Jump to content

engberg

Employee Alumni
  • Content Count

    8,894
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by engberg

  1. Hi, JaneDoes -

     

    Our client applications (e.g. Evernote for iPhone, Evernote for Mac, etc.) are written so they are capable of being used against either the evernote.com service or the yinxiang.com service. Once you're signed in to evernote.com, the application "knows" that you're an Evernote user and should never communicate to the yinxiang.com service.

     

    Before you log in (e.g. on a new install), the software reaches out to get some basic configuration information about the different services. This just sends the service a request that says something like "My preferred language is US English". The client gets information about the service, including the correct URL to open Support tickets for that service, whether Twitter posting is enabled, etc.:

    https://dev.evernote.com/doc/reference/UserStore.html#Fn_UserStore_getBootstrapInfo

    So that doesn't send any personal identifying information or data, it just retrieves the canned configuration information for the service in question based solely on your OS language preference.

     

    Under normal circumstances, most clients will just get all of this information from servers on evernote.com unless your OS language is set to "Simplified Chinese". But if your client can't get information about the yinxiang service from evernote.com for some reason, it may go directly to the source to ask about the configuration settings for the China service.

     

    You happened to hit this on Thursday morning, when you launched the Mac client (with no account signed in yet) at the same time we were having a 30-minute service interruption (see http://status.evernote.com/).

    So your client tried to learn about both services from evernote.com, the servers were unable to reply and the client decided to do a one-time lookup for the yinxiang.com configuration information by asking yinxiang.com servers directly.

     

    Now that you've signed in to the client, you should see that the Evernote application never tries to connect to yinxiang.com again. (I've been running Little Snitch on my MacBook for at least a year, and have never seen it.)

     

    One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note.

    We try to avoid this in our own software by fetching and storing the images at the time of the clipping, but that can occasionally go awry if we don't have permissions to download the image at the time of the clip, or if the HTML snippet is inserted into a note from a third-party application that doesn't do the right gyrations.

     

    Thanks,

    Dave

    • Like 5
  2. My pleasure!

     

    There's a bit too much on this thread to try to wade in point-by-point on page 9, but I want to make sure everyone knows that we do hear your concerns and take them seriously.

     

    While we have a great team who works hard to balance the needs of our 100+ million users, we obviously screw up from time to time and introduce bugs or make UI changes that make some tasks harder (while trying to improve others).

    We'll keep working to get things right, and the feedback from the forum and from Support tickets is a huge part of that.

     

    But we do feel that our top responsibility is to be the best custodians of your life's work. Above all else, we want to make sure your data is protected. Hopefully, this will let you trust us to keep managing the things you write and collect.

    But we also feel extremely strongly that it's your right to take your information elsewhere if we should ever lose your trust:

    http://blog.evernote.com/blog/2014/06/03/evernotes-three-laws-data-protection-update/

     

    Thanks

    • Like 6
  3. Illustrious -

     

    I spent a couple of hours researching your ticket yesterday and this morning to help Terry answer your questions. We take allegations of security risks extremely seriously.

     

    While I understand your frustrations, I'm positive that Evernote did not disclose anything from or add anything to your account without your consent (or the consent of someone logged into your account using the web browser on your computer).

     

    In both of the cases you mention in June, someone on your computer chose to authorize those third party web services to create notes within your Evernote account. Shortly after each of these authorizations, those services took non-Evernote data and used it to create notes and notebooks in your account. None of your notes were accessed by those services, and none of the data they put into your account came from other Evernote accounts.

     

    I say that this came from your own computer because I went through our logs to confirm that the same IP address had been used in surrounding days to access your account from your client, web clipper, and web browser. And the web browsers used in surrounding days was identical (in "User-Agent") to the one that authorized Springpad import to Evernote.

     

    Since you deleted the notes that Springpad imported from your account, and since their service is no longer available, I can't rule out the possibility that they pushed notes from the wrong Springpad account into Evernote after your browser granted them access. But it's also possible that the content came from the right authenticated Springpad account. (We heard no other reports of incorrect behavior from any of the people who did the same import.)

     

    However, I absolutely agree with your general recommendation that Evernote users should choose carefully which third-party applications they permit to access to their Evernote accounts, just like you should choose carefully what applications should have permission to read your email or access your banking web site.

     

    We try to help with this decision by enumerating exactly which capabilities you're granting each application. I.e. some applications have permissions to read your notes, others do not. We encourage developers to request only the permissions they absolutely need, and we've added some safety features (e.g. "Note History") to protect against accidental note damage from third party applications.

     

    And we will, of course, terminate the access of any applications that are actually mishandling the data of the Evernote users who have granted them access.

    • Like 9
  4. Thanks for the suggestion.

    Things like this are a little more complicated in Evernote because we store note data in a form of HTML that is then "rendered" for viewing separately on every platform: web (4 different browsers), mac, windows, iOS, Android, BlackBerry, Palm WebOS, WinPhone7, etc...

    So any little tricky special syntax that we add needs to have corresponding rendering code added to every single client, or else we'll receive anger from the users of each platform because we (e.g.) failed to add LaTeX support on BlackBerry, so their notes are unreadable.

    This is why we tend to prefer using existing web-friendly renderings like JPEG, GIF, PDF, etc. rather than ad-hoc markup within the notes for each separate community and feature.

  5. We exercise the operating system in more ways than your average app due to things like: networking, database IO, embedded HTML editing, etc. Inefficient emulation of any one of the relevant frameworks could have a disproportionate impact on performance. (E.g. if a single one of the low-level IO calls made by SQLite is 10x slower on Wine, that could account for a massive performance hit for the overall application.)

    While we're happy if Wine happens to work with Evernote, we do not support or test this configuration.

  6. There have been a number of fixes to better handle various Mac clipboard representations from different third-party applications. It's much better than it used to be, but there are still a million possible combinations of source/format/destination, so we'll keep quashing any bugs we find.

    High-level release notes are available from within the Mac client, under: Help > Release Notes

  7. A Linux-only program that synchronizes with one of those systems wouldn't let you access or add content from anywhere else. I.e. you couldn't take a picture from your Android phone, then find it by searching for text within the image from your Windows computer at work so you can edit the title and later view it from your friend's Mac web browser.

    There are plenty of single-platform note taking applications out there, but that's not really what Evernote is building.

  8. We'd love to see an open-source Java-based application for Linux that synchronizes with Evernote.

    For example: http://nevernote.sourceforge.net/

    For a variety of technical reasons, email protocols are not suitable for a read-write note taking background. Neither IMAP nor POP allow you to edit an existing message (aside from a tiny number of hard-coded "flags"). So editing a note four times would involve deleting the old IMAP message and creating a new one, etc.

    We actually considered using IMAP as our transport between clients and servers, and decided it wasn't up to the job.

    Thanks

×
×
  • Create New...