Jump to content

why?

Level 3
  • Content Count

    70
  • Joined

  • Last visited

Community Reputation

29 Good

About why?

  1. I would agree with GrumpyMonkey. EN is way behind in terms of security. For this reason I have now abandoned it, even though I still have a paid subscription. I keep checking back hoping they'll see the light. However, the longer they wait the more people will abandon ship; well, those who care about their data!. Voodoopad 5 is not yet Abandonware. An update was released Dec 2015. I'm hoping they'll release a version six soon. I've been beta testing the new Devonthink Go 2 iOS app and it's fantastic. It securely syncs all your data to ios. You can use their cloud, but I'm avoiding cloud storage without a clear zero-knowledge encryption. If you're new to EN, they I would encourage you to think clearly about what you're using EN for. It's great for many things, but not personal or sensitive data. If you need secure data then GrumpyMonkey has listed some good alternatives.
  2. Sorry for the duplicate content, but this is not my doing. There is something seriously wrong with this forum. Constantly getting errors. I submitted once and an error message appeared. I then pressed back and found the post on twice. Cannot seem to delete the duplicate post either.
  3. But isn't that a slightly different issue? You're talking about Microsoft be duplicitous. Those accusations could be made against every large conglomerate from Apple to EN. They may well offer encryption that they have a back door to. However, should sensitive work data be stolen in such a manner, I would be absolved for having used reasonable precautions in securing my data. 'Reasonable precautions' does not include duplicitous companies, or no one would be able to store their data anywhere. At face value, Onenote can encrypt an entire section. This data is encrypted on their servers and I have the password. If MS has a backdoor, that cannot be catered for. If MS does have a backdoor then they have been deceptive. Their documentation in Onenote states: If MS is duplicitous, then I suspect so are the rest. The PRISM programme was connected with all the big companies. My main concern is with the data on their servers and in Onenote it appears that it is encrypted with my password which is needed to access the data. Anyone hacking their servers still needs that password. This in my book is pretty good security. EN only offers this for text, whereas MS offers this for all information ins the secured section.
  4. But isn't that a slightly different issue? You're talking about Microsoft be duplicitous. Those accusations could be made against every large conglomerate from Apple to EN. They may well offer encryption that they have a back door to. However, should sensitive work data be stolen in such a manner, I would be absolved for having used reasonable precautions in securing my data. 'Reasonable precautions' does not include duplicitous companies, or no one would be able to store their data anywhere. At face value, Onenote can encrypt an entire section. This data is encrypted on their servers and I have the password. If MS has a backdoor, that cannot be catered for. If MS does have a backdoor then they have been deceptive. Their documentation in Onenote states: If MS is duplicitous, then I suspect so are the rest. The PRISM programme was connected with all the big companies. My main concern is with the data on their servers and in Onenote it appears that it is encrypted with my password which is needed to access the data. Anyone hacking their servers still needs that password. This in my book is pretty good security. EN only offers this for text, whereas MS offers this for all information ins the secured section.
  5. EN's security seems somewhat behind Microsoft's. Whereas there may be benign data, I believe that to be miniscule. I can understand the a web designer's portfolio or coder's code, may be benign, or perhaps a classes teaching material or a companies standard documentation. My difficulty is that with each passing year there are more companies being hacked and security is becoming a big issue. It's all well an good for EN to say you, the user, are responsible, but then they should stop telling you to put everything in it, that in my opinion is irresponsible. If you are offering a service for people to put everything in then you should jolly well make sure everything is going to be secure. If you cannot do that then there should be a prominent section in the documentation, website and purchase page, highlighting what you should not store in EN. EN has a far better handle on security issues than most users. That doesn't absolve them, but places a responsibility on EN to make sure they understand. And not in some policies hidden under piles of other polices. I would love to see legislation change to make the companies responsible. Banks are responsible for my money. If it gets stolen they are held to account. This is why they have high levels of security. Information, it could be argued, is a lot more valuable than money and perhaps it's time companies like EN treated it as such. If they did, then perhaps their users would too? By the way, Onenote is in front of EN in terms of security. The ability to protect whole sections is excellent. Also, EN only encrypts text, this is a massive short-coming. No attachments in EN can be encrypted. Onenote encrypts anything in the section you protect
  6. The difficulty is that there seems to be no simple solution. Although I appreciate the "encrypt the note content" method this is not viable with large amounts of data. Essentially for EN to be secure it needs to create a secure environment to work in. Much in the same way 1password operates. You login and do your work and log out. Everything remains encrypted and secure. In essence, encrypted environments do not seem to cover cloud or mobile well. Getting items encrypted is not an issue, there are many tools. Decrypting on the fly on any device is an issue. If this is not possible, then placing encrypted data in the cloud serves no purpose apart from backup. I believe that as information hacks and theft increase companies like EN will have to create such environments or loose custom. I've been very happy with EN, but the internet is rapidly evolving and sadly hacking is here to stay. I'm finding my use of online services decreasing simply because they are not secure, from email to sending text messages. Am I prepared to store years worth of data on company servers in an unencrypted form with the possibility that at some point the company may be hacked? No I'm not.
  7. Many thanks, I appreciate that HIPPA and FERPA are specific, but thought there must be some governing standard for businesses? Can they store their clients payments details in EN? I just seem not to understand how EN business works as I assumed that that would invariably include some sensitive data or personal information and would have to follow some government standards similar to FERPA. I know as UK charity you cannot use EN for personal information from those in your charity data.
  8. I think the real decision is to either separate clearly all sensitive from non-sensitive data and place the sensitive elsewhere. However, I don't think that there is any non-sensitive data, certainly not in terms of prolonged collection of data that EN encourages. Encrypted notes in EN are essentially the same as local notebooks as searching and reading them becomes impossible on mobile. Let's face it EN needs data unencrypted for it to be viable. Without that most of EN's features become irrelevant. Maybe the position I have arrived at is in setting my personal criteria for acceptable cloud storage. This has to be zero knowledge full encryption. So sadly EN is no longer suitable. I do wonder if anyone else thinks this way and if EN are going to have to offer this at some point or lose custom? What I don't understand is that if EN is not FERPA HIPPA compliant how can businesses be using EN to store sensitive client details? Do businesses have no legally required compliancy is storing customer data?
  9. Nope. For that very reason. Google are a massive concern as they do not respect anyone's privacy. I don't even use their search engine. Google are more like a virus that looks to get its tentacles into every area of your life. After not agreeing with Google's latest privacy policy (where they now store your browsing history on their servers not in cookies on your machine, so you can't delete it) I found I was locked out of using google as a search engine. In my opinion google is no longer a search engine but a classified ads service that ranks results according to payment and their opinion on how people should build there websites. It seems that until something changes, the cloud is not a secure place bar those offering zero knowledge encryption. If only every cloud based organisation offered that facility. Pardon my paranoia, but I live in the UK and we're the worst. We're the most CCTV covered country in the world and our governments policies on privacy are rapidly removing our right to keep your information private. I'm beginning to understand why people are going offline. Is there anyway to run evernote off a USB?
  10. As I mentioned in my earlier comment. Data secure at rest and encrypted. Not individual notes, but all data.
  11. I'm asking if EN are becoming HIPPA and FERPA compliant or at least moving to a more secure information repository. Although I agree that generally keeping your shopping list in the cloud doesn't need encryption that's exactly the kind of information amazon, google etc are interested in. It comes back to being able to accurately profile people. The more information you have on an individual the the easier to sell them something or impersonate them. One shopping list may not be an issue, but if I had your shopping lists for the past 12 months that may begin to compromise your security. My mobile phone contract can be altered by telephone with only three pieces of information. DOB, zip code, and payment method. On there own these pieces of information may seem insignificant and not requiring encryption, but together they could be used to steal your identity. Image that you store 10 years of your life in evernote. Little pieces of information that may seem to pose no security threat whatsoever, but add them together; your parking tickets, shop receipts, tweets, facebook posts, emails, text messages, etc and someone could build enough of a profile to begin to hack your life. Why would folks want to do that? Usually money. Sadly the internet isn't secure anymore, really it was never secure, but we're now in the position where people know that they can get information from unwitting folks and use it to extract money. The internet is not the same as it used to be. You've now got to look at possible scenarios. Most folks are often too lazy to store one set of data in an encrypted format because of effort. So they mix sensitive and less sensitive data. Many large corporations have been hacked. Just because EN hasn't doesn't mean it's secure. The real security is in how people can access the information once they're in. I don't know what the answer is. The more security the less easy the software becomes to use. Increase the number of plugins that can access the service and you increase the possiblity of holes. Even the great Apple corporation have not yet fully stopped jail breaking and they've been trying for 7 years. Is it unreasonable to expect EN to make sure that I can encrypt my data on my client? Now i know this is already possible, but it is piecemeal at best. I want to encrypt notebooks, I want a password entered when opening the app and another one when opening specific notebooks, I'd like data encrypted at rest. Ultimately it's a fight between ease of use and security. This will change when someone hacks EN and data is stolen, but that is putting up the fence after the event in my opinion.
  12. Does anyone know if there is an update on this? I've not been using EN for 6 months and am looking at my options. Secure encrypted data is now a must. I see no value of unencrypted data in the cloud. Even personal family data requires security. EN is becoming less and less viable unless this changes. What are the chances of that happening? People keep mentioning the local notebooks, but that defeats the purpose of EN for me especially as I also have Devonthink. If EN added an ability to sync via wifi to mobile devices that would solve most problems. Will EN find less and less people/organisations will use EN? I work for a charity in the UK and charity law forbids the use of EN as I must prove that I'm using reasonable precautions when dealing with personal data. Reasonable means encrypted, from email to online storage. At the rate things are going either everything will need to be encrypted or digital systems will be unviable. Perhaps I need to start carrying my data on an Encrypted USB and forget the cloud. The only problem is that there doesn't appear to be access to encrypted USBs on mobile devices from apple. If I could just plug my USB into my iphone and search that would be great!
  13. I find both JMichael's Script and Indelible's KM commands did not work. However, Indelible set my mind to thinking and this is how I've got it to work for me (thanks Indelible!). Required: Keyboard Maestro: I'm currently on v6 Select ‘Copy Note Link’ in the Menu ‘Note’ in EvernoteType the Tab KeystrokeType the Tab KeystrokePause for 1 SecondsType the ⌘V KeystrokeType the ⇧⌘Left Arrow KeystrokeType the ⌘X Keystroke What the actions do: Copies the selected note link (only works if one note is selected)The tabs move you into the actual noteThe link is pasted into the top of the note (as it's pasted into evernote it's pasted with a local evernote link rather than at http... link)The pasted link is selectedThe pasted link is cut The link is now on your clipboard and can be copied into any app that takes links. The only downside is that since the link has been pasted and cut from your note, your note's modified date is altered to today.
  14. GrumpyMonkey, you sound like your gradually going off EN? The attraction to EN for me is that many ways of getting things in. I can add anything easily to EN from any device. That can't be said for Devonthink. Also the retrieval on mobile is also great. The whole security and encryption has ruined the simplicity of the internet. I know it was never there, but tools that were great to use now need to be filtered with a whole bunch of security questions. At this rate I won't be using the cloud period. Especially if Cameron manages to push through his crazy anti-encryption legislation.
  15. Sorry, by talking about encryption preventing searching I meant the present EN setup. The content of an encrypted note is not searchable. I'm leaning more and more towards saferoom. I have to spend some time thinking through the cloud issue. As how I go on now reflects the future. If i remove sensitive data to a mac only app, I see little point in retaining the use of evernote. The idea is to have everything in one place. I have Devonthink Pro Office, but never liked using it although it is powerful, plus it's iOS app is woeful. An EN alternative would be to place sensitive data on a local notebook only. Does anyone do this how how is it working out practically? I'm assuming that local and synced notebooks are all searchable with the local EN app?
×
×
  • Create New...