Jump to content
  • 0

Third Party Security

EverSpiral

Asked by EverSpiral,

Idea

EverSpiral

EverSpiral 5

Posted
Posted

I've been searching around a bit and haven't found a clear answer about how secure is using a third party app connected to my Evernote.  I'm looking into EverClip and am unsure what kind of access I'm giving to that app for my Evernote account.  Questions I have:

 

• Do third party app developers have access to my user/pass.  (pretty sure the answer to this is no)

• Do third party app developers have access to my notes?

 

I understand the specific application will have access.  But what is unclear to me is whether using a third party app will allow access to the developers.  What would a developer of a third party app have access to?

 

Link to comment

15 replies to this idea

Recommended Posts

  • Level 5*
gazumped

gazumped 11,666

Posted
  • Level 5*
Posted

If you go to your 'My Account' page in the web client,  you'll see your Applications listed on the left - these are the third-party services you've allowed to handle your data.  You can revoke their access at any time - and no,  they don't have your password.  Different apps have different access, but (as I understand it) they can't see your account as such - they may have access to information you ask them to save whilst it passes through their hands - so:  URLs,  web pages,  note contents maybe.

 

You'll have to make a decision - the smart money around here seems to be on keeping some information off the internet entirely.  If it's real blackmail material,  or access to your family fortune,  don't even keep it on a computer.  If it's stuff like medical records,  school reports and such,  use a local notebook - on the computer,  but still not synced with the web.  General research / receipts / day to day correspondence - anything you're happy to share and willing to accept the (small) risk that it could be exposed for the world to see - is for your main Evernote notebook.

 

Every time you sign up to another external service that shares access to your Evernote account,  you are (IMHO) increasing the risk of potential exposure.  So - in my view:  one or two of these services is probably fine - it was a small risk to begin with,  and it won't get too much bigger.  But you have to draw a line somewhere...

 

And in all of the above;  wherever you keep your information,  (unless it's on paper) make sure you have a backup!!

Link to comment
  • Level 5*
GrumpyMonkey

GrumpyMonkey 4,319

Posted
  • Level 5*
Posted

Having an audit log of everything that a third party service has accessed would be great and would go a long way to verifying the trustworthiness of the service. 

 

Is there any way to see what a third party app has accessed?

 

No. But, would it matter? They can access everything (you give them permission), and they might need to just to run their service. A log would just show you that they did what you said they could do.

 

The more important issue is whether they viewed or recorded the data, and that we simply cannot know with any certainty. I think the only solution (if you are concerned about access to sensitive notes) is to keep sensitive notes local (not uploaded to the servers) or encrypted. Hopefully, someday we will get the ability to encrypt certain notebooks and/or wall them off from third-party access. 

Link to comment
BostonEnginerd

BostonEnginerd 2

Posted
Posted

I think that it would matter.  Of course a third party app needs some access to your data in order to perform their service.  A log would show that they're only doing what they say that they're doing.  Otherwise there is no way to verify.  A log of who/what is accessing your data would be useful in figuring out if your account has been compromised also.


For example, IFTTT has a list actions that it can do in response to a trigger:

* Create a note

* Append to a note

* Create a link note

* Create image note from URL

* Create audio note from URL

 

These are the things that they say they can do. However you have to give them pretty broad permissions:

 

  ifttt.com will be able to:
  • Create notes, notebooks and tags
  • Update notes, notebooks and tags
  • List notebooks and tags
  • Retrieve notes
ifttt.com will NOT be able to:
  • Delete notebooks and tags
  • Access account information
  • Update user account information
  • Permanently delete notes
  •  

I would like to be able to verify that IFTTT isn't accessing notes that aren't necessary for the actions that I have defined for them to take. If I have actions that run on Note A, there is no reason for them to look at Note B.


To use Evernote, we have to accept them as a trusted party.  Third party apps are less trusted.

Link to comment
  • Level 5*
gazumped

gazumped 11,666

Posted
  • Level 5*
Posted

All due respect,  but if you have to go to that level of checking IMHO you're better off not using the service.  Evernote is unlikely to be able to justify engineering that level of reporting for the very small number of people who might want to use it,  and any third party provider is probably going to argue they will only touch the data to which you allow them access,  so its not worth them providing additional reports - and even if they could produce the information,  would you believe it?

 

Evernote will jump on anyone found misusing access to customer accounts because the trust issues it raises will affect their bottom line.  Third party providers would be dumb to allow such misuse because the millions of Evernote users would quickly find out and dump all their access.  While the economics is against you on providing more data,  it's much more against the logic of any unauthorised action.

 

Any security issues are also going to be more likely in the transmission of information to and from a third party provider,  or in what's on their systems pending transmission to Evernote.  If you found bank account details had been leaked (which,  obviously,  it's a BAD idea to keep online anywhere anyway) - could you prove it was through unauthorised access to your account and not because you sent them to the note via another service?

Link to comment
BostonEnginerd

BostonEnginerd 2

Posted
Posted

Hi gazumped, 

 

Thanks for the response!

 

All due respect,  but if you have to go to that level of checking IMHO you're better off not using the service.  Evernote is unlikely to be able to justify engineering that level of reporting for the very small number of people who might want to use it,  and any third party provider is probably going to argue they will only touch the data to which you allow them access,  so its not worth them providing additional reports - and even if they could produce the information,  would you believe it?

 

Many other services provide some level of this.  Gmail for example will show you a list of currently logged in sessions and the locations from where you account has been accessed from in the past. Something like this would be a great feature to allay concerns that users like me have. Remember, Evernote wants to be the central repository for your life. They want to build a large ecosystem of third parties that rely on them. If they want to do this effectively, IMHO, they need to build it such that we can verify that the third party apps are behaving appropriately.

 

Evernote will jump on anyone found misusing access to customer accounts because the trust issues it raises will affect their bottom line.  Third party providers would be dumb to allow such misuse because the millions of Evernote users would quickly find out and dump all their access.  While the economics is against you on providing more data,  it's much more against the logic of any unauthorised action.

I'm not sure how I would know that someone misused the information in my account without any sort of log. The misuse of data is not necessarily intentional. It might be that their service gets hacked. It might be a bug in their software. I'd still like to be able to see what my exposure is.

 

Any security issues are also going to be more likely in the transmission of information to and from a third party provider,  or in what's on their systems pending transmission to Evernote.  If you found bank account details had been leaked (which,  obviously,  it's a BAD idea to keep online anywhere anyway) - could you prove it was through unauthorised access to your account and not because you sent them to the note via another service?

If my bank account details get leaked, I'm certainly going to want to check to see who might have had access to that information - email accounts, notebooks, etc.

 

I really like Evernote. I think it's a great service. I even pay for it even though my usage isn't high enough to push me out of the free tier.

Link to comment
EverSpiral

EverSpiral 5

Posted
  • Author
Posted

If you go to your 'My Account' page in the web client,  you'll see your Applications listed on the left - these are the third-party services you've allowed to handle your data.  You can revoke their access at any time - and no,  they don't have your password.  Different apps have different access, but (as I understand it) they can't see your account as such - they may have access to information you ask them to save whilst it passes through their hands - so:  URLs,  web pages,  note contents maybe.

 

I've used Reeder to allow clipping from the app into Evernote and entered my user/password in that app.  However, I don't see any mention of it in my account?  Or anyway to revoke it's services?  Have I given Reeder full access to my account?

 

Some other solutions for managing third party are:

• Have a separate user/password in Evernote that I can give to third parties.  That way I can control the level of read/write that any service has accessing my account.

• Have a way for me to log in as a third party, and see what they can see in my account.

Link to comment
BostonEnginerd

BostonEnginerd 2

Posted
Posted

Hi EverSpiral,

 

They have something like that in place. It's called OAuth.  You have given Reeder full access to your account.  My earlier posts here mention my complaints with the current OAuth setup, but it's better than giving your password out.


I'd recommend changing your password. 

Link to comment
EverSpiral

EverSpiral 5

Posted
  • Author
Posted

Thanks Boston.  Good advice.

 

Part of the problem seems to be that there is no way to enable other apps on iOS devices to access the local application.  Hence the need for third party apps, which are still workarounds.  This is also a security feature that apps can't access each other's data on the iOS.

 

For example, Reeder on my mac desktop has a service to clip to Evernote, but I don't need to enter Evernote login information.  But there isn't anything on the iOS that allows this.

Link to comment
  • Level 5*
gazumped

gazumped 11,666

Posted
  • Level 5*
Posted

Hi -

 

@BostonEnginerd:  Seems I was outthunk by Evernote - a few days ago everyone got access to a feature via the My Account screen on Evernote.com - there's now an Access History tab which will show you when any third party apps have.. accessed your account.  Not as much detail as you would like I know,  but a step along the way.

 

@EverSpiral: The same MA screen has Applications and Connected Services tabs which show all the services you are connected to,  and allows you to unconnect them where necessary.

 

I think I said earlier that connected services get access to do lots of things,  but they don't 'see' the account like you do.  Their service has an OAuth token which permits them to add,  edit or remove information exactly as you have asked them to as though they were you.  They don't have permission to look at anything else along the way.

 

Having different levels of access with different passwords is (IMHO) a security accident waiting to happen,  designed to allow exactly the access you didn't want,  and frustrate any third party app from doing what you do want them to.

 

And @BostonEnginerd:  "if my bank account details get leaked" - really?  If you need security on any level,  it's the user's responsibility to provide it;  you can't rely on getting protection from a service that provides normal levels of net security - ie that 'should' be secure,  but stands a small but measurable chance of being hacked,  just like everyone else out there.

 

Suppose you found that a service purporting to be an add-in had access your account a week ago,  and you also noted that some detail that you think only you have access to had appeared in the public domain at the same time.  There's no way to know if the add-in wasn't being spoofed; that detail wasn't released by someone else;  or the source had a lucky guess at something they don't know for sure.  No level of stats is ever going to ensure you're secure!

Link to comment
  • Level 5*
GrumpyMonkey

GrumpyMonkey 4,319

Posted
  • Level 5*
Posted

I think that it would matter.  Of course a third party app needs some access to your data in order to perform their service.  A log would show that they're only doing what they say that they're doing.  Otherwise there is no way to verify.  A log of who/what is accessing your data would be useful in figuring out if your account has been compromised also.

For example, IFTTT has a list actions that it can do in response to a trigger:

* Create a note

* Append to a note

* Create a link note

* Create image note from URL

* Create audio note from URL

 

These are the things that they say they can do. However you have to give them pretty broad permissions:

 

 

ifttt.com will be able to:

  • Create notes, notebooks and tags
  • Update notes, notebooks and tags
  • List notebooks and tags
  • Retrieve notes

ifttt.com will NOT be able to:

  • Delete notebooks and tags
  • Access account information
  • Update user account information
  • Permanently delete notes
  •  
I would like to be able to verify that IFTTT isn't accessing notes that aren't necessary for the actions that I have defined for them to take. If I have actions that run on Note A, there is no reason for them to look at Note B.

To use Evernote, we have to accept them as a trusted party.  Third party apps are less trusted.

Ideally, it would be nice to know what has been accessed, when, and if the data was recorded. However, it seems unlikely that this will be implemented, especially since you have given them permission to retrieve any note. Essentially, all you would see is confirmation that they have done what you said they could do.

I am not disagreeing with your desire to have control over your data, but I haven't much faith in the current permissions system (for Android, iOS, and everything else) as a way to provide that, and doubt knowing a service accessed note X would make a difference in terms of protecting your data. By that time, they already have the data you gave them permission to have. I am afraid the permissions are way too broad (on every service), and you have to agree to everything and trust the service, or decide not to use it.

Here is a new feature Evernote has developed. I think this is not as detailed as you want, but it is a whole lot better than having no information at all!

http://discussion.evernote.com/topic/36783-access-history/

Link to comment
chinarut

chinarut 29

Posted
Posted

hello all! I've done quite a bit of poking around and think this is the right thread to share my thoughts.

 

Evernote wants to be the central repository for your life. They want to build a large ecosystem of third parties that rely on them. If they want to do this effectively, IMHO, they need to build it such that we can verify that the third party apps are behaving appropriately.

 

extremely well put!!

 

I'd like to be constructive here.  has anyone discussed the ideas of tagging notebooks for secure access?

 

two approaches off the top of my head:

  1. sandboxing - certain notebooks could be tagged by a specific 3rd party tag - for example my 5 "blog" notebooks could be tagged Postach.io or something.   in this manner when Postach.io fetches "the world of my noteworks" - it only sees a universe of 5 notebooks.  If the service wants to create new blog notebooks, great!  I wouldn't be adverse to it because there is some level of sandboxing here.
  2. confirmation for first time access to a notebook - Another approach could be notebooks are tagged/attributed "on request only" - meaning sensitive notebooks require an email request (or whatever mechanism du jour) to confirm access - this is not much different than when you set up a forwarding email in gmail and it asks permission for first time access.

of course a combination of both methods would be great.

 

does anyone else have any ideas that could move this conversation forward without having to majorly overhaul EN's entire architecture?

 

 

 

 

 

 

Link to comment
  • Level 5*
GrumpyMonkey

GrumpyMonkey 4,319

Posted
  • Level 5*
Posted

hello all! I've done quite a bit of poking around and think this is the right thread to share my thoughts.

 

Evernote wants to be the central repository for your life. They want to build a large ecosystem of third parties that rely on them. If they want to do this effectively, IMHO, they need to build it such that we can verify that the third party apps are behaving appropriately.

 

extremely well put!!

 

I'd like to be constructive here.  has anyone discussed the ideas of tagging notebooks for secure access?

 

two approaches off the top of my head:

  • sandboxing - certain notebooks could be tagged by a specific 3rd party tag - for example my 5 "blog" notebooks could be tagged Postach.io or something.   in this manner when Postach.io fetches "the world of my noteworks" - it only sees a universe of 5 notebooks.  If the service wants to create new blog notebooks, great!  I wouldn't be adverse to it because there is some level of sandboxing here.
  • confirmation for first time access to a notebook - Another approach could be notebooks are tagged/attributed "on request only" - meaning sensitive notebooks require an email request (or whatever mechanism du jour) to confirm access - this is not much different than when you set up a forwarding email in gmail and it asks permission for first time access.
of course a combination of both methods would be great.

 

does anyone else have any ideas that could move this conversation forward without having to majorly overhaul EN's entire architecture?

Hi. Thanks for the suggestions. perhaps they will help the developers.

Currently, there are two solutions to the problem (as far as I know).

1. Use local notebooks for sensitive data. These cannot be accessed by third-parties.

2. Use two accounts. One account for third party access and a second one for your regular data.

Link to comment

Archived

This topic is now archived and is closed to further replies.

Go To Idea Listing
×
×
  • Create New...