Kurt.Angle

I have received 4 emails to reset my password so far, and I've already done so during the initial announcement. Problem #1: If this email is legit, why do you need to keep sending the email? Once is enough, and I can probably say it is not necessary at all -- just force the user to change their passwords when they login with the old one. Problem #2: In the email, there is a link which includes my email address. It looks legit, but didn't Evernote said don't click password-reset links? Anyway, attached is the screenshot. Is this legit?

Thanks for the workaround

http://discussion.evernote.com/topic/30886-encryption-and-note-history/ The first question that I wanted to ask was "how to ensure the history does not contain the plaintext of the item that I encrypt at a later stage". Seems like the solution was to delete the note and create a new one. Fair enough, since there is no fool-proof algorithm for Evernote to know which part of the old note that Evernote should encrypt. Therefore: Enhancement request: Add ability to clear history of notes (a one "clear all" button would suffice). Why? Re-creating the note is a pain . I need to set the "Created date" again (I want to recall later when the note was created), and it is very hard (or almost impossible) to put back in the geo-location data. This should be simple to implement right? Thanks in advance.

What's the likelihood of Evernote Desktop having a Simple Passcode feature? If you want us to put everything on Evernote, this feature is the least you can do. Yes, it does not add much security since someone can copy over the database, but it's main purpose it to keep prying eyes away, say when lending your PC to a friend to send a quick email. If they "accidentally" opened Evernote, at least all they can see is blank items (passcode protected).

Thank you.

Well, after 1 year from the last post, it seems like it is still the same. I just posted a similar topic and someone kindly pointed me to this thread. So, no fix to this? Having any form of plaintext, when the GUI show "encrypted", is bad implementation. Other single-file encryption tools will immediately perform a "shred" on the old data. Otherwise, what's the point on encryption? You can argue that some residue might be visible while it is decrypted, but once the session is done, a proper cleanup should happen. I strongly doubt the data is encrypted in the servers, after seeing this. What I see now should be the same as what's in the server. SSL is only encrypting the transit. It would be best to disable the encryption feature until it is done right, don't you think? These are all false sense of security. All in all, it's still a great tool for non-secure contents. But G-Drive has OCR too (so there's competition for ya), but at least they don't try say "here's an encryption feature". Dissapointed. Pity those who encrypts their password lists in evernote.

I used Notepad++ to open it, but I think any programming editor like Visual Studio would do the same. I don't think I have sync'd yet, since I set it to sync every 30 minutes. I did the checking immediately after I encrypted it. If that is the case, then this semi-plaintext should be the item transmitted to the servers?

Experiment: I create a new note. Entered the text "I love burritos". Encrypted the text Opened the .exb file with a text editor. Was able to see the text "i" "love" "burritos". Although they are separated by some tags, clearly the data is still in plaintext form. I assume this is the same data transmitted to Evernote servers. If that is the case, what is the point of encryption here? My second assumption would be that this is probably local cache. But then I closed and restarted Evernote just to see the locked version of the text. I checked the exb file again ... yeah... I can still see it in plaintext. So, it's just a GUI lock? Should the decrypted stuff (assuming the encryption was done correctly in the first place) be removed the note is "closed" (or when the GUI lock appears?). I do notice that in the iOS app, when I decrypt, then leave the app, then return, at least it returns in the "locked" form. That looks good. But I wonder, is the database file actually in plaintext anyway?