Evernote OR Privacy ?

[DjBea 7]

I like to use Evernote but i feel nude with it.

As asked severals years before : still not cypher feature for data saved on hard drive. (Apple cypher iphone backups on hd).

Not ability to choose a datacenter in another location. And also ability to use a private datacenter.

(some will answer : use a  not synchro, or local notebook, but we loose lots of interest of Evernote).

 

Also ??  no cypher of customers data in Evernote datacenter ?

 

And now there is a suggestion feature in the search tool - That send all request to Microsoft. 

 

Does Evernote Team have some little care about the privacy of their customers ? 

Is there a plan to make it better ?

 

I hope everyone have understood that all data going on internet without cypher are stored and read by States Agency... 

 

I don't understand why other users of Evernote don't ask strongly to get Real privacy. 

 

And now I show you arguments :

Page :   https://blog.evernote.com/blog/2008/04/15/evernote-privacy-and-security/

 

Extract with no cut : ----------------------

"Your data is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

We also offer enhanced privacy options that would not be available from services like email:

If you have sensitive text that you would like to remember (passwords, PINs, credit card numbers), you can encrypt that text in our Windows and Mac clients using a passphrase that is never transmitted to Evernote. This encrypted text can only be decrypted and read on one of your computers after you’ve re-entered the encryption passphrase. The sensitive text is not readable on our servers or on your computer by anyone who does not know the passphrase." ----------------

 

So data transmit with SSL : ok, but no cypher on Evernote Datacenter. 

If we use feature "encrypt with passphrase" : text isn't readable on servers,,, 

Why not encrypt everything ? and what is the level of this Cypher ?

 

 

[jefito 5,589]

The deal with Evernote is that they do indexing for searching, OCR, etc. on their servers. If your data was encrypted on the servers such that they couldn't read it, then they couldn't do that indexing. If you're uncomfortable with that arrangement, then Evernote is probably not the product for you.

[DjBea 7]

Sorry but indexing & OCR can be made in local. (i think indexing is made locally).

 

 

The deal with Evernote is that they do indexing for searching, OCR, etc. on their servers. If your data was encrypted on the servers such that they couldn't read it, then they couldn't do that indexing. If you're uncomfortable with that arrangement, then Evernote is probably not the product for you.

[jefito 5,589]

Of course they can be done locally. But if your main avenue to Evernote is via mobile devices or the web, then you're probably going to want to have that sort of thing done on the Evernote servers.

[DjBea 7]

By your answer you seems to agree that : there is no privacy when using Evernote.

 

 

Of course they can be done locally. But if your main avenue to Evernote is via mobile devices or the web, then you're probably going to want to have that sort of thing done on the Evernote servers.

[jefito 5,589]

Start here: https://blog.evernote.com/blog/2011/03/24/three-laws-of-data-protection/

[GrumpyMonkey 4,319]

 

By your answer you seems to agree that : there is no privacy when using Evernote.

 

 

Of course they can be done locally. But if your main avenue to Evernote is via mobile devices or the web, then you're probably going to want to have that sort of thing done on the Evernote servers.

 

 

It all depends on your threshold for privacy / security. Evernote is probably as private / secure as the email client you are using, and a lot of people send extremely sensitive information through email, right? One of the top military leaders in the world had to give up his career because of what they found in his email, for example.

http://www.washingtonpost.com/blogs/worldviews/wp/2012/11/12/heres-the-e-mail-trick-petraeus-and-broadwell-used-to-communicate/

 

As we saw with the scandal, it is very easy for things that you think are private to become public, and you should expect that the same thing could happen with Evernote. That is generally the trade-off you have to make when you use the cloud. Some people would say that we should abandon all hope and privacy has been declared dead. 

http://www.dailymail.co.uk/sciencetech/article-2921758/Privacy-dead-Harvard-professors-tell-Davos-forum.html

 

Maybe. But, if you don't want to give up yet, you'll need to keep your stuff out of the cloud (we can't do much about the DNA-sucking mosquitos) or encrypt it before you put it on the cloud. I've been urging Evernote to offer zero-knowledge encryption for notebooks, but I kind of doubt we'll see that anytime soon, judging by the CEO's comments, which seem to suggest that Evernote is waiting on the US govt. to make a move.

http://www.theguardian.com/technology/2013/nov/01/evernote-phil-libin-nsa-consumer-confidence

 

Unfortunately, Libin may be right. When companies do lock things down, they end up in a fight with one of the most powerful governments in the world. That's probably not Evernote's fight to wage as a startup.

http://www.wsj.com/articles/apple-and-others-encrypt-phones-fueling-government-standoff-1416367801

 

The issue isn't black and white. Users who deal with sensitive information will want to either use local notebooks or go with some other application.

[ScottLougheed 1,316]

 

By your answer you seems to agree that : there is no privacy when using Evernote.

 

 

Of course they can be done locally. But if your main avenue to Evernote is via mobile devices or the web, then you're probably going to want to have that sort of thing done on the Evernote servers.

 

The statement you have made could be applied to almost every mainstream cloud service. There are a few exceptions, sure, but Google, Apple, Evernote, Dropbox, Box, any email provider ever, it's all about the same situation. 

[DjBea 7]

If you take a deep look into Apple Icloud system you will see that Apple can't have access to your data.

 

The fact that major service don't provide real privacy is an argument to do the same... 

And now, trend is to go to more & more privacy.

 

 

The statement you have made could be applied to almost every mainstream cloud service. There are a few exceptions, sure, but Google, Apple, Evernote, Dropbox, Box, any email provider ever, it's all about the same situation. 

 

[DjBea 7]

So : with evernote no real privacy. 

 

Start here: https://blog.evernote.com/blog/2011/03/24/three-laws-of-data-protection/

[jefito 5,589]

 

So : with evernote no real privacy. 

 

Start here: https://blog.evernote.com/blog/2011/03/24/three-laws-of-data-protection/

 

I believe that you have all of the information required for you to make an informed decision at this time; it's possible that Evernote will change their policy down the road, but nothing is guaranteed about that. One thing: if you have something that you want kept private, then you can encrypt it yourself and included it as an attachment. Local notebooks are also an option, as noted, but you give up availability.

[GrumpyMonkey 4,319]

If you take a deep look into Apple Icloud system you will see that Apple can't have access to your data.

The fact that major service don't provide real privacy is an argument to do the same...

And now, trend is to go to more & more privacy.

The statement you have made could be applied to almost every mainstream cloud service. There are a few exceptions, sure, but Google, Apple, Evernote, Dropbox, Box, any email provider ever, it's all about the same situation.

I'd be interested in seeing evidence for this claim about Apple. It is demonstrably false, because Apple does not use zero knowledge encryption and holds the keys. They explain this in their documentation.

Data is encrypted at rest (which is an improvement on Evernote), but as far as security goes, I'd suggest reading up on Matt Honan, Jennifer Lawrence, or the folks in China. Apple is responding to threats and trying to increase security, but the point remains (as I mentioned before) that everything on the cloud is at risk. Until Apple adopts zero knowledge encryption, it will not be able to overcome this problem (I think). And, even then, encryption isn't a silver bullet.

If you use Evernote, follow jefito's advice.

[ScottLougheed 1,316]

 

If you take a deep look into Apple Icloud system you will see that Apple can't have access to your data.

The fact that major service don't provide real privacy is an argument to do the same...

And now, trend is to go to more & more privacy.

 

The statement you have made could be applied to almost every mainstream cloud service. There are a few exceptions, sure, but Google, Apple, Evernote, Dropbox, Box, any email provider ever, it's all about the same situation.

I'd be interested in seeing evidence for this claim about Apple. It is demonstrably false, because Apple does not use zero knowledge encryption and holds the keys. They explain this in their documentation.

Data is encrypted at rest (which is an improvement on Evernote), but as far as security goes, I'd suggest reading up on Matt Honan, Jennifer Lawrence, or the folks in China. Apple is responding to threats and trying to increase security, but the point remains (as I mentioned before) that everything on the cloud is at risk. Until Apple adopts zero knowledge encryption, it will not be able to overcome this problem (I think). And, even then, encryption isn't a silver bullet.

If you use Evernote, follow jefito's advice.

 

I do think there is zero-knowledge encryption for iMessage content because it generates a unique encryption token for each device registered with Messages and sends a specially encrypted version of the message for each token. This would be why, if you re-install OS X on your computer, for example, none of your previous iMessages appear because there was no message created for that newly created token. Only messages sent/received after that new device is registered will be displayed. 

 

That means that you, Grumpy, couldn't hack Apple's servers and get an interpretable history of my iMessage chats. I don't think they store them indefinitely, they only have a cache of recent ones to make sure they get delivered to each registered device, and the ones they do store can only be decrypted by an existing token which is unique to each device. 

 

Now, that's entirely separate from icloud and backups of your iOS device including iMessages. GM, I think you are correct in that none of this is encrypted with zero knowledge encryption. So, all that iMessages security is rendered moot when it gets backed up to iCloud. While all of these iCloud files and backups are encrypted, they are not, as you rightly state, zero-knowldge, so Apple or a hacker who acquires both the keys and encrypted content, could potentially piece this together. 

 

I think CrashPlan is one of the few mainstream cloud services I have encountered with true zero-knowledge encryption, and Crashplan isn't terribly mainstream either!

[GrumpyMonkey 4,319]

i was thinking along the lines of icloud when i wrote that. apple does a lot of great things with encryption these days, but it seems to me that icloud is less secure than the rest of the ecosystem and its centrality, depending on if you follow the prompts and stick everything in there, can introduce a lot of risk.

as for the zero-knowledge cloud, i am a big fan of spideroak. crashplan is also reviewed highly by folks. there are other options as well. you just need to think throuh every step of your workflow. if, for example, you back up everything to spideroak and think you are completely safe, but also have the data in icloud or dropbox, you might be in for a nasty shock later. the same thing will happen if you have a weak password on your computer and it gets stolen, or if you fail to encrypt your local drives.

security is kind of a pain, because it requires extra thought, and sometimes a little inconvenience, but at least we now have a wide variety of tools to accomplish it. in my experience, the mac (as long as you are careful with icloud), is especially easy to lock down (using filevault for your local drive and timemachine backups -- all free from apple, pre-installed, and easy to set up).