• Content count

  • Joined

  • Last visited

Community Reputation

3,950 Your Knowledge Knows No Bounds

About GrumpyMonkey

  • Rank

Recent Profile Visitors

100,412 profile views
  1. thanks for looking into it. it sounds like this is a little bit of a murky area, just where we would like it to be clear, and a concrete example might alleviate some of our concerns, because it says that google cannot process the data for its own use, but that seems kind of unlikely in a strict sense, so i'd like to know more. for example, google might well be analyzing data in aggregate after anonymizing it to improve its ai. in fact, i would be kind of surprised if everyone was feeding data through their apis and google wasn't getting a single piece of data from that (data generated from our data). obviously, they aren't sitting around in a back room rifling through our notes, but how exactly they are interacting with our data would be nice to know. unfortunately, evernote's tos and privacy policy are vague enough that just about any third party doing services is ok. this is par for the course, to be sure, but doesn't really speak to this transparency thing. anyhow, a concrete example would be appreciated: for example, when evernote uses api x it feeds data z into the api and google retains data y for its uses (perhaps statistics on how much data was processed or something like that -- obviously, data from our data, but not anything reasonable folks are likely to care about). or, evernote uses api a, feeds data b into it, and google retains data c (handwriting samples to improved recognition -- maybe just letters, words, or phrases, but something significantly more personal than the first example).
  2. hi. i have, of course, raised several concerns, some of which have not been addressed yet. but, i think that 1 is a bit open-ended, because they will be using google's api's in an as-of-yet undecided manner (some questions about that are being looked into). 2 i don't quite understand, except to say that evernote says they have thoroughly vetted google. 3 they have answered (except in the case of the api, which they are still checking on). 4 they have answered -- yes. 5 they have answered -- yes (but google has the keys). 6 has been answered -- yes. 7 there are no warranties and (like most companies these days) they can change the terms of service at any time; however, we can also leave relatively easily at any time using any of the export options. in other words, with the exception of exactly what data (or data about our data) google gleans from evernote's use of google apis, everything has been answered already in this thread, i think.
  3. i am not a huge fan of evernote on the web, especially the decision to design a web interface that cannot be used by mobile devices, but it is more robust than any options out there, in my experience, so there isn't much to compare. there is an alternatives to en discussion linked above, but if web is your thing, i wouldn't even bother with other stuff.
  4. I'm a little less skeptical of the media, I guess, because even reporters who take a dim view of Apple's position and write negative pieces about it generally credit Apple with being too secure. And, when a federal agency sues the company in an effort to compel it to provide access, then goes into hearings and claims that Apple is making it difficult for them to collect data, I am inclined to believe that it is pushing the security envelope. In other words, Apple and its detractors both agree it is raising the bar. In the context of this discussion, it looks like Apple is managing to use Google Cloud while holding the encryption keys (instead of handing them over to Google), so I would encourage Evernote to reconsider its plan not to hold the keys.
  5. evernote can hold the keys. but, they said somewhere in this thread that they won't. at least, that's my recollection. in my opinion, it's been covered extensively by news networks and privacy / security experts, so i think it is more than simply a pr phenomenon. the examples above (holding the encryption keys and so forth) are some of the facts that inform my opinion.
  6. My opinion is that Apple has taken the strongest stance among the tech leaders, and has taken the boldest steps to protect user privacy against unauthorized access.
  7. "partially powered" is missing from the title. and, it is a rumor. and, apple stores your encryption keys (not google or amazon). and, apple is notriously uncooperative with requests to access user data from law enforcement. and, apple is rumored to be working on a plan to put the encryption keys in the hands of users so that no one besides the user can access the data. it's not necessarily the location of my data that bothers me, though i do appreciate it is in a state-of-the-art, secured facility. it is the conditions under which my data is stored or accessed. this is still not clear to me (ben is looking into answers to some of my questions posed earlier in the thread). i think evernote and google have been relatively transparent, but a little more could be done to inform us, and even more could be done to protect us (zero-knowledge encryption).
  8. I'm pretty touchy about backups. I appreciate that Evernote takes data integrity seriously, but I've had plenty of notes corrupted over the years, and data lost (the most recent one just a few weeks ago a PDF with 6.9 -- reported). I figure the ephemeral nature of our data (bits and bytes somewhere out there) is something we have to live with -- a constant reminder about how important it is to recognize and accept impermanence as a fact of life (at least, life as we know it). Evernote is playing a losing game if it is going for 100%, but I don't think a few more layers of backup would go amiss. For example, updating note histories every few hours instead of seconds has been a gaping loophole that my data has slipped through for years. And, without a way to do even rudimentary diagnostics on our databases (a kind of data verification check), there is no way to know when really nasty stuff (some of it reported recently) is happening. All of this is just to say that, for the moment, it's a good idea to have at least one backup of your own, in your hand, ready to use if the need arises. So many companies are eager to make things convenient by relieving us of the burden of holding our data, but it seems to me that we still ought to just keep taking responsibility for our stuff, because when things go wrong, we're the one's that will get hit the hardest.
  9. One of the reasons I have been advocating for an encrypted notebook of some kind (zero-knowledge, of course, not this plan of handing the encryption keys over to Google that we have for our data at rest) is that it removes "trust" from the equation and allows users to control the amount of privacy they want / need. That way, we can really keep everything in Evernote, and do it without hassle. Encrypting everything before putting it onto the cloud is a bit of a pain, to be honest, especially when we are talking about thousands of files. But, Evernote has nixed that idea (earlier in this thread), so the best option, for now, is to encrypt it yourself or use a third-party service like Saferoom (Evernote integration). In hacking news today, Yahoo! just announced the biggest hack in history. To me, that seems like another reason to push again for better encryption options. Actually, I barely need even the flimsiest of excuses to push for this I am not so much concerned about the physical security of Google's servers, to be honest (I am, but that scenario is a little less likely, and would probably involve a government seizure of some kind like the one we saw with Dot Com). In an ideal world, we would pay Evernote and Google to do some really cool stuff, but also keep the encryption keys in our hands. This would require more client-side processor work, but I'm OK with that. It won't happen, I know, but that is what I think would be ideal. As long as companies can access our data, so can hackers (state-supported or private).
  10. I do think that is an important distinction to make, and that is one of the reasons I am hopeful that this will all work out well for everyone involved. However, cloud services is still part of the same organization, and it is affected by company culture and policies -- this can be both good and bad. Google's attitudes towards privacy in the past could be a problem if they are still percolating about internally. I hope that is not the case. It's worth mentioning that after Snowden's leaks, Google was extremely aggressive at responding to its vulnerabilties and, in many ways, pulling ahead of others with security, so that aspect of Google's culture might well have changed. AWS or Google aren't sufficient on their own to protect us. Interestingly, moving to the cloud sometimes invites some truly terrible data breaches, as residents of AWS have found. As far as I know, Amazon has not been directly implicated in them. Instead, errors made by staff in companies are apparently to blame. Still, the point is that it isn't easy being a steward of someone's data, and you want someone handling it who is trained, professional, and careful. Evernote and Google seem to have this mindset, so fingers crossed.
  11. Actually, as I recall, deleting data on Evernote will get rid of it and your note histories so that you cannot access it. However, it takes a few months for it all to get cycled out of the system. There are backups and so forth. I'm not sure if those are going over to Google or not. You might want to start a support ticket and ask them directly. I am probably a little more paranoid or security conscious than I need to be, but I do think we ought to be taking people's concerns seriously in this thread. We may not agree with them, but we should also respect them. I think there are reasons why people are leery of Google -- a company that has pioneered surveillance capitalism. Besides its regular policy of mining our data (many folks are thinking of that when they see Evernote's plan), which I think we all agree is against the rules in the case of hosting our data on its servers, Google's been hacked by a couple of governments (China and the US), it's handed over a lot of data to the US government (it complies something like 95% of the time -- the percentage is much less for Apple), and it's broken laws (German data protection laws). These are just the systemic, large-scale problems. They've had at least one employee abuse his access to user data to stalk kids. And, their CEO has infamously said about privacy that if you don't want people to know something, don't do it. These are facts. Some people look at them and draw the conclusion that Google is evil. I don't. I look at it and I see yet another company putting many, many things ahead of user privacy. Privacy isn't their first priority and the CEO does not value it as much as I would like. But, the truth is that there are all kinds of companies who have much worse track records. In fact, I think the hack of Evernote a couple years back was an especially bad one, even if it didn't ultimately result in the kind of damage we have seen with other companies. Evernote has the right attitude, most of the time, but that isn't enough. So, I'd say it is fair to at least be concerned about how your data is being handled by Evernote and Google, and I wouldn't dismiss the concerns of fellow users so quickly as tin-foil hat conspiracy theory nuttiness. After Snowden, I think we all realized that the reality is even worse than many of us imagined when it comes to how vulnerable we are. After the comments from Ben in this thread (I encourage people to read through them), I'm actually inclined to give them both the benefit of the doubt here, as I think Google has a lot riding on getting security / privacy right here, and Evernote has fully committed to its three laws. I still have my reservations, and I've taken appropriate steps with my own account just in case (erased much of the data, because it was of a semi-confidential nature), but I also don't plan on leaving Evernote anytime soon. It still has its uses -- I just want to keep less sensitive data in it from now on. Is this the paranoid ravings of a lunatic? After reading the stuff above, I hope no one thinks so, but for my use case, I'm just not ready to rely on "trust." I prefer zero-knowledge encryption and then "trust"
  12. Hi Ben. I think you've been consistent and clear so far in answering concerns about Google's access to our data, but I wonder if you could go over it again regarding two specific questions: 1. As I (mis?) understand Google's API policies for developers, they reserve the right to monitor the use of the APIs for various reasons, including to ensure that they are being used in a proper manner (security and so forth). This means that there are at least two points at which Google employees will be accessing our data: at rest on the cloud and when Google makes use of the APIs. Is this correct? I think we have already covered the fact that employees (a limited number) will have access, and that makes sense (would we expect otherwise?), but I just want to confirm which situations might be included. 2. More to the point, they typically also reserve the right to use data shared with them through APIs to improve their services. I am not talking about targeting ads here, but about improving the accuracy of their machine learning. Doesn't this imply that they will be using our data (or data about our data). The conventional API agreements may not apply here. I don't know. I'd just like a clarification of this. Perhaps it really is the case that Evernote passes its data through the APIs and Google has absolutely no relation with the data beyond supplying the hardware and software to churn out the results. This doesn't seem to be the case in regular use of the APIs, and that is one of my concerns here. Again, I am not trying to imply some kind of nefarious activity is occurring. For example, Apple with iOS 10 has apparently introduced "differential privacy" (an interesting euphemism for data mining) in order to gather data for its machine learning (as I understand it). It seems to be rather widespread to gather data in this way (Microsoft with Windows 10 also does it). Just because everyone is doing it doesn't make it right (as our moms would say), but that also doesn't make Google evil.
  13. ok. we've got brexit, obama, obamacare, muslims, and evil in here now. the first three are political and the fourth one is religious. these are off-limits as per the forum rules (and generally best avoided anyhow as very, very problematic analogies). the last one is philosophical, and probably a difficult one to really discuss here, since it hinges on ones definitions of good and evil, assuming you even believe such absolutes exist. but, it's technically ok for this forum! i wouldn't lump poor ben (the evernote employee) in with this forum's "gurus," especially when the title is automatically generated by the forum software when you reach a certain number of posts, and has no other significance beyond that. but also because at least one of the guru minions (me) is strongly opposed to evernote's plan. i think i even went so far in one of the posts to say that if evernote abandon's its physical existence with the servers it will be tearing the heart out of the company. that hardly sounds like someone who is on board with the idea. but, what do i know? and, more importantly, does it matter? after all, evernote isn't seeking our advice, and they are unlikely to change course because we have misgivings about a company. the best we can do here is register our disappointment (or glee), urge evernote to ensure that none of our data (or data about our data) is given over to google through the use of google's services (or, urge them to hand it all over and churn out the magic of "big other"), and make any preparations we need to based on our own use cases. finally, this is a community of your fellow evernote users, and whatever you might think of their ideas or reasoning, it'd be nice if we could all treat one another with respect, particularly if you are hoping to persuade them to change their minds.
  14. good points. yeah. although i jokingly referred to myself as the commander adama of the discussion (no networked computers on my battleship!), that's only partly said in jest. i'm fine with letting out some of my data for google and others to play with, but i actually don't want a lot of my stuff integrated, i'm not interested in taking advantage of apportunities, sharing it with others on work chat (i have colleagues, but no "team" to annoy like this), or running my data along the bleeding edge of tech gimmicks to see what happens (the voice stuff google is selling doesn't interest me yet). i've got a chunk of data (maybe 8gb in total) that is my external brain. i prefer to keep that as accessible as possible on my devices, while also as unconnected to other entities as possible -- it's a little bit difficult, but evernote's anti-social media / pro secondary brain stance in the early days fit me especially well. it was all about me augmenting my brain to enrich my life, but then it became a "workspace"... still, evernote seemed to at least be that independent alternative, but not anymore. now, i'll keep kt to myself, even if quite of it was already outside of evernote (i lobotomized my brain a few years ago and cut it out of evernote because of security / privacy concerns -- this first went into local notebooks, and then migrated out into another personal information manager).
  15. i wouldn't suggest evernote has been bought by google any more than i have been bought by the company that hosts my website on its servers. but, however irrational it might be to feel uncomfortable about having my data moved into the hands of a pioneer in global surveillance capitalism, available to be accessed by a number of its employees (past cases of an employee who abused this access and google handing over data to the government have been documented -- evernote has also handed over data), and run through another company's apis / machine learning software, hearing that it is all going to be ok just hasn't convinced me to abandon these reservations. i've decided to remove most of my data from my account for now. i want my external brain to be stored somewhere besides google (i've figured out a nice solution for my needs that also gives me zero-knowledge encryption). as always, evernote lived up to its promise and delivered an easy exit strategy. other people might feel fine having their brains in there. my risk threshold is simply set very low. however, i'll still make use of evernote every day and i'll still be a premium member for the forseeable future. there are other uses for the app/service besides holding my brain. i hope this move by evernote works out as well as they hope, and that my "irrational" fears are unfounded.