Jump to content

Idea

Recommended Posts

  • 6

Hi All,

You may have noticed that all threads requesting Password Protected Notebooks have been merged into this thread, regardless of platform specificity.

(This is a separate request from the ability password protect the Evernote App itself)

This was done in order to better enable us to quantify and qualify user requests, and amplify their voice.

While this does not mean this is a feature that will be coming, we certainly want to relay user feedback/sentiment to our various teams.

Moving forward, please put all commentary and votes for Password Protected Notebooks here!

  • Like 3
  • Thanks 4

Share this post


Link to post
  • 9

Well, it's interesting to see how some people are strongly rejecting certain ideas, and defending them/justifying lack of any action by EN as if this will have a negative effect on them personally. Really strange.

To support this request I have a simple explanation and if anyone (be it "guru" or just "member") can provide an explanation why this is not reasonable I am really looking forward to response:

I want to lock/encrypt/password protect a table and image inserted in a note. I'm listening.

Current text encryption can be used for things you use rarely. I mean, decrypting it, adding some text and then again SELECT ALL->encrypt->password.... this is almost "last resort" option. Again, I am not a person that keeps "life-altering" things in EN but sure would like to prevent anyone seeing a list of some table data, or my login passwords to random sites, loan management tracking etc.

I mean, notebook or note lock will do the job and it's kinda surprising to see that this topic is open for almost 5 years now and I haven't seen any NO, NOT NOW or MAYBE's from EN officials. Maybe there is but I missed it though....

  • Like 5

Share this post


Link to post
  • 9

Dear all,

I plan to migrate from OneNote to EN for my daily planning and for my private content and notes, I have upgraded to Premium.... but Password lack is a show stopper for me !

I do not need encryption, I'm not trying to protect from Hackers or terrible cyber criminals !!!!

 

I just want to avoid that my private thoughts and ideas pops up on my desktop or mobile while I am browsing my daily planning.

Same I do not want that my kids or other eyes gets access on my private things when they browse on my pc or mobile!

So a password protection (not encryption, encryption is not needed, just simple password!!!!) for notebook or sections or notes is what I am asking for.

I know I will limit search function, I know I will probably limit integration from other sources (like sending from Outlook to a password protected area), probably also more nice function will be restricted ...... but please, add the function !!!  I will decide whether to use it or not, why you decide for me? 

 

You are such great developers, why are you so reluctant to include this function...

if someone does not want the password, he just have to avoid to use it, isnt' that easy?

 

Hope you will change your mind soon

Cheers

Richard

 

  • Like 5

Share this post


Link to post
  • 6

Just jumping on the bandwagon here. Would love to have the ability to password protect at a notebook level. Then have password protected notebooks be excluded from search unless you enter the password to unlock those notebooks. And heck, maybe even also have protected notebook results, even when unlocked, be available (optionally) after the click of a button or link. For example, let's say you have Notebook A, Notebook B, and Notebook C. B and C are protected with different passwords. Notebook A is unprotected. You run a search. Results look like this: 

Result 1, result 2, result 3, etc. (all from Notebook A).

[see results from locked Notebook B] -> click on this and you'll be prompted for a password to unlock notebook B.

[see results from locked Notebook C] -> click on this and you'll be prompted for a password to unlock notebook C. 

In the left column, in the notebooks view, you would see a little lock symbol (like a padlock) next to locked notebooks. When unlocked, the lock symbol padlock would look unlocked. Click on the padlock again and you lock that notebook. 

On mobile, the experience might be a little different. You might allow the use of a PIN instead of a password, or Touch ID (iOS), face unlock, pattern unlock, etc. 

  • Like 1
  • Thanks 2

Share this post


Link to post
  • 4

I would love to have the ability to password-protect individual notes and/or notebooks. I have been using Evernote for many years and accumulated data and taken notes, which is stored in Evernote. Some of it is sensitive information. If that feature will be added, I will become a happily paying premium user. Is there any plan to realize that function?

Thank you
 

  • Like 1

Share this post


Link to post
  • 3

Add me to the list of users who would like to see notebook level, zero knowledge, encryption. As we go down the path toward increasing surveillance (and a police state, all in the name of 'safety'), we cannot expect companies to resist government pressure to open the kimono, so zero knowledge encryption is a must. 

 

I'd still use local notebooks since we know that use of encryption itself is enough attract NSA surveillance and efforts to defeat your encryption. But it would be great to have the option to encrypt notebooks stored in the cloud that we need to access on a mobile device.

  • Like 3

Share this post


Link to post
  • 3

I see this topic was raised many years ago.  I use EN for personal, and managing multiple businesses.  Plus, others have access to my computer.  I encrypt my most personal content but its impractical for entire sets of notes (4k+ and counting).  It is also impractical to create multiple accounts because I bounce between all use cases all day long.  When can we please have the ability to lock a notebook and all underlying notebooks/notes so I could lock Business 1, Business 2, and Personal.  Unlocking each once per day and then knowing that if someone comes to my computer, I can lock down what I need to? 

  • Like 2

Share this post


Link to post
  • 2
On 8/23/2018 at 7:20 AM, tRav525 said:

I am a huge Evernote user and have been waiting for encryption for years, along with everyone else.  It is incredibly disappointing that it is still not a base feature of this product.  I don't know the reasons why full notebook encryption (not just text) isn't available, but in this day and age it is irresponsible for a cloud service company of this size to not offer a way for their customers to protect their personal information.  There are other solutions out there, albeit not as feature rich as Evernote - but as soon as one of them catches up and offers encryption... AND should they have a streamlined process for transferring note content out of an Evernote account into their solution, I predict a mass exodus of Evernote users.

Hi. Competitors already provide (and have provided for several years) full database encryption without putting in any effort at all (you don't even know it's there). Nowadays, you also get password / fingerprint authentication to open apps and even syncing directly from device to device without involving the cloud at all (for the security sensitive among us). There's some amazing stuff out there.

But, Evernote's user base continues to grow, rather than flee. That's a good thing (because I like Evernote). I'd prefer that they implement better security features as a core commitment to user security / confidentiality (yes, we are all aware of the "three laws," but in practice, here we are with tiny, independent developers offering far superior security, so there seems to be a gap here between word and deed, or a difference of opinion about how to interpret those laws). But, they haven't so far.

Unfortunately, DT is correct. If this level of security is a requirement, then Evernote is probably not for you. As a longtime user (here since the launch), I can say that this is a longstanding request that Evernote is quite aware of, but (judging by their actions) isn't interested in pursuing. That is, of course, their right. It is Evernote's app, after all, and there is no law saying they have to do everything users ask of them (thank goodness). Still, even after a decade, I continue to hope they'll change their minds. I'm not into clicking on buttons to vote for things, though. I'd prefer they seriously consider the request based on its merits rather than quantifying our voices.

  • Like 2

Share this post


Link to post
  • 2

I'm currently having another look at Evernote for at least some of my files / notes.

(I used Evernote around 2011 but drifted over to OneNote and stayed there till now.)

To me, this seems pretty necessary as well.

If I wanted to switch all my notes over to Evernote some of them would be pretty personal. Sure, I could log out of Evernote, but in day-to-day life this isn't always practical (working and moving back and forth from the laptop, especially working with a group of people) and in my experience people often forget to lock even their screens.

Evernote even offers a presentation mode, only really useful with a beamer.

I wouldn't want to click the wrong notebook and have it open. I also want an extra layer of security on top of certain files / notes, if my device is ever stolen or somebody looks around as I left the table and forgot to lock the screen. Or even allow somebody to use it and forgot that the evernote-app isn't logged out. Stuff like that happens.

Simple fact: As long as this feature doens't exist, Evernote won't be able to become the single place for all my notes / writing / files that the company would probably like to be.

(And that I would like to have... It doesn't sound like fun to mix evernote for their search, OneNote for encrypted notebooks with many notes and attached files, and VeraCrypt-files for stuff that's just kept for documentation and doesn't need work.).


Apart from that, I consider the lack of comments about such a common customer-wish a horrible signal. After some scrolling in the forums, this seems to be pretty normal.

This information-void doesn't feel good. Any type of information would be better, in my opinion. As an old, former user looking back I really hope this changes with the new CEO.

Maybe Evernote wants to index everything and their image of a digital brain storage with strong search doesn't allow for this. Okay, then why not make an understanding but firm and eplaining statement about it?

(Edit, additional thought: Even though I wouldn't agree with this argument. Especially with sensitive files I know the things I filed away, and don't mind to browse a little while longer to find it manually.)

Or the database is just not structured for it and the necessary changes are too big? Okay, but why not let me know so I know what to expect / not to expect?

Edited by tm87
Added an additional thought.

Share this post


Link to post
  • 2

Hey guys, isn’t life too valuable to spend time discussing this / like this ?

Personally I think every user should have the chance to protect his data, including copies of it somewhere on the own system, in a backup or on the server. The only way to do this is to encrypt the notebook, the note or the content. The further down it goes, the more effort is needed by the user to have the protection applied.

  1. Today we can only protect content, and only if it is plain text, by encrypting it individually.
  2. Yes, one can encrypt anything outside of EN, and load the encrypted file as an attachment into a note. If you want to use the content, you have to move it out of EN, decrypt it, etc. Not really a workflow ...
  3. The only other option for privacy are local notebooks, that are not encrypted, but will not sync.
  4. Protection on a device level will not work for many, because devices may be shared, and especially in a business IT situation no device is really tamperproof, having admin access, controlled networks and other factors.

The current options obviously are only weak and laborious workarounds - to have encryption on a notebook or note level would make a huge difference in adjusting the privacy level of content for me. I would go to have encrypted notebooks as my preference.

  • Like 1

Share this post


Link to post
  • 2
2 hours ago, PieterG said:

I was looking for encrypting a table (with account/password data), but if password protection includes encryption, then I am fine with password protecting a Notebook

Evernote does not currently support encryption for tables (or Notebooks or Notes)
To indicate your support for this request, use the vote button at the top left corner of the discussion

In the meantime, I can use attachments for encrypted tables; spreadsheet or word processing
There's also more table options using these external editors

Office/iWork documents have a native encryption option505662947_ScreenShot2020-06-17at8_55_49AM.png.f5293ba9cad88ed5ab7161231a46736e.png

  • Like 1
  • Sad 1

Share this post


Link to post
  • 1

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

This has been discussed a lot already. Please search the board for more info. Also, if something is truly/securely encrypted, the host does not have it. So if you forget your encryption password, the host cannot send it to you or help you recover it. IOW, your encrypted data is gone.

  • Like 1

Share this post


Link to post
  • 1

Gees, this would be a great feature. I keep my employee review notes in Evernote and I find it hard to keep them encrypted and out of sight as a group.

  • Like 5

Share this post


Link to post
  • 1

And we should be able to password protect/encrypt individual notes in their entirety -- not just higher level notebooks.  (the encrypt text feature is not a worthy substitute).  I guess this an obvious extension of the original idea, but nevertheless...

 

 

  • Haha 1

Share this post


Link to post
  • 1

What a great point. Evernote really needs to get it together.

  • Like 2

Share this post


Link to post
  • 1

Yep, agreed, it would be a welcome feature. 

You probably already know that text passages within a note can be password protected.   Obviously, the developers recognize the value of having some protection within Evernote as well.  PW protection for entire notes or notebooks would be a logical extension, but may not be possible within the database design, I suspect.

  • Like 1

Share this post


Link to post
  • 1

Same boat. Same problem. I love Evernote, and in general, I don't mind my children and wife snooping around but for say a personal diary folder, I'd prefer to have some sort of password protection. Anyone who's got a moment of access to any of my devices can see all my diary entries. It seems kind of a basic requirement to me.

  • Like 2

Share this post


Link to post
  • 1

I could not agree more. I am starting a personal journal notebook and I really would love to lock down just that one notebook for personal reasons 

  • Like 1

Share this post


Link to post
  • 1

Just adding my vote here; I would really like the ability to lock and /or password protect individual notebooks.

Share this post


Link to post
  • 1

Totally agree, I use Evernote for both work and personal and data security is a key issue. I've gone down the multi factor authentication route but there is till a need for encryption at a notebook level, as a premium user option.

Share this post


Link to post
  • 1

I am a huge Evernote user and have been waiting for encryption for years, along with everyone else.  It is incredibly disappointing that it is still not a base feature of this product.  I don't know the reasons why full notebook encryption (not just text) isn't available, but in this day and age it is irresponsible for a cloud service company of this size to not offer a way for their customers to protect their personal information.  There are other solutions out there, albeit not as feature rich as Evernote - but as soon as one of them catches up and offers encryption... AND should they have a streamlined process for transferring note content out of an Evernote account into their solution, I predict a mass exodus of Evernote users.

  • Like 2

Share this post


Link to post
  • 1

This is really a needed feature for Premium accounts. Please add this feature.

 

As a premium user I would like to encrypt and decrypt my Notebooks and Notes as needed.

Share this post


Link to post
  • 1
25 minutes ago, DTLow said:

There is a festure request posted at the top for this, you can indicate your support using the voting buttons in the top left corner of the discussion.

Why is this your number 1 enhancement? 
I basically have a single filing notebook, but I'd want encryption for the entire database; not just individual notebooks.  I'm also not enthused by multiple password; my Evernote password should be sufficient.
Currently I have to protect sensitive data by encrypting at the note attachment level.

Thanks for the pointer to the vote button at the top. I noticed it after making the comment, and added my vote.

I want this feature for reasons similar to those already noted. Specifically to protect journal entries, but additionally to protect confedential notes. While I keep things pretty secure, this extra level would be appreciated. I use the encryption now to redact notes, but the folder level would be much more useful. I guess if you used the web client all the time, i would agree with the fact that the evernote password would be sufficient. But on dedicated clients that don't log out every time you close them the additional password is useful. 

Share this post


Link to post
  • 1

I'm yet another Evernote user who would like to be able to password protect a specific notebook. I feel like people have been asking for this feature for about eight years.... It couldn't really be that hard.

Share this post


Link to post
  • 1

Yes! Let's make Evernote even better by having this feature in. I'm pretty sure, you'll get a lot of new users just by adding this feature. If tomorrow, a competitor comes up with a similar app as Evernote and that new app comes with "password protection" feature as we're discussing, I'll move to that app. *Evernote Team*, it's that critical.

Share this post


Link to post
  • 1

I definitely need the ability to password protect individual notes or certain notebooks. I love Evernote for everything else and would use it s lot more if this feature was available. 

Share this post


Link to post
  • 1

Password protecting individual notes is important to me and would be a VERY welcome feature. I work in a small office and Evernote contains a lot of important info for our team as well as my personal stuff. I'm not keen on creating a second separate account. Will Evernote listen? Or shall I just quit Evernote and start a Bear account?

Share this post


Link to post
  • 1

Adding my vote for Password-Protected Notebooks. This feature is far, far more valuable than any sharing feature (which seems to be getting all the development time) in my opinion. 

Share this post


Link to post
  • 1

As a paying evernote subscriber, I agree the ability to password protect a note or notebook should be added. Whether EN allows it to be free or premium, is their call. Looking around now for alternatives that will allow me to do this. 

After about 5yrs worth of requests in this thread, and effective silence on the part of Evernote, isn't really acceptable. Just say no. The minimum responsible thing to do is to put this in the FAQ so people like me won't keep spinning our wheels.

I'll take this under consideration when it's time to renew and review the product.

  • Like 1

Share this post


Link to post
  • 1

Another vote for this functionality. As an executive using Evernote, I find this to be a significant gap in functionality. I cannot allow my admin access to my Evernote account (where I track my travel, itineraries, meetings, etc.) because they might see my private notes regarding strategic planning, staffing, journals, etc. Having to work around Evernote's limitation is forcing me to consider alternative solutions.

I find this shortcoming to be shocking quite frankly. Especially given how simple the solution appears to be.

Share this post


Link to post
  • 1

Encrypting text within notes is great, but I know I would really enjoy being able to encrypt batches of notes at the notebook level.  Navigating between several encrypted notes can be clunky, and a notebook master password that unlocks 'x' number of notes within the notebook would simplify the process greatly. 

Share this post


Link to post
  • 1
On 4/3/2013 at 11:51 PM, EvernoteLover9 said:

I wish I could password-protect a whole notebook.

I know this is an old thread, but just wanted to vote it up the scale.
Encrypting text is certainly useful, but clumsy
Encrypting an entire Notebook would be so very awesome

Share this post


Link to post
  • 1
50 minutes ago, Pastor-Luke said:

I have seen this argument raised in the past against the need for this feature

I was advising @Zenaida on protecting personal journals from being read by a boyfriend

>>All we want is a simple password

A third password  
To indicate your support for this feature, use the vote button at the top left corner of the discussion

Share this post


Link to post
  • 1

Any Form of Security Feature (Password/ Fingerprint Authentication / PinCode, etc) is MUCH NEEDED for Notebooks And Notes!

A Huge number of E.Note users create shareable public links which MUST be protected for the privacy of the content (which is highly confidential or v.personal at times).

Thnx! 😊

  • Like 1

Share this post


Link to post
  • 1
On 4/3/2013 at 9:51 PM, EvernoteLover9 said:

So it looks like over a year since the last post to this. Seriously, how is this not implemented already? Password protection seems like a very basic feature to me. I'm surprised it hasn't kept Evernote from growing. 

 

Share this post


Link to post
  • 1

Agree that this would be a great feature. I am planning to use Evernote to replace my current password safe, but need notebook password protection before I can do this.

Share this post


Link to post
  • 1

This request has been here for years.  They have an an encryption feature but if your text has bullet points or other markup, Evernote won't encrypt it.  Evernote also doesn't ask you to type in the encryption password twice.  So mistype the password, your text is now unrecoverable.  So it's minimal.  With all the press regarding privacy, you would think this is an easy grab for Evernote.  But I'm tired of waiting for it and checking out other products.

Share this post


Link to post
  • 1
On 3/1/2020 at 5:36 PM, AWS_solution_architect_DC said:

I estimate Evernote could more than double their subscriptions by adding this one feature to allow users the ability to encrypt their own Evernote databases.

Based on??

Share this post


Link to post
  • 1

Add my vote to be able to lock down a notebook with a password.  My use case is my journal, which I'd like to lock down and keep from showing up in search.

Share this post


Link to post
  • 1

This is clearly not a difficult feature to implement. Allow us to lock a specific notebook and that's it. It's pretty simple. If I want to use Evernote for thoughts, ideas, parenting stuff, etc. and my kids open my computer - they see everything. They won't hack it, just put in basic protection for notebooks. 

Share this post


Link to post
  • 1
21 hours ago, elefantecamp said:

This is clearly not a difficult feature to implement. Allow us to lock a specific notebook and that's it. It's pretty simple. If I want to use Evernote for thoughts, ideas, parenting stuff, etc. and my kids open my computer - they see everything. They won't hack it, just put in basic protection for notebooks. 

I think the original intent of this post from 7 years ago was to encrypt a notebook with password access.  I sense you are asking to block access to a notebook and its notes via a password.  A somewhat different request and probably not as difficult a change as encrypting a notebook.  But still with some effort required in the mechanics of it.  You might want to start a new feature request.

Share this post


Link to post
  • 1

 

7 hours ago, DTLow said:

Security is important to me  
- My computer is password protected for each userid   
- My Evernote account is password protected

Instead of trotting out the same responses, that people could have read already, why not just accept that it is not an unreasonable request to have additional functionality so people may use the tool in the way they wish.  The volume, persistence, uniformity and age of these requests for additional password security for objects within the app is such that app level and OS level sign in obviously does not meet the wishes (which may not be the same as your perception of requirements) of Evernote's (paying) customers.

Share this post


Link to post
  • 1
1 hour ago, JKST said:

 

Instead of trotting out the same responses, that people could have read already, why not just accept that it is not an unreasonable request to have additional functionality so people may use the tool in the way they wish.  The volume, persistence, uniformity and age of these requests for additional password security for objects within the app is such that app level and OS level sign in obviously does not meet the wishes (which may not be the same as your perception of requirements) of Evernote's (paying) customers.


Well said! I often got the feeling that DTLow is an employee of EN since on many topics, posts or questions he answers in a "defensive" way as if he tries to convince us that our requests are unreasonable. I mean, let's face it, most of the people know how to password-protect the computer or to log out of EN but I simply don't want to do that as it is not practical to do so every time I leave my desk, even it's just to make a cup of coffee.

Again, the fact that this feature is 2nd most wanted and that people still demand it and discuss it after 7 years means only one thing - users really need it!

As for me, I gave up. I still pay premium subscription and ONLY because of the OCR feature but unfortunately I am now using EN only as a dump storage and I rely on its search function when I need something. That's it. I moved all my projects, my journals, logs, even my to-do list in OneNote. Sure, there are some disadvantages compared to EN especially after using the EN as my main platform for years but then there are some things which are better solved in OneNote and it works for me. 

Biggest issue with EN for me is that I really don't see the direction in which they are going. With new CEO and most of the management changed I expected more, a revolution,  but instead we mostly see new videos in which they are trying to justify what they are doing...or not doing. 

Sad, really sad because it was (I mean still is) a great idea, great app, great potential, but it seems as if they are stuck half way and can't seem to get over that...

Share this post


Link to post
  • 1
3 hours ago, JKST said:

Instead of trotting out the same responses, that people could have read already, why not just accept that it is not an unreasonable request to have additional functionality so people may use the tool in the way they wish. 

I made no comment on the request being unreasonable     
I was responding to @elefantecamp who is new to the forums and has expressed a security concern with children accessing Evernote data

>>The volume, persistence, uniformity and age of these requests

I know it's repetitive and can understand if you don't want to participate

1 hour ago, NedPG said:

Well said! I often got the feeling that DTLow is an employee of EN since on many topics, posts or questions ...

Employees are clearly indicated in the sidebar    
I'm not an employee, just a an experienced user volunteering to help other users

>>I mean, let's face it, most of the people know how to password-protect the computer or to log out of EN but I simply don't want to do that ...

Another security method is a timeout password

>>Biggest issue with EN for me is that I really don't see the direction in which they are going.    

You should post as a new topic.     
This discussion is on password protected notebooks

Share this post


Link to post
  • 1
On 4/4/2013 at 12:51 AM, EvernoteLover9 said:

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

Totally agree! It's probably even better to have the option that when you search for a note, those in the password-protected notebook will not show up in the result, unless you go to the notebook, enter the password and activate the search. 

Share this post


Link to post
  • 1
2 hours ago, DTLow said:

Personally, I encrypt my "private notes"   
An Evernote feature would be nice, but I'm not going to let that stop me

DTLow why do you encrypt? I thought you were advocating that the Evernote password, and the system password were sufficient. Is it because you are concerned about cloud security? Perhaps I've misunderstood your earlier arguments. I'm glad to see that you see some value in this feature. Encrypting every note individually in a folder must be a hassle, both when you encrypt and when you have to decrypt each one. Do you ever forget to encrypt one? Have you ever forgotten or mistyped an encryption key? It would seem like it would be a very easy thing to do when you are encrypting a lot of notes. How does search work with encrypted notes? I haven't let the glaring absence of this feature stop me either but it certainly is a major dissatisfaction. The fact that Evernote won't even respond to this request makes it downright frustrating.

Share this post


Link to post
  • 1
4 hours ago, DTLow said:

The Evernote password and device security provide a level of security, and is sufficient for most of my documents
I have a few documents that I believe require encryption

>>How does search work with encrypted notes?
I use sufficient keywords in the title to ensure the search feature functions

>>Have you ever forgotten or mistyped an encryption key?
I use an automated process with scripting on a Mac

Honestly all I need is a way to not have certain notes show up in the default logon view, because if I’m going to use my notes to present but have to login in front of an audience I don’t necessarily want them seeing my other notes.  Sounds like you have some deep integration there - I tend to use Evernote on the web most of the time on computers that are not mine, so scripts are not feasible.  Encryption sounds nice but the problem is that often even the titles are personal enough that I don’t want people seeing them.  I will just use google docs instead.  Oh well, not worth pulling my hair out over.

Share this post


Link to post
  • 1
Posted (edited)
On 4/13/2020 at 12:59 PM, DTLow said:

No indication from Evernote

Why are you "desperate"

Well, there seem to be several different feature requests here. 

There are various comments regarding security of our overall data and encryption, and cloud security, etc. I'm comfortable with the overall security of my Evernote data, even if that is a bit of ignorant bliss.

I am "desperate" for something far more basic, something that seems to have appealed to many, many users over the many years I've been a Premium EN user: An ability to password protect a notebook consisting of all the notes I don't want anyone to read or see and don't want to pop up in EN searches. This isn't because I want to keep passwords safe (though that is as good a reason as any), since I use 1Password. I just want a simple ability to keep personal journal entries, certain web clippings, photos and the like, separate and secure with an additional layer of password protection. 

I'll give you a couple of case scenarios: I am a college professor. Students often literally read over my shoulder while I show them documents or web pages on my screen. I would like to easily switch to Evernote to show them saved files of examples or articles. However, I don't want journal snippets -- or web clippings of gifts I'm eyeing for my family,  or recipes I've saved, or photos of my children's artwork or my brother's prized classic car -- showing up in that search. I've had the same usage concern with consulting clients, because I use EN to organize those materials, as well. 

Another case: Although I use a privacy screen on my devices, none is 100%. I do not want to have to worry about prying eyes next to me or behind me every time I perform a search on my Evernote in a public place. The note encryption is not sufficient, since it balks at my web clips and doesn't tolerate formatting or longer lengths.

Last example: The potentially horrifying default logon view.

The contents of Evernote's encrypted notes are excluded from search and have a box in place of the contents, which keep them out of snippet view. With an encrypted and password-protected notebook, I'd hope the titles, also, would be omitted from snippets and search. As it is, if I'm at work and decide to show someone an Evernote file, when I open EN, the left pane displays notes with such professional and non-confidential titles as, "Really Dirty Jokes to Tell Brother," "Easy Ways To Fire 50% of Staff THIS WEEK," "Quit To Become a Pro Butter Churner? Pros & Cons," and "June 18, Reflections: Today I realized WHY I hate this job. It's because of my useless coworkers, loathsome boss, petulant clients ..." (ADDED after original post. Thanks @Jay Starkey for the reminder of this predicament.) 

Of course, there are workarounds, most obviously, not having someone read over my shoulder. I can also try to pull things ahead of time, find other ways of working around nosey neighbors, etc. But I am an Evernote devotee. I use it for everything and I love its search functions and the ability to trip across related saved documents by searching a word or tag. There are times I like sharing my EN screen with individual students, clients or even a lecture hall. 

Other users share their EN with assistants or family and because of a need to share many things across many notebooks, find it impractical to give others only specific notebook access. Seems pretty easy to understand why they, too, would find it much easier to make one or more notebooks completely private only to them.

I understand the notion of using different apps and software for different things. But what made Evernote my Holy Grail of information control was following advice I read years ago: Put EVERYTHING in it, so you have one place to look. I have plenty of exceptions, such as not using it for passwords. But it works best for me if I use it for almost all notes and document storage, personally generated and web saved. Therefore, I don't really want another system for my journal, random web clips, and pictures I've taken of my children's artwork -- even though I don't want any of those things popping up in a search or along my sidebar. Having a private notebook, or several private notebooks, would solve my concerns as well as those of countless other paying EN customers.

Edited by M. Black
grammar fix, additional idea
  • Like 1
  • Thanks 1

Share this post


Link to post
  • 1
4 minutes ago, M. Black said:

I am "desperate" for something far more basic, something that seems to have appealed to many, many users over the many years I've been a Premium EN user: An ability to password protect a notebook consisting of all the notes I don't want anyone to read or see and don't want to pop up in EN searches. This isn't because I want to keep passwords safe (though that is as good a reason as any), since I use 1Password. I just want a simple ability to keep personal journal entries, certain web clippings, photos and the like, separate and secure with an additional layer of password protection. 

THIS!!!!!!

  • Like 1
  • Thanks 1

Share this post


Link to post
  • 1
On 6/13/2020 at 7:38 PM, Jay Starkey said:

Honestly all I need is a way to not have certain notes show up in the default logon view, because if I’m going to use my notes to present but have to login in front of an audience I don’t necessarily want them seeing my other notes.  

Doh! How did I forget this part of the problem?!

I wrote about the potential for search embarrassment and completely forgot about default logon view humiliation!

Without a password-protected/encrypted notebook that is omitted from snippets and search, here's what happens. I'm at work, wanting to show someone a file. When I open EN, the left pane has snippets from notes with professional and non-confidential titles such as,

*  "Really Dirty Jokes to Tell Brother"

* "Easy Ways To Fire 50% of Staff THIS WEEK"

* "Fine Liquor & Cheap Booze To Try ASAP"

* "Quit & Become a Pro Butter Churner? Pros & Cons"

* "Dear Dad, Your granddaughter is a genius! Here's her last 10th-grade essay, "The Moon Landing Was Faked & Dinosaurs Could Have Made It To The Moon ..."

* "June 18, Reflections: Today I realized WHY I hate this job. It's because of my useless coworkers, loathsome boss, petulant clients ..."

Thanks, @Jay Starkey. I'm actually going to add this point to my post above explaining my desperation, so that I'll have allllll my reasons in one place the next time someone asks why people are desperate for this feature.

 

  • Thanks 1

Share this post


Link to post
  • 0

I'm OK with my notebook being gone if I forget my encryption key... that is fine :) I need the ability to fully encrypt notebooks as well.... I realize you can encrypt pieces of individual notes but that's just not user-friendly enough.  This is a major dilemma for me in being able to migrate to Evernote... 

 

Also, I feel like the desktop client should be able to have a timeout where you are required to enter a PIN to get back in, just like the iPhone and iPad apps.  It's a great feature.

  • Like 8

Share this post


Link to post
  • 0

I use Evernote casually because there is no 'Zero Knowledge' encryption ala Spideroak.  Notebook level encryption as a premium feature would make me a paying customer.

  • Like 8

Share this post


Link to post
  • 0

Yeah... leaving the desktop app open is just way too dangerous.... I don't see why this would be so hard to make? I actually upgraded to premium before I realized I couldn't encrypt notebooks... (oops :)  It's still cool software but without being able to store sensitive information, it really isn't that useful as a one-stop place for all of my notes.

  • Like 2

Share this post


Link to post
  • 0

Yeah... leaving the desktop app open is just way too dangerous.... I don't see why this would be so hard to make? I actually upgraded to premium before I realized I couldn't encrypt notebooks... (oops :)  It's still cool software but without being able to store sensitive information, it really isn't that useful as a one-stop place for all of my notes.

 

 

It may not be that it's too hard.  It may simply be that it's not a priority, since EN's niche is collecting, organizing & retrieving info.  If the info is securely encrypted, EN would not have access to the encryption password & would not be able to index the data.  Please search the board on encryption, if you want more info.

Share this post


Link to post
  • 0

Thanks for the reply BurgersNFries. Maybe it would become a priority if it was a small amount of extra money... I'd pay an extra $5/yr to be able to mark a notebook as encrypted.  It's OK if that encrypted data is not indexed... It can be made understood to users that anything in the encrypted notebooks will not show up in search results.  I would sit down and:

 

1. Tally up the number of Evernote premium subscribers.

 

2. Conservatively estimate the amount of development time, as well as time for updating help documentation, entering the extra password in the mobile apps, etc.

 

3. Run the numbers at 10% of Evernote Premium users paying the fee for "Evernote High Security Notebooks".

 

4. Also factor in the number of users who might be on the fence about paying for Evernote who will be pushed over the edge by this new feature.  I realize this is hard to calculate but I'm sure the number is greater than zero :) Actually, I know it's at least one from Jpetroski's post above!  These are brand new paying customers, this number can add up quickly.

 

I realize that you are an evangelist but to change priorities you have to show the business value.  Maybe it's not there?  Maybe they don't want to charge any "add-ons" to keep the pricing simple, in that case they need to put some serious effort into estimating #4 above.

 

At the end of the day, this feature will come to Evernote.  The question is, when will it come and how much money is it costing Evernote to not have this feature?

  • Like 4

Share this post


Link to post
  • 0

Yes, this feature would be great. This is really the only feature I would want as a premium customer. The other things that you get are OK, but for me some encryption would seal the deal.

 

As for now I can't use Evernote for all my notekeeping purposes, which is a little sad.

  • Like 1

Share this post


Link to post
  • 0

The ability to password protect and encrypt a single notebook within Evernote would be great for the reasons already mentioned above.

  • Like 1

Share this post


Link to post
  • 0

Forget it folks, I, and many others have tried...they don't want to hear it.  Some "antis" here are more vocal than others.

Share this post


Link to post
  • 0

Forget it folks, I, and many others have tried...they don't want to hear it. Some "antis" here are more vocal than others.

Where are the antis? If you search the board, I think you'll find lots of support for it, and also many users who are ambivalent, but does anyone say they "don't want the option to encrypt notebooks," or they "are anti-encryption"?

If by "they," you mean Vernote, then I can assure you they have heard. You can even find them in some of the threads responding. Just because they disagree and don't do everything we suggest doesn't mean they are not listening. Have we convinced them yet? No. But, maybe recent events are moving us closer to it.

Maybe, if you offered your specific security concerns, and specific reasons for wanting it then that would be more convincing.

Share this post


Link to post
  • 0

You can count my vote among those looking for a more serious approach to encryption in EverNote. In light of the recent NSA/PRISM surveillance scandal I simply cannot justify - as a non U.S. citizen - storing sensitive business information in EverNote, where it could be extracted at will by U.S. intelligence officials engaged in industrial espionage.

  • Like 1

Share this post


Link to post
  • 0

No worries there.  Last year they announced building a datacenter in China.  No Prism access there.  :)

 

You may think you're being funny, tongue in cheek or showing to the world that "it's not only the U. S. that is bad" but in reality all you're doing with the above contribution is strengthening my argument in favour of more comprehensive encryption options for those prospective users, who are serious about using Evernote for enterprise purposes.

 

And in any case the Patriot legislation also covers data centres abroad as long as the operating company is based in the U. S. This was admitted by Microsoft already years ago: http://www.zdnet.com/blog/london/defense-giant-ditches-microsofts-cloud-citing-patriot-act-fears/1349

 

http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225

 

Competitionwise the Americans have really shot themselves in the foot, when they decided to coerce their cloud services industry to facilitate their spying business. No wonder they wanted to keep it a secret to the world (as in "NOFORN").

  • Like 1

Share this post


Link to post
  • 0

It was indeed intended to show that we shouldn't be myopic on NSA surveilance of US based data centers.

You should assume that you're subject to metadata (if not more) surveilance where-ever you are.

 

Note that the UK collects more metadata than the US (though through agreement, they share access to one anothers data)

http://www.wired.com/threatlevel/2013/06/gchq-tapped-200-cables/

 

They aren't going to say anything about the spy taps they have on foreign undersea cables, but that's been known for a very long time.

So you have to assume that your data is being sifted over by:

  • Your own government, plus any they have intelligence agreements with
  • The governments of any countries your packets pass through
  • The governments of any enemies of your government through clandestine undersea taps (if ours are doing it, one has to assume some likelihood it happens the other way)

Being inside or outside the US, with a data center inside or outside the US, likely makes very little difference.

 

The only recent news here is that it's recently become news to some people (and perhaps the getting of a renewed sense of the scope creep enabled by moores law).

Act accordingly.  Though the horse left the barn on that requirement long ago.

 

http://en.wikipedia.org/wiki/Operation_Ivy_Bells

http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0

 

Using encryption now, just flags you for permanent archiving: http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/

  • Like 1

Share this post


Link to post
  • 0

BUMP yes please.

 

You can count my vote among those looking for a more serious approach to encryption in EverNote. In light of the recent NSA/PRISM surveillance scandal I simply cannot justify - as a non U.S. citizen - storing sensitive business information in EverNote, where it could be extracted at will by U.S. intelligence officials engaged in industrial espionage.

 

Very well put

 

This PRISM thing is at the very least a PR disaster for US tech. Its really making me think about what onlime services to use and from what countries.

Share this post


Link to post
  • 0

I am just adding my YES vote for folder encryption. I use a separate program for that now, and lack of folder encryption is the main reason I don't keep financial or legal documents in Evernote.

  • Like 2

Share this post


Link to post
  • 0

I am just adding my YES vote for folder encryption. I use a separate program for that now, and lack of folder encryption is the main reason I don't keep financial or legal documents in Evernote.

For sensitive data, my recommendation is to use Evernote's local notebooks. When you need sensitive data on mobile devices, if you are using iOS, VoodooPad is nice (wifi or iTunes sync with no Internet).

http://www.christopher-mayo.com/?p=288

Ideally, an encrypted notebook will be made available soon. Splitting data up (local/synced or VoodooPad/Evernote) is very inconvenient and inefficient. The alternative, though, is to expose your data (and that of any third parties you might have) to government(s) surveillance and subsequent loss to hackers / other countries (ask the US government where their military secrets went http://www.cbsnews.com/8301-201_162-57586624/how-chinese-hackers-steal-u.s-secrets/).

  • Like 2

Share this post


Link to post
  • 0

I've been an Evernote user for years, and the request for encrypted notebooks has been raised repeatedly.  I would love to have such a feature and would be willing to pay more for it, and would gladly sacrifice the ability to have the contents of encrypted notebooks indexed and searchable.  Unfortunately, I suspect that this requested feature is either extremely low priority or against Evernote's idea that everything should be searchable, and as such, I don't expect it to happen.

 

From a certain perspective, I think not providing greater encryption capabilities is almost negligent.  With such a large user base, you know that some people are storing sensitive documents and data in EN, thinking it is relatively secure (I have known such people - keep in mind that a majority of the world is not that tech sophisticated and when they see things like SSL encryption, they presume their data is always encrypted and absolutely safe).  Yes, these people should know better, and providers such as EN are not required to babysit such people, but if you are aware that people are using your product in an unsecure manner, shouldn't you do something about it?  Just my 2 cents.

 

 

  • Like 3

Share this post


Link to post
  • 0

 

The last couple of minutes of this interview indicate that new "sexy" encryption options will be available "soon" (by the end of the year apparently)

 

http://techcrunch.co...ar-old-startup/

 

 

Yep. Thanks again for finding that.

 

If you want to know the exact spots where relevant stuff is said, see this post http://discussion.evernote.com/topic/39180-password-protect-evernote-in-total/?p=220064

Share this post


Link to post
  • 0

By the way, Google storage now has encryption. It seems to be roughly equivalent to what Dropbox already has as well. It might sound good to some people, but Google has the keys, so they can be legally compelled to turn your data over to a government and hackers can get a hold of it, so it is (in my opinion) nothing more than a false sense of security. This is not the encryption I want to see in Evernote (and it sounds to me in the interview that it isn't the encryption Evernote wants either).

http://www.pcworld.com/article/2046802/google-to-encrypt-cloud-storage-data-by-default.html

 

This is the kind of encryption I want from Evernote. A notebook encrypted in this manner with zero-knowledge encryption would be ideal.

https://spideroak.com/faq/questions/23/

 

By the way, there is (as Phil mentioned in the interview) a lot of confusion out there about this Prism thing. I am no expert, so please correct me if I am wrong, but if Google holds the key, unlocks the door to your data, and hands the data to the government (as they are legally obligated to do in some cases), then how is their encryption of data on their servers addressing any of the privacy/security concerns that people have about the government over-reach? To my amateur mind, reporting that claims Google is somehow addressing these concerns (see the Verge, for example http://www.theverge.com/2013/8/16/4627232/google-cloud-storage-automated-128-bit-aes-security) sounds bizarrely misinformed, under-researched, and poorly analyzed.

 

I truly hope this kind of (in my opinion) blather is not affecting the thinking folks at Evernote (like smoking the Halfling's weed, as Saruman would say). 

  • Like 2

Share this post


Link to post
  • 0

By the way, there is (as Phil mentioned in the interview) a lot of confusion out there about this Prism thing.

 

Not just Phil, but even the people-in-charge don't know what is going on with the NSA.

WaPo’s bombshell: Feinstein didn’t know about NSA’s audit of privacy violations

The big story is that Congress, overseers of the NSA and guardians of the public’s privacy, seems to have zero idea of how many “incidents” there are. And that includes the congressional watchdog-in-chief — the chairman of the Senate Intelligence Committee Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it. The NSA, it seems, really is an island unto itself inside the federal government.

http://goo.gl/k7caQV

 

Share this post


Link to post
  • 0

 

By the way, there is (as Phil mentioned in the interview) a lot of confusion out there about this Prism thing.

 

Not just Phil, but even the people-in-charge don't know what is going on with the NSA.

WaPo’s bombshell: Feinstein didn’t know about NSA’s audit of privacy violations

The big story is that Congress, overseers of the NSA and guardians of the public’s privacy, seems to have zero idea of how many “incidents” there are. And that includes the congressional watchdog-in-chief — the chairman of the Senate Intelligence Committee Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it. The NSA, it seems, really is an island unto itself inside the federal government.

http://goo.gl/k7caQV

 

 

 

You raise an important point about making an informed decision about our data. In my opinion, we will probably not know the full extent of surveillance and abuse for many decades to come, and once your data is turned loose, you have no control over it, and it will float around in data centers forever. It may already be too late for some people. For all we know, some of our data ended up in Russia with Snowden.

 

I use the plural "data centers" here, because a lot of this data will escape from government servers through hacking, freedom of information requests, loss, and other means. It has happened before. It is happening. It will happen again. What happens when governments, corporations, and nefarious individuals (including those in the institutions) gain access to our "second brains"? This is some unsettling stuff. 

 

That's why I think it is a good idea for Evernote to institute something like this. The debate really isn't about what Prism does or doesn't do (interesting as it  is), but about instituting a policy that (in large part) removes the "trust" factor from the equation. With a zero-knowledge encrypted notebook, Evernote wouldn't have access, their employees wouldn't, and neither would the government. We don't have to "trust" every govt. official (in several governments, if information sharing news is accurate). We take the power out of their hands and put it in ours. That seems like the safest course of action no matter how this Prism thing turns out.

  • Like 4

Share this post


Link to post
  • 0

Hey GM,

 

That's why I think it is a good idea for Evernote to institute something like this. The debate really isn't about what Prism does or doesn't do (interesting as it  is), but about instituting a policy that (in large part) removes the "trust" factor from the equation. With a zero-knowledge encrypted notebook, Evernote wouldn't have access, their employees wouldn't, and neither would the government. We don't have to "trust" every govt. official (in several governments, if information sharing news is accurate). We take the power out of their hands and put it in ours. That seems like the safest course of action no matter how this Prism thing turns out.

 

I think you may be right here. Even though Evernote's business model doesn't depend on advertising/tracking (which is good for us!), they aren't immune from unreasonable government requests. I found an article that explains this quite clearly:

 

Indeed, the cooperation [between intelligence agencies and 'cloud' companies] was usually “voluntary” in large part because companies couldn’t afford to seem uncooperative, says another private-sector official who would speak about classified issues only on condition of anonymity. “The ways that pressure works in Washington are very subtle,” he says. “No one’s getting bribed, or punished outright. But it’s the good little Indian that gets rewarded. And these companies needed the goodwill of the NSA and other agencies.”

 
[…]
 
If industry refused, the NSA had the unique ability to both reward and punish, thanks to its implicit veto power over deals and exports
 

If the government wants something, they'll get it. I love Evernote, but I think that the Uplink motto "Trust is a weakness" applies here. :D

  • Like 1

Share this post


Link to post
  • 0

If people are really worried about storing "encrypted" data in evernote and the government getting it. Then you have bigger problems and really shouldn't even be commenting in this forum.

I just want to keep prying eyes off of my data, that's it nothing else. It's more of a "feel good" than anything else. I've been looking for something cross platform that I can use for journaling my life, family, friends, venting - getting things off my mind without others reading it because I left my machine unlocked & someone went snooping. While this would be rare, it could happen. This would give me peace of mind. I often spell things out as I see them, which, could upset someone if they read it. My thoughts are my thoughts - period... One of the only things I can control these days (I tend to ***** that up to)

 

Looking forward to the update. Been a light user for several years, with the announcement of "secure data" I purchased for the year. Something I dont do very often.  

 

Cheers

  • Like 3

Share this post


Link to post
  • 0

There were many things that they said would never be done in EN but this has been a "sexy year" for new features.

 

I'll add my vote for allowing encrypting / PW protecting notes without having to log out of the whole EN program.

Share this post


Link to post
  • 0

This is good news indeed!!!!!

 

I prefer client-side key storage, but hey, right now in this environment, I'll take anything.

Share this post


Link to post
  • 0

If people are really worried about storing "encrypted" data in evernote and the government getting it. Then you have bigger problems and really shouldn't even be commenting in this forum.

 

??????

  • Like 2

Share this post


Link to post
  • 0

I've been an evernote premium customer for a few years now and pretty happy with the service.  However, it has become clear that it's no longer possible to trust service providers with my data, despite the best intentions of the service providers to keep my data private.  So, I'm hoping that Evernote will enhance their product to give users like me the option to use zero-knowledge encryption as GrumpyMonkey mentioned in his post:

 

This is the kind of encryption I want from Evernote. A notebook encrypted in this manner with zero-knowledge encryption would be ideal.

https://spideroak.co...q/questions/23/

 

 

 

I understand this may cause some features, like server-side OCR to not work correctly (or at all).  Maybe giving me the option to have my attachments OCR'd might be useful, perhaps some hand-waving assurances that you'll return the OCR'd info and destroy the object.  Or maybe not at all.

 

In this version of the product, EN is reduced to being a storage provider for my data synchronization needs as well as a supplier of high quality client applications.

 

I'm now actively searching for a solution like this, perhaps built over a service like SpiderOak (that I try to use preferentially to DropBox) or something else.  While I have particular reason to distrust EN as a service provider, it seems to me that to solve my problem I don't NEED to try my service provider, and as a matter of good hygiene, I probably shouldn't trust service providers unless absolutely need to.

 

Share this post


Link to post
  • 0

I think that encrypted notebooks are one of the most needed features! Not truly safe? Hey! It's my choice!!! They don't provide cars without brakes because they can wear out. Check your brakes, but brakes are usefull. World is full of softwares and devices with drawbacks. You can put your accounts into an usb key and that can be stolen but... it's not a reason to not produce usb keys!!!

Encrypted/password-protected notebooks are usefull for a lot of semi-sensitive or sensitive data. Period. Drawbacks in term of indexing, security, ecc.? Let me know. I will decide if the option fits me. And I know will fit!

  • Like 1

Share this post


Link to post
  • 0

I use the in-note encryption feature quite a lot but I think I have read in the past that it's a really weak form of encryption (something about export of munitions being applied to crypto software?).  In which case, what's the point?

Share this post


Link to post
  • 0

I use the in-note encryption feature quite a lot but I think I have read in the past that it's a really weak form of encryption (something about export of munitions being applied to crypto software?).  In which case, what's the point?

As far as i am concerned, the current encryption seems pointless, though in practical terms, even it is unlikely to be broken. I certainly wouldn't see any point in using it for a whole notebook when better levels of security are available. Ideally, we'll get this feature, it will use at least 256 bit encryption, and it will be zero knowledge.

Share this post


Link to post
  • 0

 

I use the in-note encryption feature quite a lot but I think I have read in the past that it's a really weak form of encryption (something about export of munitions being applied to crypto software?).  In which case, what's the point?

As far as i am concerned, the current encryption seems pointless, though in practical terms, even it is unlikely to be broken. I certainly wouldn't see any point in using it for a whole notebook when better levels of security are available. Ideally, we'll get this feature, it will use at least 256 bit encryption, and it will be zero knowledge.

 

 

 

The NSA didn’t weaken a crypto standard. Rather, it put a backdoor inside the standard. There’s an important difference. As a consequence, if you use Dual_EC_DRBG, you’re still well-protected if the adversary you’re defending against isn’t the NSA. But if it is, you’re pretty much stuffed.

 

http://grahamcluley.com/2013/09/nsa-cheated-cryptography/

 

You may find this interesting.  I interpret this to mean all known forms of encryption can be and are being subverted by the NSA.  Perhaps there are algorithms in a tool like TrueCrypt that don't use the Dual_EC_DRBG standard, but you'd have to do some research to find out.  

 

 

Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him.
- Cardinal Richelieu

Share this post


Link to post
  • 0

 

 

You may find this interesting.  I interpret this to mean all known forms of encryption can be and are being subverted by the NSA.  ...

 

 

 

I don't believe this.  Here is why.

 

Edward Snowden stated:

 

Snowden's response: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."

 

 

 

http://www.businessinsider.com/edward-snowden-email-encryption-works-against-the-nsa-2013-6

 

 

 

 

 

AND

 

Bruce Scheier has already stated NOT to use EC.

 

 

 

Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

 

 

 

 

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

 

 

 

Scheier also states:

 

 

 

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA.

 

 

What I glean from all this is the fact that stronger crypto systems have the best chance of working.  But even better would be non-NSA influenced ciphers;  Twofish and Threefish come to mind.  Apart from the latter, and One Time Pads, AES256 seems to be the best choice. (Although adopted by the NSA, it is my understanding it was not developed by the NSA.  Instead it was the "winner" in a search for a new crypto system.  The winner: Rijndael)

 

(PS  I am not a cryptographer, but I follow those that are.)

  • Like 1

Share this post


Link to post
  • 0

In my opinion, we are discussing of two completely different needs, and I think it's a mistake, trying to reconcile them.

Someone just needs a password protection on notebooks or, let me say so, a "soft" encryption. Useful for personal journaling, not-so-important accounts and so on. Nothing they care to protect from government... They only want to protect from prying eyes. Let's say "private" notebooks.

Others need to store completely unreachable information. Not necessarily terrorists. Maybe politicians who do not want to let someone put his nose on anything private, or professionals who have to keep some data confidential, or, simply, normal people who are concerned to store safely the login data of the bank account. They need a safe or a vault. Let's say "safe" notebooks.

Or maybe, the same person (me, for example) has the two needs.

Why not just make available the two different features?

"Private" notebooks, with just a password. Not strongly protected but searchable and, maybe, password recovery option.

"Safe" notebooks, REALLY encripted, totally or in part. I mean: totally encripted, or searchable titles but unsearchable content. Without password recovery option, of course.

You will NEVER succeed to make a compromise beetween the two solutions or convince the users they do not need one or the other solution. It's a useless struggle.

Share this post


Link to post
  • 0

It might be a subtle point but I think a PIN might be better than a "password".  Just like on the mobile devices.  I wouldn't want someone getting carried away thinking there's any security behind that.  I do want to deny casual use if someone is granted brief access to my desktop, without having the hassle of logging in and out of Evernote in the desktop client.  But all of the data is still there for the gleaning if you look at the backend. For that, there's no substitution for encryption.  It's not hard and doesn't have to add noticeable overhead.

Share this post


Link to post
  • 0

It might be a subtle point but I think a PIN might be better than a "password".  Just like on the mobile devices.  I wouldn't want someone getting carried away thinking there's any security behind that.  I do want to deny casual use if someone is granted brief access to my desktop, without having the hassle of logging in and out of Evernote in the desktop client.  But all of the data is still there for the gleaning if you look at the backend. For that, there's no substitution for encryption.  It's not hard and doesn't have to add noticeable overhead.

 

Agreed, a PIN on the desktop app would be great.  I don't want to have to lock my workstation all the time, especially at home where others want to use the computer.  Just need a PIN to get into the desktop app once it's minimized in the task tray and you open it back up.

Share this post


Link to post
  • 0

Actually I was wondering why not doing something totally different in order to get right this done without really encrypt the data.

As far as I can see it, some people want that the notebook needs to be password protected but on the other side evernote doesn't want to do this as it would cost more and the system isn't build for that.

So why not just password protect the notebook so when you first want to open it, it asks for a password just to look at it, this can't be so hard to be implemented.

Together with an auto logout, that asks for a password when the file is shown more than like five minutes, you have almost the same,e thing as people are asking for as a someone that wouipd like to see it needs password anyways.

  • Like 1

Share this post


Link to post
  • 0

Sadly no, a password prompt and auto-timeout (as is in place in mobile EN clients with premium account) has nothing to do with the needs enumerated in this thread.

That's not to say it's not worthwhile, even in addition to encrypted notes/notebooks (be it local, remote, local and remote - non-key-escrowed), but it just addresses the requests of other use cases in other threads.

For now breath is likely best conserved until EN releases what they already have baking in the oven and we kick it around a bit.

Share this post


Link to post
  • 0

Sadly no, a password prompt and auto-timeout (as is in place in mobile EN clients with premium account) has nothing to do with the needs enumerated in this thread.

That's not to say it's not worthwhile, even in addition to encrypted notes/notebooks (be it local, remote, local and remote - non-key-escrowed), but it just addresses the requests of other use cases in other threads.

 

Actually you misunderstood me.

I said, that single documents should be password protected again, so that the mobile client can stay open as most users like it.

I am not sure if you ever worked with password protected documents in Office, but while your computer might have a password and you can leave it unlocked all day long, just to open this one document, you need an extra password again.

So just password protect a Notebook, so you need to enter maybe a different password than your Evernote password just to open the notebook.

This way most people have what they want, as they just want that people can't open single notebooks from evernote, while all the other ones are an open book to everyone that comes along the computer.

Share this post


Link to post
  • 0

Ok, got it.

Isn't that already essentially addressed on the mobile client with PIN support?

Now if we're talking about bringing that over to the desktop side, it sounds appealing, except that somewhere near half of the users I've read posting requests in that area know that the data can still be read on the back end, either in the same account looking at the Evernote folder and sqlite database itself, or the same from another admin level account on the same computer.

Adding local per note/notebook side encryption then serves both halves of the feature request. It blocks both in-evernote and out-of-evernote read attempts.

And this is completely separate from any discussion of the evernote server side handling/non-handling/awareness of the encryption. This would be local client encryption only, with data decrypted on every authenticated read (be that the Evernote user, or a sync operation).

Share this post


Link to post
  • 0

In the attempt to find a Mac replacement for Ms OneNote, Evernote comes up at the top of the list. However, I'm shocked that it's not possible to password protect a whole notebook (local or synced), and to set a desired timeout/lockout period (i.e. 1,5,10,15 min). Even Microsoft figured out this one! So far, Evernote isn't winning my over. :(

Share this post


Link to post
  • 0

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I didn't know there was a way to encrypt a single note, I know that I can encrypt selected text but not a complete note. I am going to go and look for that feature. 

 

I do agree though that an option to encrypt a complete notebook would be great.

Share this post


Link to post
  • 0

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I didn't know there was a way to encrypt a single note, I know that I can encrypt selected text but not a complete note. I am going to go and look for that feature.

I don't believe that there is. You can encrypt a note's text content, but not a whole note, as far as I know.

Share this post


Link to post
  • 0

That's what I thought, I didn't see anything about an entire note. That would be sweet if we could do that also. I personally don't like the concept of encrypting only a section of text within a note, I think encrypting a note and/or a notebook would be a game changer.

  • Like 1

Share this post


Link to post
  • 0

I live Evernote's tag line (Remember everything).  For me, that includes, for example, confirmations of bill payments.  In some cases, those include full account numbers for a credit card, for example.  I'd like to be able to encrypt my entire "Finances" notebook.  I am already a premium user - it's an important feature, if Evernote means what it says in its tagline.

 

Share this post


Link to post
  • 0

I live Evernote's tag line (Remember everything).  For me, that includes, for example, confirmations of bill payments.  In some cases, those include full account numbers for a credit card, for example.  I'd like to be able to encrypt my entire "Finances" notebook.  I am already a premium user - it's an important feature, if Evernote means what it says in its tagline.

 

To avoid putting this sort of info into the cloud, I store the bill, statement, and payment details in a local non-sync'd notebook.

This makes the info only available on my home computer.

  • Like 2

Share this post


Link to post
  • 0

jbenson2 - brilliant solution - it just never occurred to me!  (It would still be nice to have an option in between local only and not local but not encrypted, but for now, this solves my immediate problem.)  Thanks!

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...