ryan1234

Dropbox and Evernote both. Ignoring encryption and leaving themselves massively exposed to any competitor who does design a decent “zero knowledge” version of their product. every couple of years I try out all the zero knowledge versions of both these products. I wonder if they realise how many long time customers there are ready to jump ship over this.

Client side encryption refers to the data in the cloud being encrypted. i.e. it's encrypted on your laptop and Evernote's cloud never sees the unencrypted data. It doesn't mean the data is stored encrypted on the client. Interesting you point that out though, it hasn't occured to me that the term was potentially confusing.

I'm going to start by saying that: I think what people actually want when they say Privacy is client side encryption. I've been an Evernote user for over ten years and I can happity imagine myself using it for a lifetime. Except for one key issue: my data is shared with Evernote. I can't have a private journal or store any other potentially sensitive information in Evernote becuase that information is sat unencrypted on someone elses datastore. The legal field has taken the stance that privacy essentially ends at the walls of our homes, data stored in the cloud doesn't have the same protections as a written diary kept at home. Without attempting to quantify how much of a person's data is 'private' we can safely say it's non-zero. As much as I love evernote I'm often looking on the market to find an alternative that is client side encrypted. If I ever find one I would migrate immediately, in fact I would probably become overnight a "one true fan" of that product and tell everyone I know about it because I wanted their business to succeed. I love the idea of evernote - and the excellent implementation. I would dearly love for Evernote to also cater for my need for true privacy with some of my data. Please implement client side encryption based passwords. As a side note I'm guessing that Evernote's implementation of 'encrypted' data is fundametally flawed. I know of one person who lost in excess of a million dollars from storing credentials to access his accounts in 'encrypted' evernote notebooks. Would I be right in thinking that enencrypting a section of a note in one notebook broadcasts the unencrypted data to all connected devices? And of course to Evernote too.

That's exactly the point. From a programmer's perspective Evernote isn't well suited to be "the place I put everything" if it can't handle code snippets. Consider it a heads up that if you don't support code snippets other tools will eat your market share/mindshare.

I notice at some point fairly recently that Web Clipper now requires me to re-login every 30 days. I believe it used to stay logged in 'forever'. Please can we lessen/remove this requirement. I find it hard to understand what thinking led to a conclusion that this was necessary or desirable. I work with plenty of secure systems and I really don't need Evernote adding itself to the list of systems I need to constantly authenticate with. I use Evernote on my main machines and have to log into web clipper almost every week, it drives me nuts.