Jump to content
Dave544

It was a good five years.

Recommended Posts

Good afternoon.  I joined Evernote on January 4th, 2012 and shortly thereafter I became a Premium user and have been very happy with your service.  I've recommended your product to family and colleagues and I use it every day.  I've given talks at workshops on how I use Evernote to manage projects and how it has allowed me to go paperless.  I even bought the Evernote Edition Scansnap Scanner.  In short, I am a big fan and I am very sad that I have to leave now.

I've read the news reports and your press releases about allowing your employees to access your customer's notes.  We've heard that Yahoo has had over 1 billion accounts compromised.  The CIA has reported that Russia may have engineered a hack of the US Election.  I can't tell you how many free years of credit monitoring I have due to hacks to companies like Target and Home Depot.  It's a dangerous world out there and the reality is that if it is possible for an employee to read my notes then it is possible for an attacker too.  You should be talking about how you will be protecting your user's privacy with things like two-factor authentication (I have it enabled and love it) and zero knowledge encryption instead of exposing your users to unnecessary risk.

I hope you will reconsider.  I've started migrating my notes into OneNote.  I know it is an inferior product to Evernote but it will have to do if this is the course your company is now going in.  Sadly I won't be with you for it.  It was a good 5 years.

  • Like 2

Share this post


Link to post

Out of curiosity, do we know that Microsoft doesn't have the same (or worse) policy regarding OneNote notes?

Share this post


Link to post

evernote employees have always had the right and capability to access your note content, as far as i know, and this change is only an expansion of existing policies. i am not familiar with microsoft products, but i expect it is the same, especially considering past snooping p that microsoft has done. the difference would be that onenote does offer encryption for sections.

 

Share this post


Link to post
1 hour ago, Dave544 said:

Good afternoon.  I joined Evernote on January 4th, 2012 and shortly thereafter I became a Premium user and have been very happy with your service.  I've recommended your product to family and colleagues and I use it every day.  I've given talks at workshops on how I use Evernote to manage projects and how it has allowed me to go paperless.  I even bought the Evernote Edition Scansnap Scanner.  In short, I am a big fan and I am very sad that I have to leave now...

You might want to look at the discussion below and post your comments there

Its full of FUD postings, but it presents Evernote's side of the story

 

Share this post


Link to post

Their policy is fairly standard and has no mention of employees reading your content:
https://support.office.com/en-us/article/Privacy-Statement-for-OneNote-079048bf-34e7-4921-9030-4698496ba82f?ui=en-US&rs=en-US&ad=US

Bear is another app that I am looking at and they have been tweeting up a storm in response to Evernote's press release:
http://www.bear-writer.com/faq/Sync/Syncing & privacy/

This is the current privacy policy from Evernote and I have no problem with it whatsoever:
https://evernote.com/legal/privacy.php

This is the new privacy policy that I have an issue with:
https://evernote.com/legal/privacy.php?2017-update

Specifically the line under the section Do Evernote Employees Access or Review My Data?
"We need to do so for troubleshooting purposes or to maintain and improve the Service;"  

When is a company not maintaining or improving the service?  Isn't that a core component to any job anywhere?  There is a button to opt out of machine learning (which I have no interest in) but not to opt out of the new privacy policy.  Evernote is my digital filing cabinet.  Its lists of gift ideas for my wife.  Scans of my son's coloring.  A short video of him crawling.  My notes from staff meetings.  Budgets to save for a new house.  My performance reviews and evaluations.  A little story I wrote on the train.  All safe and boring to the outside world but its personal, and private, and mine.  I wouldn't share it with a friend let alone a stranger.

Share this post


Link to post
3 minutes ago, DTLow said:

You might want to look at the discussion below and post your comments there

Its full of FUD postings, but it presents Evernote's side of the story

 

I will, thank you.

Share this post


Link to post
13 minutes ago, GrumpyMonkey said:

evernote employees have always had the right and capability to access your note content, as far as i know

 

Not according to Evernote's own privacy policy.  They absolutely could under certain very reasonable circumstances.  I have put the text that changed in red:

 

Current policy:

Do Evernote Employees Access or Review My Notes?

As a rule, Evernote employees do not monitor or view your personal information or Content stored in the Service, but we list below the limited circumstances in which our employees may need to access or review your personal information or account Content:

  • We believe our Terms of Service has been violated and confirmation is required or we otherwise have an obligation to review your account Content as described in our Terms of Service;
  • We need to do so for troubleshooting purposes;
  • Where necessary to protect the rights, property or personal safety of Evernote and its users (including to protect against potential spam, malware or other security concerns); or
  • In order to comply with our legal obligations, such as responding to warrants, court orders or other legal process. We vigilantly protect the privacy of your account Content and, whenever we determine it possible, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account. Please visit our Information for Authorities page for more information.

This is the new one:

Do Evernote Employees Access or Review My Data?

Below are the limited circumstances in which we may need to access or review your account information or Content:

  • We believe our Terms of Service has been violated and confirmation is required or we otherwise have an obligation to review your account Content as described in our Terms of Service;
  • We need to do so for troubleshooting purposes or to maintain and improve the Service;
  • Where necessary to protect the rights, property or personal safety of Evernote and its users (including to protect against potential spam, malware or other security concerns); or
  • In order to comply with our legal obligations, such as responding to warrants, court orders or other legal process. We vigilantly protect the privacy of your account Content and, whenever we determine it possible, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account. Please visit our Information for Authorities page for more information.
  • Like 1

Share this post


Link to post

I am stunned by the new privacy policy's authorization of employees to read notes.

I've just convinced my department to implement Evernote for sharing files and information, collaborating on materials, and documenting meetings. I had plans to move from a set of individual Premium accounts on a month by month license to an annual business license. Not now.

I've used Evernote myself for many, many years (I have over 14,000 individual notes).  The idea that I will now have to go back and encrypt each note that I consider sensitive is simply unrealistic. The fact that I can't opt out (of having people read note content) feels like a betrayal. I trusted the company to protect my privacy. Now I can trust them to violate it, on purpose, for profit.

There are other ways to gather the kind of information Evernote seeks. There are opt-in models and user panel approaches that some of us would join if we could specify notebooks that were to be subject to scrutiny. This isn't the only way to get the job done.

I'm hoping there will be enough backlash from long-term users that Evernote will change it's mind about this and quickly. Meanwhile, I'm getting ready to cancel all of our department's subscription (and eat a bit of crow) and move to OneNote . . . which we've used and not liked, but at least Microsoft doesn't authorize it's employees to read our notes.

  • Like 1

Share this post


Link to post

Played around with OneNote---horrible--synching is miserable.  I'll hang in there with Evernote---I've always been resigned to the fact that once I store my data on someone else's servers, I'm pretty much at their mercy.  It goes with the territory.  

Share this post


Link to post
10 minutes ago, rextilleon said:

I've always been resigned to the fact that once I store my data on someone else's servers, I'm pretty much at their mercy.  It goes with the territory.  

One of the things that impressed me with Evernote from day 1 was an easy exit.
On my Mac, I can select all my notes > Export HTML and I'm out

Share this post


Link to post
On 2016-12-15 at 1:02 PM, SPaine said:

I am stunned by the new privacy policy's authorization of employees to read notes

The new policy relates to the Machine Learning Program.  You don't have to participate - just don't opt-in

Share this post


Link to post

The good news is they are scrapping the January 23rd Privacy Policy change and will be taking a look at both user privacy and machine learning.
https://blog.evernote.com/blog/2016/12/15/evernote-revisits-privacy-policy/

I am not cancelling my account yet, but I am doing research on other alternatives to Evernote because I think there is a profound disconnect between their strategy and their users.  Machine learning and lax privacy controls are detrimental to long-term users.  If you have been using Evernote for years you have developed your own organization system.  It could be tags, nested notebooks, notebook stacks, tables of content notes, etc.  Many Evernote users incorporated into GTD or another productivity system to become their "trusted system."  I will take it a step further and say that hardcore Evernote users feel that one of their identities is being an organized person.  

With this privacy change users feel they can no longer trust their organization system because its been shown just how quickly and easily it can be taken away from them.  You start looking at alternatives and can't find anything that quite works as well.  Not only do you feel you can no longer trust the system but you feel an attack on your core identity.  To top it all off this is literally the worst time of year to roll something like this out.  People are stressed for the holidays and finals (in some cases both) and now they have a month to either develop and entire new organization system or swallow the new privacy policy and machine learning they don't want.  It should not be a surprise to ANYONE that this blew up the way it did.

Chris O'Neil was quoted in FastTrack.com saying "We screwed up, and I want to be really clear about that."  I just hope they realize the degree of just how badly they screwed up because the fact that they didn't see this coming does not inspire confidence and there is now a great deal of competition in this space.  If they are serious about user privacy they will give us the ability to encrypt notebooks end to end.  Zero knowledge encryption is the only way to protect your data in the cloud.

  • Like 1

Share this post


Link to post

Moved to the General forum.

Share this post


Link to post

I'd have to agree with OP. I've used Evernote since May 2008 and I thought it was encrypted on their end where no one could read my data. I thought the encryption was from client to server and back, only unencrypted at the end user. I do store personal information on Evernote because I thought I was on only person who could read it. Hell, how do I know some mischievous employee isn't browsing people's information? Maybe 'he' hasn't gotten to mine yet... The fact that they can is what bothers me. Now that I know this, I'm in the process of moving. No one at EN will read my data without my consent? Um.. prove it, encrypt my data. Without it being encrypted where only I have access to it will I trust having my data with EN anymore.

Don't get me wrong, I love EN. I've used them for 8+ years. It pains me to move since I have a lot of ***** on there and I rely on it daily. But knowing this, I can't justify keeping that information on EN.  

Let me add, I won't be going to OneNote though...

  • Like 1

Share this post


Link to post
On 12/17/2016 at 9:27 AM, Dave544 said:

The good news is they are scrapping the January 23rd Privacy Policy change and will be taking a look at both user privacy and machine learning.
https://blog.evernote.com/blog/2016/12/15/evernote-revisits-privacy-policy/

I am not cancelling my account yet, but I am doing research on other alternatives to Evernote because I think there is a profound disconnect between their strategy and their users.  Machine learning and lax privacy controls are detrimental to long-term users.  If you have been using Evernote for years you have developed your own organization system.  It could be tags, nested notebooks, notebook stacks, tables of content notes, etc.  Many Evernote users incorporated into GTD or another productivity system to become their "trusted system."  I will take it a step further and say that hardcore Evernote users feel that one of their identities is being an organized person.  

With this privacy change users feel they can no longer trust their organization system because its been shown just how quickly and easily it can be taken away from them.  You start looking at alternatives and can't find anything that quite works as well.  Not only do you feel you can no longer trust the system but you feel an attack on your core identity.  To top it all off this is literally the worst time of year to roll something like this out.  People are stressed for the holidays and finals (in some cases both) and now they have a month to either develop and entire new organization system or swallow the new privacy policy and machine learning they don't want.  It should not be a surprise to ANYONE that this blew up the way it did.

Chris O'Neil was quoted in FastTrack.com saying "We screwed up, and I want to be really clear about that."  I just hope they realize the degree of just how badly they screwed up because the fact that they didn't see this coming does not inspire confidence and there is now a great deal of competition in this space.  If they are serious about user privacy they will give us the ability to encrypt notebooks end to end.  Zero knowledge encryption is the only way to protect your data in the cloud.

I wish I could like this post a million times over, as I wholeheartedly agree. There seems to be a profound disconnect between what users want out of the Evernote client and service and what Evernote wants to provide. And this disconnect seems to be growing with each announcement they make. 

As a longtime Evernote evangelist and premium subscriber, I have had an overall very satisfying experience with the software/service. However, the direction that the company is taking the service seems to run completely contrary to my needs as a longtime/power user. They can admit that they screwed up with recent announcements, but ultimately, the CEO's words are irrelevant if no specific actions are taken to back them up. I am moderately encouraged by their backtracking and apology, but the cynical/skeptical side of my brain tells me that this is all just PR and ultimately does nothing to change their product roadmap or intentions. Putting together a few teams or consultants/teams to "investigate" and "gather feedback" is a worthless endeavor unless it leads to real action and policy changes.

What happened to the focus on the core product? Parity across platforms? Improved note editor and UI? Better collaboration features? A native Linux client? Encryption? These are the things that users are asking for...not google drive/docs integrations, privacy erosion, and machine learning. At this point though, I feel that Evernote has burned up so much good will/currency with me that I am not so sure i have the patience to see if that occurs. I have started transitioning my data into platforms that offer me more control and security. Initially, I was content to make the transition gradually (since I still have a few months left before my premium subscription is up for renewal), but each of these announcements has only served to accelerate this process. 

 

  • Like 2

Share this post


Link to post

I've started transitioning over to EssentialPIM. I've had a license for it for some time.

I agree with you Jinqs, there seems to be a disconnect.  I've not seen any real discussion about encrypting the data, only that they will not implement the change to their privacy policy and that they will adjust their current policy.

Quote

Instead, in the coming months we will be revising our existing Privacy Policy to address our customers’ concerns, reinforce that their data remains private by default, and confirm the trust they have placed in Evernote is well founded. In addition, we will make machine learning technologies available to our users, but no employees will be reading note content as part of this process unless users opt in. We will invite Evernote customers to help us build a better product by joining the program.

So, from this, I wanted to say I could give a rats ass about this machine learning technology. I think at this point, it would be better if they just didn't mention this farce anymore, it ticks people off too much knowing that what they could do with it. Also, seems the only thing to do with privacy is that they are going to make a few changes to the privacy policy.  Woop-tee-doo. Just keep off my data.

Quote

Evernote employees do not and will not read your notes without your express permission.

This one bothers me even more. Hey, your data is out there, UNECRYPTED, but we promise no one will look at it, really, we promise!! Oh, and btw, we have this technology specifically made to snoop around your data to offer you better things!! We promise we don't have that turned on either.

Yeah, ok,

 

Share this post


Link to post
1 hour ago, Jinqs said:

I wish I could like this post a million times over, as I wholeheartedly agree. There seems to be a profound disconnect between what users want out of the Evernote client and service and what Evernote wants to provide. And this disconnect seems to be growing with each announcement they make. 

As a longtime Evernote evangelist and premium subscriber, I have had an overall very satisfying experience with the software/service. However, the direction that the company is taking the service seems to run completely contrary to my needs as a longtime/power user. They can admit that they screwed up with recent announcements, but ultimately, the CEO's words are irrelevant if no specific actions are taken to back them up. I am moderately encouraged by their backtracking and apology, but the cynical/skeptical side of my brain tells me that this is all just PR and ultimately does nothing to change their product roadmap or intentions. Putting together a few teams or consultants/teams to "investigate" and "gather feedback" is a worthless endeavor unless it leads to real action and policy changes.

What happened to the focus on the core product? Parity across platforms? Improved note editor and UI? Better collaboration features? A native Linux client? Encryption? These are the things that users are asking for...not google drive/docs integrations, privacy erosion, and machine learning. At this point though, I feel that Evernote has burned up so much good will/currency with me that I am not so sure i have the patience to see if that occurs. I have started transitioning my data into platforms that offer me more control and security. Initially, I was content to make the transition gradually (since I still have a few months left before my premium subscription is up for renewal), but each of these announcements has only served to accelerate this process. 

 

https://blog.evernote.com/blog/2016/12/19/evernotes-action-plan-privacy/

  • Like 1

Share this post


Link to post
15 minutes ago, eric99 said:

It's a good step forward but I see a lot of generalizations about our data.

Quote

we are reviewing options to give users more control over the security of their own notes.

I'm not sure what this means, it's a little too generalized.

Quote

I have reached out to data and privacy experts around the world and intend to seek their ongoing guidance around privacy and emerging technologies.

Yay us?

Quote

Finally, I’ve asked Josh Zerkel, our Director of Community, to establish a new Evernote Customer and Community Advisory Board that will meet quarterly

This is a good change! I hope they work well with the community.

Pretty much, all I want to know is my data only accessible by me? Who can get in to it? Can someone at Evernote, reach my data? 

Quote

As a first step, we have heightened our already strict controls on employee access levels across the company

So yes, at some level, they can still get to my data without my intervention. Regardless of this ***** about the strict controls, my data is accessible by Evernote, at some level.

 

  • Like 2

Share this post


Link to post
1 hour ago, eric99 said:

I already saw that announcement, but as TechGuy already broke down above, it is full of generalizations and promises that are seemingly full of loopholes/outs. 

Do you really think that Evernote needs to form a "Community Advisory Board" to see what their users want or dislike? Just look at these forums for a couple of hours and you'll have a product/feature roadmap for the next 2 years at least! These are problems/concerns that can be addressed and have known solutions (if you value our data the way we do, then give us additional security/encryption features)! Their latest announcement was not just a complete affront to their users' expectation of privacy and data ownership; it also shows how "out of touch" Evernote has become (they are either choosing to remain blissfully ignorant despite the outcry from users or they just don't care).

While I would love to be proven wrong, the "action plan" just looks like a hastily cobbled together PR/damage control stunt to make it look like they are listening to the requests/needs of their users, while they continue with business as usual (ignoring any requests that do not neatly dovetail with their roadmap). Let me make things a bit more clear: this is not a "messaging" problem (although that is an issue as well). This is a problem where Evernote and its hardcore and most loyal users are moving in two completely divergent directions. And there is no indication in their latest action plan announcement that anything is going to change in that regard.

Share this post


Link to post
59 minutes ago, TechGuy said:

So yes, at some level, they can still get to my data without my intervention. Regardless of this ***** about the strict controls, my data is accessible by Evernote, at some level.

Plainly this. If Evernote is listening, this is my primary concern. If you are going to give generalizations and not commit to encrypting my data, just tell me now and I'll be on my way.

Share this post


Link to post
49 minutes ago, TechGuy said:

Plainly this. If Evernote is listening, this is my primary concern. If you are going to give generalizations and not commit to encrypting my data, just tell me now and I'll be on my way.

According to the Evernote Privacy Policy, yes, Evernote can access your content (it's much more detailed than the blog post cited). As far as I can verify, this has always been the case. The section entitled "Information Access and Disclosure" would probably be most pertinent. The circumstances seem to be pretty plainly stated but if you have specific concerns, you should ask them here.

Share this post


Link to post
1 hour ago, TechGuy said:

Plainly this. If Evernote is listening, this is my primary concern. If you are going to give generalizations and not commit to encrypting my data, just tell me now and I'll be on my way.

As per the post below Evernote will be encrypting our data while its "at rest" on the server.  I believe this has just been implemented, althought there's been no confirmation.

The only only other indication from Evernote is the implemented text encryption feature

 

Share this post


Link to post
9 minutes ago, DTLow said:

As per the post below Evernote will be encrypting our data while its "at rest" on the server.  I believe this has just been implemented, althought there's been no confirmation.

Saying they will encrypt the data at rest ... but still have access to it? Still speculation and no clarification from Evernote.

Anyhow, this is my last post. I've made my decision.

Enjoy.

Share this post


Link to post
4 minutes ago, TechGuy said:

Saying they will encrypt the data at rest ... but still have access to it?

Yes, they will still have access to our data
If noting else, I know they will be performing OCR and indexing functions

Share this post


Link to post
23 minutes ago, TechGuy said:

Saying they will encrypt the data at rest ... but still have access to it? Still speculation and no clarification from Evernote.

By definition, data is not at rest when it's being processed (e.g doing OCR, indexing, etc., even ML related operations). See the Wikipedia article here: https://en.wikipedia.org/wiki/Data_at_rest, "data at rest" vs. "data in use".

Share this post


Link to post
On 12/15/2016 at 2:11 PM, Dave544 said:

Their policy is fairly standard and has no mention of employees reading your content:
https://support.office.com/en-us/article/Privacy-Statement-for-OneNote-079048bf-34e7-4921-9030-4698496ba82f?ui=en-US&rs=en-US&ad=US

Bear is another app that I am looking at and they have been tweeting up a storm in response to Evernote's press release:
http://www.bear-writer.com/faq/Sync/Syncing & privacy/

This is the current privacy policy from Evernote and I have no problem with it whatsoever:
https://evernote.com/legal/privacy.php

This is the new privacy policy that I have an issue with:
https://evernote.com/legal/privacy.php?2017-update

Specifically the line under the section Do Evernote Employees Access or Review My Data?
"We need to do so for troubleshooting purposes or to maintain and improve the Service;"  

When is a company not maintaining or improving the service?  Isn't that a core component to any job anywhere?  There is a button to opt out of machine learning (which I have no interest in) but not to opt out of the new privacy policy.  Evernote is my digital filing cabinet.  Its lists of gift ideas for my wife.  Scans of my son's coloring.  A short video of him crawling.  My notes from staff meetings.  Budgets to save for a new house.  My performance reviews and evaluations.  A little story I wrote on the train.  All safe and boring to the outside world but its personal, and private, and mine.  I wouldn't share it with a friend let alone a stranger.

I can see Security being a killer for many Evernote users---and that makes much sense.  But don't let anyone tell me that the other other applications, in this particular ecosystem are anywhere near as functional as Evernote.  Take Bear for instance---great security scheme, but from what I hear, its not a professional application and lacks many of the features that I rely upon. I'm not even going to get into the horrific synching issues with OneNote--just horrible.  

Also, the constant whining about Evernote isn't helping at this point, because nothing management does is going to satisfy  those who complain on this forum.  I guess they have lost their trust--so be it.  Last but not least, I like the idea of a community advisory panel and I think its a step in the right direction.  The problem is, and it is a problem, is  that each user has pet features that he or she would like to see incorporated, many of which are of no interest to others!  A panel might be able to come to consensus on features and improvements and push management towards them. 

Anyway, the threats of jumping ship are getting tedious, almost child like---good luck---its not the end of the world and trust me this is a case where the pastures are not greener across the county!   

Share this post


Link to post

From https://cloud.google.com/security/encryption-at-rest/

 

  • Google uses several layers of encryption to protect customer data at rest in Google Cloud Platform products.
  • Google Cloud Platform encrypts customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms. There are some minor exceptions, noted further in this document.
  • Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys are stored with the data, encrypted with ("wrapped" by) key encryption keys that are exclusively stored and used inside Google’s central Key Management Service. Google’s Key Management Service is redundant and globally distributed.
  • Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.
  • Google uses a common cryptographic library, Keyczar, to implement encryption consistently across almost all Google Cloud Platform products. Because this common library is widely accessible, only a small team of cryptographers needs to properly implement and maintain this tightly controlled and reviewed code.

Share this post


Link to post
1 minute ago, Metrodon said:

From https://cloud.google.com/security/encryption-at-rest/

 

  • Google uses several layers of encryption to protect customer data at rest in Google Cloud Platform products.
  • Google Cloud Platform encrypts customer content stored at rest, without any action required from the customer, using one or more encryption mechanisms. There are some minor exceptions, noted further in this document.
  • Data for storage is split into chunks, and each chunk is encrypted with a unique data encryption key. These data encryption keys are stored with the data, encrypted with ("wrapped" by) key encryption keys that are exclusively stored and used inside Google’s central Key Management Service. Google’s Key Management Service is redundant and globally distributed.
  • Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.
  • Google uses a common cryptographic library, Keyczar, to implement encryption consistently across almost all Google Cloud Platform products. Because this common library is widely accessible, only a small team of cryptographers needs to properly implement and maintain this tightly controlled and reviewed code.

Again, use Google then---you are missing my point--If Security is your only issue then go ahead. But don't tell me Google is 1. To be trusted with any information (thats pretty ironical isn't it) and 2. That Google offers the same features that Evernote does.  

Share this post


Link to post
16 minutes ago, rextilleon said:

Again, use Google then---you are missing my point--If Security is your only issue then go ahead. But don't tell me Google is 1. To be trusted with any information (thats pretty ironical isn't it) and 2. That Google offers the same features that Evernote does.  

Did you miss the notice that Evernote is now using the data services at Google Cloud

@Metrodon was describing the data encryption now being used by Evernote

Share this post


Link to post

Any way we can get confirmation that this encryption at rest is happening now? That at least keeps hackers out doesn't it? And I'm not worried about google employees getting it. The cloud business as I understand it is different than the other businesses that mine data for advertising. In the cloud business they have to secure private companies data or the cloud business looses credibility and goes away. As for EN employees looking at my data 1) I encrypt data I don't want someone else to see and the rest I don't care if they see but would rather they didn't of course. Nothing interesting there. I opted out of ML because I couldn't care less about that and if they give me an option for them not to see my data I will choose it. it would be great to know if encryption at rest is in place right now though.

Share this post


Link to post
15 hours ago, rextilleon said:

I can see Security being a killer for many Evernote users---and that makes much sense.  But don't let anyone tell me that the other other applications, in this particular ecosystem are anywhere near as functional as Evernote.  Take Bear for instance---great security scheme, but from what I hear, its not a professional application and lacks many of the features that I rely upon. I'm not even going to get into the horrific synching issues with OneNote--just horrible.  

Also, the constant whining about Evernote isn't helping at this point, because nothing management does is going to satisfy  those who complain on this forum.  I guess they have lost their trust--so be it.  Last but not least, I like the idea of a community advisory panel and I think its a step in the right direction.  The problem is, and it is a problem, is  that each user has pet features that he or she would like to see incorporated, many of which are of no interest to others!  A panel might be able to come to consensus on features and improvements and push management towards them. 

Anyway, the threats of jumping ship are getting tedious, almost child like---good luck---its not the end of the world and trust me this is a case where the pastures are not greener across the county!   

I completely agree.  I started the post because I love the product and don't want to leave.  They have delayed the planned change to the privacy policy and now I am not leaving but I am a lot more cautious.  What I would like to see is a more comprehensive overhaul of their privacy policies so that nothing like this happens again.  I am very happy they have conveyed the structure of how they will address privacy.  I like that they are partnering with the Future for Privacy Forum.  They seem like a good fit for Evernote users as they try to find a balance between functionality and privacy:

https://fpf.org/about/

I am also happy Evernote did not make any new promises beyond their plan to re-evaluate privacy.  I don't want them to hastily roll out a poorly executed system or break functionality that I rely on.  Let's not replace one half-baked idea with a different one.  They apologized and laid out their strategy for users.  I appreciate that and am sticking with them.  I am also evaluating other options for software both as a total Evernote replacement or a way to augment how I use Evernote to safely secure files.  That way I can make an informed decision when they do lay out how they will protect user privacy and security.

Share this post


Link to post

I think that you are being prudent.  I think this is a great opportunity for Evernote to move in the right direction.  

Share this post


Link to post

There still seems to be a misconception what EN can and cannot do with encryption.

Data being encrypted on the Google cloud means that every hacker breaking into the cloud infrastructure only sees encrypted data. This is also true for breaking into the cloud infastructure of Google Drive, MS OneDrive, Amazon cloud, etc.

This in no way means that your data is encrypted by the service provider (EN in our case):

user (me)  <->  Evernote  <->  cloud infrastructure (Google cloud)

The only way to be sure that nobody CAN look at your data, is when it is encrypted before it leaves your home (or your phone). This also means that your private key for decrypting your notes NEVER leaves your home/phone, which would also make a Web-GUI nearly impossible.

Also server-based OCR and indexing is out of the question with encrypted data. Some have mentioned new technologies that can handle this, but EN is not designed to work this way (because it exists longer then this new approaches), and a complete redesign of EN is nothing I exepect anytime soon or at all.

  • Like 2

Share this post


Link to post
4 hours ago, Wux said:

There still seems to be a misconception what EN can and cannot do with encryption.

<the rest clipped>

That seems to be about how I envision the situation (as someone who is technical, but not a network or data server engineer). Evernote, when it's operating on your data, has access to the unencrypted content of our notes, which includes automated processing, and actual human access, though the latter is claimed by Evernote to be very restricted (whether you believe that or not is up to the individual; I do). If you want note content to be encrypted, you need to do it yourself, either with the in-built Evernote tool, which is limited, or by encrypting your content and adding it to a note as an attachment.

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...