Jump to content

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing


Recommended Posts

  • Level 5
Posted

Metrodon's suggestion seems to be spot on for Mac users.

  • Replies 786
  • Created
  • Last Reply
Posted

sickpuma, please see my thread for your information.

As far as I know this isn't yet fixed in the new 4.2.2 build, as this upgrade was about the installer issue...I expect an answer next week on the support ticket...

Posted

Your support was unable to help me. Wonder why the support guys can't refer or escalate the case? So stupid...

Clearly there was a reason (as of one information the posted error messages were sent manually by an engineer for a reason I still don't know) for my issue, but I still don't know it. Even moving the database didn't help, as NOW Evernote could actually accept the new location, but not the *.exb file! :shock: So at the moment, after I was asked to supply my password initially, it's redownloading the whole huge database.

Frankly, I don't pay for downloading but sure your as a company do incur these costs.

I hope I at least had no unsynced notes in EN desktop (which would be gone otherwise!), luckily I don't have any local notebook...

This is no good advertisement to convince me or anyone to switch to premium!

Posted

*edit* Case-ID: 198434

While I wonder how this should change anything, as I currently have only the above information to submit anyways...

B/C you're dealing directly with EN staff in a one on one situation.

Wonder why the support guys can't refer or escalate the case? So stupid...

They can & they do escalate. Sometimes the answer may not be what you want, like starting from scratch & downloading all your notes.

I hope I at least had no unsynced notes in EN desktop (which would be gone otherwise!), luckily I don't have any local notebook...

They are usually quite good at informing you to export any unsync'd or locally stored notes before starting over with a clean database, as long as you can still access the old database. If you can't access the old database, then, unfortunately, that would fall under the "Stuff happens" category just as if you'd spent several hours creating a new Powerpoint presentation, had not backed it up & then your hard drive crashed. But back to the exported notes...these exported notes can then be imported into the new, good, working database. So as long as you can access the database with the unsync'd and/or local notes, there is no reason to lose them.

This is no good advertisement to convince me or anyone to switch to premium!

Well, for one thing, premium users get responses to their support ticket within one business day (California time.)

Posted

(an updated post):

Re: Password Protecting Notes

Encrypting text is great and all, but why not go the extra mile and allow rich web content and images to be encrypted within the same Highlight/right click/encrypt swoop (or more realistically, on a per note/and/or per notebook basis)? Yes, it's been addressed (and noted) - but I still feel I have at least a couple valid points to throw out there.

Having a pw on a specific notebook saves the user the constant clicking around by having to manually encrypt/decrypt everything that would otherwise be protected in the same secure notebook just by placement (inheritance), while still leaving the computer accessible to other users without having to switch an account for casual usage. Not to mention it'd protect the entire content, and not just rich text. I'd be more likely to scan receipts (as suggested usage by past promo videos) if something like that was in place.

It doesn't have to be all or nothing ("don't share machines or don't use EN for {blank} then")

Realistically, people would probably have an easier time bypassing a screensaver/admin account on an OS (as often suggested), or protected PDF file than a folder on a 3rd party program like Evernote. On that note, another option without resorting to TrueCrypt is a protected RAR file attachment - which I don't think is as easy (if yet possible) to bybass as a PDF with a self contained pw).

Most of us who have only certain things we want only for ourselves without having to resort to chronic total lock downs vs. don't include them at all are simply worried about casual snooping that may not have such casual consequences. A drastic measure/compromise to a centralized note productivity solution here seems like an unnecessary hurdle, and again..compromising the usability where it really doesn't have to be.

Targets of opportunity are far more common than some dedicated uber hacker giving it all or nothing.

We'd probably need the option to manually add non encrypted tags to encrypted notes if we are worried about losing all searchability - that's a compromise I'd much rather live with than the existing alternatives.

Posted

But seriously, DON'T PUT YOUR BANK ACCOUNT ON EVERNOTE.

Even if the account numbers and passwords are encrypted? I would like to know why. Thanks.

Posted

I put some of my web account passwords into Evernote (encrypted), but I don't store my most important passwords in any computer system or password managers. For example, my Comcast account login information is in Evernote, but my personal Gmail password isn't (since email accounts tend to serve as a "skeleton key" for many other accounts due to "Forgot Password?" links.)

I think different people may have a different balance of security and convenience.

  • Level 5
Posted

I think different people may have a different balance of security and convenience.

The Evernote Marketing Manager mentioned during one of the podcasts that he keeps his tax returns on Evernote.

Posted

This conversation makes me a bit crazy. I've asked years ago for EverNote developers to allow NOTE-level encryption, not just selected text. Additionally, requests by mikelisa to have a pin protection on all the apps make a HUGE amount of sense. If we want to have some idle timeout pin unlock prompt, and I believe MANY EverNote users do, why does there have to be a huge argument about the need. Different strokes for different folks - if you don't want it, don't use it. But there are many cases where it DOES make sense.

1) Mobile Phone Pin Lock: Roboform, financial apps, etc allow this. (mint, pageonce, etc). I may want my kids or a friend to be able to play awhile on my iPhone, and know that the evernote repository, with pics of my licenses, encrypted passwords (perhaps some NOT encrypted because I forgot to, and can't encrypt entire notes), etc. are protected.

2) Desktop Apps: IT technicians can be working on a computer fixing other things, and again, it's uncomfortable to have sensitive info in Evernote and have to "forget password" in the settings every time this happens. I GOT INTO THIS ISSUE AGAIN BECAUSE THIS IS EXACTLY WHAT I'M FACED WITH! I'm an IT VP, and my technicians are helping one of my VPs, who I recommended Evernote to. He has this exact concern, and I agree with it, but I can't give him an easy, VERY COMMON METHODOLOGY answer like a pin with an adjustable lock period.

Lock pins are a nice compromise - Too much of a hassle to completely logout and have to log back in, but still want the app locked.

It seems that when it comes to suggestions about security improvements, such as whole-note encryption or locks, or pinout locks, a lot of argument ensues, and the EverNote developers just dig their heels in. I TOTALLY love the app - have recommended it to AT LEAST 100+ people (in my work and personal life), and love the enhancements that have come out over the last 3+ years. But security just seems like something they don't know how to listen to their customers about. PLEASE - PROVE ME WRONG! I'd be thrilled. :)

Thanks so much for all the effort and enhancements that have happened - but please address these 2 issues. (Full note lock or encryption, and app timout with pin unlock).

Thanks!

  • Level 5*
Posted

There are users out there (like me) who would rather Evernote didn't interfere with my workflow by adding extra encryption, security, passwords, PINs whatever. In addition, I don't want to have to trust Evernote with my security - I want to be responsible for my own security.

The Evernote developers work for the guys who own Evernote. Every day they make a number of decisions on where the business is headed and the code that is going to get them there, all of which have to be balanced against the financial costs.

It's clear that for the time being at least, the decision has been made to allow (force?) the user to be responsible for his own security. This isn't digging in heels or ignoring millions of users - Evernote have said thanks for the feedback and made their position pretty clear.

If you don't like what they are telling you, then the option is always there to use a different app or write your own one, I hear that they are pretty good at giving refunds if you aren't happy too.

Posted

I can't imagine those types of features being developed in a way that would force you to use them let alone interrupt your workflow.

To me, text-level encryption only is a bigger workflow hurdle than parent-level encryption through the note or notebook.

If it wasn't for their open ears to our enthusiastic yet sometimes frustrating feedback with recurring threads like this, I'd bet several features over the last three years wouldn't have made it to 4.0+. If people didn't love the program, they wouldn't bother. They are typically the ones preaching the gospel of Evernote to anyone they think might be even remotely interested - that's why they are this interested in seeing it branch out in ways that could help better it, not to gripe. These guys want to know every little way people are using this software, it's obvious they value the discussions and don't see it like just some dumb fans yelling at the tv screen when their team let them down. Inputting and elaborating on ideas does not equal critiquing.

If the developers shared the above post's viewpoint, they wouldn't bother with their responsiveness, yet they do - despite the repetition (voting with suggestions) and slow process of possibly making the next cut. I have no doubt they value feedback, and the more people on board for new ideas, the better..even if they can't be used any time soon.

The program has come a long way, and the 4.0 rebuild was a godsend to people frustrated with 3.5.

Posted
I can't imagine those types of features being developed in a way that would force you to use them let alone interrupt your workflow.

+1

Posted

I am hoping Evernote for Web will include encryption capabilities soon! Encryption is the number one feature about Evernote, in my experience. Sure, the convenience of all the many features is great, but encryption allows me to record created login passwords and sensitive data, and to know it is secure. Then when I forget a password, no problem! I retrieve it from an encrypted note. It's what makes me love, love, love Evernote!

Last week I was away from my computer and needed to add a note to Evernote through Evernote Web, and I needed to encrypt the note to protect the sensitive data (I was configuring an employee's computer and needed to record the login credentials I'd assigned it). I was dismayed to discover that I could not encrypt the text!

Evernote Developers: Please consider making it a priority to develop encryption for Evernote for Web. Thank you!!

  • 4 weeks later...
Posted

I second this.

Could EN developers please consider to add tne encryption feature to EN web?

Posted

I would like to use this encryption too because it is very comfortable and can be read on nearly all devices, but currently EN encrypts with RC2 64it which is not secure anymore today and so should not be used to store sensitive passwords. I also think that EN schould inform their users about this because many users don't know this and trust this encryption 100% (like user Zellenswager). I would really like to use the EN encryption when it works with AES128 because today this is a proven standard.

Currently I have to do the workaround and encrypt every note which contains some passwords myself with a separate program and attach this file separately to the note.

Thanks.

Posted

Thanks for the heads-up, mrossk. I am a premium user and thought that the encryption was more secure, therefore. I can use my password protection program instead for this until, as you say, something more military is developed for encryption in Evernote.

Posted
I can use my password protection program instead for this until, as you say, something more military is developed for encryption in Evernote.

That's what I do too but I think a lot of users would like to have an "all in one" solution which includes reliable (and web...) encryption :D

Oded.

  • Level 5*
Posted
I am hoping Evernote for Web will include encryption capabilities soon! Encryption is the number one feature about Evernote, in my experience. Sure, the convenience of all the many features is great, but encryption allows me to record created login passwords and sensitive data, and to know it is secure. Then when I forget a password, no problem! I retrieve it from an encrypted note. It's what makes me love, love, love Evernote!

Last week I was away from my computer and needed to add a note to Evernote through Evernote Web, and I needed to encrypt the note to protect the sensitive data (I was configuring an employee's computer and needed to record the login credentials I'd assigned it). I was dismayed to discover that I could not encrypt the text!

Evernote Developers: Please consider making it a priority to develop encryption for Evernote for Web. Thank you!!

You can encrypt text in a note. Just highlight, right-click and say Encrypt.

For file encryption, I started using a program called AxCrypt. It works well on Windows and got a good review on Lifehacker - where I found it.

Posted

Thanks, Ed H. The encryption does not work for the current web based Evernote (I did discover that if I change the setting to the older web version, it will encrypt). Certainly the desktop version encrypts :) I will definitely try out Axcrypt. Thanks again!

  • Level 5*
Posted
Thanks, Ed H. The encryption does not work for the current web based Evernote (I did discover that if I change the setting to the older web version, it will encrypt). Certainly the desktop version encrypts :) I will definitely try out Axcrypt. Thanks again!

Ahhh.. understood. I rarely use the web version and when I do, it is to look data up, not to add notes, so I wasn't aware of that. Honestly, not sure how that would work. Encryption runs a code which the browser doesn't have. Best case you'd have to send the data to EN's servers to encrypt, which means unencrypted (to EN - SSL keeps it from outsiders) data is processed by EN. Has the web version ever done that?

AxCrypt is great for encrypting things like bank statements, tax returns, etc whether they are in EN or being replicated by services like DropBox or SugarSync. Downside for some is it appears to be Windows only, so those syncing cross platform won't like it.

Posted

@Ed H

This is the program I am also using. Currently the Win-Version of AxCrypt works comfortable and solid with EN.

But some time ago there were some complications between AxCrypt and EN:

As long as you have edited and changed encrypted AxCrypt-notes directly in EN everything works fine. But when you and later saved this AXCrypt-note from EN to Windows then the content of this note (AxCrypt-File) was every time the initial(!) one. All later changes were suddenly not included any more. This happend only when you safed this files separately out of EN. Opening and editing within EN works fine. I have wondered how this coud happen. It seems to have something to do with the history funktion of EN.

In the meantime this seems to be corrected in EN. (AxCrypt has not changed the version). I have tested this again and now it works fine.

Marcel.

Posted
@Ed H

This is the program I am also using. Currently the Win-Version of AxCrypt works comfortable and solid with EN.

But some time ago there were some complications between AxCrypt and EN:

As long as you have edited and changed encrypted AxCrypt-notes directly in EN everything works fine. But when you and later saved this AXCrypt-note from EN to Windows then the content of this note (AxCrypt-File) was every time the initial(!) one. All later changes were suddenly not included any more. This happend only when you safed this files separately out of EN. Opening and editing within EN works fine. I have wondered how this coud happen. It seems to have something to do with the history funktion of EN.

In the meantime this seems to be corrected in EN. (AxCrypt has not changed the version). I have tested this again and now it works fine.

Marcel.

Does AxCrypt let you encrypt single notes (namely only the ones you shoose) from EN or does it encrypt the whole EN file?

Posted

Does AxCrypt let you encrypt single notes (namely only the ones you shoose) from EN or does it encrypt the whole EN file?

AFAIK, Axcrypt only encrypts files. You cannot use it to encrypt EN notes.

Posted

Does AxCrypt let you encrypt single notes (namely only the ones you shoose) from EN or does it encrypt the whole EN file?

AFAIK, Axcrypt only encrypts files. You cannot use it to encrypt EN notes.

That's what I thought too.

Thanks for confirming :)

Oded.

  • Level 5*
Posted

If you want to encrypt your entire EN database on your machine, you have several options - if you have Windows with NTFS, you can use the Encrypting File system. If you have Vista or 7 and your PC supports it, Bitlocker is better than EFS. You could also use True Crypt which creates an encrypted (and optionally hidden) volume on your PC and you can put the EN database there.

However, it does NOTHING for the data on the EN server. AxCrypt is the way to go for that as it will encrypt attachments within the EN database. Pretty sure you'd need to export the file, encrypt, then re-add it.

I wish EN supported full encryption. I'd gladly give up the ability to use the web interface if my data was fully encrypted, but I get that is a LOT of work for the myriad of clients available as they would all have to be updated and it would have an impact on searchability, especially in images where all indexing is done at the server level.

Posted

Does AxCrypt let you encrypt single notes (namely only the ones you shoose) from EN or does it encrypt the whole EN file?

AFAIK, Axcrypt only encrypts files. You cannot use it to encrypt EN notes.

That's what I thought too.

Thanks for confirming :)

Oded.

So if I hear you correctly, to encrypt a single note, I could create a note in, say, Notepad, encrypt it in AxCrypt, and THEN stash the encrypted Notepad file into EN?

  • Level 5*
Posted
So if I hear you correctly, to encrypt a single note, I could create a note in, say, Notepad, encrypt it in AxCrypt, and THEN stash the encrypted Notepad file into EN?

No. No need for that. You can highlight text in EN and encrypt there natively.

You only need AxCrypt to encrypt attachments, like PDF files, images or whatever. EN can encrypt text though.

Posted
So if I hear you correctly, to encrypt a single note, I could create a note in, say, Notepad, encrypt it in AxCrypt, and THEN stash the encrypted Notepad file into EN?

No. No need for that. You can highlight text in EN and encrypt there natively.

You only need AxCrypt to encrypt attachments, like PDF files, images or whatever. EN can encrypt text though.

True, but if you need to view/edit the encrypted text using EN web, you have a problem... :)

  • Level 5*
Posted
True, but if you need to view/edit the encrypted text using EN web, you have a problem... :(

True, but even if you could decrypt on EN Web, you'd have 1) given EN your decryption password and 2) shown them the text as the web server renders it for you. If you are willing to do that, you might as well not encrypt in the first place.

The only way they could make that work would be to have it decrypted inside of a Flash or Java app that had desktop decryption engine built in, and I'd still be leery of that.

Posted
True, but if you need to view/edit the encrypted text using EN web, you have a problem... :(

True, but even if you could decrypt on EN Web, you'd have 1) given EN your decryption password and 2) shown them the text as the web server renders it for you. If you are willing to do that, you might as well not encrypt in the first place.

The only way they could make that work would be to have it decrypted inside of a Flash or Java app that had desktop decryption engine built in, and I'd still be leery of that.

Ed,

It worked with the old web interface, so why wouldn't it work with the new one?

Posted

Decryption of encrypted content is not yet implemented for the redesigned Evernote Web. Rest assured however that this feature is coming soon.

Posted
Decryption of encrypted content is not yet implemented for the redesigned Evernote Web. Rest assured however that this feature is coming soon.

Great news!

Thank you Jason for this update :(

Oded.

  • Level 5*
Posted

Ed,

It worked with the old web interface, so why wouldn't it work with the new one?

Don't know. As Jason said, it is coming. I would be very interested to here how it works without exposing your password to EN as well as the contents of the encrypted text as the browser presents it to you.

Posted

Decryption is done client side in the Evernote Web client. Neither the password nor the plain-text are sent to the server by the Web client.

Posted

Am a Newbie to the forum and evernote. My questions is as follows for the Evernote Team.

1) Will premimum/free users have the ability to encrypt files they upload as notes ?

1b) If so, I understand it may not be indexed for Evernote servers will not have the encryption key.

2) Will evernote ever store users data encrypted at rest with a master cipher key? This is separate from users further encrypting their text and files/images.

3) What's the security policy @ Evernote's datacenters to protect users of evernote from not having a board sys admin snooping through people's notebooks??

(Ofcourse, outside of the obvious ethical comment of "Our folks would never do that"....what protections exist or are in place.

I see great potential for Evernote to be used in business environments, but these questions are a first step.

Thanks!

-M

  • Level 5*
Posted
Am a Newbie to the forum and evernote. My questions is as follows for the Evernote Team.

I'd start here http://www.evernote.com/about/tos/, and then work on the associated links in the sidebar labelled "Company Information".

  • 2 weeks later...
Posted

It's absolutely ridiculous that the app cannot be set to not open without a password. All of this talk of third party solutions is woefully inadequate. Evernote, step it up.

Posted

You require a password for the app to sync but not to open all of my notes. This is a huge oversight.

  • Level 5*
Posted
It's absolutely ridiculous that the app cannot be set to not open without a password. All of this talk of third party solutions is woefully inadequate. Evernote, step it up.

I think you missed the "in my opinion" part of your sentence.

Posted
It's absolutely ridiculous that the app cannot be set to not open without a password. All of this talk of third party solutions is woefully inadequate. Evernote, step it up.

I think you missed the "in my opinion" part of your sentence.

No, definitely didn't miss that. The app requires a pw to sync yet the current notes are still visible. What's the point? You don't need a key to get into my car but if you want to drive it you do. I can't imagine my opinion here is unique.

Posted
Or a design choice....

So what's your point Metrodon? The forum is here for me to voice opinions about a product I pay for. When I do I get the passive aggressive reprimand ? Is that what you do here?

  • Level 5*
Posted

I believe what metrodon is saying -- though somewhat laconically -- is that what you feel is an oversight might actually be a conscious design choice on the part of Evernote. Your right to voice your opinion is not in jeopardy; nobody's attacking you. Surely another user offering an alternate view from yours shouldn't be seen to be threatening...

Posted

Fair enough Jeff.Point taken, not here to debate over the intent. But I hear you.

I'm not honestly interested in philosophizing the original goal. I see it as a reasonable user need. You guys have spent more time in the forum than I have. Am I really alone on this? And do you disagree with a revision request to protect my private notes?

  • Level 5
Posted

Some of the issues relating to password protection:

1.) Even with a password to protect the front door, the database via the back door is still accessible for viewing and copying.

2.) If the database is encrypted for more protection, Evernote can no longer offer their OCR capabilities.

Posted

and these are scenarios that haven't been solved for? I'm mainly asking for front end pw protection. There's a html pw on my account online. That one makes sense. Why would I not have a similar "option" for my desktop machine? The open backdoor is a whole other story.

  • Level 5
Posted
and these are scenarios that haven't been solved for? I'm mainly asking for front end pw protection. There's a html pw on my account online. That one makes sense. Why would I not have a similar "option" for my desktop machine? The open backdoor is a whole other story.

There is a password for your client also. In the Windows client, you can sign off and sign back in by using the option >Tools >Sign Out

  • Level 5*
Posted
Or a design choice....

So what's your point Metrodon? The forum is here for me to voice opinions about a product I pay for. When I do I get the passive aggressive reprimand ? Is that what you do here?

OK, here's my point.

Imagine this scenario, I discover a really great product that had been going for a couple of years, it has 8m+ users and has won loads of awards.

I use this product for a little while and discover that it doesn't have a feature that is a MUST HAVE for ME. So I go to this product's pretty active user forum and I don't do a quick search for the MUST HAVE for ME feature, which is a little lazy, because after all if it is that IMPORTANT you'd think that other people would have thought about it before.

No, what I do is that I create a new topic and post not just the feature request (which would have been lazy admittedly without a search in itself) but also describe the fact this MUST HAVE for ME feature isn't there as some sort of programmatical disaster.

Then I go and find another thread and make the same point again.

My point I hope is clear, Evernote have stated a number of times that the security of your device is your responsibility. They will try to help as they can, for example PIN codes have just come to Android devices and I'm sure will soon be on iOS as well. I'm guessing eventually that PINs/passwords will exist on every device, eventually, for now it seems like it is not a high priority.

This may not be ideal for you, to me it doesn't matter one iota. When I'm not sitting in front of my computer I lock it - no one can get casual access without my password. My Evernote data is protected, but so is everything else on my machine.

As a Mac user you have a bunch of different options to secure your machine, if you have to share your machine with other users then set up fast user switching, if you share with casual users set up a guest account. Learn to lock your machine when you aren't in front of it - I have shift+control+eject set up to lock the screen, it's easy to configure. Go further and use TrueCrypt or something similar to encrypt your whole hard drive.

I guess what I've learnt from being on here a lot is that the MUST HAVE for ME feature actually may not be that important or useful to anyone else and just because it's the MUST HAVE for ME feature doesn't mean that Evernote have screwed up by not implementing it.

Posted

Much has been written about Evernote security on these Forums. If we are to use Evernote as our external brain then we don't always want other people looking into our heads. :)

Your point lucyyogi therefor is a very valid one.

Try the following to see a discussion that helped me. It involves creating a sparsbundle disk image with a password & then moving your Evernote data file to that secure location. Finally you can then point Evernote to find its new location by using a symbolic link.

http://forum.evernote.com/phpbb/viewtopic.php?f=38&t=10078&p=52414#p52414

A much simpler solution might be to enable file vault in security preferences on the mac. Maybe someone will tell me if this can be hacked though.

Posted
Much has been written about Evernote security on these Forums. If we are to use Evernote as our external brain then we don't always want other people looking into our heads. :lol:

Your point lucyyogi therefor is a very valid one.

Try the following to see a discussion that helped me. It involves creating a sparsbundle disk image with a password & then moving your Evernote data file to that secure location. Finally you can then point Evernote to find its new location by using a symbolic link.

http://forum.evernote.com/phpbb/viewtopic.php?f=38&t=10078&p=52414#p52414

A much simpler solution might be to enable file vault in security preferences on the mac. Maybe someone will tell me if this can be hacked though.

Thanks very much. Still would love to see it as a native feature but this sounds like it would get the job done. I've also just considered using only the web ui, just seems a shame. Appreciate the ideas.

Posted
Or a design choice....

So what's your point Metrodon? The forum is here for me to voice opinions about a product I pay for. When I do I get the passive aggressive reprimand ? Is that what you do here?

OK, here's my point.

Imagine this scenario, I discover a really great product that had been going for a couple of years, it has 8m+ users and has won loads of awards.

I use this product for a little while and discover that it doesn't have a feature that is a MUST HAVE for ME. So I go to this product's pretty active user forum and I don't do a quick search for the MUST HAVE for ME feature, which is a little lazy, because after all if it is that IMPORTANT you'd think that other people would have thought about it before.

No, what I do is that I create a new topic and post not just the feature request (which would have been lazy admittedly without a search in itself) but also describe the fact this MUST HAVE for ME feature isn't there as some sort of programmatical disaster.

Then I go and find another thread and make the same point again.

My point I hope is clear, Evernote have stated a number of times that the security of your device is your responsibility. They will try to help as they can, for example PIN codes have just come to Android devices and I'm sure will soon be on iOS as well. I'm guessing eventually that PINs/passwords will exist on every device, eventually, for now it seems like it is not a high priority.

This may not be ideal for you, to me it doesn't matter one iota. When I'm not sitting in front of my computer I lock it - no one can get casual access without my password. My Evernote data is protected, but so is everything else on my machine.

As a Mac user you have a bunch of different options to secure your machine, if you have to share your machine with other users then set up fast user switching, if you share with casual users set up a guest account. Learn to lock your machine when you aren't in front of it - I have shift+control+eject set up to lock the screen, it's easy to configure. Go further and use TrueCrypt or something similar to encrypt your whole hard drive.

I guess what I've learnt from being on here a lot is that the MUST HAVE for ME feature actually may not be that important or useful to anyone else and just because it's the MUST HAVE for ME feature doesn't mean that Evernote have screwed up by not implementing it.

Well said. Actually I've been reading the boards for months and just don't need to get sucked into the why's or hows. It''s something that makes sense and worth causing a little noise. There's ton of activity on here. How could I have missed it. I appreciate the sincere attempts to resolve. But defending the technical obstacles doesn't push anything forward. It's a little sad that you're so passionate about arguing for not having something that you don't care 2¢ about. A little strange actually.

Posted

Well said. Actually I've been reading the boards for months and just don't need to get sucked into the why's or hows. It''s something that makes sense and worth causing a little noise. There's ton of activity on here. How could I have missed it. I appreciate the sincere attempts to resolve. But defending the technical obstacles doesn't push anything forward. It's a little sad that you're so passionate about arguing for not having something that you don't care 2¢ about. A little strange actually.

You've missed (again) metrodon's point. (I can't exactly speak for him, but I think I understand his point.)

There was nothing wrong about his replies to you. The lack of security/pin IS a design choice by Evernote. And they've explained this decision, as well. (Should you happen to take the time to read through the existing threads on the topic.)

  • Level 5*
Posted

Well said. Actually I've been reading the boards for months and just don't need to get sucked into the why's or hows. It''s something that makes sense and worth causing a little noise. There's ton of activity on here. How could I have missed it. I appreciate the sincere attempts to resolve. But defending the technical obstacles doesn't push anything forward. It's a little sad that you're so passionate about arguing for not having something that you don't care 2¢ about. A little strange actually.

You've missed (again) metrodon's point. (I can't exactly speak for him, but I think I understand his point.)

There was nothing wrong about his replies to you. The lack of security/pin IS a design choice by Evernote. And they've explained this decision, as well. (Should you happen to take the time to read through the existing threads on the topic.)

Thanks - you got it perfectly.

  • 2 weeks later...
Posted

Another very strong vote for an app login. Just a simple passcode, anything.

I love keeping a journal on EN, but like many posters here, my family uses my laptop, my ipad, and I can't sit there and watch them while they do. It's a HUGE problem that I have to censor my own journal out of this concern.

The existing encryption feature is a very poor substitute because there is no notion of global login or decrypt, so you can't search your encrypted entries, for example. And please don't tell me to keep my journal just on one protected device. It defeats the purpose. We love the ability to use a phone OR a laptop wherever we are. And realistically, most of us in families don't have an entirely private device.

PLEASE implement this. As others have said, doesn't need to be high-level security, just a simple gate will do.

Posted

I agree with this: we really need app-level password-protection. Both Mint and 1Password are what I have in mind. It is simple and unobtrusive. Thanks for listening.

  • 1 month later...
Posted

Evernote, I really like your work and your App. It becomes more important to me every day. But PLEASE make it possible to password-protect individual notes AND individual notebooks. Can you also make it possible to switch notebook visibility on and off (I use Evernote to show stuff to clients, and don't want certain folders to be seen).

Posted
Evernote, I really like your work and your App. It becomes more important to me every day. But PLEASE make it possible to password-protect individual notes AND individual notebooks. Can you also make it possible to switch notebook visibility on and off (I use Evernote to show stuff to clients, and don't want certain folders to be seen).

As has been discussed at great length already (including this thread), EN leaves encryption/password protection up to the user.

  • Level 5*
Posted
As has been discussed at great length already (including this thread), EN leaves encryption/password protection up to the user.

Actually, it appears EN is planning to provide Pin Codes for Notes, per Phil Dean:

viewtopic.php?f=45&t=27330&p=115842#p115564

We are working on a pin code feature similar to the Android. I have no dates when this will become available but more likely it is weeks not months away :(

It is not clear whether this is just for the Android and iOS devices, or for all EN apps.

Posted

Actually, it appears EN is planning to provide Pin Codes for Notes, per Phil Dean:

viewtopic.php?f=45&t=27330&p=115842#p115564

We are working on a pin code feature similar to the Android. I have no dates when this will become available but more likely it is weeks not months away :lol:

It is not clear whether this is just for the Android and iOS devices, or for all EN apps.

If it can be done on Android, it should be doable on Windows. And it will not interrupt my workflow.

I hope very, very much this this will be implemented on all EN apps.

Posted

Hi Everyone - I am trying to decide whether to user EVERNOTE or DROPBOX. My only concern with Evernote is I can't seem to find any information as far as basic security of data on their servers (the cloud). I know I can MANUALLY encrypt / decrypt with Evernote but Dropbox states their Data Security policy right up front (and I have no affiliation with either company):

DROPBOX STATES THAT:

Dropbox uses modern encryption methods to both transfer and store your data.

Secure Sockets Layer (SSL) and AES-256 bit encryption

Dropbox website and client software have been hardened against attacks from hackers

Public files are only viewable by people who have a link to the file(s). Public folders are not browsable or searchable

Dropbox uses Amazon's Simple Storage Service (S3) for storage, which has a robust security policy of its own. You can find more information on Amazon's data security from the S3 site or, read more about how Dropbox and Amazon securely stores data.

THEREFORE, IT "SEEMS" TO ME THAT DROPBOX IS BASICALLY MUCH MORE "SECURE". ANY FEEDBACK REGARDING "SECURE DATA STORAGE" (ie, think about the way your bank stores your data) WOULD BE WELCOME. IT SEEMS THAT DROPBOX IS PROVIDING FEWER STEPS USERS NEED TO TAKE RE: "SECURE" USER DATA. I WANT TO PUT ALL MY PERSONAL AND SENSITIVE INFORMATION INTO THE PROGRAM I CHOOSE AND I HAVEN'T SEEN A SIMILAR SECURITY POLICY STATED FROM EVERNOTE

(and again, I am aware of Evernote's ability to manually... add'l steps... encrypt/decrypt certain notes/files but what if that was done for you automatically?)

Thanks for any feedback!

John

Posted

Dropbox does not, repeat DOES NOT store your data encrypted on their servers. At least with a password that they (and therefore any potential hackers into their servers) do not have access to. If they encrypt with a key/password they (or potential hackers) have access to, that's kind of like locking your car/house but leaving the keys in the door.

Please read this thread.

Posted

Burgrnfries, THANKS, great info... so any idea why it is so difficult in Evernotes Knowledgebase / help section to find anything about how data is transferred & stored. I really, really want to go paperless and feel good about where my info resides. Re: Hackers - I understand that they can crack codes and hack into banks and all that. I wasn't really thinking about hacking, more about security policies at Evernote ... can someone they hire from a temp agency for a 2 week gig peruse account user's data if they feel like it? You've got to admit, Dropbox's stated security policy would make the average person feel better about how the data is kept. Right now I'm using Evernote (bought the 1 yr deal) and then read the Dropbox info re: securing user data... That's why I said I'm trying to decide between the 2 programs. Thanks for your link that gives more info on the subject... that type of encryption sounds like the encryption using Mozy for data backup. If you forget or lose your password, your data is completely unrecoverable and you'd be SOL.

some info from your link:

*****

Jungle Disk (a TRUE backup/encryption cloud) says, if you encrypt your "bucket" & forget your password, you are SOL. They cannot help you recover your data.

Truecrypt, another TRUE encryption app, also says, if you forget your encryption password, kiss that baby good by. They cannot help you.

Evernote states any text you encrypt in Evernote notes is not indexed...same reason as above. And if you forget the password, they cannot help you recover it.

So...if you feel comfortable putting something into Dropbox (without using a WINRAR'd file or Truecrypt container or some such), then you should feel equally comfortable putting that info into Evernote.

***

John

Posted
I wasn't really thinking about hacking, more about security policies at Evernote ... can someone they hire from a temp agency for a 2 week gig peruse account user's data if they feel like it? You've got to admit, Dropbox's stated security policy would make the average person feel better about how the data is kept.

I would disagree. Possibly b/c I have dealt with EN for a few years (as a user, only) and have confidence in the people & their goal(s) for the product. Also, probably b/c as I stated in the thread I linked to above, IMO, Dropbox seems (to me) to intentionally be promoting the idea that the way they store your data on their servers means it's "secure." I do like the Dropbox product & use it daily for various tasks. But I tend to let that cloud (no pun intended) my view of the company, too. FWIW, I also have a Truecrypt container in my Dropbox. That way, I can feel comfortable about storing sensitive documents in my Dropbox.

IMO, any company of EN's (or even Dropbox's) stature & visibility would be crazy to allow a temp (or even many/most employees) access to everyone's data. Just as most companies don't allow temps, receptionists, etc access to payroll records. But, of course, it's always good to ask the question. Here's a post by Dave Engberg (CTO of EN) on the subject.

  • Level 5
Posted

Burgers:

there is no link at the end of your post.

Wern

  • Level 5
Posted

Dave Engberg, Evernote CTO, said: "Evernote is a helpful tool to help you remember things. You should definitely make your own decision about what sorts of things you want to put into it. Some people will draw the line differently than others, just like some people will send things via email that other people would not. Everyone can choose their own balance between convenience and security."

The Evernote Marketing Manager mentioned during one of the podcasts that he keeps his tax returns on Evernote.

Posted
about security policies at Evernote ... can someone they hire from a temp agency for a 2 week gig peruse account user's data if they feel like it?

The answer is no.

  • 4 weeks later...
Posted

Password protecting the Evernote App and/or Notebooks within the app is VERY necessary otherwise anyone who has access to my Computer/iPhone/iPad can just look up a lot of VERY sensitive data. Just encrypting text inside notes is way too much of a hassle. Just let me have a password before opening the app and I'd feel much better about using Evernote. This should be standard on all your platforms.

  • Level 5*
Posted

As has been stated in the iOS forum, PIN codes for iOS devices are coming soon.

Posted

And has been discussed elsewhere (a lot), EN leaves desktop security up to the user. Please search the board on the topic, if you want more info.

Posted

New Evernote user and just realised i can't password protect individual notebooks...this would be a great feature to have, i've seen that i can encrypt selected text from a note (which is what i am doing at the moment) but it would be really useful to be able to create a note book, make it password protected, then add all notes that you want to protect to that notebook, much easier than having to encrypt every note you want to protect!..hope to see this feature added soon. :)

Posted

I wanted to throw my vote into the native password protection for notebooks on evernote. I have some notebooks with generic info that it wouldn't matter that anyone saw their notes (like my shopping list I can make on my computer and collect on my phone), but I have some notebooks that are more speciallized to my eyes only.

It seems to me that to put strings on an app to get it to do what you want only makes for a clumsy puppet (the app's a 'boy,' evernote just needs to teach him the new trick so many people want to see).

Also, encrypting each note takes away from the ease and speed that makes evernote so handy. There has to be a way to make it secure and convenient at the same time.

ciao

Posted

Thanks for the ideas & work arounds. We have these ideas, examples & use cases noted for review

  • Level 5*
Posted

This is not currently supported - there is lots of information on the forum about this if you search.

  • Level 5
Posted
What keywords ? All the hits I get are for the Internet version.. thx

Use Advanced search in Evernote for Windows (version 4) - keyword password

Alternate search - Truecrypt

  • 2 weeks later...
Posted

I love Evernote! But I would love it even more if I could create a password for a specific notebook. (just four characters, like the password for the iPad would be great) I know I am not alone in desiring this feature - just thought I would add my request to the list!

Posted

+1

Waiting a long time for this, even already using Truecrypt.

As long as the notebook is 'locked' the search must not find any notes from this notebook.

If the evernote programmers argument that it is not possible to find notes in a locked notebook: This es exactly the behaviour what I need!

  • Level 5*
Posted
+1! And dito to upgrading if they made it an only premium feature!

You mean that you wouldn't approve is it were available to all users?

Seriously, I doubt that this is the kind of feature that they would make as a premium-only feature.

Posted

Is there a way to designate a single notebook, one that is not synched to my cloud Evernote account, to be a Truecrypt volume...or do I have to designate the entire Evernote database as a Truecrypt volume in order to protect it?

It can be a slight hassle to get in and out of a Truecrypt volume if you are trying to access information that does not need to be held securely. It also makes it difficult to pull up your database if you are not on a computer that has Truecrypt on it. With a small Evernote database held in a Truecrypt volume that is then stored in Dropbox, (along with the mobile Truecrypt version) I could get to it and it would also be protected.

What is the name or location of the Evernote data file in Windows?

If you can't single out an individual notebook, I am considering having a separate user name/Evernote account for secure files only that would be held in a Truecrypt volume for those few files I want encrypted.

Posted

All Evernotes for a single account are in a single database. The location is found in tools/options/general tab on the Windows client. My suggestion would be to not put anything in the Evernote cloud that is sensitive info unless you encrypt it either with the built in EN text encryption tool or save it as a passowrd encrypted PDF. Note I said password encrypted...you can have PDFs that require a password for opening but are not encrypted.

I would suggest you read the "wide open databases" thread as it pretty much encompasses EN & security.

Posted

I have a question regarding storing files in evernote notes. For example, if I want to store my quickbooks company backup files on evernote I suppose that I can backup this file to the desktop and then drag it into evernote. Will this allow me to have versions of my backups in case the main file is ever corrupted? Likewise, if I want to keep a backup of my Outlook contacts am I simply storing a frozen image of what the contacts file was like on the day that I moved it to evernote? Or does it update in evernote as I add to Outlook?

Posted
if I want to store my quickbooks company backup files on evernote I suppose that I can backup this file to the desktop and then drag it into evernote. Will this allow me to have versions of my backups in case the main file is ever corrupted?

Yes, as long as the file doesn't exceed your note file size. (25 mb for free accounts, 50 mb for premium.)

Or does it update in evernote as I add to Outlook?

No.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...