Jump to content

why?

Level 2
  • Content Count

    73
  • Joined

  • Last visited

Everything posted by why?

  1. I'm not, the researchers in the article are. They clearly outline the extent to which encrypted PDFs are at risk. They also highlight the criteria putting PDF's with encryption at risk. They also clearly talks about the complexity and difficulty to exploit such PDFs.
  2. This is not a blanket review of PDF 256-AES per se. Apart from the fact the the attacker first needs to get a copy of your PDF from EN, which is a tough enough task. The first attack is only applicable "for partially encrypted documents that include a mix of both encrypted and unencrypted sections, and does not include integrity checking." The second method is more complex "…an attacker can stealthily modify encrypted strings or streams in a PDF file without knowing the corresponding password or decryption key. In most cases, this will not result in meaningful output, but if the attacker
  3. It has been interesting to read this thread dating back to 2014. I don't think agreement is going to be reached on what is safe. I do think there's much scaremongering going on. I read the PDF encryption security may not be safe article, but it requires a particuler set of circumstances and is just not realistic. Having said that, if someone is determined to get your specific data nothing will stop that, even hiding it in a file in a safe in your house is not secure. I tend to live with the general idea that I'm not being specifically targeted. If I were a journalist, I would most likely have
  4. I would agree with GrumpyMonkey. EN is way behind in terms of security. For this reason I have now abandoned it, even though I still have a paid subscription. I keep checking back hoping they'll see the light. However, the longer they wait the more people will abandon ship; well, those who care about their data!. Voodoopad 5 is not yet Abandonware. An update was released Dec 2015. I'm hoping they'll release a version six soon. I've been beta testing the new Devonthink Go 2 iOS app and it's fantastic. It securely syncs all your data to ios. You can use their cloud, but I'm avoiding cl
  5. Sorry for the duplicate content, but this is not my doing. There is something seriously wrong with this forum. Constantly getting errors. I submitted once and an error message appeared. I then pressed back and found the post on twice. Cannot seem to delete the duplicate post either.
  6. But isn't that a slightly different issue? You're talking about Microsoft be duplicitous. Those accusations could be made against every large conglomerate from Apple to EN. They may well offer encryption that they have a back door to. However, should sensitive work data be stolen in such a manner, I would be absolved for having used reasonable precautions in securing my data. 'Reasonable precautions' does not include duplicitous companies, or no one would be able to store their data anywhere. At face value, Onenote can encrypt an entire section. This data is encrypted on their servers and I ha
  7. But isn't that a slightly different issue? You're talking about Microsoft be duplicitous. Those accusations could be made against every large conglomerate from Apple to EN. They may well offer encryption that they have a back door to. However, should sensitive work data be stolen in such a manner, I would be absolved for having used reasonable precautions in securing my data. 'Reasonable precautions' does not include duplicitous companies, or no one would be able to store their data anywhere. At face value, Onenote can encrypt an entire section. This data is encrypted on their servers and I ha
  8. EN's security seems somewhat behind Microsoft's. Whereas there may be benign data, I believe that to be miniscule. I can understand the a web designer's portfolio or coder's code, may be benign, or perhaps a classes teaching material or a companies standard documentation. My difficulty is that with each passing year there are more companies being hacked and security is becoming a big issue. It's all well an good for EN to say you, the user, are responsible, but then they should stop telling you to put everything in it, that in my opinion is irresponsible. If you are offering a service for
  9. The difficulty is that there seems to be no simple solution. Although I appreciate the "encrypt the note content" method this is not viable with large amounts of data. Essentially for EN to be secure it needs to create a secure environment to work in. Much in the same way 1password operates. You login and do your work and log out. Everything remains encrypted and secure. In essence, encrypted environments do not seem to cover cloud or mobile well. Getting items encrypted is not an issue, there are many tools. Decrypting on the fly on any device is an issue. If this is not possible, then p
  10. Many thanks, I appreciate that HIPPA and FERPA are specific, but thought there must be some governing standard for businesses? Can they store their clients payments details in EN? I just seem not to understand how EN business works as I assumed that that would invariably include some sensitive data or personal information and would have to follow some government standards similar to FERPA. I know as UK charity you cannot use EN for personal information from those in your charity data.
  11. I think the real decision is to either separate clearly all sensitive from non-sensitive data and place the sensitive elsewhere. However, I don't think that there is any non-sensitive data, certainly not in terms of prolonged collection of data that EN encourages. Encrypted notes in EN are essentially the same as local notebooks as searching and reading them becomes impossible on mobile. Let's face it EN needs data unencrypted for it to be viable. Without that most of EN's features become irrelevant. Maybe the position I have arrived at is in setting my personal criteria for acceptable cloud s
  12. Nope. For that very reason. Google are a massive concern as they do not respect anyone's privacy. I don't even use their search engine. Google are more like a virus that looks to get its tentacles into every area of your life. After not agreeing with Google's latest privacy policy (where they now store your browsing history on their servers not in cookies on your machine, so you can't delete it) I found I was locked out of using google as a search engine. In my opinion google is no longer a search engine but a classified ads service that ranks results according to payment and their opinion on
  13. As I mentioned in my earlier comment. Data secure at rest and encrypted. Not individual notes, but all data.
  14. I'm asking if EN are becoming HIPPA and FERPA compliant or at least moving to a more secure information repository. Although I agree that generally keeping your shopping list in the cloud doesn't need encryption that's exactly the kind of information amazon, google etc are interested in. It comes back to being able to accurately profile people. The more information you have on an individual the the easier to sell them something or impersonate them. One shopping list may not be an issue, but if I had your shopping lists for the past 12 months that may begin to compromise your security. My
  15. Does anyone know if there is an update on this? I've not been using EN for 6 months and am looking at my options. Secure encrypted data is now a must. I see no value of unencrypted data in the cloud. Even personal family data requires security. EN is becoming less and less viable unless this changes. What are the chances of that happening? People keep mentioning the local notebooks, but that defeats the purpose of EN for me especially as I also have Devonthink. If EN added an ability to sync via wifi to mobile devices that would solve most problems. Will EN find less and less pe
  16. GrumpyMonkey, you sound like your gradually going off EN? The attraction to EN for me is that many ways of getting things in. I can add anything easily to EN from any device. That can't be said for Devonthink. Also the retrieval on mobile is also great. The whole security and encryption has ruined the simplicity of the internet. I know it was never there, but tools that were great to use now need to be filtered with a whole bunch of security questions. At this rate I won't be using the cloud period. Especially if Cameron manages to push through his crazy anti-encryption legislation.
  17. Sorry, by talking about encryption preventing searching I meant the present EN setup. The content of an encrypted note is not searchable. I'm leaning more and more towards saferoom. I have to spend some time thinking through the cloud issue. As how I go on now reflects the future. If i remove sensitive data to a mac only app, I see little point in retaining the use of evernote. The idea is to have everything in one place. I have Devonthink Pro Office, but never liked using it although it is powerful, plus it's iOS app is woeful. An EN alternative would be to place sensitive data on a local
  18. Many thanks for the responses. It seems that if you want security, then forget the cloud! I've tried various encryptions, to encrypting the text myself with gpg, using saferoom (easiest option) or Encrypto. However, I've come to realise that zero-knowledge encryption would remove the majority of EN features. If everything was encrypted in EN then you'd be able to find nothing. Especially if the content was is what you're trying to search! I've been using saferoom and think it's probably the best way to go. Saferoom encrypts the notes content, but not tags or title. If you have a descriptiv
  19. Now that EN has a business subscription model, how does this fare with security? To run a business you need to put sensitive data online to share with other employees such as client information, payment methods, invoices. If this is not secure is EN a viable business solution? I'm in the UK. Am I right in believing that my data is stored in Switzerland not the US? Also, if my data is stored in the US not being a US citizen does the US government need a court order to access my data?
  20. I don't know about doc support, but find 7notesHD Premium pretty good and it integrates with evernote nicely. You can actually write with a stylus and it converts the hand written notes to text as you write. You could convert the doc to pdf and then annotate using something like notability. If you have the premium version of evernote it will make the pdf searchable as far as I am aware.
×
×
  • Create New...