Password Protected Notebooks

[EvernoteLover9 159]

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

[gazumped 11,656]

Happy to confirm we still don't have this feature.

[elgrayso 3]

ive tried text encryption. it doesnt work for me (Safari, Mavericks). No option when following the instructions. Look at this example of my top secret omlette recipe. (no right-click encryption options)

 

 

Even if it did work, I think highlighting a bunch of text ( a document could be very large) and encrypting and unencrypting every time is unintuitive and cumbersome to workflow. A document that quickly prompts you for a password when first opened would be extremely useful. 

[i am a pie 1]

that's weird!

on my machine (in yosemite) it looks like this :

 

 

do you also not have the option in the 'Edit' menu like this?

 

[elgrayso 3]

it looks like it works when i use the software. 

however a lot of the time I am not on my home computer; i am at work, school, or a friends house. 

it wouldnt be an easy solution for me to install evernote on all of these each time. 

 

but thank you, i got my answer. i'll check back in a couple years and see if theyve added password protectable notes. i'm sure it will happen eventually. 

[Scoob 5]

There's a lot of interest by everyone except the developers into this feature.

Check out this thread from 2013: https://discussion.evernote.com/topic/36764-encrypt-a-whole-notebook/

 

There's a program called Saferoom that is also in beta.

[Scoob 5]

I float in and out of the forums looking into encryption or "lockable" notebooks and would be happy to add my +1 to any type of extra security. Just call me paranoid but with all the privacy concerns, why would something as important as Evernote notes be left in the open and unlocked? 

[lost_gweedo 73]

I'm not trying to sound like a scorned user, but this is one of the reasons I will probably switch to one note next month when my premium account is up for renewal. It's a fairly mundane request to be able to secure private notes, imo.

To be fair to evernote, I'm starting to like to more free form nature of onenote and the ability to sketch and handwrite (such that it is on an iPad) than enote allows for as well.

[IndieGengar 2]

I wish that Evernote worked like the tor browser iOS app, each time you opened the app, you put in a passcode then you can access your notes, this would work great with specific notes.

[gazumped 11,656]

It'd annoy the spit out of me every time I checked my shopping list though..

[Frank.dg 1,385]

It'd annoy the spit out of me every time I checked my shopping list though..

 

Unless you had a secret sauce passed down through the generations...

[gazumped 11,656]

<Groan>

[CalS 5,280]

A lot of us keep our Evernote logged in on our "safe" personal computers (home and office). So anyone that sits down has full access to everything. Not to mention logging into evernote in a public place and having personal info pop up on the screen because it was the last note you made (as opposed to that note not displaying until you type in it's password). 

I'm all for note level encryption, but I don't think we need to include "safe" computer protection in the mix.  This can be managed with normal Windows screen saver password protection.  Protect EN and everything else that's open on the home/work system.

[moitoy 0]

I'm baffled as to how many posts and threads there are on this topic- I don't have time to read all of them.  But really, locking a notebook cannot be that hard to implement.   I use EN to store all kinds of content quickly from many devices- like 20+ notes per day.  I don't have time to sort through all the notes and tag them and put them in their own notebooks.  I have assistants who do this.  I don't want these assistants looking at some of the notes.  To have one notebook where I can stash private notes would be ideal.

I can't think of a successful database-driven service that does not offer this.   Maybe Evernote is just waiting to cash out from a buyout- maybe Google can come to the rescue.

[Wordsgood 526]

You can have an unsynced Notebook on your desktop and if your Premium or Business, you can have one on your mobile device as well.

Or you could get a second account, free or paid, and save all your private notes in that one. All you need to set up another account is an alternate email address.

I'm baffled as to how many posts and threads there are on this topic- I don't have time to read all of them. But really, locking a notebook cannot be that hard to implement. I use EN to store all kinds of content quickly from many devices- like 20+ notes per day. I don't have time to sort through all the notes and tag them and put them in their own notebooks. I have assistants who do this. I don't want these assistants looking at some of the notes. To have one notebook where I can stash private notes would be ideal.

I can't think of a successful database-driven service that does not offer this. Maybe Evernote is just waiting to cash out from a buyout- maybe Google can come to the rescue.

[gazumped 11,656]

It sounds easier to set up a work-around for confidential notes than it would be for Evernote to reschedule their pre-planned development for the next x months to get this fix out there - if they've even decided it would be cost-effective to do anything at all...

[possible 1]

Agree with comments made - something simple would be a great help. Not a replacement for full scale encryption, just a light filter to keep selected personal files out of perusing view ..

Donna

[skywinder 2]

it already implemented in Developers api

Just want to mention, that is really missed feature for the users!

 

related topics:

https://discussion.evernote.com/topic/49445-how-can-i-lock-my-evernote-note/

https://discussion.evernote.com/topic/35413-can-i-lock-my-note/

[ahmed younes 2]

+1

[cenk 0]

+1 it's a must.

[solomanwisdom 1]

+1 

 

Amazed this isn't an option. Even Microsoft OneNote has it.

[gabalafou 1]

To me, locked notebooks is by the far the single-most important feature from OneNote that I would want to see implemented in Evernote.

 

I understand that I can have two separate accounts, but switching between accounts is pretty cumbersome.

 

If the Mac version for OneNote didn't suck, and if Evernote weren't on every device (even my Kindle Fire HDX!) and so widely integrated with so many other apps and services, I would have already switched to OneNote just for that one feature.

[skywinder 2]

Hey, @evernote! Please, free your users from Mircosoft's staff! I know, you are best!

[pokEarl 0]

+1 

 

Really stupid that this is not an option. And I've googled and seen a few threads about this, and see people defending it not being a feature saying thigns like "You can lock your computer". Guess what, you can lock your phone just as easily. There is absolutely no reason this should not be a feature, and it is not something that is complicated to implement. As people have said, this is not something to protect our credit card information from CyberWarfare, its just so that people borrowing my computer wont click in on private notes (with malicious intent or not.) 

 

Evernote is all about convinience, that is its only selling point, there is no one function evernote has that is not easily repeatable through other software. And it is very inconvinient for a lot of users that this feature is not implemented. 

[solomanwisdom 1]

I switched to OneNote in the end. Usually not a Microsoft fan (being mostly a Mac user) but they have done an exceptional job on OneNote. If you use it with OneDrive you can get up to 30GB free cloud storage too and no need to worry about taking up space and being charged (for going over) Evernote's limited space. Password protection on sections too.

 

But anyway, thats's a different discussion.

[BurgersNFries 2,407]

I switched to OneNote in the end. Usually not a Microsoft fan (being mostly a Mac user) but they have done an exceptional job on OneNote. If you use it with OneDrive you can get up to 30GB free cloud storage too and no need to worry about taking up space and being charged (for going over) Evernote's limited space. Password protection on sections too.

But anyway, thats's a different discussion.

I switched from Evernote to Onenote last year. I got Office 365 (annual subscription) which includes free updates of the Office suite software and one terabyte of cloud storage. Onenote doesn't work as well for me as Evernote USED to. But Evernote does not scale well. They are aware of this and have continued to not address the problem. It got to the point where EN simply would not work on my PC, iPhone or iPad due to the large number of notes I had (66,000+) I had. So for me, the $100/year for the version of Office 365 I signed up for was worth it, since I had two EN premium accounts. But as you say, that's a different discussion.

[jpsailor 1]

Hi Guys ,

I found a simple turn around for that, which is selecting the text and control click (mac) for the option "encrypt this text"

it's not ideal , but at least the content of the note is protected. 

i'would also love to have this password.Also in writing, security would be great !

And to guys like bankrobber that don't add any useful info to the proposed topic, don't bother to reply ...

Hope that this helps !!

cheers

 

Original post by :

Meryn Stol, Evernote user since 2009.In the Evernote desktop clients, you can encrypt any piece of text by right click in it and choosing "Encrypt selected text". I don't know about mobile. You can't encrypt the whole note, but you could encrypt all text within a note. That comes down to about the same.

The encryption function prompts for a password which is used as the key to encode the selection. You need the password (the key) to decode the selection again.

[EstherJesters 0]

+1

 

This would be a welcomed feature, especially in the absence of not having a PIN option for the Mac desktop application (like DayOne has).

[visualdrome 0]

In "colornote", a less developped similar app (you can't share the notes between phone and computers), it's very easy to do it (a click in the menu bar).

[Frank Blome 12]

+1 

 

That would solve a lot of security issues I currently have.

[carlash 1]

Hi,

 

Please evernote can you add a password/code function to the desktop version? 

 

I love and use evernote daily. I'd be lost without it in fact. I use it for many things, this includes sensitive information that I wouldn't want work or family or friends to see. Passwords and such. Quite often my laptop may be borrowed to work purposes to use a program or fix something, or leisure for friends to watch a film on the weekend. I can easily sign out of other private accounts such as my work logins, hotmail or facebook, but my only worry when I'm handing my laptop over to be borrowed is that others can look in my evernote if they wanted to. This gives me anxiety. 

 

My only option is not to store this sensitive info in there but this is very annoying as it's adding unnecessary complexity to the way I store things - need multiple apps etc

 

It's a basic add on to do an optional password on the desktop version. - Or please add function to password certain protect notes would be very helpful.

 

Please add this feature.

 

Thanks.

[elgrayso 3]

Hi,

 

Please evernote can you add a password/code function to the desktop version? 

 

I love and use evernote daily. I'd be lost without it in fact. I use it for many things, this includes sensitive information that I wouldn't want work or family or friends to see. Passwords and such. Quite often my laptop may be borrowed to work purposes to use a program or fix something, or leisure for friends to watch a film on the weekend. I can easily sign out of other private accounts such as my work logins, hotmail or facebook, but my only worry when I'm handing my laptop over to be borrowed is that others can look in my evernote if they wanted to. This gives me anxiety. 

 

My only option is not to store this sensitive info in there but this is very annoying as it's adding unnecessary complexity to the way I store things - need multiple apps etc

 

It's a basic add on to do an optional password on the desktop version. - Or please add function to password certain protect notes would be very helpful.

 

Please add this feature.

 

Thanks.

totally. but i'd add it to mobile and browser versions as well.

 

another problem with not having password protected notes:

say you had a slightly embarassing note, like a poem you wrote, or notes to talk to you therapist about, etc. if you use evernote on your work computer, sometimes evernote will display the most recent note. So even if you wrote a personal note from home, your work computer could get restarted and all of a sudden your personal note is loaded on your work computer screen.

like you said, this makes you need two note taking apps. one for almost everything (evernote), and one for personal notes.

 

with how popular and useful evernote is, its totally silly that you cant password encode notes. and its also silly that so many people  come out and defend not having this option

[gazumped 11,656]

Anyone checked out Saferoom yet?

[mirbogat 1]

+1 for all platforms

[DougBrownIO 0]

+1 on windows/mac

 

At the very least, why can we not just password protect a selected notebook so when I click on a password protected notebook it requires me to punch in a password saved for that notebook.

 

I used to use Evernote sometimes within my software dev team meetings to take some meeting notes while on a projector. It hasn't happened yet, but I also have a notebook that has personal team related information, like member contracts, resumes, etc that I could get into serious trouble by inadvertently clicking the wrong notebook and displaying I shouldn't to the rest of the team!

 

This might sound silly, but it is the sole reason that I simply cannot use this for work related activity.

[jhw367 2]

EN should encrypt EVERYTHING by default, decrypting through logging in with a password, why does this seem such a hard thing to implement? Users should be able to lock/encrypt a note, a notebook, as they prefer. 

[itsonlycomputers 0]

#1

[EdNJ 0]

Evernote is just a super tool used across multiple platforms - Android, IOS, Windows but without a simple password/pin protect option for notebook/notes it has a major security flaw in case of lost device, device sharing. I have read the discussions on this topic and unfortunately soon have to look for alternatives.

Can someone in a senior technical position at Evernote please comment on any direction to provide this feature - your users are faithful but as with most products ignoring such basic, practical and consistent user feedback can lead to security-conscious users going elsewhere. Thanks

[dancer 0]

Yes, I've been using One Note for years and just tried Evernote, I love it and have installed it on three devices; I would welcome password protected notebooks too.

[Calion 26]

FYI, if it's only the occasional note that you want to encrypt and share across devices, 1Password has an always-encrypted Notes feature, that is accessible across all your devices via iCloud, Dropbox or direct sync. It's not a replacement for Evernote, but it works pretty well for what it is, and it's full-text searchable.

[jasondunn 20]

FYI, if it's only the occasional note that you want to encrypt and share across devices, 1Password has an always-encrypted Notes feature, that is accessible across all your devices via iCloud, Dropbox or direct sync. It's not a replacement for Evernote, but it works pretty well for what it is, and it's full-text searchable.

 

After finally admitting to myself that Evernote is firmly ignoring users who are asking for this - they've never so much as acknowledged the request as far as I know - that's exactly what I switched to. Consequently, I find myself using Evernote a bit less often. 

 

Still pretty frustrated by Evernote's seeming indifference to this customer request. Their social channel managers and CEO don't even respond to tweets about it. It's like they all just want us to go away...?

[jhw367 2]

Thanks for the recommandatie about 1password, this exactly the approach I would forsere in EN. Solid Security to initially get in and EVERYTHING inside is ALWAYS secured. For EN not to be encrypted is fundamentally wrong, it's reasoning the wrong way round. So what's the argument for not doing so, Investment, indexing, laws, time?

Investment: I'd expect a lot more potential with an encrypted version of EN, people skipping the app for a justified concern about their data would actually seriously consider it. With all the news around leaks, who wouldn't want their data secured.

Indexing, surely this can be built in, if 1password can, why couldn't EN? If needed there could be a choice, with indexing or without, where with perhaps offers less space and slower Performance.

Laws, I'd be surprised if any law forced EN to keep all content wide open, rather I'd expect the opposite, for laws to protect my privacy.

Time, this would be a matter of reprioritization, if this is a feature a lot of users want, then just do it.

[tavor 668]

The recent Ashley Madison hack and threats to publicly post hacked data online serves as a stark reminder that data stored online is not secure. Zero knowledge encryption is long overdue.

[GrumpyMonkey 4,319]

The recent Ashley Madison hack and threats to publicly post hacked data online serves as a stark reminder that data stored online is not secure. Zero knowledge encryption is long overdue.

massive hacking incidents are now a regular part of the news, aren't they. ashley madison one day, hacked vehicles the next. of course, each incident has its own unique conditions, but the lesson to learn here, i think, is that everyone gets hacked (evernote has been hacked at least twice already).

in my opinion, we ought to assume that anything unencrypted on the cloud is either already hacked and public information, or it will be any day now. this either severely curtails our usage (grocery lists and web clippings?) or causes us to look elsewhere for an app that provides the level of security we need.

you're right about zero knowledge encryption being long overdue. my understanding is that onenote offers it now, so it looks like evernote is years behind the curve here. i hope they re-evaluate their priorities soon. their competitors have.

[KDC 0]

I simply cannot believe that this is not an option. Evernote is supposed to be the notebook that is everywhere. Apparently this does not include collaborative environment with multi-user stations. 

 

For example: I work in a building with two stories of laboratories, ~50 researchers with about two dozen experimental stations. Any given experimental station may have a dozen or so users who log on to collect data using that instrument at different times. I should be able to lock my evernote "user account" on the native client.

 

At the very least, implement an automatic logout of the web client after a period of inactivity. It's just unreal to me that I can't have my lab notebook with me while I conduct an experiment, like I can, say with this other piece of super- advanced technology known as a paper notebook...

[Robson Negreiros 0]

I think this isn't the best solution for desktop/workstation but this is what I need and I can got for now. I used a cryptographic program called VeraCrypt (like old TrueCrypt) and I created a volume with 8Gb, it's enough to me. So, I installed Evernote and before first sync, I changed default data directory to the protected disk. 

 

Some drawbacks can be, you need to remember to lock your workstation and/or close Evernote (even on system tray).

 

I hope this can help someone.

 

Link to VeraCrypt: https://veracrypt.codeplex.com/

[GrumpyMonkey 4,319]

i doubt veracrypt is doing anything. when you unencrypt and open evernote, it syncs unencrypted to the servers, where your data sits in plain text vulnerable to any hack, rogue employee, or govt intrusion. i guess the only benefit is if someone tried to physically break into your computer and steal data.

[BeneficialBob 0]

I agree with GrumpyMonkey -- It is more beneficial to encrypt a full note especially if it has attachments, than it is to encrypt only text in a note. Why can't the GUID be extended in the database for those notes that have full encryption versus those that are not encrypted. The first part of the GUID can designate the folder and the second indicating whether the note is encrypted through a concatenation methodology. 

[jdbutler 5]

+1

Absolutely - I've seen (and given) requests for this feature for years.

[loz111 1]

+1 for the ability to password or pin protect a folder.

[Darwood 1]

Yes please implement this on all platforms. Even colornote on Android allows you to lock a note with a master password. I don't want somebody who accidentally sees my evenote notebooks being able to see confidential or sensitive information.

[sbigelow 0]

+1 This should be a top priority for Evernote.  I want to store my vital records in Evernote but just not worth the risk until they get this added.  Using Sharefile for now.

[GrumpyMonkey 4,319]

+1 This should be a top priority for Evernote.  I want to store my vital records in Evernote but just not worth the risk until they get this added.  Using Sharefile for now.

i'm no expert in security or encryption, but i don't think sharefile is any more secure than dropbox. they hold the encryption keys. this means that they can rummage through your account whenever they want. they'll also unencrypt it and turn it over to the us govt. if asked to do so. and, if they are hacked, your stuff is at risk. i'd recommend spideroak imstead.

without zero knowledge (i hold the key and no one else has access), there isn't much point in evernote introducing passwords for notebooks.

[possible 1]

Support the recommendation to introduce some level of password security for files.it would be very helpful for a variety of purposes.mnot necessary to be high level security encryption...I hav written before and now wondering if anyone has heard from the software company about their plans to address this issue???? Are they saying it is under consideration,or in the works ...or not ??????mi briefly looked for a feedback email and could not find one, so assuming this is the place - would love to hear from them.

[possible 1]

Support the recommendation to introduce some level of password security for files.it would be very helpful for a variety of purposes.mnot necessary to be high level security encryption...I hav written before and now wondering if anyone has heard from the software company about their plans to address this issue???? Are they saying it is under consideration,or in the works ...or not ??????mi briefly looked for a feedback email and could not find one, so assuming this is the place - would love to hear from them.

[GrumpyMonkey 4,319]

no plans that i am aware of, though a year or two ago the then-ceo suggested plans for "sexy" encryption, so i guess you never know. evernote generally doesn't discuss its plans. try saferoom for a third-party solution.

[off note 0]

+1 for all platforms. Would be great if Evernote support could leave a reply here given all the interest. Love Evernote but this is becoming an important enough feature for me that I'll leave for a competitor if someone else develops the right feature set. 

[Metrodon 2,184]

This is a user forum. Want to ask Evernote a direct question? Open a support ticket or send them a tweet.

[JMichaelTX 4,117]

Since Evernote now is providing official support to all users via Twitter, you might post your request on Twitter @evernotehelps.  It might also be good to include a link back to your post here.

[bambooparadox 40]

+1 for password protected notebooks

+1 for password protected notes

+1 for password protected text including embedded pictures (jpg-screenshots)

[Ania 0]

+ 1

 

 

[Rich Tener 86]

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 

As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

[jbenson2 2,147]

 

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 

As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

 

Thank you, thank you, thank you.

 

This sort of feedback is wonderful. I'd love to see more of it.

Toss in some detailed explanation would be the topping on the cake.

[hlev 2]

I recently upgraded to the professional edition but may need to cancel or at least stop using Evernote for work. The problem is that the encryption solution I have found - encrypting each note individually - is really not very workable. Evernote should offer something along the lines of what LastPass does for its password sharing. That is let users create a master password or pass phrase. They are responsible for keeping track of this password and Evernote never stores it on their systems. When a user starts up Evernote, they are prompted for the master password. Then anything that is transmitted to Evernote is first encrypted with that pass phrase using AES256 or some equally strong encryption. When notes are synced with other devices, the user would also need to provide the pass phrase on the device. The same would apply for the web interface. The key is that Evernote should never store the user's master pass phrases. In the case of notes passed in by email, they would be stored unencrypted until they are synced with a user device. After all, if you are emailing the document you shouldn't be too concerned about encrypting it. If there is other functionality lost due to the lack of access to my notes on Evernote servers, I would be perfectly fine with that.  As far as data stored on the device, for me, I am fine if it remains unencrypted on the devices. I just want my information protected when stored on Evernote servers.

 

[JMichaelTX 4,117]

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 

As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

 

Rich, thank you so much for posting here, and providing clarification of Evernote's view on NB encryption.

I very much appreciate you being an advocate for this, and look forward to hearing from you on other security topics.

 

I see this is your first post in these forums, so please allow me to welcome you here.  I'm sure others, like JBenson2, do as well.

[jasondunn 20]

 

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

 

Hi there Rich - great to see you joining this conversation! It's refreshing to see an Evernote employee participating here. I appreciate you telling us bluntly that it's not a priority for the product planners. I hope they realize that market leaders don't stay that way forever - when a company ignores the needs of it's core users (the vocal ones who want to see the product evolve), and focus on the wrong things, users will leave. I appreciate fully that developer resources are finite, and there are always more features than an ability to create those features...but I can genuinely say I haven't see a useful new product feature from Evernote in the past two years. I see the frequent updates, but none of the new features serve my needs. My needs, like those of here in this thread, are enhanced security. I want to rely upon Evernote to keep my information safe, and right now I'm not confident in the product's ability to do so.

 

Are the product planners willing to listen to the community and ask us what we want?

[Metrodon 2,184]

From a purely selfish point of view I think this is a great piece of information. For me the rationale of Evernote has always been a place where I can add information and then quickly find it again. Adding encryption greatly reduces this capability, creates support headaches and generally distracts the company from the route that I want it to follow. Half way house measures like not encrypting titles and/or meta data would also create support issues and confuse many users.

I think it's clear from Rich's post that they are listening and that they are choosing not to pursue encryption at least for for the time being.

[GrumpyMonkey 4,319]

Can't agree with Metro on this. Forum flags are at half mast today.

From a selfish point of view, this is terrible news, and it means that I will continue being unable to enjoy using Evernote for the forseeable future. It is exactly the wrong way for the company to go, in my opinion. As for reducing any capacity, not necessarily (not at all in competitors) and certainly not if you don't use it, which is the same as if it is not there!

But, I'm glad to see Evernote has carefully considered it, decided it doesn't fit their vision / isn't a priority, and let us know where they stand right now. Making it clear what is going on is the way to generate goodwill and grow the business, especially if any solution like this is, at the very least, months or years down the road.

[JMichaelTX 4,117]

For me the rationale of Evernote has always been a place where I can add information and then quickly find it again. Adding encryption greatly reduces this capability, creates support headaches and generally distracts the company from the route that I want it to follow. Half way house measures like not encrypting titles and/or meta data would also create support issues and confuse many users.

 

I haven't seen any evidence to support your assertion that somehow adding encryption would make things worse.

There are a number of companies offering highly secure, zero knowledge key, encryption, and I haven't heard or seen any reports of the issues you allude to.

 

Not encrypting metadata (Titles, Tags, dates, etc), is not a "half way" measure, it is a smart measure that protects the sensitive info in the Note contents while still allowing great search capability.  I see no reason that this would "confuse many users", if the feature is clearly documented, and a well-thought-out and tested UI is provided.

 

It's like having a bank vault to put your very expensive valuables and documents into, while still making it easy to bank by Internet for your day-to-day, or hour-to-hour, needs.

 

In fact, from a business position, it would be a very smart approach that I believe would set Evernote apart from the crowd while appealing to many.

[jasondunn 20]

From a purely selfish point of view I think this is a great piece of information. For me the rationale of Evernote has always been a place where I can add information and then quickly find it again. Adding encryption greatly reduces this capability

 

So...you don't care about the security of that information?  I generally don't question when others want certain features in a product, but to not want more security is, honestly, surprising.

 

1password allows me to search everything, and it's far more secure than Evernote, so I don't see how/why adding encryption would somehow make Evernote less useful than it is today.

[ursula 42]

In Day One you can set a password, but the data is not encrypted and can be read by anyone with physical access to your computer.

See: Why I Don't Use Day One For Private Journaling

 

 

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

[GrumpyMonkey 4,319]

i think anyone with physical access to a computer is in a pretty good position to eventually get at your data, unfortunately, depending on their resources (time, money, manpower, expertise). If you turn on file vault on your mac (free and easy to use), you greatly increase your security. In fact, it doesn't matter if an app has password protection or not, because with file vault everything is under lock and key.

the problem with evernote is that your computer may be locked down and quite impenetrable to most folks, but Evernote takes data out of your computer (zero-knowledge encryption), which is only accessible to anyone in physical possession of it, and then it sends it to evernote servers (with no encryption), which are open to the world.

password protection is nice and all, but without security (encryption), it is window dressing.

[jbenson2 2,147]

There are some people who would like ultra high-level encryption to cover 100% of their entire Evernote database, but it appears that Evernote believes there is a much bigger market comprised of general users.

 

I examined my 40,000 notes in Evernote

 

50% are web clippings using Clearly

any: source:Clearly source:web.clip

 

10% are forwarded emails

source:mail.*

 

I also have a large % of scanned notes.

 

But... only 1/3rd of 1% are encrypted notes

encryption:

 

 

Why such as small % of encrypted notes? 

I use Evernote to store all sorts of events from my life, interesting facts, politics, and the more important feature: quick searches.

For high-security needs, I store my confidential information (passwords, account numbers, etc.) in LastPass.

And for highly confidential information (tax returns, for example), I store them locally, not in the cloud.

 

edit: Almost all of my photos are stored in Flickr

[cwb 225]

Thanks for the search reminders.

I would have thought that 50% of mine would have been web clips.

But I guess I'm making more use of IFTT workflows and sends to EN from my feed reeder, than actual web clipper use.

But web clipper was 25%.

10% forwarded email.

And a whopping 11 notes with encryption. It's frankly just not really worth using, as is.

LastPass on the other hand has 800 sets of credentials and secure notes.

I am disappointed to hear that it's not a business priority given we're still waiting for the previous CEO's "sexy encryption" mention.

But I am thankful for the OAuth, and multi-factor. Access security and transparency are great, and I enjoy using them.

[jasondunn 20]

I use Evernote to store all sorts of events from my life, interesting facts, politics, and the more important feature: quick searches.

For high-security needs, I store my confidential information (passwords, account numbers, etc.) in LastPass.

And for highly confidential information (tax returns, for example), I store them locally, not in the cloud.

 

I used to use LastPass, and while it's great for passwords, I found it clumsy and ugly for other types of content (secure notes, etc.). I also didn't particularly like their security model. I have sensitive information in Evernote, because it's hugely advantageous for me to keep it there and have access to it from any device. Wouldn't it be wonderful if Evernote took security seriously enough for you to note have to use another app, or keep things offline, to have secure access? 

[cwb 225]

Having sensitive info synced across all devices is kind of what LP is all about...

I'm wondering what more one might want from a security model than trust no one encryption with a multitude of multi factor login options.

And to add in LP enterprise, the usage logging across the enterprise is great, and much more useful to me than a personal decentralized model like keypass or 1password.

[Metrodon 2,184]

 

There are some people who would like ultra high-level encryption to cover 100% of their entire Evernote database, but it appears that Evernote believes there is a much bigger market comprised of general users.

 

I examined my 40,000 notes in Evernote

 

50% are web clippings using Clearly

any: source:Clearly source:web.clip

 

10% are forwarded emails

source:mail.*

 

I also have a large % of scanned notes.

 

But... only 1/3rd of 1% are encrypted notes

encryption:

 

 

Why such as small % of encrypted notes? 

I use Evernote to store all sorts of events from my life, interesting facts, politics, and the more important feature: quick searches.

For high-security needs, I store my confidential information (passwords, account numbers, etc.) in LastPass.

And for highly confidential information (tax returns, for example), I store them locally, not in the cloud.

 

edit: Almost all of my photos are stored in Flickr

 

 

You nailed it - the vast majority of most people's stuff doesn't need to be secure or encrypted. Evernote is far more useful for far more people without encryption.

 

It's important to remember that a lot of the people that come to this forum come with edge cases, we are not necessarily representative of the user base as a whole. It's not to say that those edge cases aren't valid, but they are at the edge. The fragrant Burger n' Fries for example, quickly reached a critical mass from a scaling perspective and has mostly had to abandon Evernote. If there were thousands of users in the same situation then I'm sure Evernote would dedicate more resources to finding a solution. I'd guess the number of users with 50k+ notes is dwarfed by the number who have less than a thousand. Similarly, although encryption would be useful for a vociferous user group on here, I'm betting the vast majority of the user base couldn't care less. They don't need to secure their web clippings, recipes, wine bottle photos, shopping lists etc etc - but being able to find their stuff is absolutely key.

[jhw367 2]

Good progress and even better discussion since the response from Rich Tener. Thanks for this! Way to go, users talk to developers and vice versa.

 

As stated before, all should be encrypted, period, and it will be at some point in time, whatever tool we are using some time from now will have EVERYTHING encrypted, ALL the time, that's one.

 

Now the question is what and by when will provide this functionality, personally i don't think it is a matter of prioritizing requirements, rather it should be perceived as a basic need. Ask yourself why you would want to post any un-encrypted data anywhere? A hand written note is un-encrypted, and that's ok, since only those few individuals in and around the "note" can read it. Take a picture of it and post it online, in the cloud, and suddenly it's ok that anybody can read it (after user names/passwords have leaked or ....), why is that? 

 

This discussion will appear strange a while from now, when all is encrypted all the time. 

[Metrodon 2,184]

I don't need anything in Evernote encrypted, I'm sure there are lots of users just like me.

 

I'm guessing the majority or else the product teams at Evernote would be under internal pressure to add encryption - they are clearly not.

 

There are 2 sides to this argument.

[ScottLougheed 1,316]

I don't need anything in Evernote encrypted, I'm sure there are lots of users just like me.

 

I'm guessing the majority or else the product teams at Evernote would be under internal pressure to add encryption - they are clearly not.

 

There are 2 sides to this argument.

My use has shifted so that this is also the case for me. I have other tools that are more secure that I keep those important files in. Evernote gets only the things that do not need encryption. 

[jhw367 2]

I don't need anything in Evernote encrypted, I'm sure there are lots of users just like me.

 

I'm guessing the majority or else the product teams at Evernote would be under internal pressure to add encryption - they are clearly not.

 

There are 2 sides to this argument.

I'm not sure there are two sides, encrypting everything should be relatively simple, we did it ourselves for a cloud based platform we use, which has consequently switched to encrypting everything for all their customers all the time, we tend to over complicate things too much. Why should anyone/thing be able to see any of your data ever, confidential or not?

[Metrodon 2,184]

To make it useful, to make it searchable, to provide "context" or any new form of applied intelligence that they are working on. It's pretty clear that this is their vision, locking away the data stops all of this. 

[kitus 8]

To make it useful, to make it searchable, to provide "context" or any new form of applied intelligence that they are working on. It's pretty clear that this is their vision, locking away the data stops all of this. 

I agree with you, they need our data to run their business I guess. Otherwise I just can't understand why they won't enable a real and secure alternative for those notes that we consider are highly sensitive. 

 

A couple of months ago I decided to give up on them and moved over to DevonThink Pro Office and rendered my use of Evernote for useless webclips I come across while searching online for stuff. I must say this movement is causing me real trouble because I have information spread in two platforms and I guess I will little by little move away from Evernote totally, as it is quite a PITA my current setup.

 

After so many years of being an Evernote advocate and supporting Evernote as a Premium User since 2009 (or 2008 I can't remember), my next step will be to downgrade my account. Too bad I did not remember to stop the automatic renewal I set back then with my paypal account.

 

Also, can we really trust Rich to be who he says he is? it is his first post here...

[Metrodon 2,184]

Only genuine employees get an employee badge.

[JMichaelTX 4,117]

We should all keep in mind that none of us here, who are not Evernote employees, have the data to declare what is an "edge case" or what is a "common" use case.  

 

While it is generally accepted that forums tend to attract more users with complaints than with praise, I have seen studies that suggest that for every complaint posted, there are probably many more users with the same complaint who either don't bother to post, or just quit using the product.  Some estimate that there are 10X, or greater, the users with the complaint that don't post.  

 

This is certainly true for me.  I, along with many other users, hate the Mac iTunes UI.  Yet I have never made even one post in an Apple forum, or to Apple feedback, voicing my complaint.

 

All of this is purely academic, and irrelevant.  

 

What ultimately matters is what Evernote decides to provide.

 

I am encouraged by one thing Evernote Security Head stated:

 

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 

Why would Evernote appoint a Head of Security who is pro encryption if, as a business, they did not have any interest in providing it?  IAC, he is in a great position to continue to voice the need for this feature to the people that make the decisions.

 

So, I think there is good reason to continue to request better encryption, and to hope that Evernote will provide it, albeit that it is not likely to be provided in the near term.

[jasondunn 20]

I'm wondering what more one might want from a security model than trust no one encryption with a multitude of multi factor login options.

And to add in LP enterprise, the usage logging across the enterprise is great, and much more useful to me than a personal decentralized model like keypass or 1password.

 

From my perspective, LastPass represents a massive target, and they've had enough near/partial breach scenarios that I wasn't willing to trust all my data to their security. They take security very seriously, and are good about communicating to their users, but this last attack was enough motivation for me to switch to something else (that, plus the utter awfulness of their UI).

 

I'm not a security expert, but I like 1password's approach: there is no centralized server to hack. All data is encrypted locally via individual data blobs. If you use Dropbox to sync your 1password files, like I do, these encrypted blobs are on the Dropbox server, but they're not linked to Dropbox for decryption. They have a good explanation of authentication vs. encryption that sums it up nicely: authentication (what Evernote uses for cloud access) is more flexible, but encryption is safer. 1password also has really strong stand-alone apps on Android, iOS, etc.

[JMichaelTX 4,117]

I'm not a security expert, but I like 1password's approach: there is no centralized server to hack. All data is encrypted locally via individual data blobs. If you use Dropbox to sync your 1password files, like I do, these encrypted blobs are on the Dropbox server, but they're not linked to Dropbox for decryption. They have a good explanation of authentication vs. encryption that sums it up nicely: authentication (what Evernote uses for cloud access) is more flexible, but encryption is safer. 1password also has really strong stand-alone apps on Android, iOS, etc.

 

 

Excellent point about 1Password.

 

Further, once I open 1Password on *any* device that I've sync'd via Dropbox, all data within 1PW is completely searchable.

I do this all the time, and it works well.

 

So, those that say encryption prevents searching, might want to rethink that statement.  

 

The other great thing is that when 1PW app is closed, I can't read the data via other means.  So it is always secure on my Mac. 

[cwb 225]

Naw, it really isn't any different.

Presumably most people are using dropbox or icloud to sync their 1password library.

So on the one hand you have a sync service distributing a pre-encrypted blob which the sync service cannot decrypt.

And on the other you have LastPass.  Also a sync service distributing a pre-encrypted blob which the sync service cannot decrypt.

Just like in this thread, where some are asking for TNO pre-encryption for notes which the sync service cannot decrypt.

 

In all cases, even if the service was hacked, that doesn't get you into the encrypted data.

Further I would argue that the security oversight, controls, and history are better with Lastpass than icloud and dropbox.

If you were not following security news, did you hear from Dropbox when a software update allowed for about an hour, all accounts to be logged in with any password entered?  Lastpass errs on the side of caution and transparency, whereas icloud and dropbox are far more opaque. 

 

Unlike using Dropbox/icloud to sync/distribute my passwords, with Lastpass we can:

• restrict which countries can log in
• restrict login attempts from TOR
• turn off email verification/bypass for unknown devices and locations
• pick from 8 different multi-factor options (including up to 5 Yubikeys on one account). 
• scale it up to supporting a whole enterprise
  • keeping items encrypted and access logged, but being able to share single items, folders or nested folders.
  • being able to keep enterprise and personal sites separate and usable in a single view, but separate-able with a single click. Or letting them use read-only credentials to log in without being able to view them.
  • being able to report on or create automated reminders for weak or duplicated passwords across all lastpass accounts.
  • Being able to view in a report the master password strength and multi-factor use across the enterprise to determine that no one needed to change their passwords based on a maybe that hashes but not encrypted blobs might have been lost, in the last LP notification.  Knowing there isn't enough life in the universe to have time to crack the hashes.  And that even if they did and had credentials, they still couldn't log in to download a encrypted blob.

 

Because the Lastpass service is tightly integrated with the app, there is great site by site, note by note usage/access logging for verification purposes.

Other than a strong password, do you know with reasonable certainty, that no one else has accessed data in your vault, or is not currently attempting to brute force into a copy of your vault?

 

Lastpass too can be used completely offline.  Via any of, the stored encrypted blob +plus browser plugin, mobile apps, the windows app LastPass Pocket, Portable thumbdrive instances.

There's every reason Evernote could a do a very similar model.

[jasondunn 20]

As stated before, all should be encrypted, period, and it will be at some point in time, whatever tool we are using some time from now will have EVERYTHING encrypted, ALL the time, that's one. Now the question is what and by when will provide this functionality, personally i don't think it is a matter of prioritizing requirements, rather it should be perceived as a basic need. Ask yourself why you would want to post any un-encrypted data anywhere? A hand written note is un-encrypted, and that's ok, since only those few individuals in and around the "note" can read it. Take a picture of it and post it online, in the cloud, and suddenly it's ok that anybody can read it (after user names/passwords have leaked or ....), why is that? This discussion will appear strange a while from now, when all is encrypted all the time. 

 

Agreed 100%. Evernote has the choice to be a leader in this space, or a follower once the rest of the world is on board. There's a groundswell pushing toward "https everywhere", VPN for security (I just backed an Indiegogo product called Keezel that creates dead-simple VPN for all devices via WiFi), and there have been such an unrelenting stream of massive hacks and data breaches, digital security is something even casual users are starting to think about...but even if they're not demanding better security from Evernote, there's no reason why Evernote should wait around to deliver it. Users might not think what they have in their notebooks need securing, but with the prevalence of identity theft, even casual, seemingly innocent bits of information could be used against them.

 

Evernote's seemingly casual approach to security - there isn't even a password option on the desktop client - will not help them in the long run.

[jasondunn 20]

A couple of months ago I decided to give up on them and moved over to DevonThink Pro Office and rendered my use of Evernote for useless webclips I come across while searching online for stuff. I must say this movement is causing me real trouble because I have information spread in two platforms and I guess I will little by little move away from Evernote totally, as it is quite a PITA my current setup..After so many years of being an Evernote advocate and supporting Evernote as a Premium User since 2009 (or 2008 I can't remember), my next step will be to downgrade my account. Too bad I did not remember to stop the automatic renewal I set back then with my paypal account.

 

Give Pocket a try. It's a great cross-platform tool for web reading - I used to use Evernote for that purpose, but ultimately found it pretty clunky. Pocket is really focused and fast at what it does.

 

I too am seeing less value from Evernote and may let my account downgrade - I simply don't get the value from it that I used to as I've moved more of my data to 1password. And I used to be a HARDCORE Evernote evangelist! 

[GrumpyMonkey 4,319]

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable.

i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security?

0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it.

if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

[jbenson2 2,147]

<snip> other apps manage to achieve full zero-knowledge encryption and still have the contents searchable. <snip>

 

 

Is there a Windows program that has zero-knowledge (trust no one) encryption and is searchable?

[GrumpyMonkey 4,319]

<snip> other apps manage to achieve full zero-knowledge encryption and still have the contents searchable. <snip>

 

Is there a Windows program that has zero-knowledge (trust no one) encryption and is searchable?

onenote? i don't know about searching (sorry, i don't use it). my problem is syncing with other devices, and when it comes to that, there are only a couple of osx / ios things out there. if you only use one device, get a surface, use evernote local notebooks, and you are all set.

[cwb 225]

No, not OneNote.

 

See: https://spekxvision.wordpress.com/2015/04/14/still-no-secure-cloud-sync-for-onenote/

 

"OneNote 2013 does offer strong encryption, and in fact this is TNO. You can enter a password for a section in any of the Windows/iphone/iPad apps, and the section will be encrypted on the client side. The downside, and it is a big downside, is that you have to do this for each section individually.. not notebook, or section group, but each section. If you have tens or hundreds of sections in your notebook, as I do, that means typing the password for each one when you want to open it!

It also means that you can’t search or index that section while it’s locked – it’s only when you open it, that it can be read. This is equivalent to encrypting each file on disk (since OneNote does indeed use a file for each section).

So – I tried this for a while, and immediately found it a pain to use.. I have a section for each client, product, project, and doing a ‘search all’ would take ten minutes just to temporarily unlock each one. Ideally, they would allow a password to be bulk-applied to multiple sections, so you can unlock the lot in a single action, but they don’t."

 

What ever OneNote does or doesn't do with encryption isn't greatly different than Evernote does in more Apples to Apples comparisons.

Meaning that you aren't just dumping a OneNote file in OneDrive/Skydrive or running it locally.

But actually putting it on Sharepoint Online for collaboration, browser access, sync to ipad, etc.

Encryption is either unavailable or no different than Evernote's.

[kitus 8]

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable.

i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security?

0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it.

if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

I couldn't have phrased it any better!!!!

[GrumpyMonkey 4,319]

unfortunately, windows is kind of barren right now. it sounds like onenote isn't the answer either, though sections seem light years ahead of text (evernote).

on mac, i'd recommend devonthink, which syncs without the cloud at all. if you want to sync via dropbox, it works effortlessly, [EDIT: security issue it had with DB resolved]-- a combination of spideroak and indexing makes everything available on any platform. it works really well.

http://www.christopher-mayo.com/?p=2376

voodoopad recently revamped its backend to increase encryption security, but the app is really slow to get updates, so it is difficult to recommend. it is the only app, though, that has managed to get encryption + dropbox sync working seamlessly (when devonthink revises its security, it will be a better choice, i think). if a single independent developer managed to implement seamless encryption years ago, why can't evernote's team of dozens do it?

nvalt also has encryption, but only for text (what it is built for). it's been humming along for years, but brett is working on something new, so we might have yet another mac option soon. again, one guy managed to do what evernote's team couldn't / wouldn't.

there is still no one like evernote (on every platform) who has mastered encryption, but onenote is inching ahead (in my opinion). i doubt the onenote team (or any of the other developers) are "better" than evernote's. they just decided encryption was necessary, and evernote hasn't made that decision.

this is a great time for evernote to stand up and distinguish itself as the most secure notetaking / personal information manager for everyone. i wish they would.

[EDIT]: added a bit more stuff.

[JMichaelTX 4,117]

there is still no one like evernote (on every platform) who has mastered encryption, but onenote is inching ahed (in my opinion). this is a great time for evernote to stand up and distinguish itself as the most secure notetaking / personal information manager for everyone. i wish they would.

 

Roger that!  

[jbenson2 2,147]

That is sort of what I expected. As I suggested on my earlier post, Evernote is concentrating on the larger marketplace.

 

"There are some people who would like ultra high-level encryption to cover 100% of their entire Evernote database, but it appears that Evernote believes there is a much bigger market comprised of general users."

 

Searchable zero-knowledge (trust no one) encryption is a wonderful concept (that has been requested for several years), but for a program supporting multiple O/S, including Windows, it's as scarce as hen's teeth. 

 

So until something shows up and proves itself in the future, I will stick with my notebook and use a variety of programs, as well as Evernote with note encryption. Thank you for the suggestions.

[cwb 225]

Oh... and about the OneNote "TNO" encryption...

Maybe not so much (other than perhaps you bought a retail copy that you use in your own home):

 

https://technet.microsoft.com/en-us/library/cc179125.aspx

• If you do allow users to password protect documents, and they later forget or lose the password, you can use the DocRecrypt tool to reset or remove the password. For more information, see the Remove or reset file passwords in Office 2013 article.

• And the selection of encryption methods can be controlled through group policy.  AES and 3DES shouldn't be assumed.  They can be configured to be any of:

  • AES, DES, DESX, 3DES, 3DES_112, and RC2

• https://technet.microsoft.com/en-us/library/jj923033.aspx

  • Previously, if the original creator of a file password either forgot the password or left the organization, the file was rendered unrecoverable. By using Office 2013 and an escrow key, which is generated from your company or organization’s private key certificate store, an IT admin can “unlock” the file for a user and then either leave the file without password protection, or assign a new password to the file. You, the IT admin, are the keeper of the escrow key which is generated from your company or organization’s private key certificate store. You can silently push the public key information to client computers one time through a registry key setting that you can manually create or you can create it through a Group Policy script. When a user later creates a password-protected Office 2013 Word, Excel, or PowerPoint file, this public key is included in the file header. Later, an IT pro can use the Office DocRecrypt tool to remove the password that is attached to the file, and then, optionally, protect the file by using a new password.

And you have to wonder that there wouldn't be an escrow key on Sharepoint Online hosted content.

[GrumpyMonkey 4,319]

Oh... and about the OneNote "TNO" encryption...

Maybe not so much (other than perhaps you bought a retail copy that you use in your own home):

 

https://technet.microsoft.com/en-us/library/cc179125.aspx

• If you do allow users to password protect documents, and they later forget or lose the password, you can use the DocRecrypt tool to reset or remove the password. For more information, see the Remove or reset file passwords in Office 2013 article.

• And the selection of encryption methods can be controlled through group policy.  AES and 3DES shouldn't be assumed.  They can be configured to be any of:

  • AES, DES, DESX, 3DES, 3DES_112, and RC2

• https://technet.microsoft.com/en-us/library/jj923033.aspx

  • Previously, if the original creator of a file password either forgot the password or left the organization, the file was rendered unrecoverable. By using Office 2013 and an escrow key, which is generated from your company or organization’s private key certificate store, an IT admin can “unlock” the file for a user and then either leave the file without password protection, or assign a new password to the file. You, the IT admin, are the keeper of the escrow key which is generated from your company or organization’s private key certificate store. You can silently push the public key information to client computers one time through a registry key setting that you can manually create or you can create it through a Group Policy script. When a user later creates a password-protected Office 2013 Word, Excel, or PowerPoint file, this public key is included in the file header. Later, an IT pro can use the Office DocRecrypt tool to remove the password that is attached to the file, and then, optionally, protect the file by using a new password.

And you have to wonder that there wouldn't be an escrow key on Sharepoint Online hosted content.

 

 

this is for a corporate environment in which the corporation is given control over the function of the keys (quite a bit of control, in fact, with lots of options). this sounds like a good thing, especially for a company who wants to use encryption widely.

 

for individual users, my understanding is that you can encrypt with zero-knowledge encryption -- only you have the key. 

[jhw367 2]

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable.

i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security?

0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it.

if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

 

Totally agree with the red herring statement, it's distracting.

 

Wrt privacy, see "why privacy matters", i also think we're reasoning upside down here, basic principle needs to be, all encrypted, default. 

 

We need to move from postcard thinking, where everyone can read, to correspondence in an envelope, not able (not allowed) to be read by all, along the way. 

 

 

A couple of months ago I decided to give up on them and moved over to DevonThink Pro Office and rendered my use of Evernote for useless webclips I come across while searching online for stuff. I must say this movement is causing me real trouble because I have information spread in two platforms and I guess I will little by little move away from Evernote totally, as it is quite a PITA my current setup..After so many years of being an Evernote advocate and supporting Evernote as a Premium User since 2009 (or 2008 I can't remember), my next step will be to downgrade my account. Too bad I did not remember to stop the automatic renewal I set back then with my paypal account.

 

Give Pocket a try. It's a great cross-platform tool for web reading - I used to use Evernote for that purpose, but ultimately found it pretty clunky. Pocket is really focused and fast at what it does.

 

I too am seeing less value from Evernote and may let my account downgrade - I simply don't get the value from it that I used to as I've moved more of my data to 1password. And I used to be a HARDCORE Evernote evangelist! 

 

 

Thanks for the very useful suggestions.