Robert G 0 Posted March 31, 2014 Share Posted March 31, 2014 I know that when I authorize an application to use my Evernote account, it can retrieve notes as well as change them. My question is, does that give the application's servers, or developers, the ability to read my notes or save them? I keep sensitive data in my Evernote account that I would not want to trust with developers and organizations that I really know nothing about. I would think that access to read my notes outside of my actual device would be a really terrible idea for the security of the service and would render the advantage of using 3rd party applications not worth the trade off. Evernote's definitions are a little vague. They state clearly that the "application has access" but doesn't say anything about how the application can store or use the information it retrieves. There are several apps I would REALLY love to use, but I'm just not sure I can trust the system to protect my data. Am I worrying too much with this? Link to comment
Level 5* GrumpyMonkey 4,319 Posted March 31, 2014 Level 5* Share Posted March 31, 2014 I know that when I authorize an application to use my Evernote account, it can retrieve notes as well as change them. My question is, does that give the application's servers, or developers, the ability to read my notes or save them? I keep sensitive data in my Evernote account that I would not want to trust with developers and organizations that I really know nothing about. I would think that access to read my notes outside of my actual device would be a really terrible idea for the security of the service and would render the advantage of using 3rd party applications not worth the trade off. Evernote's definitions are a little vague. They state clearly that the "application has access" but doesn't say anything about how the application can store or use the information it retrieves. There are several apps I would REALLY love to use, but I'm just not sure I can trust the system to protect my data. Am I worrying too much with this? Hi. Welcome to the forums. If someone can access your data, then they can store it, so you should assume that they have full access to everything in your account. If you have sensitive data, I recommend you don't put it on the cloud in the first place, but, if you do, you may want to have it in a separate account or encrypted if you use third-party integrations. Ideally, we'd be able to limit access to certain notebooks, have encrypted notebooks, etc., but we aren't there yet. You have to manually create barriers. Link to comment
Robert G 0 Posted April 7, 2014 Author Share Posted April 7, 2014 I know that when I authorize an application to use my Evernote account, it can retrieve notes as well as change them. My question is, does that give the application's servers, or developers, the ability to read my notes or save them? I keep sensitive data in my Evernote account that I would not want to trust with developers and organizations that I really know nothing about. I would think that access to read my notes outside of my actual device would be a really terrible idea for the security of the service and would render the advantage of using 3rd party applications not worth the trade off. Evernote's definitions are a little vague. They state clearly that the "application has access" but doesn't say anything about how the application can store or use the information it retrieves. There are several apps I would REALLY love to use, but I'm just not sure I can trust the system to protect my data. Am I worrying too much with this? Hi. Welcome to the forums. If someone can access your data, then they can store it, so you should assume that they have full access to everything in your account. If you have sensitive data, I recommend you don't put it on the cloud in the first place, but, if you do, you may want to have it in a separate account or encrypted if you use third-party integrations. Ideally, we'd be able to limit access to certain notebooks, have encrypted notebooks, etc., but we aren't there yet. You have to manually create barriers. Thanks for the follow up! I don't really have anything by itself that is sensitive, but it doesn't take much for someone to piece together enough data to cause a problem. The only really sensitive data I have in Evernote I store in local notebooks, but that's after I file them there. Typically, I dump everything into an "inbox" notebook until I have time to filter things later on. So that being the case, even sensitive data resides in a synced notebook at least temporarily during that process. I agree, Evernote really should make it where we can choose what folders 3rd party apps can have access to and not just allow all of them. There is just too much room for abuse otherwise. Link to comment
Rocket J. Squirrel 43 Posted April 9, 2014 Share Posted April 9, 2014 I have a mix of very sensitive data on Evernote and then mostly stuff that isn't sensitive. This data is in a mix of different notebooks. How do I segregate what is allowed on the cloud and what isn't allowed on the cloud? Link to comment
Robert G 0 Posted April 9, 2014 Author Share Posted April 9, 2014 You can create a new notebook (use the File Menu, not the button) and choose it to be "Local Notebook" and not "Syncronized Notebook". Local notebooks do not sync with Evernote's servers and reside solely on your device. Obviously, that means backups are crucial since it's not on the cloud like other notebooks. Here's how it looks on a Mac.https://www.dropbox.com/s/uybfrcosr0qupkc/Screenshot%202014-04-09%2015.53.50.png Edit: You cannot change the type of a Notebook after it's created, so you have to create a new one as Local and move your files into it. Link to comment
Rocket J. Squirrel 43 Posted April 9, 2014 Share Posted April 9, 2014 Thanks, Robert. Let's say I want the sensitive stuff stored on both my laptop and my ipad. Do I have to re-create the local notebook on the iPad and then re-create the note, or can I give both the iPad and the laptop access to the same notebook? Link to comment
Robert G 0 Posted April 9, 2014 Author Share Posted April 9, 2014 Since Evernote uses their servers as the tool to sync the data, Local notebooks will only be on the single device that created it. To my knowledge, iPad app doesn't support Local notebooks at all, only synced ones. So that means any of your Local notebooks would be solely on your laptop. That's the downside. It seems that our choices are, create a Local notebook for sensitive data and have no other access to it...OR...don't use any third party apps that have note access. I trust Evernote as a whole, but as soon as you give an app access to your notes it's no longer as secure (or so it seems to me). I hate that we can't dictate which notebooks are off limits to outside apps, synced or not. There are some great apps out there that I would love to use, but I can't justify the risk. Link to comment
Rocket J. Squirrel 43 Posted April 9, 2014 Share Posted April 9, 2014 Boy, no kidding. This is especially disturbing for me because I'm developing an app myself that will require this access. What I would really like is the ability to set access to any given note since I have sensitive notes in different notebooks. I guess what I will do is to create a separate account for all sensitive data and then not use any third party apps for that account. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.