted

You used to select all notes and export them, for a backup.

OK. First rule of a backup: Have one. Check. Second rule of a backup: It’s only a backup after you tried a restore. No check.

Why ? Because obviously, you never tried to restore. First it would have created a mess, because restoring means importing. You have a zillion of notes in that one huge single massive ENEX file, and you import it. Now you have that zillion of notes in your main account, together with all the original ones. And you will stall the upload,  cause you will likely surpass every upload allowance. Not good.

Even worse: All you notebooks are gone. You end up with ALL notes in ONE notebook. Eastern and Christmas on the same day ! How would you sort this out ?

So even if it was technically possible to export „all“ notes, it was by no means recommended.

What EN recommended, even back then was to export each notebook into one ENEX file. Give the file the notebook name. When you import an ENEX file, it will all go into one new notebook. Do it, rename it, and you have successfully restored from backup.

And this is what v10 is designed after: Export each notebook into a separate ENEX file. You can e port a full notebook, no matter how many notes are in there. The 100 limit applies only to single note selections. I have explained several times in the forum how to raise this limit. Search for it if you are interested.

If you search you will find as well a project from fellow user that does the export for you. And you will find the service backuppery, that does it professionally, for an additional subscription fee.

Link to comment
Alxa

Alxa 480

Posted
Posted

You can easily do a full backup export - one ENEX per notebook - with the legacy windows client. First log of so you see the login-windowimage.png.f356cccabfa4dfeb5f22203f10723c55.png

Then press CTRL+SHIFT+E and select the account to export. Evernote than creates a folder on the desktop and exports ALL notebooks into one ENEX per notebook. One keyboard shortcut + one click = Very convenient. Only downside: tasks are not included in the export.

Link to comment
  • Evernote Expert
agsteele

agsteele 2,951

Posted
  • Evernote Expert
Posted

That's are a number of applications that will export your notes on a scheduled basis in an easier manner than either Legacy or v10. I use the GitHub project evernote-backup.

I can schedule the backup to take place whenever I wish. In my case once per week.

Link to comment
RichardG63

RichardG63 15

Posted
  • Author
Posted

Thanks everyone, this is interesting, but veers away from my original question which was "is Evernote data encrypted in the local cache".

The reason I want to know the answer is because I want to know whether I should vault that data so it's safe from prying eyes in case I lose my laptop without an encrypted disk. (BTW I'm not particularly keen on full disk encryption as having to enter an additional passphrase when booting is inconvenient. I know that sounds a bit lazy but I also don't think it's a bad mentality to encrypt only the files/directories you're really concerned about.)

Having a backup is a separate concern and I'm sure addressed many times elsewhere. But thanks for bring my attention to the evernote-backup & backuppery.

EN support have not confirmed whether the data is stored in an encrypted format or not (although I think it's safe to assume it isn't). They have confirmed that local caches are at the following locations:

  • For Mac, it's either through ~/Library/Application Support/ or ~/Library/Containers/com.evernote.Evernote/Data/Library/Application Support/.
  • For Windows, it's through opening Windows Explorer and pasing %appdata% in the window header.

And they've told me they can't provide details regarding the Linux Early Access client (although I believe it's accessed via a FUSE mount-point) which I can completely understand. It would make sense for me to try to encrypt that data - I'll try to work out its location and will update as I learn more.

Thanks for your help.

Link to comment
  • Level 5
PinkElephant

PinkElephant 8,126

Posted
  • Level 5
Posted

The answer was posted very early in this thread: NO.

Repeating the question won't change the answer..

State of the art is encrypting the whole disk. All modern OS (supported by dedicated crypto-units on the chips) does this without a penalty in performance. Most modern devices have biometrical means to log in, Windows Hello to Mac TouchID. The Mac can be entered using an Apple Watch as well.

Use disk encryption, or live with an unencrypted local database.

Link to comment
Kheldar3211

Kheldar3211 12

Posted
Posted
27 minutes ago, RichardG63 said:

No need to shout Mr @PinkElephant ! I'd rather get the details from the horse's mouth than the elephant's...

Frankly I'll do what I want, but thank you for your suggestions. You should watch your tone: you come across as a complete know-it-all. 

Note that these are user forums, (EN support does not actively monitor the forums or respond) if you want an "official" answer, email EN support and they can assist you. Another avenue is @evernotehelps on twitter. Good luck!
 

  • Like 1
Link to comment
  • Level 5*
gazumped

gazumped 11,677

Posted
  • Level 5*
Posted
4 hours ago, Alxa said:

As the posting is gone. Could you please make transparent which point of code of conduct was broken. Thank you.

? It would have been criitical of another user without being helpful or useful in the ongoing discussion...

Link to comment
jasimon9

jasimon9 3

Posted
Posted
On 5/7/2023 at 1:42 PM, PinkElephant said:

You used to select all notes and export them, for a backup.

OK. First rule of a backup: Have one. Check. Second rule of a backup: It’s only a backup after you tried a restore. No check.

Why ? Because obviously, you never tried to restore. First it would have created a mess, because restoring means importing. You have a zillion of notes in that one huge single massive ENEX file, and you import it. Now you have that zillion of notes in your main account, together with all the original ones. And you will stall the upload,  cause you will likely surpass every upload allowance. Not good.

Even worse: All you notebooks are gone. You end up with ALL notes in ONE notebook. Eastern and Christmas on the same day ! How would you sort this out ?

So even if it was technically possible to export „all“ notes, it was by no means recommended.

What EN recommended, even back then was to export each notebook into one ENEX file. Give the file the notebook name. When you import an ENEX file, it will all go into one new notebook. Do it, rename it, and you have successfully restored from backup.

And this is what v10 is designed after: Export each notebook into a separate ENEX file. You can e port a full notebook, no matter how many notes are in there. The 100 limit applies only to single note selections. I have explained several times in the forum how to raise this limit. Search for it if you are interested.

If you search you will find as well a project from fellow user that does the export for you. And you will find the service backuppery, that does it professionally, for an additional subscription fee.

Thanks for your detailed response.

My concern for this backup is not if I "lost everything". Rather in that scenario I would rely on my multi-layer backup of Time Machine + SuperDuper. Such an approach is of course suggested by several in this thread and in the other relevant thread at 

.My concern is more if I messed up one note badly and wantd to revert to a previous version. In that case the following procedure would not be so bad:

  1. Restore "All Notes" into one big temporary notebook.
  2. Find the one note in question and restore it.
  3. Blow away the temporary notebook.

Since I have never had to use such a procedure, the simplicity of the "All Notes export" is appealing. 

For the moment, I am going do the "by notebooks" export in my new Evernote, but continue to do the "All Notes" backup on a machine where I still have the Legacy EN that allows that.

 

Link to comment
jasimon9

jasimon9 3

Posted
Posted

@gazumped - I have not actually gotten into the case where I needed to revert a note yet. Note History would be useful, but I would have to upgrade my plan apparently to have that available.

Good point though.

  • Like 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...