GrumpyMonkey

Guru
  • Content count

    11,455
  • Joined

  • Last visited

Community Reputation

3,944 Your Knowledge Knows No Bounds

About GrumpyMonkey

  • Rank
    None

Recent Profile Visitors

100,182 profile views
  1. One of the reasons I have been advocating for an encrypted notebook of some kind (zero-knowledge, of course, not this plan of handing the encryption keys over to Google that we have for our data at rest) is that it removes "trust" from the equation and allows users to control the amount of privacy they want / need. That way, we can really keep everything in Evernote, and do it without hassle. Encrypting everything before putting it onto the cloud is a bit of a pain, to be honest, especially when we are talking about thousands of files. But, Evernote has nixed that idea (earlier in this thread), so the best option, for now, is to encrypt it yourself or use a third-party service like Saferoom (Evernote integration). In hacking news today, Yahoo! just announced the biggest hack in history. To me, that seems like another reason to push again for better encryption options. Actually, I barely need even the flimsiest of excuses to push for this I am not so much concerned about the physical security of Google's servers, to be honest (I am, but that scenario is a little less likely, and would probably involve a government seizure of some kind like the one we saw with Dot Com). In an ideal world, we would pay Evernote and Google to do some really cool stuff, but also keep the encryption keys in our hands. This would require more client-side processor work, but I'm OK with that. It won't happen, I know, but that is what I think would be ideal. As long as companies can access our data, so can hackers (state-supported or private).
  2. I do think that is an important distinction to make, and that is one of the reasons I am hopeful that this will all work out well for everyone involved. However, cloud services is still part of the same organization, and it is affected by company culture and policies -- this can be both good and bad. Google's attitudes towards privacy in the past could be a problem if they are still percolating about internally. I hope that is not the case. It's worth mentioning that after Snowden's leaks, Google was extremely aggressive at responding to its vulnerabilties and, in many ways, pulling ahead of others with security, so that aspect of Google's culture might well have changed. AWS or Google aren't sufficient on their own to protect us. Interestingly, moving to the cloud sometimes invites some truly terrible data breaches, as residents of AWS have found. As far as I know, Amazon has not been directly implicated in them. Instead, errors made by staff in companies are apparently to blame. Still, the point is that it isn't easy being a steward of someone's data, and you want someone handling it who is trained, professional, and careful. Evernote and Google seem to have this mindset, so fingers crossed.
  3. Actually, as I recall, deleting data on Evernote will get rid of it and your note histories so that you cannot access it. However, it takes a few months for it all to get cycled out of the system. There are backups and so forth. I'm not sure if those are going over to Google or not. You might want to start a support ticket and ask them directly. I am probably a little more paranoid or security conscious than I need to be, but I do think we ought to be taking people's concerns seriously in this thread. We may not agree with them, but we should also respect them. I think there are reasons why people are leery of Google -- a company that has pioneered surveillance capitalism. Besides its regular policy of mining our data (many folks are thinking of that when they see Evernote's plan), which I think we all agree is against the rules in the case of hosting our data on its servers, Google's been hacked by a couple of governments (China and the US), it's handed over a lot of data to the US government (it complies something like 95% of the time -- the percentage is much less for Apple), and it's broken laws (German data protection laws). These are just the systemic, large-scale problems. They've had at least one employee abuse his access to user data to stalk kids. And, their CEO has infamously said about privacy that if you don't want people to know something, don't do it. These are facts. Some people look at them and draw the conclusion that Google is evil. I don't. I look at it and I see yet another company putting many, many things ahead of user privacy. Privacy isn't their first priority and the CEO does not value it as much as I would like. But, the truth is that there are all kinds of companies who have much worse track records. In fact, I think the hack of Evernote a couple years back was an especially bad one, even if it didn't ultimately result in the kind of damage we have seen with other companies. Evernote has the right attitude, most of the time, but that isn't enough. So, I'd say it is fair to at least be concerned about how your data is being handled by Evernote and Google, and I wouldn't dismiss the concerns of fellow users so quickly as tin-foil hat conspiracy theory nuttiness. After Snowden, I think we all realized that the reality is even worse than many of us imagined when it comes to how vulnerable we are. After the comments from Ben in this thread (I encourage people to read through them), I'm actually inclined to give them both the benefit of the doubt here, as I think Google has a lot riding on getting security / privacy right here, and Evernote has fully committed to its three laws. I still have my reservations, and I've taken appropriate steps with my own account just in case (erased much of the data, because it was of a semi-confidential nature), but I also don't plan on leaving Evernote anytime soon. It still has its uses -- I just want to keep less sensitive data in it from now on. Is this the paranoid ravings of a lunatic? After reading the stuff above, I hope no one thinks so, but for my use case, I'm just not ready to rely on "trust." I prefer zero-knowledge encryption and then "trust"
  4. Hi Ben. I think you've been consistent and clear so far in answering concerns about Google's access to our data, but I wonder if you could go over it again regarding two specific questions: 1. As I (mis?) understand Google's API policies for developers, they reserve the right to monitor the use of the APIs for various reasons, including to ensure that they are being used in a proper manner (security and so forth). This means that there are at least two points at which Google employees will be accessing our data: at rest on the cloud and when Google makes use of the APIs. Is this correct? I think we have already covered the fact that employees (a limited number) will have access, and that makes sense (would we expect otherwise?), but I just want to confirm which situations might be included. 2. More to the point, they typically also reserve the right to use data shared with them through APIs to improve their services. I am not talking about targeting ads here, but about improving the accuracy of their machine learning. Doesn't this imply that they will be using our data (or data about our data). The conventional API agreements may not apply here. I don't know. I'd just like a clarification of this. Perhaps it really is the case that Evernote passes its data through the APIs and Google has absolutely no relation with the data beyond supplying the hardware and software to churn out the results. This doesn't seem to be the case in regular use of the APIs, and that is one of my concerns here. Again, I am not trying to imply some kind of nefarious activity is occurring. For example, Apple with iOS 10 has apparently introduced "differential privacy" (an interesting euphemism for data mining) in order to gather data for its machine learning (as I understand it). It seems to be rather widespread to gather data in this way (Microsoft with Windows 10 also does it). Just because everyone is doing it doesn't make it right (as our moms would say), but that also doesn't make Google evil.
  5. ok. we've got brexit, obama, obamacare, muslims, and evil in here now. the first three are political and the fourth one is religious. these are off-limits as per the forum rules (and generally best avoided anyhow as very, very problematic analogies). the last one is philosophical, and probably a difficult one to really discuss here, since it hinges on ones definitions of good and evil, assuming you even believe such absolutes exist. but, it's technically ok for this forum! i wouldn't lump poor ben (the evernote employee) in with this forum's "gurus," especially when the title is automatically generated by the forum software when you reach a certain number of posts, and has no other significance beyond that. but also because at least one of the guru minions (me) is strongly opposed to evernote's plan. i think i even went so far in one of the posts to say that if evernote abandon's its physical existence with the servers it will be tearing the heart out of the company. that hardly sounds like someone who is on board with the idea. but, what do i know? and, more importantly, does it matter? after all, evernote isn't seeking our advice, and they are unlikely to change course because we have misgivings about a company. the best we can do here is register our disappointment (or glee), urge evernote to ensure that none of our data (or data about our data) is given over to google through the use of google's services (or, urge them to hand it all over and churn out the magic of "big other"), and make any preparations we need to based on our own use cases. finally, this is a community of your fellow evernote users, and whatever you might think of their ideas or reasoning, it'd be nice if we could all treat one another with respect, particularly if you are hoping to persuade them to change their minds.
  6. good points. yeah. although i jokingly referred to myself as the commander adama of the discussion (no networked computers on my battleship!), that's only partly said in jest. i'm fine with letting out some of my data for google and others to play with, but i actually don't want a lot of my stuff integrated, i'm not interested in taking advantage of apportunities, sharing it with others on work chat (i have colleagues, but no "team" to annoy like this), or running my data along the bleeding edge of tech gimmicks to see what happens (the voice stuff google is selling doesn't interest me yet). i've got a chunk of data (maybe 8gb in total) that is my external brain. i prefer to keep that as accessible as possible on my devices, while also as unconnected to other entities as possible -- it's a little bit difficult, but evernote's anti-social media / pro secondary brain stance in the early days fit me especially well. it was all about me augmenting my brain to enrich my life, but then it became a "workspace"... still, evernote seemed to at least be that independent alternative, but not anymore. now, i'll keep kt to myself, even if quite of it was already outside of evernote (i lobotomized my brain a few years ago and cut it out of evernote because of security / privacy concerns -- this first went into local notebooks, and then migrated out into another personal information manager).
  7. i wouldn't suggest evernote has been bought by google any more than i have been bought by the company that hosts my website on its servers. but, however irrational it might be to feel uncomfortable about having my data moved into the hands of a pioneer in global surveillance capitalism, available to be accessed by a number of its employees (past cases of an employee who abused this access and google handing over data to the government have been documented -- evernote has also handed over data), and run through another company's apis / machine learning software, hearing that it is all going to be ok just hasn't convinced me to abandon these reservations. i've decided to remove most of my data from my account for now. i want my external brain to be stored somewhere besides google (i've figured out a nice solution for my needs that also gives me zero-knowledge encryption). as always, evernote lived up to its promise and delivered an easy exit strategy. other people might feel fine having their brains in there. my risk threshold is simply set very low. however, i'll still make use of evernote every day and i'll still be a premium member for the forseeable future. there are other uses for the app/service besides holding my brain. i hope this move by evernote works out as well as they hope, and that my "irrational" fears are unfounded.
  8. I just want to be clear about exactly what is happening, or what is supposed to happen, and I don't think Google is "spying" on anyone. Their business model for gmail and searches is pretty clear -- they give you a tool that helps you while also allowing them to collect your data,p. you use that product, if you want. use something else if you don't. But, they are pretty up front about it. You are the product. Spyware wouldn't be so open about it. In this case, the principles and agents are a little less clear, and I am not exactly sure about who is doing what. At this point, I think I'll just change the way I use Evernote so that I keep any data out of it that I wouldn't want kicking around in its servers. That'll put my mind at ease, and Evernote makes it easy to export. Apple Notes? Well, I guess it's free if you don't count the expensive Apple device you bought. Apple doesn't appear to be mining our data, and you have one-touch, extremely convenient encryption of notes, so there are some nice benefits. I use it as well for some things, but the lack of easy export options makes it pretty unappealing in the long-run. And, be very careful with things like sync conflicts.
  9. I didn't find it that clear (see above), perhaps because I lack the technical background to comprehend how this works, or simply don't have the intellectual capacity to grasp it, but thank you.
  10. I assume Evernote is paying money to use their servers and to access their technologies. I imagine they got a pretty good deal, as the CEO has Google connections, and Google is a relative newcomer in this space. I think the arrangement on the surface is pretty standard: a company puts together the infrastructure (a pretty massive undertaking), it gets certifications (acknowledging its ability to maintain security), and it sells space to companies. Then, the cool stuff happens, because companies can make use of Machine Learning (ML) supplied by Google to analyze and manipulate the data. For example, an ML system can draw on the knowledge it has gathered about images to take a look at your image, dissect it into its component parts (sum, moon, house, etc.), tell you exactly where it was taken (another photo of Notre Dame in August!), or lump it together with similar photos in your library to create a kind of photo album (Apple showed off its version of this technology the other day). I assume the OCR of images, PDFs, and handwriting will improve as well. If they were so inclined, they could probably also figure out how to sort your data into the most relevant tag / folder groupings as well, so you don't have to do any more thinking on your own. Cool stuff (if you don't like thinking). My question is, where does the ML get the data it needs to do these amazing things? Sure, it already has gathered a bunch and used that to build the existing tech. But, it will have to continue "learning" by gobbling up images (and so forth) to create better results -- is the data from our images (after being passed through Google's API for this cool stuff) going to be used for this purpose? Technically, the data about our data is not "ours," at least according to Google, because it is "anonymized," but it isn't exactly Google's either, is it? Hmmm... Now, if Evernote says that it will store its stuff in Google's servers, and make use of Google's services, but no data whatsoever (usage statistics, data about our data, etc.) will be used by Google for any other reason (to improve ML or anything else), then that is a pretty strong claim about the security and privacy of our data. In effect, Google will be closing its eyes when handling our data (at least, legally it would be compelled to do so, but conspiracy-minded folks might not trust it -- that's another issue). I am unclear on this point. In fact, everything I wrote above might be wildly off base, and it would be nice to see a correction if I am completely confused about this. So far, all I hear is that Google won't use data in a way that they didn't agree to in the contract, but we cannot see the contract, so this is kind of vague, isn't it? Why do I care? Well, this is my data that I created and it is something I am unwilling to share with others willy nilly. It's my "secondary brain." I don't email it. I don't post it online. I keep it for my own uses (research and personal). It isn't confidential (that stuff I don't put on the cloud unencrypted anyhow), but it is private, and I'm not interested in giving it to Google (in any form -- metadata or otherwise). I suspect Google does glean something from my data on their servers, and if I take this stance then Evernote will have to say the service isn't for me (or, at least not for the use I have envisioned). I am guessing that I will simply have to abandon the idea of using Evernote as my secondary brain (other people's external brains might be less private), and shift to something a bit different (there are many, many other potential uses for Evernote). I don't think we need to go into conspiracy theories here. At this point, I think it is just unclear exactly what is happening with our data even in a best-case / non-conspiracy situation. We can put on our tin-foil hats later
  11. or, at least the loss of our jobs and our selves (sometimes these two are inseperable) in a post-privacy world of unlimited capital and data accumulation in silicon valley. i probably ought to welcome my big data masters before they take over and compose messages to one another here on our behalf.
  12. i enjoyed it all the way until the end, and was ok with the anti-networking stance (hard to see it in a spaceship, but i can pretend that they figured out a way to make it work), though i was never convinced by things like the cylon plan or some of the stuff like head-angel baltar. the fat suit was fun thanks. i think we've established that the migration will give google employees access to our data, similar to how evernote employees have access, so there is that. it might not seem like a big deal to some people, and it probably isn't, but it is a huge change from the past, in which physical access was extremely restricted, and we could probably count on only a handful of employees ever having remote access to our stuff. the same situation, of course, exists in aws or azure. aws, i believe, can be hipaa / ferpa compliant (evernote is not), so that says a lot about its ability to protect data. google is hipaa compliant with some services (does this include the stuff evernote is using?), so that is nice as well. but, it is where we hand over data for processing that i feel like i lose my grasp on what is happening. for example, paying customers of google's services (education) fed google their data, and google monetized that data (i am sure that was in accordance with some contract we never saw as well). they did the same with their government customers. i don't know if they still are. it wasn't illegal or "evil," but as a student and later a faculty member caught up in that data collection, i wasn't too happy about what was happening. so, i am a little wary of trading my security / privacy for convenience or fun new stuff. if the data just passes through google's hands, the api does its magic, and no data is collected (anonymous or data about our data), then that would be a nice thing to clarify here.
  13. I guess it comes down to your tolerance for risk -- in this case, the risk that your data will be used / accessed in a way that you do not want. Call me the "Adama" of the Evernote world, but it's an integrated computer network, and I will not have it aboard my battlestar! I want my information in silos where I put it, and I don't want it connected to doodads in the Internet of Things or floating around on Google's servers. I already give Google plenty of data. This is stuff that I don't want to give them, whatever their contractual obligations (a contract we can't see, so that isn't really an explanation, in my opinion). If they don't have it, they cannot do anything with it. Hence, my desire for zero-knowledge encryption. We don't have to rely on trust so much if it simply isn't accessible. But, Google screens its employees and promises to follow the rules, right? OK. Explain contracts and rules to the kids who got stalked by a Google employee who abused his access to customer data. Am I saying Google is evil or that this employee is representative? No. This is what happens when humans do something. There are going to be folks who do things they shouldn't in any organization. But the risk would be greatly mitigated if they didn't have so much data on hand to muck around with, and if we didn't dump it all in their everything bucket. Sure, it's encrypted, but they have the key, so that is a little like placing it under the doormat and saying the door is locked. Of course, Google assures us that they thoroughly screen all employees and third-party contractors. Maybe they have their own Rick Deckard on call to weed out the bad folks from the good ones, and maybe it works. I don't know, but bad things happen even when the employees are all doing their jobs (I am sure that a few politicians in the news could tell you their feelings about emails and security). Stuff gets hacked. Stuff gets out. And, you can avoid some of these problems by keeping your data away from folks whose business is built on mining data. I don't think anything I've said here is conspiracy theory nuttiness. Google will be collecting our data (as I understand it), it will be "anonymizing" it (to the best of its ability), and that data could get accessed without our consent or used in ways we may not like (if past precedent is any indication of future possibilities). Now, if you are already using Google stuff, and your threshold for security / privacy is not especially high, because you place far more importance on the magic that these two companies are going to make together, then this is a wonderful business decision. I don't think I have an absolute criticism of anything here at the moment -- it is a relative one based on my security / privacy threshold. If I want to stay with Evernote, I need to dial that down a bit. Or, it might be better to say that I have to re-evaluate my security / privacy "needs," because there is plenty of security and privacy to be gained here, if encrypted data at rest, for example works for you. And, that will be good enough for many users. I'm just thinking out loud here. Actually, the decision has been made by Evernote already. It's up to us to decide if we want to accept it.
  14. Thank you for the very clear explanation. Besides my relatively un-informed opinion, the conversation has generally stayed on track thanks to your quick, clear, and thoughtful answers. It avoids a lot of craziness and allows us to focus on specific "real" issues. My understanding is that Google can take information that passes through its hands and use information gleaned from it ("anonymized") to improve the performance of its tools. Doesn't it collect data on usage? That's my understanding. It's something like Siri, which does not collect your data to create a profile about you, but collects data about that data in order to improve it over time. As dudeman313 pointed out, this is an unclear point. And, it's the point where I am the most uncomfortable. Sure, if it was working as grahampcharles said, with Google just closing its eyes and passing stuff along, then no one would have any concerns, but any time our data passes through someone's hands unencrypted, it "can" be read (perhaps "must" be in order to make use of Google's services), and it "can" be copied ("anonymized," of course) or used in ways that we may not like. This might sound like tinfoil hat stuff, but companies through hacking or on purpose release this "anonymized" data on a fairly regular basis (Yahoo, Netflix, and other come to mind). There is a lot of it floating around. Smarter people than me then go through that and "de-anonymize" the data (an old problem Apple is trying to solve in a "new" way that looks a lot like the old one to me). This has been happening for years now. My point here is this: until now I've accepted Evernote's internal data mining as an extremely unpleasant policy, but relatively benign, because it isn't (as far as I know) connected with anything else beyond attempts to improve the service. Presumably, Evernote used it for Evernote's algorithms (such as the creation of the handwriting recognition service that began years ago with users submitting their handwriting) and to gather information on usage. And, that was the end of it. However, Google is different. The very tools that Evernote is using at Google to improve Evernote were made possible through the gathering of data such as the stuff that exists in our accounts, and who knows where that "anonymized" data is going as Google uses it to further improve their tools. Google literally keeps this data forever ("anonymized") and there is no going back once you have run your stuff through its services. It's cool what Google is doing. There is nothing evil or untrustworthy about it. Actually, they seem pretty up-front about it. But, I am unwilling to submit my Evernote data for such a purpose. I'll grudgingly give up my search data and my email data (trying to be careful with what I type or send, but I suspect Google knows more about me than I do), but I won't give it the stuff in my account. One of the reasons I have used Evernote for nearly a decade now has been to avoid giving Google or any other data mining company any access to this data. That's why I am so resistant to this new plan. In fact, in contrast to grahampcharles, I see this as tearing the heart out of Evernote. Evernote was quite literally built on the premise that it controls the servers and effectively is a cloud service provider (Evernote may not have been "in" the cloud up until this point because it "owned" part of the cloud!). I am kind of surprised more folks aren't up in arms about Evernote abandoning this part of their infrastructure. People are upset about a device limit and some higher prices, but not about giving their data over to another company (yes, I understand that I own my data as long as my name is on it, but "my" data isn't mine when it is "anonymized," is it)? Obviously, I am the outlier here. That's cool. As grahampcharles suggested, this is going to have some clear benefits for Evernote (clear if you assume that there will indeed be cost savings and that this really is a more secure solution). And, I think Evernote could easily make the argument that all of this is "relatively" secure and promises a lot of opportunities for innovation (perhaps not the stuff I want to see, but new stuff nonetheless). And, this ought to be satisfactory for folks who are already using gmail, Google search, and keeping everything in GDrive. So, carry on! But, based on what I have seen, I still have my doubts about the wisdom of this move. The devil is in the details... If I'm wrong here, let me know. This is all well outside of my realm of expertise. If Evernote could say that it will use Google's services, but Google won't use any data related to that usage ("anonymized" or otherwise) in any other way, then I think that is a different story.
  15. Why? In regards to data mining, it only says "We pledge to you that we will not engage in any data mining of your Content in order to target advertising at you." That seems to leave a lot of other purposes for data mining wide open. It's nothing nefarious. Lots of companies have similar wording. But, I'd prefer to see them say something to the effect that "we do not engage in any data mining of your Content." I could do without voice stuff in exchange for stronger security Evernote says: "Google will not process data for any purpose other than to fulfill our contractual obligations." But, we cannot see the contract. So, I am not exactly sure what that means. Again, nothing nefarious, but it seems to leave a lot of room open for something like aggregating our data ("anonymously") and allowing Google to use it for stuff like voice feature improvements. At any rate, they left the door open for lots of collaboration with "We are not releasing any new integrations between Evernote and Google at this time." Again, nothing nefarious here about two companies working together to improve the product and our experience, but there is a trade-off here, I think. I am guessing that cool things don't happen if data just sits there, only to be touched by us whenever we scroll through our notes.