Open text in Evernote data files

[Postah 3]

The notes text is stored in unencrypted, and even not obfuscated open form both in Android and computer. It would be nice if it was at least a little hard for computer-illiterate people to view the databases. Encryption with the evernote password would be best though.

[ScottLougheed 1,316]

Your note contents Are also accessible in the client itself without any password protection. Arguably, if a person has physical access to your computer and knows your computer user password (or there is no password), they'd then have access to the client and all it's contents. What good would locking down the database be then?

On your mobile device, it is the same premise. If a person has physical access and knows your pass code or there is none, they would have access to the client and thus all your note content. Premium users can add an additional layer of protection by turning on a pass code to access the app on android or iOS.

If you are concerned about people accessing your Evernote contents, secure your computer and your mobile device. If those aren't satisfactory, then delete the client and it's data from your local device and use only the web interface.

You are right, it is fairly vulnerable, but so is your email clients entire mail database, or the contents of your Dropbox, and so on. If someone has physical access to your device and the pass code is breached or doesn't exist, it isn't just Evernote that is toast, it's everything. Our computers and mobile devices are extremely vulnerable if physical access is obtained... Most companies, Evernote included, could probably do more to make this a bit harder... But without slowing down the program or making some serious inconveniences for users, the return on such compromises may not be worth it...

The contents of an iOS device, for example are hard to access and are encrypted if a pass code is present... But it isn't fool proof either.

[Postah 3]

About PC version:

I always "Quit Evernote" from tray, when I finish working with Evernote. A person who doesn't know much about computers won't be able to just open the program and view it. But he or she may easily do a search for "Evernote" keyword on file system and then open the database file with a simple text editor - Word, Akelpad, Total Commander internal viewer, etc. Easy!

 

About Android version:

Situation is the same. As you said, Evernote can be locked with password. Alternatively it can be locked with third-party apps. But if we go to SDCard/Android/data/com.evernote/files we will find that Evernote keeps an open xml file for EACH note, which is very easily opened with a text editor. And if it is the reason I don't want to disable offline caching making my experience superslow

 

It would suffice if at least text was saved with some unknown encoding, or somehow obfuscated. In that case to read the text you would need at least some programming skills

[Postah 3]

Also, I found out that you can copy the database in PC version, change its extenstion to sqlite and view the notes with a database viewer

[ScottLougheed 1,316]

Yes, physically secure your devices or else you are toast. Aside from on disk encryption (e.g. FileVault 2), there are few practical ways to prevent data theft, and even on-disk encryption is fallible. Not many practical ways around this.

[Postah 3]

I am aware of ways to encrypt whole drives including OS on computer. But I am not hiding government-level sensitive data here. Just personal information which I don't want relatives or friends to access. And for that, making Evernote files less open than easily readable text format would be sufficient

[ScottLougheed 1,316]

1) I can see the value and wouldn't mind having the ability to "lock" specific notes or notebooks. 

2) Likewise for being able to password protect the client, which is really user-facing and more likely for an unsuspecting relative to stumble upon.

3) The database stored in the nether regions of your computer would really need to be sought out. If you have snooping relatives, is your Evernote database really your only problem? 

 

I think based on what you have said here, you'd be best to create separate user accounts or a guest account for those people. I mean really, if they are so interested in accessing your Evernote files (god knows why....) and they have access to your computer and are logged in to your user account, why wouldn't they just open the application rather than trudging through your computer's nether regions?

[Kotya 7]

About PC version:

I always "Quit Evernote" from tray, when I finish working with Evernote. A person who doesn't know much about computers won't be able to just open the program and view it. But he or she may easily do a search for "Evernote" keyword on file system and then open the database file with a simple text editor - Word, Akelpad, Total Commander internal viewer, etc. Easy!

Lock your computer when you walk out of it. WinKey+L. If you allow other people to use your computer under your credentials, you have much bigger problems to worry about. All your private information, including My Documents, Skype, Dropbox, etc etc, is wide open to anyone. If you have other members of your familiy accessing your computer, create separate windows accounts for them. Easy! :-)

 

Other logged in users, unless they are local admins, cannot find/view your evernote database. By default it is stored in your local profile. To access it from another account you have to know the password, or be the administrator.

 

You can further protect the system by enabling encryption on the evernote files, but I would not recommend it.

 

As for the Android phone... it is considered personal item by default and should be pass-protected. If somebody steal your phone, it will lock/destroy information after 10 incorrect attempts. Flushing the phone will also erase data. If I am not mistaken, EV database on Android is stored in the part where nobody can get access, unless the phone is rooted.

[ScottLougheed 1,316]

Well put Kotya!