Jump to content

Evernote Revisits Privacy Policy Change in Response to Feedback


Recommended Posts

Hello!

First time posting here...

I've been using Evernote for more than 3 years now, I've became a paying customer after a promotion from Dell, been using and paying the Premium subscription since then.

This change in policy, how it was worded in the new EULA is too vague and concerning, for those of us who store personal information on Evernote, even more for those who store corporate information.

We pay for your services, mainly because the product is awesome, but also because we don't want to be the product. When you use a "free" software to store, share or analyze information you're in turn sharing the data with the developer so they can profit on it, using Gmail or Facebook, we all know that, free in this case just means you are giving something in return that is not money.

Now, this Machine Learning and other "Needed access" should be an "Opt-In" choice, period. We are paying you to use the application and store the data.

With most big companies these days, the only way to send a message is hurting the income/sales, so if this is not changed, I'll not renew my subscription next year and move to a private and open source cloud solution. I hope more people see the concerns and do the same.

Really disappointed.

Link to comment
  • Replies 273
  • Created
  • Last Reply

We’ve heard your comments and we are not making the changes to our privacy policy that we’d previously announced. Over the coming months, we will be revising our existing privacy policy to reaffirm this commitment. See our latest blog post for more info.

Let us know what you think below. If you're new to our forums and would like to join the discussion, click "Sign In" at the top right, enter your Evernote account info, select a Display Name and you're all set. As a spam protection your first comment always needs moderation first. After that, you are free to comment as often as you wish. Welcome to our community.

Link to comment

Thanks for Evernote the new move! But apps experiences and security should be top priority all before other things. They are also parts of productivity.

I love Evernote because I can add notes and ideas anytime and anywhere. The search syntax and saved search can create my workflow. I can raise to wake up my iPhone, swipe to the widget and tap search to tap the list of projects I am handling. That's why I still don't give up even though Evernote app experience is so painful and other note apps are much better.

i really urge Evernote not only revisiting the terms and conditions, but also your apps. Did you fix the PDF bug in Mac client? Did you fix the bug of Today's Widget? Did you add the UNDO button in iPhone? Did you rewrite the smartphone apps to have better navigation and better workflow to make users feel less painful in writing? Did you keep the security of notes up to standard (encryption)? Your company just say we will be benefitted without specific examples. After prices going up and moving to Google Cloud we still can't see and feel what we get.

Link to comment

I appreciate that Evernote quickly realized their mistake and listened to their customers in this instance. However, I would still like to see more work done on encryption features and much stronger privacy policies going forward.  Marketing focus groups and public dialog about proposed changes would greatly benefit you in the future.  This is the second debacle in the past six months.  Your company cannot keep doing this and expect people to stick around.

Link to comment

Yes, Evernote, at least you understood what the user and press uproar was all about and luckily the iceberg was detected before collision.  

There is plenty of scope for better Evernote services and instead of wasting resources on machine intelligence for undefined improvements it would have done both sides better to get some clarity what the paying clientele can actually expect in 2017.  

Apps with machine intelligence are available. You are not alone in this field. The one big company in my line of interest never approached their customers for learning samples. Graphic design work, photographs, newspapers, books, handwritten notes, whatever human beings have produced over many years are available as specimen in abundance. What actually were your plans and how do you intend to you achieve your targets now?  That is what you need to explain.  

Link to comment

Too little too late. I bailed when you *doubled down on implementing* this garbage the other day.

The software has been ***** for a while (why can I still not specify an exact font on OS X?), the syncing is archaic, and there are upsell nags all over the place even when on a paid tier.

No thanks.

Link to comment

Cool.  Thanks for the quick turnaround and update. 

This was seriously stressing me out.

In the future, I hope that such drastic changes in Evernote's privacy policy are floated by the user-community for discussion and careful consideration instead of being announced out of the blue like this.

Corporate privacy policies to live by:

1.  User consent (or warrant) should be required for access to any user notes or personal info.

2.  "Opt-in" is always preferred to "opt-out".  Feel free to convince us how great a new feature is, but never force users to adopt where it can be avoided.

Quite simple, really.  Stick to those principles and you'll avoid a LOT of drama and potential financial loss.

Link to comment

This is good news. I had already started to use Apple Notes in parallel to Evernote, with a view to switching to Apple Notes shortly.

I would like to see Evernote put security at the forefront of the customer experience. As so many have pointed out, entire Notebooks should be encryptable. There should be an option to review your security settings in Evernote - like a privacy check-up feature where you can implement additional layers of security. For example, I've just enabled two-factor authentication on my Facebook account in addition to reviewing which devices are authorised for logins and when and where my Facebook account was logged in to. These kinds of security features and audits would be good to have in Evernote.

Any reduction in security should be an opt-in process, not an opt-out process. That would reassure me that Evernote takes the security of its users and user data seriously.

As for testing, Evernote should be able to do this as part of its development process in-house and not with users' data.

 

Link to comment

How many times have I emailed your support team and told you get your $hit together?!?

You're the only SaaS I know who won't just take our money, shut up, and sit back and collect.  You continually ruin a decent product, ram your unwanted marketing down our throats (paid subscriptions or not), and introduce compulsory "features" that make it harder for us to use your software to get things done.  Never before have I had to opt-out of more "features" than with Evernote: 

  1. don't want the Evernote branding at the bottom of emails?  Gotta opt out (BTW, that was me who complained)
  2. don't want the Evernote name in the subject line of emails?  Gotta manually delete (Again, me who complained)
  3. don't want to see Evernote's "upgrade to team" marketing in the sidebar of you paid, PREMIUM subscription? Gotta open a ticket and wait to see what BS the product manager can come up with this time (It was a feature bug).  BTW, you *still* haven't fixed that "bug."
  4. want to share notes via email?  Why not try Evernote chat? You should try Evernote chat.  Here, we'll make it the default for you and make you perform three more steps to share a note via email.  Are you sure you don't want to try Evernote chat??  (You see why I hate you?)

In complete honesty, I've lost all faith in Evernote.

You're only consistent at one thing:  ruining my workflow.
Don't you find it odd Google search autocompletes searches for "Evernote" to "Evernote alternatives?"  It's because you don't get it.  Stop trying to be Basecamp, or Slack, or SimpleNote.  Just stop.  Go back to when you had happy users, a decent (and manageable) UX, and a bloatless app.  You've ruined Skitch, botched your iOS scannable app, focused on all the wrong features, and I'm here to tell you it's over.

I read SpiderOak's coming up with a nice little competitor.  And perhaps OneNote will introduce some encryption while you're down on your luck?  Maybe you should read the tech blogs outlining the dozen or so similar applications to replace Evernote?

Here's my free advice: 1) focus on your users' needs. 2) pivot to find income streams without ruining #1.  3) Repeat as needed.
Call me if you want me to fly out there and fix your train-wreck of a product.

Link to comment

Thanks, Evernote, for doing the right thing here. You have a fantastic service, my wife and I are thrilled that you are reaffirming your commitment to your customers security and privacy. We are happy to be able to stay in the EN family, whereas just yesterday we did not see it an option to stay. I agree with many posters here that encrypting notebooks should be a priority. Please consider making it happen!

 

Link to comment

I am surprised by how people can be so forgiving after this kind of debacle. Sometimes, you just can't undo the damage done. I am still not convinced that my data is secure in Evernote. Let's put the privacy stuff aside, to be honest, I haven't seen any notable improvements on the core product. The editor still feels buggy. Problems such as table handling, printing, highlight color and many more that have been mentioned in this forum since few years back are still exist. It's been one year+ since this https://blog.evernote.com/blog/2015/09/22/the-future-of-writing-in-evernote/. Apparently, you aren't keeping your promises. Google Drive integration is meh since I can just copy links from Google Drive. Your new pricing plan is outrageous, clearly you overestimate your values in the market. Machine learning sounds cool and may be nice to have but I believe that most users value writing experience and data security over that. So disappointed.

Link to comment

This is good to hear! With a heavy heart I would have left Evernote if you pushed the changes forward. This being said, this whole ordeal got me thinking about the sensitive information I put my Evernote and I'm still a bit worried. The whole aspect that my data isn't encrypted on your servers and can be viewed by others is still something that's hard to accept. 

I would like to see that you shift your policies towards privacy and security. Meaning our data is only accessible by ourself on our devices. No side entrances, no we can provide a better service of we do some magic on our server, no ... Just be a great note taking and searching app, and provide a encrypted synchronisation platform to support it.  

Link to comment

Interesting. But I wonder if the damage has been done. You people sure are quick to forgive and forget. What makes you think they won't pull this or something else in the future? For me, the momentum away from Evernote has begun... I'm looking at alternatives and may not come back. Too much of a bad taste in my mouth. Seriously, how did Evernote think we would react to their proposed invasion of privacy.

Link to comment

Dear EN team,

 

thank you for your keep reaction as well as again showing that you care about your users' pain points.

EN together with Swipesapp has become more or the less the backbone of my self-organisation.

Congrats for an ever improving service/solution and to listen to us - your users.

For the record, I am longstanding paying user.

Best,

 

Link to comment

I hope that Evernote does the right thing... I had the same discussion with other companies, where I decided to immediately cancel my subscription and delete all data. I wouldn't hesitate a second to do this with Evernote once the start "reading" my data regardless if it's machine learning or human curiosity.

I belive not every company has to make money out of big data.... and that^s obviously the goal (opposed to make it better for customers).

 

My five cents

Link to comment

Nice. Now give us the option to encrypt everything. Stored and in transit (1Password has overtaken you!). And only decrypt in the client. I'm not interested in deep learned features based on my information. There's already an intelligence implemented in ny evernote workflow, and that one is paying you. 

Link to comment
  • Level 5*

Nice and also LOLs.

Chris couldn't write his own back-peddle blog post?

How about having showing some users any new policies before you launch them? I don't think it would take a rocket scientist to see that this last kerfuffle could have been avoided - but we've probably got some rocket scientists (with notes they don't want people looking at) in the user base.

Link to comment

First, thanks.

Second, it should now be clear to you that people value the privacy of their information enormously. In the past I was uncomfortable about uploading things of a sensitive nature but I balanced all the pros and cons and took the decision to do it.  I use the in-app encryption option sometimes but for the most part I need my stuff searchable so it comes to you in the clear.  I don't ever want an employee's duties to involve pulling my data up on a screen, whether to support me or in their involvement in some internal initiative.  Ever.

Link to comment

This is a welcome response and good next step. Now, listen to what your users are really asking for and want in your product. Most of us could care less about ML and it certainly is not a priority from our perspective.

Why don't you allow us to help direct some of what is determined in the feature set? There are many of us long time users that have left or are preparing to leave because you do not listen or seem to care about what we want. Consider the unthinkable from your perspective.....publish a road map of what is in the pipeline that is based on what your user base is requesting to be fixed or missing. If you do not someone else will come in and fill that need.

Link to comment

First of.. thanks for hearing us and reconsidering.

However: I'll have to leave anyway. After 7 Years of Premium.:( Thanks though for refunding my already paid premium fee.

Since your announcement yesterday i came to realize how dependent I am of you NOT changing your privacy policy. Yesterday I did my research on alternatives and although there are some... nothing comes even close. But regardless of the alternative... Evernote does store information in a rather cryptic structure on my hard drive. Other then for example most email programs with similar amounts of data do, the structure does not resemble the Notebook structure or does store information in plain text (or even rtf) files, Attachments are sometimes cryptically named so that I would have to reopen every one of them in order to rename it properly). All in all: I came to realize that migrating sensible data out of Evernote in case of a privacy police change would take the better part of a week for me. Therefore, with pain in my heart, I decided to start migrating out of Evernote as soon as possible. I'm very sorry... but... you just can't do things like that. Ever.

Link to comment

Too little too late Evernote.  This *attempted* change has shown that you are completely out of touch with your user base.  You are suffering both from Netflix and Pandora syndrome.  You believe you are in a position to push horrendous changes thinking you are above repercussion but as you can see, you're not.  First was the 2 device change.  That was completely awful and absolutely negates the very essence of what Evernote was.  Raw accessibility.  The fact that Evernote could be everywhere.  Your phone your tablet, your PC, your laptop, your cat...and so on.  When you made it so the basic user was so VERY limited, you began to slip down the slope of greed similar to the Netflix streaming/DVD mail split.  While I was starting to transition to Onenote to get away from EN, now I really am no matter how much you attempt to rescind this.  Oh but I do bet this kind of stuff will show up in public relations classes in the future similar to how case studies used to be about Delta crashes and Tylenol/cyanide issues in the past.  Basic users want acessibility, not all the bells and whistles.  LEt the power users pay for that and give free people back their multi-device capabilities.  This latest attempted change will not be the last stunt EN will pull.  Mark my words.

Link to comment

Evernote is the quintessential company with a decent product but crappy management.

History is littered with loved companies that went down the drain because their management were out of touch with reality. Ever heard of Yahoo, or even Sierra On-Line?

You better heed the warnings and wake up while you still have a chance.

Link to comment

This is a disaster!!!!

 

There are so many useful feature request in the forum and Evernote wants to spying us. How about finally fixing the issues of the Web Clipper first?

 

We can write support requests as a note in our Evernote client in the future. Maybe Evernote will react faster.

Link to comment

I like how all posts need to be approved by a moderator on here. I think thats pretty telling of the reaction to this proposed policy change and then the back-pedal this is.

Anyhow...

For most of you folks singing praise, Im pretty amazed that you honestly believe that this is the end of this privacy violation. Its pretty clear that the seniors at EN felt that most people wouldn't likely even read the proposed policy change let alone buck and whinge at it as much as has happened.

Issue here is this isn't done. Data is king in the modern era. Collecting, sorting, organizing, analyzing and then selling that data raw or just the potential of targeted ads/etc are much too great for most companies to ignore. Because of that, you can bet that there will be a bunch of lawyers re-doing this policy and finding loophole language in some way to accomplish the same thing as "employees reading/accessing your data".

This "retraction" shouldn't be praised at all. Flat out, the blatant disregard for privacy proposition shouldn't have happened to begin with to even warrant this retraction. This is damage control, nothing more, nothing less. The users have not "won" any sort of victory here. This proposition will come back but hidden by some comfortable euphemism the legal experts come up with to misdirect and normalize the collection of your data. Google does it, Microsoft does it, Facebook does it, they all do it in some way, and because they have better lawyers to find the right legalese to type that makes you overlook whats actually going on, most folks pay no mind to it.

I got EN free for a few months with my new phone. Its cool, handy, has some good features, some...eh...but honestly, I dont trust the company. Especially after this. There are other alternatives out there, other methods to achieve the same functions as this system can provide, and they dont harass you for upgrading your subscription or pester you to make use of new features or functions you don't want regularly.

Data is king and your data and the money that can be made off it far outweighs the revenue generated by subscription fees. You can rest assured that EN will find some method to monetize it with your consent whether you realize that or not. Maybe a default auto opt-in, or even convoluted and confusing privacy settings (ahem...Facebook), one way or another they know what they have with you saving your data on their systems and they will find a way to make money from it because they can.

Link to comment

Why is it so hard to completely delete an account?

After deleting all of my content and locating the "Deactivate Account" option, I found that there is no way to get a hold of EN to have them complete the account removal.  All of the "Contact Us" links on https://help.evernote.com/hc/en-us/articles/208314088 are directing to:

Oops, we encountered an error.

Unexpected error.
Our server has experienced difficulties processing your request(/SupportLogin.action) 
You may need to Sign in to your account to access this page.

 

By hiding the option to completely remove all of our data -- or making it involve multiple steps and hoping that an EN employee will actually get around to the task -- tells me you truly are disinterested in my privacy and well-being.

I wish I'd never signed up.

Link to comment

I have been with Evernote since I joined your second public beta, and a premium subscriber for years now. You earned my trust, loyalty and revenue by making a great product and allowing me to trust you with my data.

In one decision, you lost me for good. I give second chances to restaurants that ***** up my dinner, or dry cleaners who lose a shirt. I do not tolerate any act by an entity that willfully betrays the trust I give to those who hold my money, data, IP and business.

I don't care if the USG forced your hand by national security letter, or if your international ambitions led you to forget those of us who made Evernote and pay you -- just because a billion person market might become available if you subvert your principles and destroy your otherwise good name,

I do not trust your reversal, because it could reverse again with smarter leadership and sneaky methods, Good luck in China. My years and years of notes are gone, and my subs cancelled.

You have failed on more levels than one entity should ever approach in a century. 

http://www.forbes.com/sites/thomasbrewster/2016/12/16/evernote-backtracks-on-privacy-policy/

screen-shot-2016-12-14-at-10-53-33-am.pn

 

 

Link to comment

Make some improvement on text editor. It's getting really old these days.

Get rid of the chat thing. Who chats on note app??

Get rid of upgrade advertisement from premium user's workspace. What kind of premium user needs upgrade??

Encrypt users' notes. So you can't peek on my things in the future. 

Don't use users' notes. It's stored on your server, but I will not consent.

 

Link to comment

I still don't trust EN, don't like the free tier restrictions (in respect of not having provided a "middle" tier that allows only unlimited synced devices) and will still move away/reduce the content placed in EN.

BUT

In this case I appreciate the decision to reconsider this stupid idea, well done

Link to comment

I'm really glad about this. I'd love to see the company refocus on privacy, reliability, and speed, while actively removing features. If Evernote's going to be an extension of my mind, the most important thing is that I can trust it, and the least important thing is the frills. 

Link to comment
7 hours ago, aisu825 said:

I appreciate that Evernote quickly realized their mistake and listened to their customers in this instance. However, I would still like to see more work done on encryption features and much stronger privacy policies going forward.  Marketing focus groups and public dialog about proposed changes would greatly benefit you in the future.  This is the second debacle in the past six months.  Your company cannot keep doing this and expect people to stick around.

You have such an actively engaged and devoted group of users - why would you not collect our feedback before making these changes? 

I feel stupid, but I never realized before this announcement that Evernote was even in position of being able to view our note content without us opting in. Now that I know that, you're telling me you won't use that capability unless I say it's ok. So you're pretty much on your honor not to view my content, and after the recent announcement, I don't trust that either. 

I don't have time to manually encrypt each note. Evernote needs to provide default encryption. I've been using Evernote since it was in beta, but I'll be looking for another solution until that is available. 

Link to comment

Thanks for reconsidering.  Based on the feedback, please make whole note (including attachments) or whole notebook encryption a priority.  That seems to be the greater demand from the community instead of machine learning.

Link to comment

Thank you for listening and changing this!! I really didn't want to leave EN. (premium user). I really didn't even have an issue upgrading to premium. I want the company to be around a long time and I don't mind paying for services I use and I use EN many times a day. I have to be able to trust it however. Full note and/or notebook encryption would be huge! Right now I use methods outside of EN to encrypt sensitive data before putting in EN but why force me out of the app to do this? That would be a huge step forward. Easy to explain to end users that encrypted data is not searchable. Let the user decide.

As for other functionality? I don't need/want ML to anticipate what I want. I'm an adult and I can set my own reminders. I like it that way. My only real wish right now? The home screen font on the phone is tiny. Would like to be able to increase font and have more control over home screen. My adult man fingers have a hard time hitting the specific thing I want on the home screen. 

Other than that? Very happy and will stick with EN. I spent (wasted) all day yesterday looking for alternatives and really did not want to leave. Glad I can stay now. 

Everybody makes mistakes. I'm sure you won't make this one again. 

Link to comment

The road to recovery is not simply a mea culpa. It requires a change of heart.

EN can begin this process by implementing notebook encryption where the privacy keys are managed client side (not on EN servers). In addition, EN can fix the broken note encryption that is seemingly limited to text only.

Another step would be to amend the privacy policy to ensure "necessary" read access to user content involves user notification beforehand.

Link to comment

Ok so let's say you switch to Keep or One Note, who is to say these companies aren't doing the same thing?  Switching to Keep would be a down grade, it doesn't even have undo!  And one note has terrible quality for images that are inserted on Windows and then viewed on Android. And onenote sync has allows been annoyingly slow.  If you have to switch I would recommend a combination of Google docs and keep over stupid Microsoft

Link to comment

For a short time, I was very worried about my future with Evernote. Thank you for being open about the process and for listening to the users. Evernote is the app I use most in my life, so understandably, it stung when the rules changed. Thank you for listening to the users and for standing up for the right thing. 

Link to comment

I'm happy to see the reversal in policy plan. As I stated in my original post, I would wait until January 1 before deleting my account. I'm happy that I will be continuing my assoication with Evernote, although with a watchful eye. Thank you for listening to your clients and responding so quickly. I hope that this reversal will also reverse the trend of so many who voiced their dismay and were leaving Evernote. I'm confident that you can move forward with a unique product that continues to improve without the privacy invasions of your clients/customers. Thanks again for listening.

Link to comment

I'm still canceling my premium subscription. Policy change showed really poor judgement even thinking this is OK, and it's being reverted only because Evernote was called out on it. Where else is judgement lacking??

Link to comment
  • Level 5*
6 hours ago, TomCGN said:

Yesterday I did my research on alternatives and although there are some... nothing comes even close.

I haven't seen anything that's comparable either.

6 hours ago, TomCGN said:

But regardless of the alternative... Evernote does store information in a rather cryptic structure on my hard drive. Other then for example most email programs with similar amounts of data do, the structure does not resemble the Notebook structure or does store information in plain text (or even rtf) files, Attachments are sometimes cryptically named so that I would have to reopen every one of them in order to rename it properly). All in all: I came to realize that migrating sensible data out of Evernote in case of a privacy police change would take the better part of a week for me.

This is a point of view I don't understand. Applications very often store documents on disk in formats that are useful to the application, and that means not in plain-text storage. The simple reason is often for speed and amount of storage. Imagine storing, say, a million Lidar points in a text format; sure you can do it, but it'll take up much more space than even a simple binary format, be slower to read and write, and let's not even talk about adding spatial indexing, if that's desired. Disk formats are pretty much irrelevant so long as good export capabilities are provided.

And the desktop Evernote clients do provide these. So if you're a Windows or Mac user, you can migrate your data out of Evernote, exported in either HTML or Evernote's documented ENML format, both of which are text-based. I make regular backups of my notes in ENML format anyways.

That being said, that certainly leaves out users who don't use the desktop applications (people who only have access to Evernote web, or mobile-only users), and it'd be totally understandable and legitimate to request a way to export your note data without requiring a desktop client. I'd upvote that, for sure. Evernote users in that situation are kinda screwed locked-in.

But barring that, the on-disk format of your notes database shouldn't be much reason for you to leave Evernote.

Link to comment

Good for you to back off on the privacy change.  

Evernote also needs to walk the walk with respect to its commitment that data is portable.  In fact, my html export has not worked for some time (Ticket# 1850762).  If the commitment is really a commitment, export bugs must have high priority.

Link to comment

While I'm very glad that to hear that the opt-out only AI policy has been reigned in, I haven't seen any clarification on the other privacy issues:

"And please note that you cannot opt out of employees looking at your content for other reasons stated in our Privacy Policy"

Will employees still be allowed to view our notes under these other conditions? If so, what specifically are these other conditions? Statements such as "We need to do so for troubleshooting purposes or to maintain and improve the Service;" are unreasonably vague and disconcerting.

Thanks in advance for the clarification.

Link to comment
10 hours ago, TazUK said:

I would like to see Evernote put security at the forefront of the customer experience. As so many have pointed out, entire Notebooks should be encryptable.

Thank you, TazUK, for raising this.  I agree completely.  Even if Evernote sincerely intends to keep notes private, the growth of Evernote and the material it contains likely makes it an interest to hackers who might love to access the notes some users keep in Evernote.  Full notebook encryption where keys are handled only on the client device is critical.  I would also like to see full database (all notes) encryption.  This will likely disable some features for these notes including OCR unless Evernote would move this processing local.  It would also complicate sharing; however, other users have proposed reasonable and practical options for allowing sharing of encrypted notes.  I'd even be open to requiring all shared notes be unencrypted (with a warning).

With the volume of information I keep in Evernote, I'm becoming increasingly uncomfortable with the exposure that offers me to hackers and others.  I do believe Evernote works hard to keep their system secure.  While this reduces risk, it comes far short of eliminating risk.

I've even recently turned off the renewal of my annual premium subscription as I search for options that do provide better encryption options.

Link to comment
  • Level 5*
7 hours ago, GambaJo said:

There are so many useful feature request in the forum and Evernote wants to spying us. How about finally fixing the issues of the Web Clipper first?

 

We can write support requests as a note in our Evernote client in the future. Maybe Evernote will react faster.

That is actually pretty funny. We should create notebooks called "Evernote Feature Requests" then opt in to having employees read those notebooks. :D

Link to comment

Glad to see that Evernote changed their mind on this. Before I truly buy-in, I'd like to see an updated privacy policy. My notes contain private and confidential information that I don't want to share with anyone unless I choose to do so. Evernote has breached the trust of its users with their privacy policy and will have to work to earn it back. I'd like to see more data protection and privacy features, not less.

 

Link to comment

Correct me if I'm wrong, but the Jan 2017 update did not really change how employees may access our information -- it just added the machine learning piece and the disclaimer that you can't opt out of employees looking at your data. Looking at the 2017 update, and the current standing privacy, we do not nor have we ever had a guaranteed expectation of privacy. "As a rule" they do not access it unless [reasons] isn't saying much. And, again, there's no way to opt out.

It's great we're having this conversation, if a bit late. This is a good reminder to all: Evernote is a cloud service run by humans and, like any other, it will never be 100% safe from access, be it internal or external.

Link to comment
2 minutes ago, allen said:

Correct me if I'm wrong, but the Jan 2017 update did not really change how employees may access our information -- it just added the machine learning piece and the disclaimer that you can't opt out of employees looking at your data. Looking at the 2017 update, and the current standing privacy, we do not nor have we ever had a guaranteed expectation of privacy. "As a rule" they do not access it unless [reasons] isn't saying much. And, again, there's no way to opt out.

It's great we're having this conversation, if a bit late. This is a good reminder to all: Evernote is a cloud service run by humans and, like any other, it will never be 100% safe from access, be it internal or external.

I think you're wrong in some respects, because Evernote can choose to implement technology that will enable much more privacy despite its being a cloud service. Evernote has never articulated a business model that indicates they want to make your data into a revenue stream or mine it for value. Quite the opposite in fact. My previous post here points to precisely the logic as to why they should aim to make users' data safer from humans. Nothing is ever 100% guaranteed, but Evernote can improve its users' data safety by orders of magnitude from where it stands today.

 

Link to comment

I HOPE YOU MAKE THAT OPTIN BUTTON REALLY BIG...LIKE REALLY BIG.  

I want it front and CENTER that says "If you press this button you are allowing us to see your personal information"

I WANT THE BIGGEST DAMN BUTTON EVER.  If you think for one second I'm going to allow you inside a PRIVATE area that You said was private in the beginning and you PROMISED to keep private you're out of your freakin' minds.  I'm so angry you would even think of imposing this degrading and delusional privacy policy.  For this STUPIDITY on your part, you should give us all a FREE year of PRO and STAY OUT OF MY PERSONAL BUSINESS!

Signed, pissed off and more than upset that you would even consider breaking my trust in you.

Link to comment
35 minutes ago, mz123 said:

I think you're wrong in some respects, because Evernote can choose to implement technology that will enable much more privacy despite its being a cloud service. Evernote has never articulated a business model that indicates they want to make your data into a revenue stream or mine it for value. Quite the opposite in fact. My previous post here points to precisely the logic as to why they should aim to make users' data safer from humans. Nothing is ever 100% guaranteed, but Evernote can improve its users' data safety by orders of magnitude from where it stands today.

 

In what way am I wrong, exactly? I agree that they can improve their users' data safety. My point is that the privacy policy did not change between 2016 and 2017, and the inability to opt out of some employees having access to our email is still an issue, has always been. Whether or not you can live with that, now isn't the time to thank them for their understanding. They're still on the hook.

 

Link to comment
  • Level 5*
47 minutes ago, allen said:

Correct me if I'm wrong, but the Jan 2017 update did not really change how employees may access our information -- it just added the machine learning piece and the disclaimer that you can't opt out of employees looking at your data.

What, let facts get in the way of all the FUD being thrown around!!!

It was not a great idea that "opt in" was the default, but they've changed that

>>This is a good reminder to all: Evernote is a cloud service run by humans and, like any other, it will never be 100% safe from access, be it internal or external.

For sure, the only way to ensure protection is to encrypt your data

Link to comment
1 minute ago, allen said:

In what way am I wrong, exactly? I agree that they can improve their users' data safety. My point is that the privacy policy did not change between 2016 and 2017, and the inability to opt out of some employees having access to our email is still an issue, has always been. Whether or not you can live with that, now isn't the time to thank them for their understanding. They're still on the hook.

 

Oh I agree! I was just referring to your statement that because it's a cloud service, it can never be completely safe from access. I shouldn't have said you were wrong though. My point was that though there is no 100% guarantee, there can be something much closer to 100% than what we have now. Encryption and security through technology is much more effective a guarantee than a "trust us" buried within a privacy policy document.

 

Link to comment

By adding zero knowledge encryption ability this privacy uproar comes to an end. Otherwise, the damage has been done and likely can not be reversed. It was the communication style and message that reminded me how truly vulnerable my data was from internal and external forces.

Link to comment
3 minutes ago, DTLow said:

What, let facts get in the way of all the FUD being thrown around!!!

It was not a great idea that "opt in" was the default, but they've changed that

>>This is a good reminder to all: Evernote is a cloud service run by humans and, like any other, it will never be 100% safe from access, be it internal or external.

For sure, the only way to ensure protection is to encrypt your data

The facts indeed! The FUD is well deserved. A company writes that you own your data, and points to that policy repeatedly, then opts you in to data sharing with employees. That's not merely a "not great" idea. It's an indication that some subset of employees didn't share the point of view that their policy implied. No less than the CEO came out and said they screwed up. Given the recent history of events, I say the acronym "FUD" should be banned from posts until Evernote is on more concrete footing with respect to its culture and intentions! People should be concerned and afraid. Why in the world wouldn't they be? Don't dismiss valid concerns as FUD. The facts are what they are. Evernote did what they did. 

Link to comment
9 minutes ago, DTLow said:

What, let facts get in the way of all the FUD being thrown around!!!

It was not a great idea that "opt in" was the default, but they've changed that

The only opt-in that has changed is the machine learning. We still cannot opt out of our notes being accessed by employees. 

Here's the current privacy policy:

Quote

 

Do Evernote Employees Access or Review My Notes?

As a rule, Evernote employees do not monitor or view your personal information or Content stored in the Service, but we list below the limited circumstances in which our employees may need to access or review your personal information or account Content:

We believe our Terms of Service has been violated and confirmation is required or we otherwise have an obligation to review your account Content as described in our Terms of Service;
We need to do so for troubleshooting purposes;
Where necessary to protect the rights, property or personal safety of Evernote and its users (including to protect against potential spam, malware or other security concerns); or
In order to comply with our legal obligations, such as responding to warrants, court orders or other legal process. We vigilantly protect the privacy of your account Content and, whenever we determine it possible, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account. Please visit our Information for Authorities page for more information.

 

Here's the 2017 privacy policy

Quote

 

Do Evernote Employees Access or Review My Data?

Below are the limited circumstances in which we may need to access or review your account information or Content:

We believe our Terms of Service has been violated and confirmation is required or we otherwise have an obligation to review your account Content as described in our Terms of Service;
We need to do so for troubleshooting purposes or to maintain and improve the Service;
Where necessary to protect the rights, property or personal safety of Evernote and its users (including to protect against potential spam, malware or other security concerns); or
In order to comply with our legal obligations, such as responding to warrants, court orders or other legal process. We vigilantly protect the privacy of your account Content and, whenever we determine it possible, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account. Please visit our Information for Authorities page for more information.

 

There's very little difference, and no way to opt out. How Evernote responds to this in coming weeks will be very telling -- and reshape how I use Evernote in the future. 

Link to comment
2 minutes ago, sunvalley said:

By adding zero knowledge encryption ability this privacy uproar comes to an end. Otherwise, the damage has been done and likely can not be reversed. It was the communication style and message that reminded me how truly vulnerable my data was from internal and external forces.

The lack of implementation of encryption is also a statement of intent. "We intend to protect your data and want your trust, but will pass on the best means to do so." That needs to change.

Link to comment

Thanks for hearing us and responding quickly.

We're still in an awkward position here: the fact that you made this decision in the first place, even though you reversed it, calls into question how you're making decisions regarding privacy and whether you've really thought through the implications of a change like this. I urge you to hire an expert in these matters, or loop in someone from your team who is already familiar with them if you haven't already.

I know we privacy and security nuts can be a pain in the rear, but we have good reasons for it! It may be true that the vast majority of your users and their notes don't present serious privacy concerns, but for the remainder of us a single leak, misuse of data, or oversight on the part of your staff could lead to a cascade of much more serious issues that extend far beyond the scope of Evernote itself. We have to put our trust in somebody and we've chosen you. Please take that more seriously in the future.

@allen the other items in the privacy policy are fairly industry standard compromises, and ones that everyone should be aware of. They're necessary for legal and technical reasons, and I can accept that and take it into consideration when deciding whether to store sensitive data in Evernote. There's a big difference between those and "we might peek in on your notes at random to see whether our ML bots are doing what we think they should".

Link to comment
1 minute ago, DTLow said:

Can I dismiss the invalid concerns? :)

Sure! But let's try to hold Evernote more accountable, not criticize those who are rightfully concerned about the circumstances that led to this week's events. Thought experiment: if you were advising Evernote's CEO two days ago, would you have advised him to make a public apology for the privacy policy and a full retraction of it? Or would your advice relied heavily on the term "FUD". ;)

I want a better, more secure service. I pay for it, and it's worth the effort. We don't need future excuses for privacy invasions due to rogue employees, poorly implemented AI systems, or outside hackers. We just need to solve the problem (closer to 99%) with technology that has been implemented by some Evernote's competitors for years.

Link to comment
  • Level 5*
3 minutes ago, mz123 said:

Thought experiment: if you were advising Evernote's CEO two days ago, would you have advised him to make a public apology for the privacy policy and a full retraction of it? Or would your advice relied heavily on the term "FUD".

I would have advised the CEO that "opting in" should not be the default

I would thank him for keeping us informed of privacy issues, and giving us the option of not participating 

Link to comment
27 minutes ago, DTLow said:

I would have advised the CEO that "opting in" should not be the default

I would thank him for keeping us informed of privacy issues, and giving us the option of not participating 

He did the right thing by retracting and speaking out. However, to remain an advocate and champion the users of his service, he should address the core that created this issue in the first place. The best, most effective way for him to do so is to renew Evernote's commitment to user privacy by building in privacy by design: client-side encryption. Sure, this will diminish the wishes and career ambitions of those in Evernote who want to mine user data to train AI systems. However, Evernote is exactly the kind of service where those ambitions should be kept at bay. Evernote cannot be all things to all people. If they can't build AI features under opt-in, while enabling encryption Evernote-wide, perhaps by default, then they shouldn't build AI features. If they want to stay away from enabling client-side encryption of everything, they should stop saying that we own our data, that privacy is the number one consideration, and that they want to be my Second Brain.

The current implementation of encryption within Evernote is not user friendly, it's tedious, and it severely limits functionality. None of that is necessary.

We shouldn't beat around the bush here. Either a company is committed to these things or they are not. Actions speak much louder than words. Either let users easily encrypt everything, or admit that you want access to their data in some way or another.

Link to comment

Unfortunately, the mechanisms are in place for viewing data — and history has shown that whenever that window or back door is created, someone eventually will find a way in. Five years from now, take the current Yahoo debacle and search/replace the word "Yahoo" with the word "Evernote."

I had evangelized Evernote since I signed up in 2009, but in the last two years, everything I have heard from Evernote has made me question why I continue to use the service. When I finish exporting all of my files this afternoon, I'll be attempting to delete my account. Just remember that in this breakup, it's not me — it's you.

Link to comment

I already exported my notes, fully preparing to bail. 

You're on probation. I will cut you off without mercy, Evernote. My intellectual property is mine alone. Keep your mitts off it. Your UX is ancient and buggy. I just had a go-round with your tech support over syncing-- and I'm NOT A SERIOUS USER. I can only imagine what they go through.

I pay hard earned $$ to use my tools. DO NOT TRIVIALIZE your clientele and foist big data drag nets and civilian (even if "qualified") eyeballs into your user's information pool. We will jump ship at the next sign of it, forever, and won't look back.

Probation: remember that. Carry on. Eat some humble pie and get back to work.

Link to comment

So, we still have the situation where the legalese allows EN to read our notes if they want, when they want for the most part.  With the current language, any good attorney could find cause for legal access.  But we are assured by O'Neill they won't use this power. His statements show some respect for privacy and I do appreciate that.  EN now needs to control their attorneys more and make their stated intent reflected in the legal documents.  Maybe this is what they mean when EN says improvements are coming over the next few months.

To those claiming Google Keep and Microsoft OneNote are less prying, please do yourself a favor and read their privacy statements.  One example, by using OneNote's web clipper you give Microsoft full time access to all your contacts, even when OneNote is not running.  That is troubling to me and is just the first example I thought of.

But now I have a dilemma. I turned off that auto Opt in feature of old off.  I wonder if I should turn it back on for other features it might control.  Yet when I look for it now, I can't find the option at all.  Can someone tell me what I will miss by leaving it off? And can someone point me to the account setting switch again as I think I am going batty and now suspecting it has been removed.  I thought it was on the Account Summary page...

Link to comment

This is a company that still doesn't know what its product is, who its customer are, and what they want. While I've never questioned the price hoping that it would help fund some direction in the company, this will never happen.

I can't say how happy I am to learn Spider Oak is willing to learn from Evernote's mistakes and offer a zero knowledge note taking app and only charge $12 a year for it. Hell, I'd pay 5x times that to have Clearly capabilities, passcode app locking, and cross-platform availability, Having used their products in the past, I also know I won't be getting emails from them trying to sell me document scanners or Moleskin notebooks either.

Best of luck to those of you that stick it out with Evernote, I've been burned one too many times now to continue paying for this. 

 

 

 

Link to comment

Good note taking apps come and go. I still miss Packrat and Note Studio. I'd hate to lose Evernote, which is one reason I decided to pay $5/month: try to keep Evernote around. However, there's too much advertising urging an upgrade. If Premium users get the same advertising, that a disincentive to move up from the middle tier. The biggest motivation for me to consider Premium is to get rid of the nagging. The Premium features are not very enticing. 

I value my privacy. I'm losing trust in Evernote as it grows. How about a "do no evil" high-level policy to inform the “Three Laws of Data Protection?” Somebody was thinking about money, or at least not about users and customers. Rather than mysterious benefits, how about making what we are using now better? It works for the most part, but still... And, let me hide Chat. Chat annoys. How about making sure releases work? The latest, Version 6.10 (454269 App Store), has some bugs. I found workarounds, but I shouldn't have to.

Link to comment
5 minutes ago, jbrennan said:

However, there's too much advertising urging an upgrade. If Premium users get the same advertising, that a disincentive to move up from the middle tier. The biggest motivation for me to consider Premium is to get rid of the nagging.

I am Premium and still get suggestions to upgrade to Premium.  Another example of half effort programing in my opinion.  EN - "Start all, polish none", I think.

Link to comment
  • Level 5*
40 minutes ago, whiskeykilo said:

I can't say how happy I am to learn Spider Oak is willing to learn from Evernote's mistakes and offer a zero knowledge note taking app and only charge $12 a year for it

I'll be curious to see how useful that service is. The reason notes in EN are not encrypted on their server is it is indexed for searching. So I have 8GB of data across 16,000 notes. I can virtually instantly search on my iPhone for any note and the query is sent to the server and results returned. You cannot do that with their service. It would have to download all 8GB of data, which would be painful. 

Evernote servers also automatically index PDF files, images, and Office files. Spideroak won't.

Like everything, tradeoffs. I need searchability. Not being able to find notes not on my device is a show stopper. Heck, even if I had all 8GB on my iPhone, it would take forever to search, and forget about searching inside attachments like PDFs. Heck, the beefiest of PCs will slow to a crawl to do this, and it may not even work unless their client has local indexing capabilities. Same with images.

Good luck with that.

Link to comment
14 minutes ago, EdH said:

I'll be curious to see how useful that service is. The reason notes in EN are not encrypted on their server is it is indexed for searching. So I have 8GB of data across 16,000 notes. I can virtually instantly search on my iPhone for any note and the query is sent to the server and results returned. You cannot do that with their service. It would have to download all 8GB of data, which would be painful. 

Evernote servers also automatically index PDF files, images, and Office files. Spideroak won't.

Like everything, tradeoffs. I need searchability. Not being able to find notes not on my device is a show stopper. Heck, even if I had all 8GB on my iPhone, it would take forever to search, and forget about searching inside attachments like PDFs. Heck, the beefiest of PCs will slow to a crawl to do this, and it may not even work unless their client has local indexing capabilities. Same with images.

Good luck with that.

None of this is true. I know that if you're not particularly knowledgeable in computer security, it seems true. However, search on encrypted data is very feasible without downloading the encrypted contents to the client device.

 

Link to comment
13 hours ago, huladaddy said:

Interesting. But I wonder if the damage has been done. You people sure are quick to forgive and forget. What makes you think they won't pull this or something else in the future? For me, the momentum away from Evernote has begun... I'm looking at alternatives and may not come back. Too much of a bad taste in my mouth. Seriously, how did Evernote think we would react to their proposed invasion of privacy.

This paid user won't be quick to forget. I work for a software company and I standardized workflows for sharing content with my teams when I joined. Now I'm apologizing as a lot of paid users I brought along are scrambling at the end of a Quarter/Year to export & migrate. The initial announcement drew a quick reaction from my company - Evernote is blocked and rightfully so. And I'm pissed off.

The mindset & hubris that led to the initial announcement will not be changed along with the tack back to, "no change, we hear you loud & clear". Only new leadership could be trusted. The fact is, this team has always thought Evernote is so indispensable uniquely cool that user requirements have never been a roadmap driver. 

Link to comment
  • Level 5*
21 minutes ago, mz123 said:

None of this is true. I know that if you're not particularly knowledgeable in computer security, it seems true. However, search on encrypted data is very feasible without downloading the encrypted contents to the client device.

 

How do you search encrypted data on the server if the server cannot decrypt the data to search it? If they can, then SpiderOak's claim data is encrypted and they cannot access it is bogus.

How can an image be searched and indexed for words in the image if the file is encrypted and the passkey isn't known to the server doing the indexing?

 

Link to comment

Evernote, if you really want to earn my trust, and continue to receive my business, I need you to do one of the following:

either

  • implement client side encryption of notes and attachments and notebooks, including on the web client (or create a Linux client -- not likely)

or

  • become fully transparent with what you do with my data as follows:
    • every time one of my notes is viewed by one of your employees:
      • log the date, time, and employees full name into the note's Note Info metadata
      • log the above info for any attached files that are also viewed
      • add a tag to the note, such as "#SKYNET", to make it easy for me to see which notes have been viewed by you
      • send me an email to summarize the above actions that have occurred
  • allow me to add a tag, such as "#KEEPOUT" for sensitive data that you must not ever see, such as trade secrets, intellectual property, legal documents under seal, etc.

 

Link to comment
  • Level 5*
14 minutes ago, huladaddy said:

every time one of my notes is viewed by one of your employees:

  • log the date, time, and employees full name into the note's Note Info metadata
  • log the above info for any attached files that are also viewed
  • add a tag to the note, such as "#SKYNET", to make it easy for me to see which notes have been viewed by you
  • send me an email to summarize the above actions that have occurred

 

Now you're wanting Evernote to actually *modify* your notes? That's going to go over well...

Link to comment
  • Level 5*
15 minutes ago, huladaddy said:

Evernote, if you really want to earn my trust, and continue to receive my business, I need you to do one of the following

Evernote has my trust (obviously or I wouldn't be using the service)

As for your demands, I'm sure they will be given the attention they deserve.  Better start  packing up your business

Link to comment
38 minutes ago, EdH said:

How do you search encrypted data on the server if the server cannot decrypt the data to search it? If they can, then SpiderOak's claim data is encrypted and they cannot access it is bogus.

How can an image be searched and indexed for words in the image if the file is encrypted and the passkey isn't known to the server doing the indexing?

 

 

Link to comment
  • Level 5*
41 minutes ago, huladaddy said:

allow me to add a tag, such as "#KEEPOUT" for sensitive data that you must not ever see, such as trade secrets, intellectual property, legal documents under seal, etc.

If you keep that data ANYWHERE in a cloud service, it can be potentially accessed, legally or illegally. Period. Full Stop.

 

Link to comment

I have just deleted all my notes and I am still scared by the direction you thought it was all hunky dory to go in. The notes belong to only one set of eyes. The owner. No body else! It was huge failure not to understand this and set a very dangerous precedence. The only way you will gain the trust back is by giving users client side encryption. i.e. you can't peep into our notes even if you wanted to. You will have to implement all smarts on the client side. Yeah it's hard but that's what you get when you mess up. As for me I need to find the way to completely expunge the notes from anywhere near your servers. Even deactivating is not enough for such a violation of user trust.

Link to comment
  • Level 5*
19 minutes ago, eric99 said:

 

That is only for searching character strings, which many file types and images do not contain as you have to OCR it first to get the character string. So no, that doesn't work.

I can see how it would work on text, but I suspect it would get confused by formatting tags, especially within things like Office documents.

Has anyone implemented though? I cannot find anything on it other than other articles linking back to the 2014 press release.

Link to comment

Somehow, the fact that EN would implement such a radical change to its privacy policy without thorough discussion with its customer base is quite unnerving. It seems you don't really value your customers and their information -- or you undervalue what kind of information might be stored by customers. This, plus the big price changes is feeling like "two strikes." I've stayed away from some of the bigger companies because of a kind of arrogance that comes with size. Don't make the same mistake please. Seems like there is a list of features many have expressed desire for. That would be a good place to up your game. Not sure what the real motivation behind the change is, but given your actions, there is now a bias towards distrust of EN as a company. 

Link to comment

As a long-time paying user and enthousiast I've been using Evernote for everything ranging from note-taking, personal finances, personal archive, work archive, thought map, gtd (using the secret weapon), etcetc. It is a great product managed by a company which HAD a great vision... Recent events however have made me lose confidence in this company: the price hike, the bug which made some people lose notes and now the privacy change... Respect for privacy must be absolute and cannot under any circumstance barring juridical approval be violated, especially not for something as trivial as another (pointless?) feature which needs to be debugged... have some perspective !

Even with my busy schedule, I've spent half the day researching alternatives and found interesting (free!) alternatives which come quite close but which are not completely up to par (yet). I was ready to jump ship and even update my way of working to align with one of these alternatives, until I read about your change of heart. For the moment I will continue using Evernote, but follow-up the alternatives as well...

Evernote company: please think long-term iso short-term and don't you dare destroy a great product!

 

Link to comment
31 minutes ago, EdH said:

That is only for searching character strings, which many file types and images do not contain as you have to OCR it first to get the character string. So no, that doesn't work.

I thought EN scanned pics, pdfs, etc. to extract the text and saved it along with the note containing, say, an image, which means we can then search on it.  The record when in EN contains the image and the text OCR'd from it.  So yes, it would work, if EN saves extracted info along with the note.

Link to comment
  • Level 5*

 

9 minutes ago, MRJ said:

I thought EN scanned pics, pdfs, etc. to extract the text and saved it along with the note containing, say, an image, which means we can then search on it.  The record when in EN contains the image and the text OCR'd from it.  So yes, it would work, if EN saves extracted info along with the note.

You may have to forgo the OCR feature with data encryption - currently that's server side 

Its one of the reasons I don't do mass encryption of my data  

Link to comment
  • Level 5*
2 minutes ago, MRJ said:

I thought EN scanned pics, pdfs, etc. to extract the text and saved it along with the note containing, say, an image, which means we can then search on it.  The record when in EN contains the image and the text OCR'd from it.  So yes, it would work, if EN saves extracted info along with the note.

But not the EN client. The EN servers do all of that. The EN client used to do it, but here is why it doesn't:

  1. In searching for images, it has to use the local graphics driver. That caused all kinds of blue screens and crashes back in the mid/late 2000's that EN had to program around. ANd then when a driver was updated, if it caused problems, EN had to program around that too. It was a mess. So they moved all image processing to the server and ripped out all of that OCR code from the client. That is why when you put an image in EN it may not be searchable for a few minutes. Minimally, it has to sync up, be OCR'd, then sync the index back down. If the servers are busy, the OCR might take more than a few minutes.
  2. Increasingly people don't have PCs or Macs, or don't use them frequently. I can go on vacation with my iPHone only and take all kinds of pics and store them in EN and they will all be searchable on my phone's EN client. If the PC/Mac client was doing it, none of it would be searchable until I got back to the hotel or home to sync and let the local client index it.

The same applies to PDFs.

Office files are a bit different, but only to the extent they are text only. If there are images in the Office files, then the above still must apply. If there are not, you have to encode a LOT of unpacking logic for the XLSX/PPTX/DOCX file formats so the local clients understand them to index them. The way EN does it now, you don't even have to have a copy of Office for the attachment to be indexed. 

So no, still doesn't work.

Link to comment

I was thinking they could take a clear note from us and perform the encryption then delete the clear version, leaving only the encrypted copy.  Yes, it's on their server in the clear but not for very long.  Would that work? 

Link to comment
  • Level 5*
11 minutes ago, MRJ said:

I was thinking they could take a clear note from us and perform the encryption then delete the clear version, leaving only the encrypted copy.  Yes, it's on their server in the clear but not for very long.  Would that work? 

As per the announcement below, an "encryption at rest" process is being implemented i.e. our data will be encrypted on the servers.  

However my impression the users in this discussion are demanding client side encryption

https://blog.evernote.com/blog/2016/09/13/evernotes-future-cloud/

Link to comment
2 hours ago, EdH said:

How do you search encrypted data on the server if the server cannot decrypt the data to search it? If they can, then SpiderOak's claim data is encrypted and they cannot access it is bogus.

How can an image be searched and indexed for words in the image if the file is encrypted and the passkey isn't known to the server doing the indexing?

 

The index components are encrypted, and the server searches the encrypted index. There's a lot of detail, and this is only a brief introduction, and an older summary at that:

https://crypto.stanford.edu/~eujin/papers/secureindex/2003nov-encsearch.pdf

Now, OCR could not take place on the server, obviously. I have capable OCR within other apps on my desktop. I'm sure Evernote can solve this part of the problem easily by doing OCR locally. Sure, there are some tradeoffs. But again, these are minimal, and likely tradeoffs that users of Evernote would gladly accept. 

Link to comment

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...