Serious security flaw with encrypting text?

[Richard Ames 1]

If I paste privacy-sensitive text onto a note with the intent of then immediately encrypting that text, before I can ever perform the three steps to password-encrypt that text, Evernote has already, by the autosave, sent that data, unencrypted, to its servers for storage. That data has gone, unencrypted, from my local device, when my intent the whole time was for that to never happen with that piece of text. One simply cannot encrypt data fast enough to stop the autosave from sending on that data. 

Am I missing anything with this analysis? Is there any way to temporarily shut down autosave to allow me enough time to encrypt? Any work-arounds?

[gazumped 11,667]

Hi.  Yes.  Create a local notebook and create your note there.  Once encrypted,  move it to a synced notebook.  Alternatively,  use the native encryption built into your word processor to create a password-locked document and attach that to a note.

[DTLow 5,736]

As per @gazumped, best practice is to not do the encryption in a sync'd notebook.

Use a Local Notebook, or encrypt outside of Evernote.

[Richard Ames 1]

Ahh. @gazumped, you handled my query with such ease and aplomb. Thank you. I'm very comfortable with tech stuff, but I'm not a tech professional, so it's aways best if I get my question out where someone with more knowledge than I have can give me feedback. 

[jefito 5,589]

On 7/16/2018 at 10:17 AM, Richard Ames said:

One simply cannot encrypt data fast enough to stop the autosave from sending on that data. 

You should be able to implement something like:

• Type some dummy text in your note where you want to add the encrypted stuff.  Even if it syncs at this point, it's harmless.
• Encrypt it. Now that block of text is marked as encryoted. If it syncs any time after, it'll go up encrypted, since unencrypted state is local to the note editor, and not recorded in the note when synced (see https://dev.evernote.com/doc/articles/enml.php)
• Decrypt it
• Type in or paste in the actual the text that you want encrypted. You're done.

 

 

[Richard Ames 1]

That's a clever workaround, but tedious as well. I liked the idea of some of the other commenters here of creating a local notebook, encrypting the note there, and then moving the (now) encrypted note to the notebook I want it in. Thanks for your input.

[lisec 283]

RIchard, I had the same issue. I would take a picture of a receipt with the Evernote camera, then open it in Snag-it or something to blur my full name and address, but of course the receipt had already gone on to the servers.  

So now I take the photo with my regular phone camera, blur out the info on my desktop and drag it into my "import evernote local" folder. That folder on my drive is set to auto import anything in it into my Local folder.

Now I just have to find a way to take those photos without auto sending them to Google Photos, because, well, then I'm just giving Google the sensitive info. Sigh.