Crypting notebooks on server or local EN servers possible?

[AlbertR 318]

Just to restart the discussion (if not done so in other threads ;-):

 

Professional users often have to follow IT policies that simply ban the use of uncrypted cloud storage. So there are thousands of employees in small and larger teams that really would like to use EN business - but cannot do so.

 

Is it really that hard (for EN) to crypt notebooks on servers? Even if this would work only with a specific type of clients, this would help a lot: work groups normally use one type of clients (Windows). I cannot see any disadvantages because syncing a database always transferres the complete notebooks to the Windows client. Search functionality is provided on client site. A user might crypt his own (local) without loosing anything.

 

This is the current data transport path:

    Client -> SSL-encryption -> Internet -> SSL-decryption -> Server (an vice versa)

 

What we need is (1):

    Client -> SSL-encryption -> Internet -> SSL-decryption -> AES-encryption -> Server

and

    Server -> AES-decryption -> SSL-encryption -> Internet -> SSL-decryption -> Client

 

or (2 - event more secure?)

    Client -> AES-encryption -> SSL-encryption -> Internet -> SSL-decryption -> Server

and

    Server -> SSL-encryption -> Internet -> SSL-decryption -> AES-decryption -> Client

 

Or (other possibilty at all): Why isn't it possible to buy (or lease) EN server software to execute it on (company-)internal hardware (inside local or VPN-secured wider networks)? This is possible with Microsoft Sharepoint and OneNote...

 

Going this way, many companies would have no problem with EN because it allows to store any data inside country borders. In Germany (or whole Europe) there are masses companies looking for cloud services that grant to store data only local sites (and not in the US).

[GrumpyMonkey 4,318]

Hi. There are a lot of threads on encryption and requests for encryption of data at rest, better encryption of data in transit (pfs), encrypted notes, encrypted notebooks, and so forth. Personally, I'd like to see zero knowledge encryption of everything, if possible. Is it likely to happen? No. I don't think so. Recently, Evernote developers have indicated that encryption is low on their list of priorities. Perhaps that will change (I hope so), but it does not seem likely. At least they are clear about the direction they are headed. That is very much appreciated.

--------------------------------------------------------

Rich Tener  Posted 3 February · Report post

@JMichaelTX, the new encrypted text block will still only encrypt plain text like it does today. Adding fully encrypted notes or notebooks still isn't a business priority, so we don't have any plans to add those features.

--------------------------------------------------------

Will Evernote allow companies to run a special version on their servers? No. I don't think so. The company has specifically rejected the idea in the past. Even though it is under new management, and I don't recall seeing any recent mention of their policy, I think there are many aspects of the service that point to a different direction, so their decision seems unlikely to change.