JaneDoes 1 Posted February 6, 2015 Share Posted February 6, 2015 I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server. Why? Is this a problem on the VPN side or Evernote's? Link to comment
Level 5* gazumped 12,063 Posted February 6, 2015 Level 5* Share Posted February 6, 2015 Hi - what version of Evernote are you using? Web / Desktop / Mac / Windows... ? Link to comment
Level 5* JMichaelTX 4,118 Posted February 6, 2015 Level 5* Share Posted February 6, 2015 I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server. Why? Is this a problem on the VPN side or Evernote's? This sounds like a very serious security breach to me, IF you are in the US. I recommend that you Submit a BUG report via an EN Support Ticket. In the Support Form, select "Report a bug, crash, or data lost", and start the Ticket Title with "BUG: " to make it clear. Reporting a bug should be available to all users, including Free Account owners. Link to comment
JaneDoes 1 Posted February 7, 2015 Author Share Posted February 7, 2015 Thanks, gazumped and JMichael. I'm submitting a bug report. I was using the Desktop version for Mac (latest); I've also been using it on my iPad, which I'll hold off using until I get more information. I'm in the US and there's no personal or business reason that I should have interaction with the Chinese server. Link to comment
mcheng 106 Posted February 7, 2015 Share Posted February 7, 2015 Hello JaneDoes, Can you clarify what you mean by "when I opened Evernote". Do you mean you were logging into Evernote or you were already logged in and just reopened the app? Link to comment
JaneDoes 1 Posted February 7, 2015 Author Share Posted February 7, 2015 Hi mcheng, I was logging in after I opened the app for the first time today (I don't stay logged in, have just started using Evernote). I was using a US-based VPN service when I got the connection request; I didn't get that request when I was not using the VPN. Link to comment
mcheng 106 Posted February 7, 2015 Share Posted February 7, 2015 Are you based in China and using the US-based VPN? Do you have your machine setup with Simplified Chinese by any chance? Link to comment
JaneDoes 1 Posted February 7, 2015 Author Share Posted February 7, 2015 No, I'm in the US, and I don't have my machine set up with Simplified Chinese. Link to comment
JaneDoes 1 Posted February 8, 2015 Author Share Posted February 8, 2015 FYI: No word yet. I submitted the bug report as you suggested, JMichael. Will update when I hear back. Link to comment
Level 5* GrumpyMonkey 4,320 Posted February 8, 2015 Level 5* Share Posted February 8, 2015 Hi. Could you tell us which tunnel you were using? Your VPN company might be based in the US, but they connect you to the Internet using tunnels in many countries, and if one of those was in Hong Kong or China, that might have caused a problem. It seems odd, though, as Yinxiang Biji (to the best of my knowledge) is only accessible to folks who have signed up for it, and there ought to be no interactions otherwise. Perhaps you were using a Chinese tunnel and it was contacting Yinxiang Biji to see if your account was there?Anyhow, let us know what support says, Link to comment
JaneDoes 1 Posted February 8, 2015 Author Share Posted February 8, 2015 Hi--I was using Witopia. I'll submit a question to them as well, come to think of it. Thanks. Link to comment
engberg 89 Posted February 8, 2015 Share Posted February 8, 2015 Hi, JaneDoes - Our client applications (e.g. Evernote for iPhone, Evernote for Mac, etc.) are written so they are capable of being used against either the evernote.com service or the yinxiang.com service. Once you're signed in to evernote.com, the application "knows" that you're an Evernote user and should never communicate to the yinxiang.com service. Before you log in (e.g. on a new install), the software reaches out to get some basic configuration information about the different services. This just sends the service a request that says something like "My preferred language is US English". The client gets information about the service, including the correct URL to open Support tickets for that service, whether Twitter posting is enabled, etc.:https://dev.evernote.com/doc/reference/UserStore.html#Fn_UserStore_getBootstrapInfoSo that doesn't send any personal identifying information or data, it just retrieves the canned configuration information for the service in question based solely on your OS language preference. Under normal circumstances, most clients will just get all of this information from servers on evernote.com unless your OS language is set to "Simplified Chinese". But if your client can't get information about the yinxiang service from evernote.com for some reason, it may go directly to the source to ask about the configuration settings for the China service. You happened to hit this on Thursday morning, when you launched the Mac client (with no account signed in yet) at the same time we were having a 30-minute service interruption (see http://status.evernote.com/).So your client tried to learn about both services from evernote.com, the servers were unable to reply and the client decided to do a one-time lookup for the yinxiang.com configuration information by asking yinxiang.com servers directly. Now that you've signed in to the client, you should see that the Evernote application never tries to connect to yinxiang.com again. (I've been running Little Snitch on my MacBook for at least a year, and have never seen it.) One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note.We try to avoid this in our own software by fetching and storing the images at the time of the clipping, but that can occasionally go awry if we don't have permissions to download the image at the time of the clip, or if the HTML snippet is inserted into a note from a third-party application that doesn't do the right gyrations. Thanks,Dave Link to comment
JaneDoes 1 Posted February 9, 2015 Author Share Posted February 9, 2015 Thanks for your thorough information, Dave. What an ironic confluence of events. Thanks also for your tip on Little Snitch and web clippings. Link to comment
Crayz 0 Posted June 9, 2015 Share Posted June 9, 2015 My company recently flagged the Evernote extension for trying to send 19GB of data to some server in China. Can you explain this? Link to comment
Level 5* gazumped 12,063 Posted June 10, 2015 Level 5* Share Posted June 10, 2015 My company recently flagged the Evernote extension for trying to send 19GB of data to some server in China. Can you explain this? There is a Chinese Evernote server that your system may have tried to access - see post #12 - are any of the explanations applicable? (And user forum here - you may have to wait a while for an Evernote response..) Link to comment
mcheng 106 Posted June 10, 2015 Share Posted June 10, 2015 Hi Gazumped, The situation in post #12 really was a due to a temporary outage on our international service which forced a failover to our Chinese servers only for the express purpose of determining which service your client should be talking to. This is not a normal process under stable network conditions and I don't know of any recent outages. In addition, the requests we make are very small. At most when our clients talk to our bootstrapping servers they send a few bytes of information as described in Dave's post. 19GB of data is definitely something odd and out of place. Crayz When you say the "Evernote extension" are you talking about the web clipper? Are you sure the issue from your IT department was about the Evernote extension sending data vs requesting data? See this portion of the post above that may be relevant: One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note.We try to avoid this in our own software by fetching and storing the images at the time of the clipping, but that can occasionally go awry if we don't have permissions to download the image at the time of the clip, or if the HTML snippet is inserted into a note from a third-party application that doesn't do the right gyrations. Were you clipping something with images or other resources that may have been residing on Chinese servers? Link to comment
Level 5* gazumped 12,063 Posted June 10, 2015 Level 5* Share Posted June 10, 2015 Thanks for the comment mcheng - odd how often I write "the devs read these posts" and then feel pleased and surprised when there's such a quick response and clearly, you do! Link to comment
Crayz 0 Posted June 22, 2015 Share Posted June 22, 2015 None of those situations apply to my situation. I've had to uninstall the Web Clipper from my Chrome account. It's a crappy situation, and I wish Evernote would address this issue. Link to comment
mcheng 106 Posted June 22, 2015 Share Posted June 22, 2015 Hi Crayz, I'm sorry you had to uninstall Web Clipper. However without any additional information, its difficult for us to determine if the problem is in the clipper or some other software on your computer. As I said before, 19GB is a very large amount of data that should never be transferred to our Chinese servers unless you actually have an account on those servers and are uploading content. If you are allowed to use the clipper, it would be helpful if you'd use it as you would normally do and then capture the activity log from the clipper and send it to us via a support ticket. Thanks. Link to comment
The Angry Dane 0 Posted April 20, 2018 Share Posted April 20, 2018 On 2/8/2015 at 8:56 PM, engberg said: One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note. Thanks, Dave Well, I see that Evernote on my Mac connects to addresses such as 54.93.148.11 (which according to my investigations belongs to Amazon AWS in Frankfurt, Germany - but it's a little hard for me to see whether this is a valid Evernote server or not - or whether it's some partner of yours - or whether it is even in my interest to allow the connection Can you please publish the IP ranges that you use for each region. You may want to take a look at the Network Requirements for Cisco WebEx or VidyoCloud's Firewall Information for Connecting Clients/Endpoints for examples of how this should be done. You could/should also publish which port ranges you use (per tool). Next, you should publish a list of partners and tools, what they do, how they work, what you share with them (and why) If you are not transparent and open about where you store my data, where you route my data, and who you share my data (and meta-data about me) with, you will run into serious trouble when the European Union's General Data Protection Regulation (GDPR) comes into affect on May 25th 2018 (Yes - it affects Evernote, since you have personal data about EU citizens). Thanks Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.