Jump to content

(Archived) Feature Request- Secure encrypting Evernote client

Recommended Posts

I see quite a few Evernote users concerned about security. I'm going to take my reply to this thread- Sensitive Documents on EN - A More Detailed View and turn it into a feature request (although I think it's actually a request for a completely new Evernote client application).

Unfortunately the current design of Evernote means that by definition it is not suitable for sensitive (or in principle even non-sensitive but "personal") data for any user in Europe. The same caution probably applies to most other areas outside the US, or for anyone highly security conscious IN the US.

As I understand it, Evernote (the company) says the note data is stored on their servers in encypted form. However that encryption is done on the server side, so the end user doesn't have the encryption keys or control the algorithm used. The server has (clearly) access to the encryption keys, otherwise it would not be possible to use your notes in the web browser interface. This is a problem, both from a practical perspective (an Evernote employee could lose or compromise the encryption keys, it's happened in other companies) and a legal one. The primacy of the Patriot Act in the US means the Safe Harbour agreement (referred to in Evernote's privacy policy) is worthless, which is a problem for users in Europe, and as noted above, anyone else who really cares about security. This is a problem that affects all web/cloud services at the moment, not just Evernote, and it's a biggie.

It's a shame because a tool like this could be a godsend for storing all that personal stuff that would be a nightmare if (for example) your house burned down or thieves stole your home PC.

I would like to see Evernote partner with an external development group, perhaps the developer of nevernote (the Open Source Evernote client) to create a "secure Evernote client". This version would encrypt everything saved/synched to the cloud before it left the users computer using a user-selected encryption algorithm and key. Unfortunately one side effect of this would be that the Evernote web user interface would be useless (you would have to have a local client to encrypt/decrypt the content) but that would be a price worth paying.

The software development would need to be Open Source, and based outside the US, to guard against the possibility of Government-introduced "backdoors" in the code. Ideally the cloud storage would also be non-US based, in fact it should be distributed across multiple legal jurisdictions. This doesn't change much from a data privacy perspective (data is easy to move around) but it would make it less likely that the service could simply be shut down by any one government.

A solution like this would make Evernote a pretty much essential personal tool providing a "safe harbour" (pardon the pun) for all your key personal data.

Regards: Colin

Link to comment
  • 1 month later...

Please do not make duplicate posts. You've received some answers in other thread where you posted here. This keeps people from having to reply to both of your posts & keeps the replies in a single thread, for anyone else who stumbles across the thread.

Yea, but that thread is locked because the forums moved.

Link to comment


This topic is now archived and is closed to further replies.

  • Create New...