Matteo Contigliozzi 0 Posted June 26, 2023 Share Posted June 26, 2023 Hi there, I'm a premium Evernote user and I think I've ran into a major safety issue. I was wondering if my encrypted data were safe enough, and asked myself what happens with the history of change regarding notes which contain encrypted data. (For those who don't know, this is a premium function allowing to see earlier version of a Note, automatically created). Well, I've found out that that through this view UNCRYPTED DATA ARE EXPOSED AND CAN BE SEEN WITH NO PASSWORD NEEDED. This is a major issue that can compromise users' safety and needs to be addressed immediately. In the meantime, I suggest every user to store their sensitive data elsewhere, while waiting for this issue to be fixed. Link to comment
Dave Green 261 Posted June 26, 2023 Share Posted June 26, 2023 Please report this to support. Link to comment
eric99 1,079 Posted June 26, 2023 Share Posted June 26, 2023 5 hours ago, Matteo Contigliozzi said: Hi there, I'm a premium Evernote user and I think I've ran into a major safety issue. I was wondering if my encrypted data were safe enough, and asked myself what happens with the history of change regarding notes which contain encrypted data. (For those who don't know, this is a premium function allowing to see earlier version of a Note, automatically created). Well, I've found out that that through this view UNCRYPTED DATA ARE EXPOSED AND CAN BE SEEN WITH NO PASSWORD NEEDED. This is a major issue that can compromise users' safety and needs to be addressed immediately. In the meantime, I suggest every user to store their sensitive data elsewhere, while waiting for this issue to be fixed. Yeah, this has been a known problem for as long as EN exists which has been discussed several times on the forums. There are two workarounds to prevent unencrypted history of your sensitive data: Encrypt first a small dummy text and then change it to the actual text Create and encrypt your text with disconnected network I hope Bending Spoons will finally solve this properly 1 Link to comment
Matteo Contigliozzi 0 Posted June 26, 2023 Author Share Posted June 26, 2023 @Dave Green Thank you, Dave. I can't find the email address. When I try to contact the support via chat, it says: "We apologize for the inconvenience. Submit a ticket via email or contact us at discussion.evernote.com" (which I did). What's the email they're referring to? Link to comment
Dave Green 261 Posted June 26, 2023 Share Posted June 26, 2023 @Matteo Contigliozzi Noting that you are a premium user, you can use the URL https://help.evernote.com/hc/en-us/requests/new (You may have to sign in to evernote.com first). This can be used to generate a ticket in their system. You get an email when they reply to it (and then you can reply back), but it is tied to a created ticket. Link to comment
Evernote Expert Solution agsteele 3,059 Posted June 26, 2023 Evernote Expert Solution Share Posted June 26, 2023 The Evernote text encryption has long been considered inadequate. Better to encrypt in an external application. I have used AxCrypt very successfully but it is a paid for app if you want to be able to work across devices. Saferoom is another application that I have used and offers a free level of access and is more tightly integrated with Evernote. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now