Don0819

Oh come on now, I think you are just trying to start an argument, I suspect you know exactly how this works, but for some reason are trying to confuse people or get this off the topic. I am referring of course to the private key, known only to me, used to decrypt my data on the backend. Public-key encryption uses two keys for locking and opening up data: a public key that is shared with anyone, and a private key that stays with the sender of encrypted data. The private key is not stored on the server side, so if there is a breach maybe the public key is compromised but not my private key so my data is safe. Of course the entire database is encrypted, that's not secure enough and that's not what we are talking about. And you absolutely do want Evernote not knowing the (private) key, but of course you knew that didn't you.

It is encrypted with a key known to Evernote to access their server data, it is not encrypted with a key specific to each user and known only to each user. Which means it's as good as nothing if an exploit that gains elevated privileges breaches their system. It happens all the time, by the way, and data encrypted on the server side did not preclude tons of personal data being stolen. Users should have the ability to encrypt a notebook, not just a note or range of text, with their own key unknown to Evernote, which checking the original post is the subject of this thread. That way, user notebooks are protected even if there is an exploit/breach on the server side. BTW it's not a terribly innovative or new security function to request after all, hard to imagine why there is resistance (and why I keep notebooks of data encrypted uniquely with my own key using other products).

Some of these comments are silly. Password on your computer does nothing if the server side is breached, which does happen. Yes there is some encryption, the point was there is no notebook encryption, for times when encrypting on a note by note basis is impractical.

I was just trying to post some relevant news that may provide a solution in the future. I wasn't asking for advice, thanks. You can find my post earlier, I have resolved this issue for now in my own case. I thought the movement to the Google Cloud may be of interest to others as it's clearly offering the potential for a more robust solution than Evernote's own home-cooked backend, if Evernote is interested, How is that related to my comment about the possibilities of a richer encryption solution now that Evernote has moved to Google Cloud? They aren't even on that solution any more. Why are you on my case? I can tell you, being a newbie here, posting some relevant news that could affect Evernote's encryption offering, and being chastised by an 'expert' on what is and is not suitable for posting here, is quite un-welcoming. I'll keep my thoughts to myself from now on. Thanks for setting me straight.

To me it seems that it is related if it's an indication that Evernote moving to a new cloud platform will give us both notebook encryption and something even better, as some have mentioned the ability to have, for example, ALL my Evernote data encrypted using my own Evernote password as a key! If you read my entire post, I wondered if the reason we had not seen Notebook encryption was because of the difficulty in implementing robust back-end encryption, which Google Cloud now offers Evernote as a service.

This is interesting, I don't think this is the full solution we seek yet but maybe it's coming! I saw this article today, saying Evernote's migration to Google Cloud Platform, and away from their own backend servers, is almost complete: https://www.engadget.com/2017/02/09/evernote-google-cloud-platform/ You may see that one of the points in that article is it says the platform will supply "Encryption at rest", automatically. That feature is summarized here: https://cloud.google.com/security/encryption-at-rest/ So I am not an expert on this, but it seems "Encryption at rest" gives Evernote the ability to have everything encrypted that they store on the Google servers, which is better than no encryption but it still doesn't give Evernote users the ability to have unique encryption protection with their own key. Someone would need to know the key(s) Evernote uses in order to access sensitive data, but a breach of Evernote security/keys would unlock all Evernote user data. So it's better (data is encrypted), but not really acceptable (because it's encrypted at the Evernote level not at the user level) - yet. Looking further into Google Cloud Platform encryption at the link above, it does provide the ability for customer supplied keys, offered as a service that a customer like Evernote could use, without having to implement the backend support. So maybe the unannounced Evernote plan would be, once they complete the migration of their petabytes of data onto GCP, and get out from under the maintenance and support of their own servers, they can use what GCP offers to provide a much more robust encryption capability to Evernote users who need it? I can see how challenging it would be to build an encryption solution on their own proprietary back-end servers. That issue would go away with GCP. Is this a reasonable theory? It would be nice if Evernote would announce something so customers may decide to stop pulling sensitive data off Evernote - or at least be prepared to migrate back if the plan succeeds.

Yep- I think of it as iCloud sorry for the confusion...

I have moved anything requiring encryption of notebooks or many notes within a notebook to iCloud Notes, which has a nice folder structure. Evernote is easier to use for me, but I can access Notes on all my devices/computers. It is what it is as long as Evernote is insensitive to my security/privacy.

Thanks DTLow, but these notes I use often so I need them syncing across my devices. I thought about whether local would work...

I moved about 250 notes out of Evernote about weeks ago that I was not comfortable with being stored in Evernote without encryption - and it was too many to go through one by one and encrypt. They were all in one notebook. Where I am keeping them is not as nice as Evernote, I would move them back if encryption was taken more seriously by Evernote. But not for now. I also saw I got a big iOS update to Evernote today, I quickly scanned the note to see if anything was done with encryption - alas no. Evernote is more focused on adding features that can be blogged about than corrected an egregious security oversight in its lack of true encryption support.