bnl

1) I am paying for the service. Many people do. 2) Encryption needs to be easy enough to use. With GDPR we cannot put any personal data (about third parties) on a cloud host without holding the encryption keys ourselves. That means, for anyone in a management role, nearly nothing. For ordinary users, no copies of email addresses of a group of people ... in fact nothing about anyone. Saferoom works, but the workflow is prohibitively cumbersome. Sure I can carry on using Evernote for things which don't hit any of those pain points, but it now means I have to be thinking about "can I use Evernote for this task or not" ... which means "if in doubt, not" ... which means in practice, I'm going to look for a solution which doesn't require me to be thinking about legislation every time I want to save something.

I don't understand why evernote do not support entire note encryption (with attachments) and/or notebook encryption. Titles and tags can be sufficient for searching, and as others have said, if we lose our encryption keys, more fool us ... but with the likes of lastpass etc, we ought not to lose them ... So I can only think of two reasons why they haven't done it: either they are monetising our data in some way, or they are simply lazy rent seekers - there are plenty of existence proofs that the encryption task would not be hard to implement in such a way that the only thing that leaves a device would be encrypted, but we could decrypt locally (e.g. saferoom). So which is it? Evernote has an ulterior motive, or they are lazy and haven't really understood the importance of security to those of us who hold sensitive data? I use Evernote professionally, but come May and GPDR, like everyone else in Europe, I wont be able to risk the leakage of personal information into Evernote. So, Evernote, you have four months to fix this, otherwise I'm gone!