(Archived) Sensitive Documents on EN - A More Detailed View

[TechBarber 100]

I'm curious to know what kinds of documents other users store in their Evernote accounts. While it would be useful to store anything and everything "in the cloud", I know that we all have different limitations on what we're willing to throw up there.

I've read several threads on the forum about this using the search functionality and I've gained some insight here and there, but I'm more curious about the kinds of documents you're all willing to store in the cloud. Do you store things like birth certificates, passports, banking data etc?

For me, I don't trust the cloud enough to give them my REALLY sensitive documents. The ones I just mentioned above will never be on the cloud - at least until the day comes you can encrypt entire notes within EN. Even then I'd still be hesitant.

Where I'm really struggling is where to draw my own personal line. I'd love to purchase a scanner and scan everything, but even things like bills and mortgage papers leave me a little leary. While there is nothing particularly damaging on my bills, I still wouldn't want someone gaining access to my home address, phone number, hydro account number --- that's kind of personal, isn't it? You could grab a lot of info from just bills. Number of family members, vacation bookings etc etc

With all the talk about sensitive documents on this forum, I didn't see a ton on specifics. Each must draw their own line - where do you draw yours?

[BurgersNFries 2,407]

The ones I just mentioned above will never be on the cloud - at least until the day comes you can encrypt entire notes within EN. Even then I'd still be hesitant.

I'm also hesitant. But there are ways. It's easy & free to password ENCRYPT (not just password protect) PDFs. I use a password generator (Roboform) & so my passwords are pretty good. Not easily remembered, but then that's why I use SplashID as my password manager.

FWIW, nothing is 100% unhackable. Nothing. No-thing. However, (at least in my case & I'm guessing it's the case with most users), if you store things in the cloud encrypted with a good encryption password, it's not worth a hacker's time to "brute force" their way through your password. Brute forcing a password requires a lot of time & unless there's a particular reason they would target you (IE, did you ever work for the CIA?), it's normally not worth their time. There are so many other unsuspecting/unprotected users out there for the taking.

You also have to be realistic. As long as you are taking reasonable precautions (IE the password encrypted pdfs I mentioned), I'm not sure the cloud makes you any more vulnerable than real life. IE, if you kept everything on hard copies in a locked filing cabinet in your home, you surely know someone could (should they want to, but hopefully never would) break into your home, steal your computer & filing cabinet & break into it & there you go...

I do NOT store my bank statements/credit card bills in EN unless they are encrypted. I freely add things (UNencrypted) like my cable bill/water bill/phone bill. Whenever I've had to call those people, I've had to jump through so many security hoops it's not even funny. So simply having a copy of the bill doesn't seem to give a stranger any authority to do much of anything other than maybe order a movie. Also, keep in mind what is public info. I'm in the US, so if you're in a different country, your mileage may vary. IE, when I bought a house, how much I paid for it, phone number (unless you're unlisted) & such is a matter of public records. If you don't shred your trash, people can easily gain this information by simply going through your trash bin or going to the online public records for the county in which you live. So I rather doubt that stuff would be of much interest to a hacker b/c they can get it w/o having to hack EN. IOW, I don't go to great lengths to protect data that is a matter of public records.

[jbenson2 2,147]

During one of the Evernote podcasts, the Marketing Director of Evernote said he stores his Federal Tax returns in Evernote. He did not mention encryption.

Heather from Evernote Customer Support said she stores her sensitive information (Passport scans, titles, tax info) in Evernote unencrypted as well. It's a matter of personal preference/comfort level.

I store my confidential stuff on a non-sync'd local drive, so it never gets to the cloud. By the way, I also OCR all my scanned documents, so I can still search my confidential PDF's.

[colin_e 0]

Unfortunately the current design of Evernote means that by definition it is not suitable for sensitive (or in principle even non-sensitive but "personal") data for any user in Europe. The same caution probably applies to most other areas outside the US, or for anyone highly security conscious IN the US.

As I understand it, Evernote (the company) says the note data is stored on their servers in encypted form. However that encryption is done on the server side, so the end user doesn't have the encryption keys or control the algorithm used. The server has (clearly) access to the encryption keys, otherwise it would not be possible to use your notes in the web browser interface.

This means Evernote (the company) could decrypt your data and make it available to US Government authorities if forced to do so under the Patriot Act, in fact they would be compelled to, and that you as the user would not be notified of this. This esentially means the Safe Harbour agreement (referred to in Evernote's privacy policy) is worthless, which is a problem for users in Europe, and as noted above, anyone else who really cares about security. This is a problem that affects all web/cloud services at the moment, not just Evernote, and it's a biggie.

In practical terms, today I would use Evernote for non-sensitive day to day stuff but I certainly wouldn't use it for anything sensitive like financial records unless (as someone else has mentioned) you use an external tool under your own control to encrypt a file (such as a document) then attach it to a note as an opaque "Blob" that Evernote itself can't look into.

It's a shame because a tool like this could be a godsend for storing all that personal stuff that would be a nightmare if (for example) your house burned down or thieves stole your home PC. It could be fixed but it would take some creativity on the part of Evernote.

They would need to do something like partner with the developer of nevernote (the Open Source Evernote client) to create a "secure Evernote client". This version would encrypt everything saved/synched to the cloud before it left the users computer using a user-selected encryption algorithm and key. Unfortunately one side effect of this would be that the Evernote web user interface would be useless, you'd have to have a local client to encrypt/decrypt the content.

The software development would need to be Open Source, and based outside the US, to guard against the possibility of Government-introduced "backdoors" in the code. Ideally the cloud storage would also be non-US based, in fact it should be distributed across multiple legal jurisdictions. This doesn't change much from a data privacy perspective (data is easy to move around) but it would make it less likely that the service could simply be shut down by any one government.

A solution like this would be great, I wonder if it's something the Open Source world could take on.

Regards: Colin

[Owyn 457]

I store my confidential stuff on a non-sync'd local drive, so it never gets to the cloud. By the way, I also OCR all my scanned documents, so I can still search my confidential PDF's.

Ditto. Well, that is what I am planning to do. Just recently premium.

@colin. That is the only solution I am aware of that addresses your, valid, concerns. Further security could be achieved by moving the Evernote database to an encrypted container.

[BurgersNFries 2,407]

As I understand it, Evernote (the company) says the note data is stored on their servers in encypted form.

No. They have never made such a claim. In fact, they have flatly said it is not encrypted when stored on their servers. The encryption is only when sending/receiving data to/from the EN servers.

viewtopic.php?f=30&t=9583#p46892

viewtopic.php?f=30&t=16789&p=67262&hilit=server+encrypt#p67262

There are already many, many threads on this topic. Wide open databases & this one may be helpful.

In a nutshell, I put my EN database in a Truecrypted container on my PCs and only put sensitive info in the EN cloud by making it a password encrypted (not just password protected) PDF.

[Metrodon 2,184]

Evernote is a private commercial enterprise, it's main purpose is to make money for it's investors and owners. It does this by having a product that people want and are willing to pay for, not by given it's secret sauce to the open source world.

[golgotha007 0]

I'm also hesitant. But there are ways. It's easy & free to password ENCRYPT (not just password protect) PDFs. I use a password generator (Roboform) & so my passwords are pretty good. Not easily remembered, but then that's why I use SplashID as my password manager.

Your workflow sounds..difficult.

FWIW, nothing is 100% unhackable. Nothing. No-thing.

the word "unhackable" is a broad term, but based on the context within that paragraph, I would guess that you don't know very much about cryptanalysis.

You also have to be realistic. As long as you are taking reasonable precautions (IE the password encrypted pdfs I mentioned), I'm not sure the cloud makes you any more vulnerable than real life. IE, if you kept everything on hard copies in a locked filing cabinet in your home, you surely know someone could (should they want to, but hopefully never would) break into your home, steal your computer & filing cabinet & break into it & there you go...

I agree with taking reasonable precautions, but not if it seriously disrupts my workflow. In this case, it's better to just avoid the risk. Also, I don't agree with your example about locking physical documents in your file cabinet at home. Putting sensitive data into Evernote is more like putting your sensitive, physical documents in your neighbors house--the one you don't know. For all you know, this neighbor doesn't even lock his door, who knows? Unless Evernote has a list of audited, effective controls on securing client data (which they do not, I checked), then you have no idea what Evernote's security posture may be.

Also, don't think I'm some kind of Evernote hater; it has its purpose, it's just narrow in scope. Dropbox has similar issues with their business model. If you want to see a company that's doing it "right", then take a look at Wuala, which encrypts data locally with a symmetric cipher before uploading to some cloudish backend.

The point I am trying to make here is that unless Evernote conducts semi-annual penetration and application vulnerability testing, and obtains audited, effective controls at least within the Confidentiality principle as defined in the AICPA's AT Section 101 or ISAE-3402 (or both), then Evernote should be treated with the same level of confidentiality as the public bulletin board at the local laundromat.

[jbenson2 2,147]

If you want to see a company that's doing it "right", then take a look at Wuala, which encrypts data locally with a symmetric cipher before uploading to some cloudish backend.

You're comparing Apples to Oranges, or maybe Apples to a brick.

* Wuala does not offer OCR.

* They don't even offer basic search capabilities.

Don't think I'm some kind of Wuala hater; it has its purpose, it's just narrow in scope.

Odd name however. It is a bit of stretch to see the connection between Wuala and the word voilà.

Perhaps after they solve some of their outstanding software bugs, I will give it a try at my local wi-fi laundromat.

* Delete from trash fails with "does not fulfill the preconditions of this transaction"

* Can't write very large files in File System Integration

* Sorting order does not work when opening folder for first time

* Overwriting files on File System Integration causes Wuala to download files

* Core - TooManyTransactionsException acknowledged

Wuala is basically just a secure online storage / backup service. And there are a lot of them out there.

http://en.wikipedia.org/wiki/Comparison_of_online_backup_services

[MartinPacker 2]

For me the issue is what my employer would need: I don't think they permit me to put (customer) sensitive stuff on Evernote.

I suspect others are in the same boat.

Martin

[BurgersNFries 2,407]

Your workflow sounds..difficult.

It's not. I suppose some people think locking their car or home each time they leave is "difficult". But it's something I choose to do to make theft a bit more difficult.

the word "unhackable" is a broad term, but based on the context within that paragraph, I would guess that you don't know very much about cryptanalysis.

My knowledge about cryptanalysis (or lack thereof) has nothing to do with the statement I made.

Also, don't think I'm some kind of Evernote hater; it has its purpose, it's just narrow in scope. Dropbox has similar issues with their business model. If you want to see a company that's doing it "right", then take a look at Wuala, which encrypts data locally with a symmetric cipher before uploading to some cloudish backend.

Evernote & Wuala are fundamentally different. I have used Jungle Disk/Amazon S3 storage for several years as an online backup. And I do use a separate password to encrypt my "buckets". Evernote's focus is not to be a secure backup system. But rather a tool for collecting, organizing & retrieving information.

then Evernote should be treated with the same level of confidentiality as the public bulletin board at the local laundromat.

If you read my posts on security, you will note that I am cautious about what I put into Evernote that is not encrypted. Most of what I put into Evernote is not what I would class as sensitive information. Do I care if the bulletin board at the local laundromat has a note that says "BurgersNFries' husband wears a 15 1/2/33 shirt" or "BNF really likes the pasta with ricotta & spinach from Smart Ones" or "BNF wants to try the Fresh Apple Cake Recipe from Southern Living"?

Nah.

[jbenson2 2,147]

For me the issue is what my employer would need: I don't think they permit me to put (customer) sensitive stuff on Evernote.

I suspect others are in the same boat.

Martin

I suspect the 12+ million users of Evernote are in the same boat. They also have employers who don't want private corporate information shared with the general public. As can be seen in this forum, Evernote is used for many other reasons.

[MartinPacker 2]

Right @jbenson2. I don't disagree at all with the generality of this problem. I wonder what Evernote can do to enable such employers to bless it. (If anything.)

Yes, I know Evernote hasn't targeted Corporate / Enterprise. I think that's a mistake - and one that will limit growth eventually.

Martin

[Owyn 457]

I don't think there is a "solution" at the server side. OCR, indexing, and server side search requires clear text at the server.

[jbenson2 2,147]

Yes, I know Evernote hasn't targeted Corporate / Enterprise. I think that's a mistake - and one that will limit growth eventually.

Martin

Corporate / Enterprise - Ouch!

The $5/month premium fee would disappear faster than green grass through a goose.

[Metrodon 2,184]

Right @jbenson2. I don't disagree at all with the generality of this problem. I wonder what Evernote can do to enable such employers to bless it. (If anything.)

Yes, I know Evernote hasn't targeted Corporate / Enterprise. I think that's a mistake - and one that will limit growth eventually.

Martin

They seem to be a reasonably well run business, with people who have worked in the enterprise and consumer spaces involved.

For the time being at least, it looks like they have done the maths and figured out that the cost of doing business in the enterprise world does not add up for them.

The scale of the consumer market is so vast that I'm sure they could run a hugely successful company for many many years without having to worry about the extra things that enterprise customers would like.

[jefito 5,589]

Yes, I know Evernote hasn't targeted Corporate / Enterprise. I think that's a mistake - and one that will limit growth eventually.

Well, as a mistake, it's certainly not stopped them from some pretty impressive growth to far. And it doesn't mean that the policy can't be changed in the future.

[BurgersNFries 2,407]

Evernote hasn't targeted Corporate / Enterprise. I think that's a mistake

From this post, it's obvious that's a conscious choice.

[golgotha007 0]

I understand that Wuala is a file storing and syncing service and that Evernote is a note storing and organizing service and they provide fundamentally different types of services. However, they do share a common trait, which is they are both services run by third parties that store your data.

After reading everyone's post on this thread, I do think that there is a fundamental agreement; for those looking to store non-sensitive data, Evernote works great. But for those who want to store personal, sensitive data (or work related data that has certain classification and handling requirements), then Evernote is the wrong tool.

As more SaaS companies come onto the scene (to the point where your entire OS is Internet driven), there will be more and more privacy concerns and SaaS companies will be expected to provide some level of proof that they do as they say they do.

Where things are today, if one wants to use these SaaS companies for storing sensitive data, then they should be careful with companies like Evernote or Dropbox and focus more on companies that allow client side encryption before the data is sent to some 3rd party storage backend. Folks should also consider the notion that just because all the bits you post to Evernote may not individually be sensitive in nature, but that all those bits aggregated can make them sensitive.

If anyone knows of a very robust tool like Evernote, but allows for client side encryption, then please let me know.

[jbenson2 2,147]

I have a more disturbing view of the future. With the expanding use of social networks, Facebook, Linked-In, facial recognition, cloud based digital information, I agree with others who think privacy is dead. Well, actually privacy may not be dead, but it’s certainly on life-support.

Our love affair with all things technical has an evil twin: an unstoppable encroachment on our personal privacy.

Adding to the problem are significant data breaches from huge corporations include HMRC, TK Maxx, Sony, Heartland Payment Systems, HSBC and even AT&T and Apple Computer. The on-going WikiLeaks story reveals the more dastardly consequences of sensitive data loss.

Fighting to protect privacy is a quixotic venture. Sure, there are any number of work-arounds you can employ, all in the effort to protect your privacy. But such a quest is like trying to dig a hole in middle of a fast flowing river.

[jbenson2 2,147]

If anyone knows of a very robust tool like Evernote, but allows for client side encryption, then please let me know.

Why not use Evernote with TrueCrypt?

[TechBarber 100]

I expected the responses to my thread to be more...um.....pro-Evernote and pro-don't worry about it.

Instead, everyone seems to mirror my thoughts/fears. That's not a knock against EN, just the state of doing business in the cloud these days I suppose.

Here is my philosophy for those who care. And for what it's worth, it's pretty much how I viewed everything before posting to this thread. The responses just confirmed everything.

For me - unless I'm comfortable posting a particular EN note on a public bulletin board somewhere, I shouldn't be putting it into EN - or any other "cloud service" for that matter. While there are steps you can take to increase security (TrueCrypt containers etc etc), they add another step to my workflow, and for me, it's just not worth the trouble. I went through the same thing with DropBox. Yes, you can use a TrueCrypt container but each sync to DB syncs the entire folder and sharing becomes an issue etc etc etc.

It's too bad, because having all of your files in a central repository would be so handy. Everything synced, everything available at your fingertips. It's just...with current technology and hacker groups running a muck these days, do you really want to take that chance?

[Metrodon 2,184]

I probably shouldn't announce it but.... I'm reckless, thoroughly so - everything I need to remember goes into Evernote.

I don't encrypt stuff, I'm kind of gambling on the fact that if the Evernote people are putting their own stuff in then they will do their best to protect it.

If the worst comes to the worst then I'm going to have to handle an identity theft or some other horror which will be a giant pain in the arse I'm sure - but In the meantime I have an incredibly convenient tool for doing things/finding things and you never know....the worst may not happen.

[Owyn 457]

And the horse may learn to sing.

"Murphy was an optimist" (Unknown)

[TechBarber 100]

I probably shouldn't announce it but.... I'm reckless, thoroughly so - everything I need to remember goes into Evernote.

I don't encrypt stuff, I'm kind of gambling on the fact that if the Evernote people are putting their own stuff in then they will do their best to protect it.

If the worst comes to the worst then I'm going to have to handle an identity theft or some other horror which will be a giant pain in the arse I'm sure - but In the meantime I have an incredibly convenient tool for doing things/finding things and you never know....the worst may not happen.

I don't disagree with this way of thinking. More power to you man!

[Metrodon 2,184]

Life's too bloody short.....

Worry about the big stuff (the people you love, your football team etc) and let the rest look after itself.