doex 1 Posted April 21, 2016 Share Posted April 21, 2016 I think encryption is very important. At the moment it is not possible to encrypt notes on a mobile device and the way notes can be encrypted is really complicated. So from my point of view everything stored in evernote must be encrypted directly when it is stored. On all devices. What do you think? Link to comment
Level 5* DTLow 5,736 Posted April 21, 2016 Level 5* Share Posted April 21, 2016 1 hour ago, doex said: At the moment it is not possible to encrypt notes on a mobile device and the way notes can be encrypted is really complicated. So from my point of view everything stored in evernote must be encrypted directly when it is stored. On all devices.What do you think? Are you aware of the current FBI court case against Apple dealing with encryption on the iPhone? Every iOS device has a dedicated AES 256 crypto engine built into the DMA path between the ash storage and main system memory The point; data in IOS is already encrypted - even the FBI has problems accessing it. An issue with encryption - it interferes with the search indexing. Personally I would not want all my data encrypted - I like to to be selective. I do wish Evernote would expand the encryption feature - its currently only available on the desktop platforms (IOS does offer decryption) However, I don't want to be locked into Evernote by encryption. I usually do my encryption externally in the form of encrypted pdfs - its a better solution for mobility. Link to comment
doex 1 Posted April 11, 2017 Author Share Posted April 11, 2017 Sorry for the late response. :-( No, I am aware of the day when somebody corrupts the evernote infrastructure and steals all customers data. And the best way to reduce the "damage" would be an encryption by default. Link to comment
Level 5* DTLow 5,736 Posted April 11, 2017 Level 5* Share Posted April 11, 2017 On 2017-04-11 at 오전 0시 28분, doex said: No, I am aware of the day when somebody corrupts the evernote infrastructure and steals all customers data. And the best way to reduce the "damage" would be an encryption by default. You'll be happy to know that Evernote has implemented "encryption at rest" on their servers Link to comment
doex 1 Posted April 11, 2017 Author Share Posted April 11, 2017 Just googled "encryption at rest". Sounds good. Thank you for the feedback. Best regards Link to comment
LittleMonkeyMojo 0 Posted July 28, 2017 Share Posted July 28, 2017 Google's Encryption At Rest feature is only protection against a certain attack, the attack where the attacker is only trying to access the data on the hard drive and is not using the Evernote application/architecture/API.They've made a system where outside of the application (and by application I mean anything in the the whole Evernote Server/Client architecture)... So, they've made a system, where if I try and hack at it from outside the application I'm going to find encrypted data. But, if I hack at it from within the application, I can get at anything.For example, I can use an encrypted hard drive to store my database and I can use an encrypted communication layer between my server and my client, but if I, as an administrator, log into the database, I can access all the data within the database.An administrator at Evernote, has access to the keys. They can use their internal tools to retrieve my data. If this was all "so secure", they wouldn't have added a feature to encrypt individual notes, because it would have been completely unnecessary. What they need to do is add a feature (better yet, set it as default) where everything I store is encrypted by my key in their filestore/database on the live server (not just at rest). Most hackers don't get into your system through hole in the OS, they get at it through the hole in your application. They take advantage of things like XSS (Cross Site Scripting), SQL injection, etc.) If the application sees the data in the clear, always, then so will the hacker. If the application needs a "key" to make the data "clear", then the hacker will also need that "key".My worry isn't just some outside attacker, it's also some non-scrupulous Evernote employee, or the case where Evernote sells to some company with a different view on privacy. Or, Evernote goes into receivership and someone buys all the EN IP, solely for the purpose of data mining. My list could go on and on. Link to comment
Level 5* DTLow 5,736 Posted July 28, 2017 Level 5* Share Posted July 28, 2017 8 hours ago, LittleMonkeyMojo said: They can use their internal tools to retrieve my data. Personally I encrypt my data if I want to keep it private. No one is is retrieving that data My other data is being processed by Evernote; OCR ... Link to comment
Idea
doex 1
I think encryption is very important.
At the moment it is not possible to encrypt notes on a mobile device and the way notes can be encrypted is really complicated.
So from my point of view everything stored in evernote must be encrypted directly when it is stored. On all devices.
What do you think?
Link to comment
6 replies to this idea
Recommended Posts
Archived
This topic is now archived and is closed to further replies.