islandboatman 1 Posted July 5, 2013 Share Posted July 5, 2013 So I've been reading many security threads today. Just realized that to get all of my credit card and banking information, all someone has to do is: 1. Go to C:\Documents and Settings\username\Local Settings\Application Data\Evernote\Evernote\Databases 2. Open the username.exb file in a text editor Ouch... Only two steps and they have everything if I get my laptop stolen again.... I find encryption of individual lines in evernote to be VERY time consuming and annoying. I have hundreds of passwords. I also really don't want to encrypt my whole hard drive Ideas? Plugins? Updates? Anything in the works? Link to comment
islandboatman 1 Posted July 5, 2013 Author Share Posted July 5, 2013 For example, when you use RoboForm, the RoboForm data files on your hard drive are encrypted by default. "Your Identities and Passcards are encrypted using AES, BlowFish, RC6 or 3DES algorithm and the encryption / decryption key is generated from the Master Password. This encryption method makes your data very secure and even if hackers come into possession of your Identity and Passcard files, they will have to crack one of these encryption algorithm without knowing the key which is considered impossible. By default AES encryption is used." http://www.roboform.com/br/faq.html#faq_encryption With 11 million users and 225 million in funding, you'd think Evernote would at least add a little something to the data file... pleeeeeeeeease >.< Link to comment
Level 5* jefito 5,586 Posted July 5, 2013 Level 5* Share Posted July 5, 2013 Can't say what Evernote's plans are (they don't, as a company policy, reveal their feature roadmaps or plans, at least very often), but as a workaround, you might be able to encrypt your .exb file; just set up your Evernote shortcut to decrypt on the way in, and encrypt it on exit. There is discussion on the topic in the forums, as I recall, a forum search or Google search might turn that up. Link to comment
Level 5* GrumpyMonkey 4,314 Posted July 5, 2013 Level 5* Share Posted July 5, 2013 For example, when you use RoboForm, the RoboForm data files on your hard drive are encrypted by default. "Your Identities and Passcards are encrypted using AES, BlowFish, RC6 or 3DES algorithm and the encryption / decryption key is generated from the Master Password. This encryption method makes your data very secure and even if hackers come into possession of your Identity and Passcard files, they will have to crack one of these encryption algorithm without knowing the key which is considered impossible. By default AES encryption is used." http://www.roboform.com/br/faq.html#faq_encryption With 11 million users and 225 million in funding, you'd think Evernote would at least add a little something to the data file... pleeeeeeeeease >.< I think they are up to 65 million users now, but I doubt encryption of your local database is high on their list of things to do. After all, if you encrypt your local drive, then you protect everything on your computer, and unless we are talking about state hacker/spies like the NSA, it is pretty unlikely that anyone will be able to get at it. This is far more effective than having each app encrypt separately, and it can be accomplished within a few minutes (on the Mac) or maybe a little longer on Windows (TrueCrypt). However, I will say that I agree with you about the hassle of encrypting text in Evernote. Not only is the encryption level quite low, but it only works for text, and it is cumbersome. I would really like to see the ability to encrypt everything in a notebook at 256-bit. It wouldn't have to be available for every notebook. One would be enough for me. I am hoping that Evernote will eventually implement this, especially given the recent news about the US govt hacker/spies. Until then, you'll be well-served by a local notebook for sensitive data inside an encrypted local drive (http://www.christopher-mayo.com/?p=288). Link to comment
islandboatman 1 Posted July 5, 2013 Author Share Posted July 5, 2013 For example, the most common stolen item at my college was laptops in the library. People leave them open (in a logged in state) and turn away for a second. And then POOF, the laptop is gone. Now if this person recognizes the evernote icon in the start menu, then encryption of the hard drive wont matter anyway. They can just get to the evernote EXB file and then they have everything. please please please evernote. Encrypt the EXB file. Link to comment
Level 5* GrumpyMonkey 4,314 Posted July 5, 2013 Level 5* Share Posted July 5, 2013 For example, the most common stolen item at my college was laptops in the library. People leave them open (in a logged in state) and turn away for a second. And then POOF, the laptop is gone. Now if this person recognizes the evernote icon in the start menu, then encryption of the hard drive wont matter anyway. They can just get to the evernote EXB file and then they have everything. please please please evernote. Encrypt the EXB file. True. People are careless with their laptops. The solution is terribly simple, though. First, don't walk away from your computer. Ever. I see so many people do this, and it boggles my mind (I am at a university as well). It isn't just Evernote, but everything on your computer that is put at risk (not to mention the computer itself). If you are going to walk away from your computer, then start up the screen saver or close the lid. This will lock your computer, and if it is encrypted, when the thief comes to take it, they cannot access your info. Of course, you have lost your computer, but see the first point to handle that problem I get where you are coming from, but I think in this case we have a terribly simple solution right at our fingertips already. Encrypted notebooks? Those make sense (because they would encrypt the data on the Evernote servers as well). Encrypted local databases? I think your computer OS is going to do a far better job of that. Link to comment
islandboatman 1 Posted July 5, 2013 Author Share Posted July 5, 2013 They're professionals. One does distraction. The other snatches the laptop. Might only be 3 feet away from it. 100 lines of code and the exb file could be encrypted. Pleaseeee evernoteeee hear meeeeee >.< Link to comment
Level 5* GrumpyMonkey 4,314 Posted July 5, 2013 Level 5* Share Posted July 5, 2013 They're professionals. One does distraction. The other snatches the laptop. Might only be 3 feet away from it. 100 lines of code and the exb file could be encrypted. Pleaseeee evernoteeee hear meeeeee >.< My goodness. I've never seen that! I'll keep an eye out for those kinds of folks. Well, I am guessing the thieves (your fellow students?) will close the laptop while they are sprinting away from you in the library, so you are still protected if you have an encrypted drive. I really think you might be better off picking someplace else to study away from these professional thieves/students! As for Evernote, the developers and staff read these forums, and I am sure they will see your request. I don't think they will do it (see Dave Engberg's comments from 4 years ago at http://blog.evernote.com/blog/2008/04/15/evernote-privacy-and-security/), but you never know! In the meantime, please consider the suggestions I made. Link to comment
ThomasAlbright 0 Posted July 11, 2013 Share Posted July 11, 2013 I always use the same password whenever I encrypt part of a note, because as you say, it's a pain to keep track of hundreds of passwords. I guess it would be nice if Evernote provided a way to decrypt all of my encrypted notes at once, since I use the same password anyways. But I really don't think there is a better solution possible than encrypting parts of notes. If everything was encrypted, then Evernote couldn't provide a "Search" feature for your notes, and it also couldn't do the cool things it does like OCR on images. As others have mentioned, you can at least encrypt your hard drive with TrueCrypt. But that doesn't help you if somebody snatches your laptop while you have the drive decrypted. Personally, I think Evernote's biggest weakness is an inability to encrypt individual attachments. But there are other ways to encrypt attachments in Evernote. Link to comment
BurgersNFries 2,407 Posted July 11, 2013 Share Posted July 11, 2013 True. People are careless with their laptops. The solution is terribly simple, though. First, don't walk away from your computer. Ever. Agreed. I try to think of my devices as cash or credit cards. Would I leave cash or my credit card in my car, visible, even when the car is locked? No. Would I leave cash or credit cards in the top rack of the grocery cart while I turn away & select something from the shelf? No. I'm more protective of my devices than some people are of their toddlers. Link to comment
allen 39 Posted July 11, 2013 Share Posted July 11, 2013 True. People are careless with their laptops. The solution is terribly simple, though. First, don't walk away from your computer. Ever. No. I'm more protective of my devices than some people are of their toddlers. At least, in my experience, the toddler can (and often will) follow you Link to comment
islandboatman 1 Posted January 19, 2014 Author Share Posted January 19, 2014 Ok it's 2014 Does anyone know if the latest version has fixed this issue? e.g. is my entire life still available to anyone with notepad.exe? Or have they encrypted it yet? Link to comment
eyalnow 14 Posted January 19, 2014 Share Posted January 19, 2014 Evernote directors - A business service without proper security isn't a proper business service.If this was a priority, you would have done it already.This is not a feature request but a problem in your service. Workarounds for users who either love EN or are locked-in because they have so much stuff on it:Enable 2 factor authenticationUse LastPass or another password manager to keep all your passwords and sensitive info (pain in the ass, but it would protect it for now)Encrypt a part of your hard drive and keep EN databases there set a 1 minute time-out for the screen saver to kick in and require a password to disable ituse a security cable for your laptop whenever you are at a public placeuse biometric authentication for your laptop How about launching a campaign calling evernote to fix this problem ? Link to comment
Magpie 0 Posted June 2, 2014 Share Posted June 2, 2014 Really hope .exb file encryption could be supported by Evernote. It should be similar to any database, such as Oracle, which stores data in encrypted files and makes the data accessible via a SQL client with authentication. This way, even if the data files are stolen by anyone through any means, the thief is not able to see or use the data. Link to comment
jasondunn 16 Posted June 6, 2014 Share Posted June 6, 2014 I just wanted to add my voice toward Evernote dramatically improving their approach to encryption and security. It's great that they have two-factor authentication, but their desktop app should have an option for a local password upon opening. And Evernote is uniquely positioned to create the ultimate digital wallet solution if they'd allow notebook-level encryption (their current solution is beyond clunky) and templates for credit cards, etc. I use LastPass for my passwords, but it's pretty bad for other types of data (cards, documents, etc.). Evernote has a golden opportunity here! Link to comment
Level 5* EdH 1,668 Posted June 9, 2014 Level 5* Share Posted June 9, 2014 I always use the same password whenever I encrypt part of a note, because as you say, it's a pain to keep track of hundreds of passwords. I guess it would be nice if Evernote provided a way to decrypt all of my encrypted notes at once, since I use the same password anyways. But I really don't think there is a better solution possible than encrypting parts of notes. If everything was encrypted, then Evernote couldn't provide a "Search" feature for your notes, and it also couldn't do the cool things it does like OCR on images. As others have mentioned, you can at least encrypt your hard drive with TrueCrypt. But that doesn't help you if somebody snatches your laptop while you have the drive decrypted. Personally, I think Evernote's biggest weakness is an inability to encrypt individual attachments. But there are other ways to encrypt attachments in Evernote. Just a heads up. Truecrypt has been shut down. Existing installs work, but at some point, there will be a change to Windows via a security update or service pack that will break how TC works and it won't be fixed. Bummed about it. Link to comment
fabrguer 0 Posted January 20, 2017 Share Posted January 20, 2017 You can use VeraCrypt now. This is how I do it: https://fabrizioguerrieri.com/blog/2017/1/18/how-to-secure-evernote Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.