(Archived) Evernote...Stop messing around and get serious about security!

[Dailen 1]

Okay this subject has been beaten into the ground for a number of years and last year I heard Evernote was "working on it", but seriously...I'm sick and tired of seeing specialty app after specialty app get released when Evernote continues to neglect the security of their users' information.

 

Two Step Authentication should have been implemented YEARS ago...the fact that our content is stored in plain text scares the ever living ***** out of me. I just got an email that a new app was coming out and a whole bunch of redesigned stuff is coming out...blah Blah BLAH. When Evernote get's hacked and people's passwords get stolen, bank accounts, credit cards, and identities get stolen. Guess what, we're coming after Evernote for negligence.

 

I'm abandoning the platform till Evernote takes my information seriously.

[BurgersNFries 2,407]

Okay this subject has been beaten into the ground for a number of years and last year I heard Evernote was "working on it", but seriously...I'm sick and tired of seeing specialty app after specialty app get released when Evernote continues to neglect the security of their users' information.

Two Step Authentication should have been implemented YEARS ago...the fact that our content is stored in plain text scares the ever living ***** out of me. I just got an email that a new app was coming out and a whole bunch of redesigned stuff is coming out...blah Blah BLAH. When Evernote get's hacked and people's passwords get stolen, bank accounts, credit cards, and identities get stolen. Guess what, we're coming after Evernote for negligence.

I'm abandoning the platform till Evernote takes my information seriously.

If you're so darned worried about this, why are you storing sensitive info, unencrypted in Evernote? Whether EN has 2fa or not, if their servers got hacked, the hackers still can access your notes, if you don't encrypt them. And yes, this subject has been "beaten into the ground" & EN has been pretty clear about leaving encryption up to the user and why.

[andreb 15]

We had exactly this discussion over lunch today. My mates are worried about data being stored in the US. We're living & working in Switzerland, and data protection laws in CH are pretty restrictive. We don't know about the US.

 

Anyway, the gist was: Don't put anything on EN that could hurt if it got stolen. Period. No CC information, no passwords.

[TechBarber 100]

Even if there is two step authentication I never store anything personal (banking, passwords, financial documents) in the cloud. The only way I can know a file is safe is to store it locally and back it up, in my case using Time Machine to an external drive. 

 

Yes, my house could burn down and all would be lost but that's the risk I would rather take than have my file hacked, copied, or thrown around the internet to god knows where.

 

Just my .02.

 

I do put a ton of data into Evernote/Dropbox, but it's not really interesting stuff. If someone wants to see a receipt for grooming my dog or an idea I had for finishing my basement they can fill their boots. 

[Dailen 1]

Okay this subject has been beaten into the ground for a number of years and last year I heard Evernote was "working on it", but seriously...I'm sick and tired of seeing specialty app after specialty app get released when Evernote continues to neglect the security of their users' information.

Two Step Authentication should have been implemented YEARS ago...the fact that our content is stored in plain text scares the ever living ***** out of me. I just got an email that a new app was coming out and a whole bunch of redesigned stuff is coming out...blah Blah BLAH. When Evernote get's hacked and people's passwords get stolen, bank accounts, credit cards, and identities get stolen. Guess what, we're coming after Evernote for negligence.

I'm abandoning the platform till Evernote takes my information seriously.

If you're so darned worried about this, why are you storing sensitive info, unencrypted in Evernote? Whether EN has 2fa or not, if their servers got hacked, the hackers still can access your notes, if you don't encrypt them. And yes, this subject has been "beaten into the ground" & EN has been pretty clear about leaving encryption up to the user and why.

 

That's almost as ignorant of a statement as Evernote is being ignorant about taking this serious. And actually you're misinformed (or uninformed). If you'll check out this interview with Phil Libin http://elephantchannel.net/2012/12/041212-evernote-workshop-verbatim-notes-leweb/ you'll see he's said that "2 factor authentication" is on the way.

 

Have you ever tried to encrypt and decrypt your "notes" using a mobile device? For most users and some devices, that's just not even a remote possibility. So if I'm going to encrypt it myself Evernote's vast platform of devices immediately becomes useless because I can only access my data on my PC which if that's the case why doing i just save it on a TXT file and put it on my desktop and call it "SECRETSTUFF.txt".

 

What kind of information do you think people are storing on Evernote? They're not just using grocery lists and class notes...people are storing all sorts of data they need on a regular basis or information that needs to be easily accessible including business related. You ever heard of corporate espionage? Yeah that's a real REAL thing by the way. Last I heard there's not even a "guess limit" on passwords with Evernote. So I'll just setup a brute force password guesser and let it go to town. Probably take a day or two but you know what...I'll get in. This isn't rocket science. Utilizing things like one way encryption and 2 factor authentication seems so stupidly obvious to me it makes me sick. Hell most services just encrypt data based on an encryption algorithm with your password as the salt so if someone hacks Evernote and downloads large portions of their database it's not gonna matter because the encryption pattern for each user is going to be different.

 

Fact is, as Phil Libin said, "Design is the most important thing". That's funny, I would hope his concern for my data would be.

[Dailen 1]

We had exactly this discussion over lunch today. My mates are worried about data being stored in the US. We're living & working in Switzerland, and data protection laws in CH are pretty restrictive. We don't know about the US.

 

Anyway, the gist was: Don't put anything on EN that could hurt if it got stolen. Period. No CC information, no passwords.

 

I certainly have to agree with you there. But this also means I can't store anything related to business or personal things that would stand to risk (ever been through a nasty divorce and have to take notes on what's going on? there's a lot of value in knowing what the other person is doing/thinking). 

 

This may all seem "extreme" but people often underestimate the determination of someone when money or power is involved.

[GrumpyMonkey 4,319]

Okay this subject has been beaten into the ground for a number of years and last year I heard Evernote was "working on it", but seriously...I'm sick and tired of seeing specialty app after specialty app get released when Evernote continues to neglect the security of their users' information.

Two Step Authentication should have been implemented YEARS ago...the fact that our content is stored in plain text scares the ever living ***** out of me. I just got an email that a new app was coming out and a whole bunch of redesigned stuff is coming out...blah Blah BLAH. When Evernote get's hacked and people's passwords get stolen, bank accounts, credit cards, and identities get stolen. Guess what, we're coming after Evernote for negligence.

I'm abandoning the platform till Evernote takes my information seriously.

If you're so darned worried about this, why are you storing sensitive info, unencrypted in Evernote? Whether EN has 2fa or not, if their servers got hacked, the hackers still can access your notes, if you don't encrypt them. And yes, this subject has been "beaten into the ground" & EN has been pretty clear about leaving encryption up to the user and why.

That's almost as ignorant of a statement as Evernote is being ignorant about taking this serious. And actually you're misinformed (or uninformed). If you'll check out this interview with Phil Libin http://elephantchannel.net/2012/12/041212-evernote-workshop-verbatim-notes-leweb/ you'll see he's said that "2 factor authentication" is on the way.

Have you ever tried to encrypt and decrypt your "notes" using a mobile device? For most users and some devices, that's just not even a remote possibility. So if I'm going to encrypt it myself Evernote's vast platform of devices immediately becomes useless because I can only access my data on my PC which if that's the case why doing i just save it on a TXT file and put it on my desktop and call it "SECRETSTUFF.txt".

What kind of information do you think people are storing on Evernote? They're not just using grocery lists and class notes...people are storing all sorts of data they need on a regular basis or information that needs to be easily accessible including business related. You ever heard of corporate espionage? Yeah that's a real REAL thing by the way. Last I heard there's not even a "guess limit" on passwords with Evernote. So I'll just setup a brute force password guesser and let it go to town. Probably take a day or two but you know what...I'll get in. This isn't rocket science. Utilizing things like one way encryption and 2 factor authentication seems so stupidly obvious to me it makes me sick. Hell most services just encrypt data based on an encryption algorithm with your password as the salt so if someone hacks Evernote and downloads large portions of their database it's not gonna matter because the encryption pattern for each user is going to be different.

Fact is, as Phil Libin said, "Design is the most important thing". That's funny, I would hope his concern for my data would be.

There is a guess limit.

You can easily decrypt notes on the iPhone or iPad.

No one is ignorant here. Let's try to keep the conversation civil please.

[Dailen 1]

There is a guess limit.

You can easily decrypt notes on the iPhone or iPad.

No one is ignorant here. Let's try to keep the conversation civil please.

 

You ever tried to encrypt or decrypt on a Playbook? Yeah it's a rarely used device but it happens to be what I use the most. And the ease of going and copying and paste a large file into a encrypt/decrypt app is a massive pain not to mention a large portion of the Evernote user base probably has no idea they even need to do that. That's why this is such a pressing issue. Evernote's ignorance to the issue does not excuse anything, they are aware of the problem but decide to pass the buck on responsibility to the end-user. It's irresponsible and clearly negligent.

[Dailen 1]

And last I heard someone tested the guess limit and got up to 30 and it still didn't lock them out

[Dailen 1]

Sure an idea about finishing your basement is no big deal, but with Evernote making the push to be business friendly as is CLEARLY evident but almost every single desktop app update I've seen in the past six months...businesses will be taking a risk to use Evernote.

[GrumpyMonkey 4,319]

And last I heard someone tested the guess limit and got up to 30 and it still didn't lock them out

Last I tested it I was in the twenties, I think. It is there. Please test before making unsubstantiated claims, or link to this claim by someone else.

Again, please stop with the inflammatory speech. The developers at Evernote are not ignorant. Neither are fellow members of tis forum. Please keep the conversation civil.

I don't have experience with the playbook. If encryption is a major concern for you, then I suggest using a remote login service to take advantage of your desktop, which tends to be better developed for this kind of thing.

As for 2fa, it is not available yet, but in the meantime, I recommend good password practices: long, random, unique, and changed on a regular basis.

[BurgersNFries 2,407]

 

Okay this subject has been beaten into the ground for a number of years and last year I heard Evernote was "working on it", but seriously...I'm sick and tired of seeing specialty app after specialty app get released when Evernote continues to neglect the security of their users' information.

Two Step Authentication should have been implemented YEARS ago...the fact that our content is stored in plain text scares the ever living ***** out of me. I just got an email that a new app was coming out and a whole bunch of redesigned stuff is coming out...blah Blah BLAH. When Evernote get's hacked and people's passwords get stolen, bank accounts, credit cards, and identities get stolen. Guess what, we're coming after Evernote for negligence.

I'm abandoning the platform till Evernote takes my information seriously.

If you're so darned worried about this, why are you storing sensitive info, unencrypted in Evernote? Whether EN has 2fa or not, if their servers got hacked, the hackers still can access your notes, if you don't encrypt them. And yes, this subject has been "beaten into the ground" & EN has been pretty clear about leaving encryption up to the user and why.

 

 

That's almost as ignorant of a statement as Evernote is being ignorant about taking this serious. And actually you're misinformed (or uninformed). If you'll check out this interview with Phil Libin http://elephantchannel.net/2012/12/041212-evernote-workshop-verbatim-notes-leweb/ you'll see he's said that "2 factor authentication" is on the way.

 

Have you ever tried to encrypt and decrypt your "notes" using a mobile device? For most users and some devices, that's just not even a remote possibility. So if I'm going to encrypt it myself Evernote's vast platform of devices immediately becomes useless because I can only access my data on my PC which if that's the case why doing i just save it on a TXT file and put it on my desktop and call it "SECRETSTUFF.txt".

 

What kind of information do you think people are storing on Evernote? They're not just using grocery lists and class notes...people are storing all sorts of data they need on a regular basis or information that needs to be easily accessible including business related. You ever heard of corporate espionage? Yeah that's a real REAL thing by the way. Last I heard there's not even a "guess limit" on passwords with Evernote. So I'll just setup a brute force password guesser and let it go to town. Probably take a day or two but you know what...I'll get in. This isn't rocket science. Utilizing things like one way encryption and 2 factor authentication seems so stupidly obvious to me it makes me sick. Hell most services just encrypt data based on an encryption algorithm with your password as the salt so if someone hacks Evernote and downloads large portions of their database it's not gonna matter because the encryption pattern for each user is going to be different.

 

Fact is, as Phil Libin said, "Design is the most important thing". That's funny, I would hope his concern for my data would be.

 

Dude.  Maybe if you calm down & actually READ what's been posted. Nowhere did I say 2fa would not be coming to EN. What I *DID* say is whether they have it or not, it's not much help if hackers get to the EN servers.

 

And although you say the subject has been "beaten into the ground", you've apparently not digested much of it.  I have a lot of notes in Evernote.  Probably a lot more than you do.  Probably a whole lot more than you do.  And my advice is the same...if you don't want the information to get out, don't EVER put it on the internet unencrypted without an encryption key that is NOT available on/at the host site.  More info here.  I suggest you read it & digest it.

 

http://discussion.evernote.com/topic/14989-dropbox-vs-evernote-regarding-security/

[Dailen 1]

 

 

Okay this subject has been beaten into the ground for a number of years and last year I heard Evernote was "working on it", but seriously...I'm sick and tired of seeing specialty app after specialty app get released when Evernote continues to neglect the security of their users' information.

Two Step Authentication should have been implemented YEARS ago...the fact that our content is stored in plain text scares the ever living ***** out of me. I just got an email that a new app was coming out and a whole bunch of redesigned stuff is coming out...blah Blah BLAH. When Evernote get's hacked and people's passwords get stolen, bank accounts, credit cards, and identities get stolen. Guess what, we're coming after Evernote for negligence.

I'm abandoning the platform till Evernote takes my information seriously.

If you're so darned worried about this, why are you storing sensitive info, unencrypted in Evernote? Whether EN has 2fa or not, if their servers got hacked, the hackers still can access your notes, if you don't encrypt them. And yes, this subject has been "beaten into the ground" & EN has been pretty clear about leaving encryption up to the user and why.

 

 

That's almost as ignorant of a statement as Evernote is being ignorant about taking this serious. And actually you're misinformed (or uninformed). If you'll check out this interview with Phil Libin http://elephantchannel.net/2012/12/041212-evernote-workshop-verbatim-notes-leweb/ you'll see he's said that "2 factor authentication" is on the way.

 

Have you ever tried to encrypt and decrypt your "notes" using a mobile device? For most users and some devices, that's just not even a remote possibility. So if I'm going to encrypt it myself Evernote's vast platform of devices immediately becomes useless because I can only access my data on my PC which if that's the case why doing i just save it on a TXT file and put it on my desktop and call it "SECRETSTUFF.txt".

 

What kind of information do you think people are storing on Evernote? They're not just using grocery lists and class notes...people are storing all sorts of data they need on a regular basis or information that needs to be easily accessible including business related. You ever heard of corporate espionage? Yeah that's a real REAL thing by the way. Last I heard there's not even a "guess limit" on passwords with Evernote. So I'll just setup a brute force password guesser and let it go to town. Probably take a day or two but you know what...I'll get in. This isn't rocket science. Utilizing things like one way encryption and 2 factor authentication seems so stupidly obvious to me it makes me sick. Hell most services just encrypt data based on an encryption algorithm with your password as the salt so if someone hacks Evernote and downloads large portions of their database it's not gonna matter because the encryption pattern for each user is going to be different.

 

Fact is, as Phil Libin said, "Design is the most important thing". That's funny, I would hope his concern for my data would be.

 

Dude.  Maybe if you calm down & actually READ what's been posted. Nowhere did I say 2fa would not be coming to EN. What I *DID* say is whether they have it or not, it's not much help if hackers get to the EN servers.

 

And although you say the subject has been "beaten into the ground", you've apparently not digested much of it.  I have a lot of notes in Evernote.  Probably a lot more than you do.  Probably a whole lot more than you do.  And my advice is the same...if you don't want the information to get out, don't EVER put it on the internet unencrypted without an encryption key that is NOT available on/at the host site.  More info here.  I suggest you read it & digest it.

 

http://discussion.evernote.com/topic/14989-dropbox-vs-evernote-regarding-security/

 

 

While I misconstrued the wording, the point remains that I should not have to take my content and encrypt it myself. Ordinarily there's a practice in application development and every single aspect of business called "Best Practice". Leaving your customer vulnerable by things like password guessing (EVEN if it's at 20, most businesses stop at 5!), lack of encryption, and lack of enhanced security IS irresponsible. I'm glad that the Evangelists feel so strongly that the Evernote has everyone's best interests in mind but there is a massive outcry that says otherwise. And believe it or not the reason I'm in a panic is because I do have TONS of information in my Evernote, including data that could ruin my business or ruin my credit by someone stealing my identity. That's a reality check right there. It will take me probably between 4 to 6 hours to migrate all my data. Personally I've been pushing this since last Summer. I've been on pins and needles ever since, and was hoping that 2fa authentication and BUILT-IN data encryption would be implemented soon but it seems Evernote has more interest in putting out drawing apps for the iPad than securing my data.

[Dailen 1]

My whole point being that I didn't realize Evernote was storing my data in plain text and that password guessing was so easy until last summer...by the way...

 

I'm glad you made a document for Evernote that was in my best interest...still waiting for Evernote do what's in my best interest though...

[GrumpyMonkey 4,319]

My whole point being that I didn't realize Evernote was storing my data in plain text and that password guessing was so easy until last summer...by the way...

 

I'm glad you made a document for Evernote that was in my best interest...still waiting for Evernote do what's in my best interest though...

 

 

Thanks for posting with your concerns. I believe they are exaggerated, especially if you are following good password procedures. However, you need to do what is best for you. As for Evernote and its responsibility, I think they have gone to great lengths to address privacy and security with their service, and they are exceedingly clear about the limits and appropriate uses for it. See these posts for more information.

https://www.evernote.com/shard/s74/sh/8e4283a8-8ff7-4eaf-9421-4ae71b849b7f/6dfcc88123e40fd69650d5b65dc356f0

[Dailen 1]

Where was the information about appropriate use and not storing secured information? I've never seen it...and I'm not talking about some forum discussion or "press release". When I signed up...where did it say "we store your information in plain text so don't store things you're concerned about".

 

You think about it, I have information that could allow someone into my personal and business accounts. I'm not sure you realize the ferocity of competition in some lines of business. Especially with a small business when keeping my business profitable means i can pay my bills next month. Yeah that's a serious concern to me.

 

And there's no 24 character alphanumeric and symbolic password that's going to save you when a zero-day password harvester gets dropped on your PC.

[Candid 167]

I also think this goes beyond data that you need secure all the time. 

 

In the case of hacked email accounts, hackers often wipe out all contacts so if the user regains control they can't easily email their contacts to note any scammed emails. 

 

If this sort of thing happened to my Evernote account, I'd be much pretty upset about the almost 2000 recipes I've scanned and saved and use all the time. 

 

So security protects everything not just sensitive stuff. 

[Dailen 1]

My whole point being that I didn't realize Evernote was storing my data in plain text and that password guessing was so easy until last summer...by the way...

 

I'm glad you made a document for Evernote that was in my best interest...still waiting for Evernote do what's in my best interest though...

 

 

Thanks for posting with your concerns. I believe they are exaggerated, especially if you are following good password procedures. However, you need to do what is best for you. As for Evernote and its responsibility, I think they have gone to great lengths to address privacy and security with their service, and they are exceedingly clear about the limits and appropriate uses for it. See these posts for more information.

https://www.evernote.com/shard/s74/sh/8e4283a8-8ff7-4eaf-9421-4ae71b849b7f/6dfcc88123e40fd69650d5b65dc356f0

 

Christopher, I don't mean to be rude by some of the things I've said but I'm going to be forward in telling you that I am an IT expert in a lot of areas and I spent a fair bit of time "learning how to hack" when I was in high school. If you knew half the things I did you wouldn't feel safe logging into your email. There's a reason apps like Lastpass have features like an on-screen keyboard to type in your password. Because you can never be too safe but you can be sorry.

[Metrodon 2,184]

Honestly, if you were that great an "IT Expert" you wouldn't be storing data that you consider to be sensitive in a cloud based service without doing some due diligence.

[Dailen 1]

Honestly, if you were that great an "IT Expert" you wouldn't be storing data that you consider to be sensitive in a cloud based service without doing some due diligence.

 

Haha and how does my oversight defer from Evernote's responsibilities to their customers?

[Metrodon 2,184]

I don't see how they are being irresponsible.

 

You have clearly made a mistake and chosen the wrong service based on the level of security that you desire - amazing with your IT Expert experience I know.

 

But Evernote are very clear about what security they currently offer, right now, this second - if it isn't good enough for you, then it's not the service for you right now, this second.

 

So, look for something that fits your requirements.

[Dailen 1]

Nice little jabs, very funny. Reminds me of my little cousin.

 

The stupefying thing is that Evernote KNOWS. There's an outcry for these features. Even having been acknowledged by the CEO. Would you not agree that enhancing security should be a priority? Security concerns have been looming for years but it doesn't seem like all that much has changed.

 

Evernote has a phenomenal platform support. The fact that they supported the Playbook was amazing in itself to me. It is, BY FAR, the preferred application if you're on a wide variety of platforms. It's unfortunate that I'm going to HAVE to change platforms but it would have seemed far better of a solution to invest in your product by giving your customers a greater peace of mind and security in knowing their information is safe.

[Metrodon 2,184]

You line them up with grandiose comments and I'm happy to knock them down.

 

There's some vocal comment on these forums, which by the way make up a tiny subset of users. To a lot of people, features like this aren't that important. For example, me, I tool a look at what Evernote offered and made an informed decision about what I was going to store in the service. I'm a great believer in people taking responsibility for themselves.

 

Oh, it should also be pointed out that there is no such thing as safe. Not unless the data is on you at all times and encrypted with a strong password that no one but you can know. Good luck with that.

[Dailen 1]

Haha I wouldn't say I lined it up with grandiose comments you just kept picking at the one line you could find.

 

You'll notice the comment about "Best Practice"...there is such a thing as making an effort versus putting it off or ignoring it.

 

And I've seen dozens of people post messages spanning for years...and that only takes into account the people that bothered with voicing their opinion on a forum. Not everyone takes the crawl forums and look for information like that or post information regarding things they wish it had.

[Metrodon 2,184]

Well it was a magnificent line. There is no such thing as an IT expert, it really doesn't mean anything.

 

There's no point arguing here, Evernote are very clear on what they have and have said that some other stuff may happen at some point in the future.

 

Until then, it is what it is. Live with it or move on.

[GrumpyMonkey 4,319]

 

My whole point being that I didn't realize Evernote was storing my data in plain text and that password guessing was so easy until last summer...by the way...

 

I'm glad you made a document for Evernote that was in my best interest...still waiting for Evernote do what's in my best interest though...

 

 

Thanks for posting with your concerns. I believe they are exaggerated, especially if you are following good password procedures. However, you need to do what is best for you. As for Evernote and its responsibility, I think they have gone to great lengths to address privacy and security with their service, and they are exceedingly clear about the limits and appropriate uses for it. See these posts for more information.

https://www.evernote.com/shard/s74/sh/8e4283a8-8ff7-4eaf-9421-4ae71b849b7f/6dfcc88123e40fd69650d5b65dc356f0

 

Christopher, I don't mean to be rude by some of the things I've said but I'm going to be forward in telling you that I am an IT expert in a lot of areas and I spent a fair bit of time "learning how to hack" when I was in high school. If you knew half the things I did you wouldn't feel safe logging into your email. There's a reason apps like Lastpass have features like an on-screen keyboard to type in your password. Because you can never be too safe but you can be sorry.

 

Thanks for modifying the language. As you are technically inclined, you might be interested in the musings of Evernote's CTO, Dave Engberg. I think he makes reasonable and quite detailed comments about security issues. I have collected a few links over the years. Please see the comments sections, in particular, where he explains the thinking behind balancing security and functionality. Although you may not agree with the lines Evernote has drawn (I don't agree with all of them either), and you would prefer more security features sooner, I think you will agree that the company is quite responsible and careful in its approach.

 

 

http://blog.evernote.com/blog/2008/04/15/evernote-privacy-and-security/

 

http://blog.evernote.com/tech/2012/04/24/security-enhancements-for-third-party-authentication/

http://blog.evernote.com/tech/2012/10/10/password-safety-reminder/

 

http://blog.evernote.com/tech/2012/09/25/protecting-your-data-the-broken-drives-edition/

 

http://blog.evernote.com/blog/2012/04/16/issue-with-evernote-newletter-email-addresses/

 

http://blog.evernote.com/tech/2011/05/17/architectural-digest/

[potsky 0]

Nice little jabs, very funny. Reminds me of my little cousin.

 

The stupefying thing is that Evernote KNOWS. There's an outcry for these features. Even having been acknowledged by the CEO. Would you not agree that enhancing security should be a priority? Security concerns have been looming for years but it doesn't seem like all that much has changed.

 

Evernote has a phenomenal platform support. The fact that they supported the Playbook was amazing in itself to me. It is, BY FAR, the preferred application if you're on a wide variety of platforms. It's unfortunate that I'm going to HAVE to change platforms but it would have seemed far better of a solution to invest in your product by giving your customers a greater peace of mind and security in knowing their information is safe.

 

Haha Dailen ! Nowadays, security sucks, the main (and only) priority is "New Features". Security design is never seen so it is easy too say "it is secure" :

 

https://evernote.com/contact/support/kb/#/article/23480996

Several of the company's founders come from a strong encryption background (founders of CoreStreet, recently acquired by ActiveIdentity). For Evernote's consumer product, the current encryption algorithms are chosen more for exportability under the Commerce Department rather than strength, since our software permits the encryption of arbitrary user data with no escrow.

 

 

 

I will never put important informations in Evernote. By the way, text encryption in RC2 is just a joke ! It is funny ! 

I will never use Evernote for business. I will only store non important things.

 

Hardware and software design has to take care about security at the beginning and it has to be the first important thing.

 

I red this (ok in 2008) :

http://discussion.evernote.com/topic/23725-request-additional-encryption-options-for-notebooks-and-syncing/

This level of strength, combined with the general obscurity of our technology (no off-the-shelf tools for attackers), means that the average person wouldn't have a way to get at your encrypted content if you choose a strong encryption passphrase (i.e. no words from the dictionary, etc.). This level would not protect against a concerted effort by a government agency or other organization willing to put in a few engineer-weeks of work and lots of computing cycles.

 

The first rule in security design is to always use the latest standards and never base any security part on "Obscurity of our technology".

 

Bref... Evernote is not a secure way to store things and when I read Evernote Evengelist comments about the company strategy and position, security will never be the first thing they will take care about (except if they will be worldly hacked by Anonymous and if this hack will be a great deal of media attention).

[jefito 5,589]

Bref... Evernote is not a secure way to store things and when I read Evernote Evengelist comments about the company strategy and position, security will never be the first thing they will take care about (except if they will be worldly hacked by Anonymous and if this hack will be a great deal of media attention).

Please remember that Evernote Evangelists do not speak for Evernote company strategy. We can guess, like everyone else, and sometimes that guessing is bolstered by actual Evernote comments or observance of long-term patterns, but we really have no inside view onto their internal strategies.

[BurgersNFries 2,407]

I will never use Evernote for business. I will only store non important things.

 

I use Evernote all the time for business & important things.  Many important things do not include sensitive data such as passwords.  Doesn't mean they are any less important.  And it doesn't mean anyone can do anything with that info should my account get hacked.  I mean really, do I care if someone gets their grubby little hands on my vi editor manual?  Or my tutorial on how to restore files from BackupEdge?  Or the IP addresses & login credentials of computers I access for work?  That does them no good if they don't have the VPN info, which is not stored in Evernote but rather my true password manager. 

 

For passwords I use a true password manager. 

[Dailen 1]

I will never use Evernote for business. I will only store non important things.

 

Or the IP addresses & login credentials of computers I access for work?  That does them no good if they don't have the VPN info, which is not stored in Evernote but rather my true password manager. 

 

You don't know much about hacking apparently...I can fool a network with a weak firewall into thinking I'm INSIDE the network and pass me along inside. The key is knowing something about the inside infrastructure and possibly a login. If I know an internal IP of a direct machine I can fool the firewall into thinking i'm inside and passing my data along to PCs on the other side. I could do a lot of damage with that info.

 

Nice little jabs, very funny. Reminds me of my little cousin.

 

The stupefying thing is that Evernote KNOWS. There's an outcry for these features. Even having been acknowledged by the CEO. Would you not agree that enhancing security should be a priority? Security concerns have been looming for years but it doesn't seem like all that much has changed.

 

Evernote has a phenomenal platform support. The fact that they supported the Playbook was amazing in itself to me. It is, BY FAR, the preferred application if you're on a wide variety of platforms. It's unfortunate that I'm going to HAVE to change platforms but it would have seemed far better of a solution to invest in your product by giving your customers a greater peace of mind and security in knowing their information is safe.

 

Haha Dailen ! Nowadays, security sucks, the main (and only) priority is "New Features". Security design is never seen so it is easy too say "it is secure" :

 

https://evernote.com/contact/support/kb/#/article/23480996

> 

Several of the company's founders come from a strong encryption background (founders of CoreStreet, recently acquired by ActiveIdentity). For Evernote's consumer product, the current encryption algorithms are chosen more for exportability under the Commerce Department rather than strength, since our software permits the encryption of arbitrary user data with no escrow.

 

 

 

I will never put important informations in Evernote. By the way, text encryption in RC2 is just a joke ! It is funny ! 

I will never use Evernote for business. I will only store non important things.

 

Hardware and software design has to take care about security at the beginning and it has to be the first important thing.

 

I red this (ok in 2008) :

http://discussion.evernote.com/topic/23725-request-additional-encryption-options-for-notebooks-and-syncing/

This level of strength, combined with the general obscurity of our technology (no off-the-shelf tools for attackers), means that the average person wouldn't have a way to get at your encrypted content if you choose a strong encryption passphrase (i.e. no words from the dictionary, etc.). This level would not protect against a concerted effort by a government agency or other organization willing to put in a few engineer-weeks of work and lots of computing cycles.

 

The first rule in security design is to always use the latest standards and never base any security part on "Obscurity of our technology".

 

Bref... Evernote is not a secure way to store things and when I read Evernote Evengelist comments about the company strategy and position, security will never be the first thing they will take care about (except if they will be worldly hacked by Anonymous and if this hack will be a great deal of media attention).

 

 

One word for you..."Cloudfogger"...never using Evernote again...

[potsky 0]

Sorry for misunderstand about Evernote Evangelists. I thought you were company guys. Sorry.

 

And you both are right... in fact it just depends on where people put their own limit about "important things". I agree with Dailen, an insignificant data can be a staggering blow. I thing security design is a strict discipline. Anyway...

[Irma-H 0]

@evernote: your security certificate for the Windows version was oké until 7-3-2011...

So what to do now?