GrumpyMonkey

It's complete access to your account or no access with the Evernote API. As mentioned previously, Saferoom couldn't function properly otherwise. The kind of restrictions you mention do not exist on Evernote's end. There's nothing that Saferoom can do about it.

I think Saferoom has been pretty clear. As mentioned above, zero-knowledge is usually used to mean that no third party has access to your encrypted stuff. The third party doesn't keep the passwords, and even if they were forced to turn over their data, or had their servers hacked somehow, the content will still remain encrypted (there is, of course, no guarantee that a state-sponsored hacker couldn't eventually decrypt the files, but that is another issue having to do with the state of encryption technology). Saferoom implements this approach as much as possible. As you correctly noted, and as the developer confirmed, Evernote's API is set up in a way that requires third-party apps to have access to everything. This is a serious limitation in the Evernote service, in my opinion, but it is nothing that we can do anything about -- you'll have to trust Saferoom's developers. They've provided explanations and been as transparent as they can be, but we are all working within this Evernote API limitation (there was talk a few years ago on these forums about having some kind of way to restrict access to certain parts of accounts, but nothing came of it). Evernote has also been pretty clear. When notes are deleted, that data is immediately gone from a user's perspective, though it may linger in Evernote's servers / backup servers for a year or so (I think this was mentioned in the forums somewhere -- it appears that it might be extremely difficult to access at that point, but it is a risk). https://blog.evernote.com/blog/2010/04/14/new-premium-features-note-history-and-50mb-notes/ If you delete the note and then empty your trash, the note, along with its history, will be permanently removed. Remember that emptying your trash doesn’t affect your quota in any way, so the only reason to do it is if you want to permanently remove the note and all of its previous history. Remember that any notes that you create in “local only” notebooks on our desktop Windows and Mac versions never leave your computer, so we won’t keep past versions of those. Also, If you move a note from a synchronized notebook to a local notebook, we will remove the note from our servers, along with any older versions. The takeaway? Don't put something on the cloud unless you are OK with anyone in the world reading it. If you feel a little hesitant about that, encrypt it first, or keep it in a local notebook. iOS makes this a lot more difficult to do, and that is one reason why I use the iPad a lot less these days for content creation, but it can be done. Ideally, though, you'll work with a laptop.

as always, i recommend reading the terms of service and privacy policies. personally, i don't see this as a serious alternative to evernote, especially for a power user. your mileage may vary. https://www.everhelper.me/terms-and-contitions.php https://www.everhelper.me/privacy.php

they've been spamming the forums: i'm not interested in their business tactics. not interested in the product. definitely not interested in the privacy policy. i'd stay away from it, but your mileage may vary.

i understand the use case, but passwords seem kind of meaningless to me when everything is still searchable (mac) and unencrypted so that anyone with basic computer literacy can rifle through your stuff. the problem on a computer has a simple, elegant, and considerably more secure solution: a guest user account. a single click and you can hand your computer over to someone without any worries about them indg your data (assuming a friend or relative sitting next to you -- a hacker would make mincemeat of this). when you step away from your computer, just turn on the password-protected screen saver (a swipe on the mac using hot corners). problem solved, right?

yeah. this is the kind of stuff microsoft does that makes me question their commitment to customer privacy / security. http://arstechnica.com/information-technology/2015/12/microsoft-may-have-your-encryption-key-heres-how-to-take-it-back/ why they would do such a boneheaded thing is beyond me, but it might have something to do with fears about users losing their own keys or concerns about answering government demands to unlock devices. in contrast, apple gives you the option (in a popup) of sending your data if you want. otherwise, apple says it doesn't know how to unlock your devices, and it doesn't care what is in them, because it is your stuff. nice. if you are going to do encryption, then you ought to do it right like this. my hope is that evernote will someday follow apple's lead, offer zero-knowledge encryption of notebooks, and just be done with it.

i figure that if data gets out, that's a failure, whatever the reason, though you are correct that i would probably not be exposing myself to risk of litigation or anything like that. it appears from the documentation mentioned that ms is using zero-knowledge encryption, which is great news. however, they do the same thing with the encryption of your hard drive while sending the encryption key to headquarters. bad news. they've got such a spotty record, it is difficult for me to trust them. it would be nice if this was the beginning of a new attitude towards security for ms. at any rate, it is pretty clear from evernote's competitors (devonthink, voodoopad, onenote, etc.) that encryption is technically feasible. this suggests that evernote has other reasons for not implementing it at the note or notebook level.

i don't know about legislation (users who are interested might want to visit the eff site), but the app is what it is, and i doubt there is much incentive for evernote to spotlight its weak points, so i don't expect that will happen. the security situation is fairly easy to ascertain by googling a bit. as for microsoft, i am not convinced yet about how secure its products really are, especially after the snowden leaks revealed its complicity in giving out our data by opening up skype, bypassing encryption, etc. and, of course, they also spied on their own users in the past (hotmail). the news today is that democratic presidential candidates are even avoiding its free software offers because they don't trust it. i mentioned onenote as an option, but i can't recommend it to anyone who is concerned about security. it could just be my ignorance or paranoia, of course...

I wish that Evernote had zero-knowledge encryption for everything, but it does not, and I doubt it ever will. Some people argue that Evernote would become unusable if it did have zero-knowledge encryption (things become inaccessible, unsearchable, etc.), but I believe they are incorrect (see link below) and, while it may be a fight between ease of use and security, the hurdles are not so high -- I think you'd be surprised to find out how convenient security can be. COMPLIANCE Evernote is not HIPAA compliant and they don't intend to be (last time they talked about it). Evernote is (understandably) taking a hands-off approach to the thorny issue of "compliance" with other laws, saying in their TOS: "you agree that you are responsible for complying with the U.S. Children's Online Privacy Protection Act (“COPPA”) and, to the extent applicable, The Family Educational Rights and Privacy Act (“FERPA”). As far as FERPA goes, I think that if you are an educator including unencrypted data on your students in your account (names, grades, papers, etc.) then you are exposing yourself to quite a bit of risk, and I would strongly urge you to avoid doing that. The University of Michigan, for example, prohibits faculty and staff from using their accounts for such things. http://safecomputing.umich.edu/dataguide/?q=node/62 ALTERNATIVES Encrypted alternatives to Evernote exist, beginning with the most obvious one -- OneNote. I'm still unclear about the details with it, especially when working on mobile, so I cannot say this is the best solution for your situation. Personally, I don't use it. I much prefer DEVONthink (OSX and iOS), which provides encrypted syncing through Dropbox (if you want) or syncing through wifi / bluetooth (avoiding the cloud entirely) for mobile devices. http://www.christopher-mayo.com/?p=1605 EVERNOTE You can still use Evernote for some things while using another app for others. Evernote has a ton of great features, amazing developers, and lots of potential. Certainly, the effortless syncing is an amazing feat that no one else has quite managed for notetaking / personal information manager apps. As my career has changed and I've had to deal with more and more sensitive information (my own and that of others), I've had to use Evernote less and less, but if I was still a student or had a job that didn't require me to take measures to protect data on the cloud, I'd definitely be using Evernote a lot more. I hope they change their position on encryption / security, but until then, you may want to try out the alternatives I mentioned.

Turnover at the top has been the new normal for a while now. Sinkov's departure wasn't expected, but it isn't a surprise either. I had the opportunity to talk with him a few years ago, and he struck me as a sharp guy, so it's Evernote's loss, but I'm sure there is other talent out there. Until Evernote gets its momentum back, we can probably expect more news like this. It's too early to tell yet if this signals the beginning of the end or a new beginning. Whatever happens, though, I doubt they are abandoning a bunch of products and platforms to focus on Linux

hi. thanks for,this. it's difficult to overemphasize how important this is. my evernote account simply wouldn't fit in my computer without taking measures to radically shrink it in 2012. https://discussion.evernote.com/topic/29245-how-to-optimize-your-evernote-experience/ as we head into 2016, four years later, i easily have several times as much data in my daily files, and it has even less chance of fitting onto my drive. it would be good for evernote and its users if it could scale better.

Hey, it's Spamerta Moll, our local Centrallo plant. Read some of her greatest hits here. https://discussion.evernote.com/topic/75439-sync-problems-again-and-again/?p=388351 My recommendation would be to try whatever app you want, but don't rely on her for advice / testimony.

i think it is much easier to use a dedicated app for this purpose. i used to keep the files in evernote (for searching and storage) and save them as plain text files outside of it. http://www.christopher-mayo.com/?p=669

hi. a more aggressive solution might be this: http://www.christopher-mayo.com/?p=127 the only ammendment i would make is that i now use spideroak instead of dropbox for security reasons.

Thanks for sharing some of the details. I think it helps users to understand the challenges you face, the efforts you are making to improve it, and some of the things they can look out for in testing. My recommendation would be to continue sharing (what you can) of the "mundane" stuff as well, because for many of us, it isn't the "sexy" new stuff that attracts our attention, but the incremental improvements that help the product function better. This kind of attention to detail is much appreciated, and I feel it inspires confidence in the developers. Just my two cents. Good luck with the upgrades!

I appreciate the attempt to implement new features, God knows Evernote is in desperate need of note editor because even note editor in forums here is better. That being said, a legitimate concern and question I have to ask, based on the quote from you posted above. I'm sure you can understand. Perhaps you personally are not responsible for any of it but you do wear Evernote banner so in a way you are part of the organization.You said "We can promise to listen to your feedback and work tirelessly to make every version of Evernote’s editor better than the last. If you have feedback on the editor, we’re here to listen." Evernote has a long and embarrassing, well documented history of doing precisely the opposite of what you now claim. No feedback (just browse this forums here and its really easy to see) and ignoring user requests. e.g. Evernote beta and other examples. So why should we trust you or even be excited about your promise when actions speak to the contrary? I ask this not to troll but to see if you are man of your word. And is this something worth investing time into. From testing beta to following its progress to actually sticking with your product vs alternatives such as Onenote for example. Can you please answer my question and prove that we the loyal users are not being brutally ignored once again. Thank you. i don't think we can hold one individual to blame for the sins of others (perceived or imagined), especially when it was a multiple team project undertaken over multiple years with a shifting staff of developers working under different leadership. in short, i don't think he (or anyone else) can satisfactorily respond to your question about whether they are a man (or woman) of their word. even if such a thing could somehow be demonstrated here, there is a lot more going on here -- "listening," for example. listening does not mean responding to user requests. it doesn't mean implementing them. it doesn't mean ignoring them. it means listening, which really isn't going to be very easy to observe by those doing the speaking. at any rate, as far as trust and so forth goes, it's a beta and you can give it a shot or not. i'm interested in what is happening under the hood, so to speak. this is a project years in the making, but i guess that means there has been a secret team toiling away on it, so it must be big. is this still enml? will it "mess up" existing notes. what exactly does it mean to tear out old pipes and rebuild them entirely? i don't even understand this mixed metaphor. shouldn't it be "tear out the old pipes and replace them entirely" or something like that? what are you replacing here? what are you replacing them with here? what does "sharper" mean in the context of bullets? what does it mean that "typing" will be improved when other forum posts mention interest in incorporating handwriting? some technical details rather than unintelligible metaphors would be appreciated. we can handle it, especially if it has to do with the integrity of our data.anyhow, it is good to see evernote commit to this project of improving product quality. this seems to me a fine way to approach the future and will please a lot of users. keep up the good work.

Hi. Thanks so much for the kind words. I think you can find the public urls, but they are not published in any central location, so it is hit or miss / invited or not invited. I don't think Google indexes any of the content either. That's too bad because, as you said, there is tremendous potential here. One could also argue that the additional advertisement opportunities would add to Evernote's bottom line. Unfortunately, though, Evernote at one point suddenly (no warning) removed the ability to make notebooks public (for free users -- they later brought it back) and has not done as much as they could have with the existing public notebooks -- in fact, it seems to me that the "hidden" nature of the sharing makes it unlikely they'll be used much from here on out, and they will continue to look like an "unpopular" feature. I consider them an insufficiently developed one. They're almost there, but like some other things, not quite... The shared notebook you linked to for us, along with some of the many others I found and created an index for, show how exciting this could be. One of my favorite use-cases is the one for students who can handwrite notes, photograph their notes and/or the blackboard, and then share the notebooks with one another (similar to what I wrote about on my blog). http://www.christopher-mayo.com/?p=1724 Think how great it would be for many students to be sharing their notes and comments on the lessons with one another every day. It would be a resource for them all to build upon in the future as well. Five or ten years down the line, the content they learned would still be surfacing again and again in searches or related notes. Alas! It isn't going to happen. But, it could. I would really like to see extremely private notes (zero-knowledge encrypted notebooks) and extremely public ones (shared notebooks that not just 100, but millions or billions of folks could join) living together in an account with appropriate firewalls between them (right now, the mess of shared tags, notebooks, and unintended sharing is far from ideal). Third-party apps can do some of these things, but in the end, you have to share 100% of your content with third-party developers before you can do anything. Without any control over what they can and cannot see, and without extensive encryption, it is tough to recommend using any third-party apps with educators who handle personal data on students. Anyhow, the potential is out there, and we are all hoping Evernote will re-consider some of their development decisions. We have 92 or so years to go with the company, so there is still some time

this is for a corporate environment in which the corporation is given control over the function of the keys (quite a bit of control, in fact, with lots of options). this sounds like a good thing, especially for a company who wants to use encryption widely. for individual users, my understanding is that you can encrypt with zero-knowledge encryption -- only you have the key.

unfortunately, windows is kind of barren right now. it sounds like onenote isn't the answer either, though sections seem light years ahead of text (evernote). on mac, i'd recommend devonthink, which syncs without the cloud at all. if you want to sync via dropbox, it works effortlessly, [EDIT: security issue it had with DB resolved]-- a combination of spideroak and indexing makes everything available on any platform. it works really well. http://www.christopher-mayo.com/?p=2376 voodoopad recently revamped its backend to increase encryption security, but the app is really slow to get updates, so it is difficult to recommend. it is the only app, though, that has managed to get encryption + dropbox sync working seamlessly (when devonthink revises its security, it will be a better choice, i think). if a single independent developer managed to implement seamless encryption years ago, why can't evernote's team of dozens do it? nvalt also has encryption, but only for text (what it is built for). it's been humming along for years, but brett is working on something new, so we might have yet another mac option soon. again, one guy managed to do what evernote's team couldn't / wouldn't. there is still no one like evernote (on every platform) who has mastered encryption, but onenote is inching ahead (in my opinion). i doubt the onenote team (or any of the other developers) are "better" than evernote's. they just decided encryption was necessary, and evernote hasn't made that decision. this is a great time for evernote to stand up and distinguish itself as the most secure notetaking / personal information manager for everyone. i wish they would. [EDIT]: added a bit more stuff.

Is there a Windows program that has zero-knowledge (trust no one) encryption and is searchable? onenote? i don't know about searching (sorry, i don't use it). my problem is syncing with other devices, and when it comes to that, there are only a couple of osx / ios things out there. if you only use one device, get a surface, use evernote local notebooks, and you are all set.

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable. i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security? 0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it. if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

i think anyone with physical access to a computer is in a pretty good position to eventually get at your data, unfortunately, depending on their resources (time, money, manpower, expertise). If you turn on file vault on your mac (free and easy to use), you greatly increase your security. In fact, it doesn't matter if an app has password protection or not, because with file vault everything is under lock and key. the problem with evernote is that your computer may be locked down and quite impenetrable to most folks, but Evernote takes data out of your computer (zero-knowledge encryption), which is only accessible to anyone in physical possession of it, and then it sends it to evernote servers (with no encryption), which are open to the world. password protection is nice and all, but without security (encryption), it is window dressing.

Can't agree with Metro on this. Forum flags are at half mast today. From a selfish point of view, this is terrible news, and it means that I will continue being unable to enjoy using Evernote for the forseeable future. It is exactly the wrong way for the company to go, in my opinion. As for reducing any capacity, not necessarily (not at all in competitors) and certainly not if you don't use it, which is the same as if it is not there! But, I'm glad to see Evernote has carefully considered it, decided it doesn't fit their vision / isn't a priority, and let us know where they stand right now. Making it clear what is going on is the way to generate goodwill and grow the business, especially if any solution like this is, at the very least, months or years down the road.

no plans that i am aware of, though a year or two ago the then-ceo suggested plans for "sexy" encryption, so i guess you never know. evernote generally doesn't discuss its plans. try saferoom for a third-party solution.

i'm no expert in security or encryption, but i don't think sharefile is any more secure than dropbox. they hold the encryption keys. this means that they can rummage through your account whenever they want. they'll also unencrypt it and turn it over to the us govt. if asked to do so. and, if they are hacked, your stuff is at risk. i'd recommend spideroak imstead. without zero knowledge (i hold the key and no one else has access), there isn't much point in evernote introducing passwords for notebooks.