Jump to content
Richard Ames

Serious security flaw with encrypting text?

Recommended Posts

If I paste privacy-sensitive text onto a note with the intent of then immediately encrypting that text, before I can ever perform the three steps to password-encrypt that text, Evernote has already, by the autosave, sent that data, unencrypted, to its servers for storage. That data has gone, unencrypted, from my local device, when my intent the whole time was for that to never happen with that piece of text. One simply cannot encrypt data fast enough to stop the autosave from sending on that data. 

Am I missing anything with this analysis? Is there any way to temporarily shut down autosave to allow me enough time to encrypt? Any work-arounds?

Share this post


Link to post

Hi.  Yes.  Create a local notebook and create your note there.  Once encrypted,  move it to a synced notebook.  Alternatively,  use the native encryption built into your word processor to create a password-locked document and attach that to a note.

  • Thanks 4

Share this post


Link to post

As per @gazumped, best practice is to not do the encryption in a sync'd notebook.

Use a Local Notebook, or encrypt outside of Evernote.

  • Like 1

Share this post


Link to post

Ahh. @gazumped, you handled my query with such ease and aplomb. Thank you. I'm very comfortable with tech stuff, but I'm not a tech professional, so it's aways best if I get my question out where someone with more knowledge than I have can give me feedback. 

  • Like 1

Share this post


Link to post
On 7/16/2018 at 10:17 AM, Richard Ames said:

One simply cannot encrypt data fast enough to stop the autosave from sending on that data. 

You should be able to implement something like:

  • Type some dummy text in your note where you want to add the encrypted stuff.  Even if it syncs at this point, it's harmless.
  • Encrypt it. Now that block of text is marked as encryoted. If it syncs any time after, it'll go up encrypted, since unencrypted state is local to the note editor, and not recorded in the note when synced (see https://dev.evernote.com/doc/articles/enml.php)
  • Decrypt it
  • Type in or paste in the actual the text that you want encrypted. You're done.

 

 

  • Like 1

Share this post


Link to post

That's a clever workaround, but tedious as well. I liked the idea of some of the other commenters here of creating a local notebook, encrypting the note there, and then moving the (now) encrypted note to the notebook I want it in. Thanks for your input.

Share this post


Link to post

RIchard, I had the same issue. I would take a picture of a receipt with the Evernote camera, then open it in Snag-it or something to blur my full name and address, but of course the receipt had already gone on to the servers.  

So now I take the photo with my regular phone camera, blur out the info on my desktop and drag it into my "import evernote local" folder. That folder on my drive is set to auto import anything in it into my Local folder.

Now I just have to find a way to take those photos without auto sending them to Google Photos, because, well, then I'm just giving Google the sensitive info. Sigh.

 

20180725_132231.jpg

20180725_132926.jpg

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...