Jump to content
Sign in to follow this  
michaelwiller

(Archived) Feature request: secure notebook

Recommended Posts

I've created a new thread from this one: viewtopic.php?f=30&t=5667

Reason for that is that the original thread started out as a question on how to change password, then moved into an interesting discussion on privacy.

Since Premium subscription is available now. Let me state here that my signing up for that is dependent upon a "secure" notebook. I.e. a notebook where all data is encrypted.

SSL does not cut it for me. I have to be sure that my enterprise notes only can be read by me and only on the desktop.

Dave said something about secure-notebooks could be achieved using and online backup service and EN2.2. This is not true. I have 2 PCs and one Mac (I know too many computers) but EN3's Mac client is a Godsend since synchronizing notes across platforms is a pain ... Second EN3 will merge updated notebook (just as EN2 does with the USB-sync feature in the professional version). For me means I have access to my notes on all computers. The only thing missing is to have access to the enterprise notes as well.

Someone else noted that printing is a pain, when notes are partly encrypted - I agree on that as well. A "secure" notebook would solve that problem as well.

Please implement "secure" notebooks. I'd accept (almost) any limitations you'd put on an alpha version (no image recognition except on client, no web-access, ...)

thanks

Michael

Share this post


Link to post

To clarify: we're pretty busy with all of the new things we're doing right now, so we won't be able to provide detailed point-by-point analysis for every suggestion on the forums (and certainly not with 6 hour turnaround).

We do read everything here, however, and appreciate the feedback.

As discussed in several other threads recently, we take security and privacy very seriously, and are trying to build a system provides a good balance of security and usability.

Thanks

Share this post


Link to post

I know you take it seriously. I know where you're going or at least where you want to go. Regarding time responsetime. I don't expect anyone to be available 24*7, you did however answer several other questions. A simple "I'll get back to you on that one." would have done it.

But I need an answer to a simple question. And question that's been asked many times on the forum - granted: for different features. The simple question is "when?".

And since I cant get a straight answer or even a guess as to when that answer will be coming. Then I'm spending my time on the wrong forum and on the wrong product. As simple as that.

cheers and good luck,

Michael

Share this post


Link to post

I shouldn't butt in.

I came to the forum to look for security features when I read this thread, and I'm voting for the Evernote Team on this one.

Scrambling a huge file is one thing. Scrambling across Enterprise proxy & firewall is another. Offering it for 50 dollars a year with a 24 turn-around makes me laugh. Can I take these suitcases to your room, sir?

Geesh.

Share this post


Link to post
But I need an answer to a simple question. And question that's been asked many times on the forum - granted: for different features. The simple question is "when?".

I'm not completely sure what this is referring to, but I'll take a guess:

Evernote has a wide variety of options for you to manage the security and privacy of your notes. You can store notes in secure, private notebooks that can be synchronized across your computers, you can store then in local notebooks on a single computer, you can encrypt text within notes, you can use a USB portable option, etc. Our service operation aims to be at least as secure as all of the other network services people trust today for private information such as email, etc.

We offer text encryption to allow you to choose which data you want to protect. Only you know the passphrase to decrypt this text, so we can't access it (or index it for searching, etc.).

Storing accounts that are completely encrypted would mean that either the usability or the security of those notes would be unacceptable, so we have no plans to implement this. If we don't have your decryption key on the service, then we wouldn't be able to provide any web UI, we wouldn't be able to provide image processing, searching, email gateways, iPhone support, disaster recovery for your data, etc. If we have your key on the service, then there's really no point encrypting the notes at all.

We think that we've chosen the right balance between usability/accessibility and security/privacy by giving users a very large number of choices. This matches or exceeds the security of the other sensitive services that people use for personal and business information every day.

Share this post


Link to post

I have read thru most of the security post and I think I have an understanding of Evernote security, and I'm not well versed on Windows XP security at all. I have a practical question concerning the security of Evernote information stored locally on my Windows laptop. My biggest security concern obvisously, is if my laptop is stolen.

My work laptop requires a Windows user login and password. My first question is; can someone who steals my laptop access the Evernote database file if it is stored in My Documents (the default location) on my computer without my login (or an adminstrator login)?

My second question is, if a thief were able to access my Evernote Database file (maybe the stole the laptop and I was logged in) would they be able to open an view the data in this database file? (Assuming I had logged out of my account thru the client which I usually do before closing Evernote)

In terms of additional security, it would be nice to be able to password protect whole notebooks, so that if the Evenote client was running and I had a notebook with sensitive information in it, it would still require a password to view the notes in that notebook. Typically my I have Evernote running during the day. Maybe this is a feature, I haven't been a user that long. Could you let me know if that is the case or if it is a likely future feature?

Thanks,

Todd

Share this post


Link to post

If you're concerned about someone stealing data from your laptop, you should consider protecting all of your data (not just Evernote) via file system encryption. This will also protect your office documents, emails, etc. Windows includes built-in support:

http://en.wikipedia.org/wiki/Encrypting_File_System

Or there are some great third-party options like TruCrypt

Share this post


Link to post

Thanks for the link, that is helpful information. Ultimately, since this is a work computer, for which we are expected to store client information, regardless of whether it is stored in note application, word doc, excel, it should be up to our corporate IT department to set security standards and policy around protecting laptop data. This link gives me something to discuss with them.

I do appreciate the feature to encrypt text at the note level, which makes me feel more comfortable about using one note to store passwords and/or receipts with credit card information. Any chance you will be providing similar functionality at the notebook level? I could see a situation where it would be useful to password protect an individual notebook. For example, it would be nice to store my 401K statements which are in pdf in a notebook, then password protect that entire notebook. I realize that would prevent searching notebooks within that particular folder, but I could live with that.

Thanks for thegreat work on the product.

-Todd

Share this post


Link to post

I'm absolutely in for this. I'd love to be able to scan personal records and save them here...in effect eliminating my file cabinet to a rather large extent. A password for a secure folder that only my wife & I would know would DEFINITELY make me up for this.

Share this post


Link to post

Actually, I like the way they have it now.

I used onenote, and they have the functions set up the way you want them.

I find that it is not as convenient to find notes when the entire note is encrypted.

With Envernote I take and make a couple lines on what the data is, then hilight and encrypt the actual sensitive data.

Encrypting entire notes in evernote would be worse, because the information is intended to disappear into the roll, and be brought out when you need it. You could not find it if it was encrypted.

... Just my 3 cents worth.

Share this post


Link to post
Actually, I like the way they have it now.

I used onenote, and they have the functions set up the way you want them.

I find that it is not as convenient to find notes when the entire note is encrypted.

With Envernote I take and make a couple lines on what the data is, then hilight and encrypt the actual sensitive data.

Encrypting entire notes in evernote would be worse, because the information is intended to disappear into the roll, and be brought out when you need it. You could not find it if it was encrypted.

... Just my 3 cents worth.

agreed.

Share this post


Link to post
And since I cant get a straight answer or even a guess as to when that answer will be coming. Then I'm spending my time on the wrong forum and on the wrong product. As simple as that.

If you trust no-one, then you shouldn't trust a third party service to handle the synchronization of your sensitive data unless you encrypt it yourself and THEN transmit it. Evernote does permit this, and various third party applications (Yojimbo comes to mind) permit the same. Unless you can get by with the built-in text encryption (which is locally encrypted and thus meets the trust no-one standard), Evernote is definitely NOT the product for you.

That said, consider the following options to enhance security...

As an addition to text encryption, you can also attach files to Evernote. Consider making use of disk images (TrueCrypt provides a cross-platform standard) attached as files to your notes. You can mount the image, work with its contents, and then close the image. Evernote is "smart" enough to maintain the updated version on the note, so you get your round-robin sync.

Of course, if you do that too much you lose the whole benefit of Evernote's searching abilities, and a more limited syncing system (SugarSync, Dropbox) might be more useful.

You can also use PGP/GPG or any other encryption algorithm to encrypt data in your notebooks. You may prefer this to Evernote's text encryption since you can individually encrypt files and also have more control over the strength of the encryption.

If you do encrypt text, include a summary or numerous tags so that you can search for the encrypted note.

Use some other service for your highly sensitive information (KeePass and Dropbox are a very nice combo, or KeePass on a USB drive) and rely on Evernote for those data that can be lightly encrypted or not encrypted at all.

Security is a sticky wicket with a program like Evernote, and you're right to take it seriously. But I hope some of these ideas are useful as you think about ways to maintain secure data.

Share this post


Link to post

I would really like to be able to set a password on a whole notebook, will this feature be added anytime soon?

Thanks

Paul

Share this post


Link to post

You can encrypt sensitive text within your notes in both of the current clients today. We don't plan to add any batch encryption to entire notebooks/accounts in the near future, because encryption makes it impossible to implement many of the features our users depend on. E.g. you can't process images for text searching if they're encrypted, you can't index the text for searching if it's encrypted, etc.

Share this post


Link to post

I understand what you are saying David, however this doesn't really address my particular needs (not that i think they are moreimportant than anyone elses you understand, just to give opinion), I have now adopted Evernote fully into my life,i use it as my store for all things I want documented, I now I can get to my info using my iphone or online so i have started moving across everything i think would be usefulfor me to have to hand. In creating a secure/encrypted notebook I have a place to keep things which I need just that little extra security. I fully understandthat if this notebook is secured it's not goingto be indexed etc, but i would still have it to hand with all my other notes, otherwiseI may as well store my secure stuff in 1Password which give me similar functionality ie not indexed.

In particular I am thinkingabout documents I use for work, I want to have them to hand, but I don't want to go through and encrypt tens, maybe hundreds of docs by hand.

I do appreciate your comments tho, and offer this merely as clarification

Paul

Share this post


Link to post

Yes, this is the main thing I miss from Evernote 2. I just don't like the idea of storing sensitive stuff in a program that will just start up and display it without some extra security. I realise this may be not rock solid security in the file structure etc, but this is one of the main things that makes me uncomfortable about using evernote 3. What I'd like is to be able to say that a notebook is password protected so when start windows client you have to enter a password to see it in evernote; and also to be able to set whether it needs a password to restore the app from the task tray if if the password protected notebook is the one open. Don't need any extra security for the web client.

Share this post


Link to post

alasdair -

Evernote 2 also did not encrypt note data on disk. Anyone with physical access to your system can read your Evernote 2 data files, your Evernote 3 data files, your mail files from your mail client, the temp files from your editors, etc. Generally, if you have sensitive materials on your own hard drive of any sort, I'd recommend using the hard drive encryption that comes with your OS, or else one of the third-party solutions such as TrueCrypt. This general solution is a much more reliable protection for all of your data, rather than relying on piecemeal encryption implementations in every application you use.

Share this post


Link to post

I think the point is being missed here (for me at least), what we are asking is for basic security, so that when EN is opened fresh or opened from minimised, there is a way to ensure that notes stored in a speciic notebook are not able to be viewed straight away like they are now, and to have a password.

So if you were to walk away from your computer, or if someone is looking over your shoulder, there is a step in between opening and viewing a specific notebook.

I do appreciate your comments tho Dave, keep them coming, trying to provide a dialogue for the good of everyone is the way forward.

I'm curious, this is getting to be quite a long thread, is it a case that what we ask just simply can not be developed? B)

Thanks Paul

Share this post


Link to post

It's important to avoid giving users an inaccurate sense of security ... many users were surprised to find out that the EN2 database file was unencrypted, because the username+password gave the impression that there was something more going on. We want to keep a consistent presentation of the actual protections that we have in place, and not duplicate functionality that's better handled at the OS level: disk encryption and password-based screen locking.

Share this post


Link to post

My concern is more about server side data protection. I can handle data protection on my side, but what about protection of data located in your storage from intruders? Any serious online backup service has the stored data encrypted, mainly to prevent (or to make it more difficult) for hacker to read data once he gets access to the server farm. I hope you guys don't think "it can never happen", right?

Share this post


Link to post

Evernote's service provides a level of protection that matches or exceeds what you expect from comparable services like your mail provider. For a bit more information:

http://blog.evernote.com/2008/04/15/eve ... -security/

I guarantee you that virtually none of the services you use on the Internet store their data in a fully encrypted form on their protected servers ... otherwise, you wouldn't be able to use any "search" functions, etc.

Share this post


Link to post
Evernote's service provides a level of protection that matches or exceeds what you expect from comparable services like your mail provider.

Dave, comparison with mail providers isn't appropriate - totally different use case - life span of an email on a typical public server with POP3 access is incomparably shorter then of a "note". Few would consider storing sensitive information on an email server.

I guarantee you that virtually none of the services you use on the Internet store their data in a fully encrypted form on their protected servers ... otherwise, you wouldn't be able to use any "search" functions, etc.

I guess the problem here is presumptions... If you own the key you can index and search everything. You stated earlier that having data encrypted with key owned by Evernote doesn't make sense. Well, let's say it depends on a use case. We're not trying to achieve military grade protection here, but rather something minimal that would make at least paying users to feel more comfortable. If hacker gains access to the DB or underlying data files, he can simply read the data. If data was encrypted on storage with 256-bit AES using your key, the hacker would have to spend some extra hours/days to make through it, which is enough time for you to detect intrusion and fix the hole.

Share this post


Link to post

Google has a copy of every email I've sent or received via my gmail.com address in the last 4 years. We aim to give more options for security and privacy than a long-term email service like Google. This means secure data centers, but also it means options like encryption of text within notes and local notebooks that aren't available from a mail provider.

Email may not be appropriate for every conceivable communication, but many of us are able to make informed decisions about when email is appropriate for a particular use. We feel that Evernote is the same: we want our users to understand what we do and how we do it so they can make informed decisions about which types of information they will choose to store within it.

Regarding encryption ... if the key for encrypted data is sitting on the same server, with easy access for on-the-fly decrypting, then the encryption is meaningless. It's like putting deadbolts on your front door and then hanging a set of keys right next to the knob. The deadbolts would just give the illusion of security.

Share this post


Link to post

Regarding encryption ... if the key for encrypted data is sitting on the same server, with easy access for on-the-fly decrypting, then the encryption is meaningless. It's like putting deadbolts on your front door and then hanging a set of keys right next to the *****. The deadbolts would just give the illusion of security.

Dave, you're talking about privacy, I'm talking about information security.

Do you think credit cards and other private information in online billing systems are protected with user owned key? No, it's system owned keys, and yes, it's on-the-fly decrypting. Think SOCKS security standard, etc. It's must be kind of thing in any serious system. Keys are stored in encrypted keys repository - c'mon, just google for it!

For "privacy" case data must be inaccessible for anyone but owner, which beats the very purpose of Evernote indeed.

But if the goal is just information security, you can allow your data processing engine to see stateless-decrypted data, but all the persisted data should be encrypted to prevent it from malicious access.

Think again: privacy != information security

Besides, think how much more paying customers you'll be able to attract if you make it suitable for light-business use!

Share this post


Link to post

I'm sorry to say that even banks don't encrypt every field they put into the database. Encrypted fields can't be queried through standard database mechanisms. I.e. you can't say "find me customers in Fargo, ND, with a first name starting with 'D'" if the town and name are all encrypted in any remotely secure manner.

The only exceptions I can think of would be "cold storage" backup services like Iron Mountain, which take your entire disk, encrypt it, and just put those bits into a vault. The only thing you can do with that is restore it later to your own computer ... there's no online UI for browsing, sorting, searching your files. If this is all you really want, you may want to consider using Evernote with only Local notebooks, and then subscribe to some encrypted HD backup service to back up your hard drive to a server in case your computer fails.

I'd recommend using our built-in encryption feature for any credit card numbers or passwords that you put into Evernote. This is how I use my Evernote account.

Share this post


Link to post

What about an option of secure syncing of those "special" notes between Evernote clients with indexing and OCR happening only on local multiple computers? This would be easy if local notebooks could be isolated into separate file(s). So regular notes would be synced regular way, and "local" notes would be synced as entire notebook file using one of many available services. Is it feasible to make local notebooks isolated in separate files?

Also, the available encryption doesn't allow to encrypt attached files and images. It would be very useful to have an option to encrypt the entire note, leaving header fields open for searchability.

Share this post


Link to post

Today I was thinking to take snapshots of a whiteboard during the meeting to have it in Evernote, but suddenly realized that as images cannot be encrypted I can get fired over publishing possibly confidential information... :?

Share this post


Link to post

I keep one notebook for work that is local only. Only accessible on my laptop, not in the cloud. Of course that means I can't get to it anywhere else, and if my local database blows up, I could be screwed. But it's better than getting fired ;)

Share this post


Link to post

Well, I have a workstation at work, not a laptop, but I''d like to have an access to those images from home.

It would be possible by


  • [*:1v3h75uc] having more encryption options
    [*:1v3h75uc] or having local notebook located in separate file so the file itself can be copied/synced

Share this post


Link to post

It seems the real answer to this particular dilemma is to install an encryption program, encrypt any files [those sensitive images, tax info, what have you] that you want to be associated with a note, and then attach said encrypted file to the note via a premium account. Duh!

This would not only protect the file contents from within Evernote, but everywhere. Also, the Windows login is a joke. Anybody that wants to get around that and to your data can do so easily. If a laptop is stolen or accessed while you're away in the bathroom, your only real safeguard is full volume encryption and a bios password.

Share this post


Link to post

I'm sure not everybody wants the same thing, but all this talk about rock solid unbreakable security is not the thing for me. If I wanted to be certain nobody could read something, I wouldn't put it into a computer at all. I'm sure somebody somewhere has the know how to break into this stuff, but I'm counting on the fact that I'm not that interesting or important enough for anybody to bother.

But what I would like is to just have an extra layer so that when I'm careless, the people around me can't open my evernote databases without having to enter a password or something. It's just to stop the casual nosiness, not a determined NSA guy. If there's a password they'll get bored and move on, or realise is something I don't want them to see and respect that.

Of course, the better thing to do is to have a steganographic feature where evernote opens with lots of interesting (auto generated by evernote from web clippings and so on that it knows are things you might be interested in) notes and only when you do something secret like double click the second word in the 37th note while holding down the control and the space keys do you get a password box that then reveals all your real private notes. Is that a possibility? :)

Share this post


Link to post
I'm sure not everybody wants the same thing, but all this talk about rock solid unbreakable security is not the thing for me. If I wanted to be certain nobody could read something, I wouldn't put it into a computer at all. I'm sure somebody somewhere has the know how to break into this stuff, but I'm counting on the fact that I'm not that interesting or important enough for anybody to bother.

But what I would like is to just have an extra layer so that when I'm careless, the people around me can't open my evernote databases without having to enter a password or something. It's just to stop the casual nosiness, not a determined NSA guy. If there's a password they'll get bored and move on, or realise is something I don't want them to see and respect that.

Of course, the better thing to do is to have a steganographic feature where evernote opens with lots of interesting (auto generated by evernote from web clippings and so on that it knows are things you might be interested in) notes and only when you do something secret like double click the second word in the 37th note while holding down the control and the space keys do you get a password box that then reveals all your real private notes. Is that a possibility? :)

EXACTLY!!!

Share this post


Link to post
So any chance of this making it's way to a dev team?

Multiple members of the development and product management team (like me!) read every post on this forum. We appreciate the feedback even though we may not always have a specific reply for everything as soon as you post.

Evernote users outnumber employees by around 40,000 to 1 ... ;-)

Share this post


Link to post

"But what I would like is to just have an extra layer so that when I'm careless, the people around me can't open my evernote databases without having to enter a password or something. It's just to stop the casual nosiness, not a determined NSA guy. If there's a password they'll get bored and move on, or realise is something I don't want them to see and respect that."

I second that. I don't have anything that sensitive in my EN notebooks either, or I would go to the trouble to encrypt it. I'm not a programmer (and I don't even play one on TV) but it seems like it should be relatively simple to bring the EN login screen up first by itself, then show the main EN interface only after a successful login. As it works now, they both come up together, with the login on top. I can bypass the login and still have full access to all my local notes, and so can the practical joker in the next office who likes to get into my stuff and mess with it when I'm careless and leave my laptop unattended with the screen unlocked.

Share this post


Link to post

These guys just don't get the use case - evernote installed on office computer may contain both work-related AND very private stuff.

It's very much like refusing to install a door lock at your house just because a thief can open it anyways.

Share this post


Link to post

You could be right, but I'm hopeful something will click and they will implement something basic, as you say to stop prying eyes in the office. I use EN at work all the time, but it does have a lot of personal (to me) stuff that I wouldn't want the casual passer by looking at, they are my memories after all.

Share this post


Link to post
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...