(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing

JMichaelTX · February 9, 2012

Hi Heather. You're probably tired of hearing from me by now, but I just wanted to put in another plug and example for selecting a Notebook in which the content, but not metadata, of all Notes is auto-encrypted.

Here's a screen shot of how Adobe Acrobat does it.

Notice they provide an option to NOT encrypt the metadata, and specifically state that this will allow the metadata to be searchable:

Please give this feature some serious consideration.

Thanks.

ZonicBoom · February 9, 2012

no, no, no! she isn't an offensive word

it was a joke obliquely pointing out that the way you phrased your comments about evernote were actually attacks on the service. it's a rhetorical device (fallacy of presupposition?) people use to avoid making a claim directly.

in other words, if you don't have any evidence to back up a claim, then you would be better off not suggesting that evernote get lawyers or that evernote "might" be sued.

Far from attacking, my input has been based on the hope of helping improve the service so at some point in the future more users could use it worry-free. Now, do I have evidence that Evernote would be sued if data breach in their servers happen? No, but I there is reasonable precedence. Go back to my one example of Sony services last year. They did get sued, even though they make no claim of privacy liability to their users. That's why I said I'm not in a position to say if that would apply here too or not; but in an increasingly litigious society, it's reasonable to presume so.

heather · February 9, 2012

Just a little hint - you might want to change your username from "attackzone" if you don't want us to feel like we need to be on the defense

GrumpyMonkey · February 9, 2012

no, no, no! she isn't an offensive word

it was a joke obliquely pointing out that the way you phrased your comments about evernote were actually attacks on the service. it's a rhetorical device (fallacy of presupposition?) people use to avoid making a claim directly.

in other words, if you don't have any evidence to back up a claim, then you would be better off not suggesting that evernote get lawyers or that evernote "might" be sued.

Far from attacking, my input has been based on the hope of helping improve the service so at some point in the future more users could use it worry-free. Now, do I have evidence that Evernote would be sued if data breach in their servers happen? No, but I there is reasonable precedence. Go back to my one example of Sony services last year. They did get sued by a group of users, even though they make no claim of privacy liability to their users. That's why I said I'm not in a position to say if that would apply here too or not; but in an increasingly litigious society, it's reasonable to presume so.

"i'm not saying my neighbor is a pedophilic, mail-stealing, sociopath. i have no evidence. but, they might be. that's up to a judge to decide..." if you don't have evidence, then i wouldn't say it. i guess that is just my opinion, and we can agree to disagree about this.

the issue here is security, and the question is whether evernote is mis-representing its services. you raised some valid points about the need to clarify the limitations of evernote in promotional pages. i'd stick to that and avoid the litigation speculation. just a thought.

ZonicBoom · February 9, 2012

Just a little hint - you might want to change your username from "attackzone" if you don't want us to feel like we need to be on the defense

I though of getting "PinkyPie" as an username but I thought it wasn't serious enough, lol.

jefito · February 9, 2012

Just a little hint - you might want to change your username from "attackzone" if you don't want us to feel like we need to be on the defense

I though of getting "PinkyPie" as an username but I thought it was serious enough, lol.

I was thinking "Kumbaya" would at least *seem* to be non-threatening...

heather · February 9, 2012

Not to make light of this thread in any way, but your "negative arguments" reminded me of this GrumpyMonkey:

http://www.southparkstudios.com/clips/401752/professor-of-thanksgiving-phd

GrumpyMonkey · February 9, 2012

lol. a classic south park. the argumentum ad ignorantiam.

ZonicBoom · February 9, 2012

"i'm not saying my neighbor is a pedophilic, mail-stealing, sociopath. i have no evidence. but, they might be. that's up to a judge to decide..." if you don't have evidence, then i wouldn't say it. i guess that is just my opinion, and we can agree to disagree about this.
the issue here is security, and the question is whether evernote is mis-representing its services. you raised some valid points about the need to clarify the limitations of evernote in promotional pages. i'd stick to that and avoid the litigation speculation. just a thought.

Just so we are clear, and note that by no means I'm legal literate, you can accuse your ex-girlfriend or neighbors all you want by submitting a "bill of information" or by presenting evidence for a charge. In order to gather evidence you just need a subpoena ad testificandum (request for testimony) or a subpoena duces tecum (request for physical evidence) from a judge or lawyer (acting as an officer of the court) to gather pertinent documents for the case. It's up to a grand-jury to decide whether your claim and the evidence you gather is court-worthy and can proceed in the process or not. So, yes... you can sue someone without immediately having evidence, as there is a process in law which allows publicly known facts to be issued in a bill of information or by subpoenaing information (such as security logs, audit trails, incident postmortem, etc) to get a court hearing. SLA claims come and go in the telecom sector and teaches any engineer to document everything in case of a subsequent subpoena.

Anyways, I raised a theoretical scenario based on legal precedence in the security community. Don't ask for evidence because such scenario hasn't happened yet. But, it doesn't mean the possibility doesn't exist. I don't work for EN, so I can careless if they prepare by having a contingency plan for such scenario. As an end-user though, it would suck to see the company getting hit with an issue it could have simply avoid by doing some of the things we all mentioned and agreed could be improved. We can only hope some of our points get across and up the corporate latter, and it won't get ignored, buried in a little corner of their forum.

GrumpyMonkey · February 9, 2012

ok. we disagree about their exposure to lawsuits, but we agree that neither of us are qualified to offer legal advice. so, let's not

setting that aside, is it a problem for evernote to leave the encryption burden on users?

for personal use, no. for corporate, medical, govt. it probably is. this is why many institutions require employees to use their email services, if they even allow email access at all.

i am guessing that evernote is not yet ready to make the leap into that lucrative and complex world quite yet. they are just sticking their toes into it. i think they are more aware than us about security issues, so i wouldn't worry about that.

Metrodon · February 9, 2012

So we keep coming back to these things that might happen, that haven't happened, that you as by your own admission as a relatively inexperienced security guy think may be important. Yet we are talking about an application that is designed, built and maintained by highly experienced individuals - the CTO built security systems by the US government for example. I'm guessing that in the end their experience and skills set outweighs yours and as I have pointed out already in this thread, it is up to each user to take responsibility for his own security based on the service that Evernote offers.

This really feels like you are flogging a dead horse.

Fanboy out.

ZonicBoom · February 9, 2012

So we keep coming back to these things that might happen, that haven't happened, that you as by your own admission as a relatively inexperienced security guy think may be important. Yet we are talking about an application that is designed, built and maintained by highly experienced individuals - the CTO built security systems by the US government for example. I'm guessing that in the end their experience and skills set outweighs yours and as I have pointed out already in this thread, it is up to each user to take responsibility for his own security based on the service that Evernote offers.

This really feels like you are flogging a dead horse.

Fanboy out.

Go ahead, entrust your data in an unencrypted cloud service. Hopefully, you'll never forget to encrypt that file before uploading it; and hope your lawyer, doctor, accountant, school teacher or real state agent won't forget neither.

Metrodon · February 9, 2012

I make the decision what to put up there - like everybody else can - I also make the choice as to whether I trust my lawyer, doctor, accountant etc to follow the law and their professional responsibilities.

If it's so clearly not an app for you or one that you can trust then surely you should find one that does what you want - then you can stop worrying about paedophiles hacking the Evernote network and harvesting information about school trips.

I also make the choice not to sit at home wearing a tin foil hat....

dlu · February 9, 2012

This thread makes my head hurt

JMichaelTX · February 9, 2012

I'd like to review Evernote security in context of similar cloud services.

Does anyone know how Evernote security compares to:

Microsoft Office 365
Google Docs

Specifically, do either of these well-known cloud services provide for encryption of documents in their server storage?

Metrodon · February 9, 2012

Google Docs isn't encrypted - http://getsatisfacti...s#reply_3873089

I'd rather eat a brussels sprout than use Office 365.

And a bit more info on Google Docs

http://www.google.com/apps/intl/en/business/infrastructure_security.html

http://joss.blogs.lincoln.ac.uk/2011/02/04/encryption-and-google-docs/

heather · February 9, 2012

Does anyone know how Evernote security compares to:
Microsoft Office 365
Google Docs

Haven't reviewed, but here:

http://www.techrepublic.com/blog/10things/10-reasons-why-microsoft-office-365-rocks/1929

https://groups.google.com/a/googleproductforums.com/forum/#!topic/docs/IpUpTibKFBI

BurgersNFries · February 9, 2012

And here is some info I posted regarding Dropbox. But it applies to any cloud service that says your data is encrypted on their servers.

Security exists in at least two places...sending data and the data as it resides on the "cloud" server.
This particular post is addressing how the data is stored on a cloud server...
People tend to think Dropbox is more secure that EN. Dropbox tends (IMO) to propogate this fallacy. I've seen their blurb on security.
"All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password"
Any time a cloud service can tell you your encryption password (click "forgot password') and/or can help you restore your data, your data is NOT secure from hackers. Do you think hackers are smart enough to be able to hack into a cloud server but not smart enough to figure out where the encryption passwords are located??? Although there is no 100% security from hackers, unless the data is encrypted using a password the "host" does not have access to, then your data is not very secure from hackers. IOW, if you do not provide a second, encryption password & you are warned that if you forget it, you will not be able to recover your data, then the "host" is storing the encryption password somewhere. And hackers can get to it. That's what they do.
Jungle Disk (a TRUE backup/encryption cloud) says, if you encrypt your "bucket" & forget your password, you are SOL. They cannot help you recover your data.
Truecrypt, another TRUE encryption app, also says, if you forget your encryption password, kiss that baby good by. They cannot help you.
Evernote states any text you encrypt in Evernote notes is not indexed...same reason as above. And if you forget the password, they cannot help you recover it.
So...if you feel comfortable putting something into Dropbox (without using a WINRAR'd file or Truecrypt container or some such), then you should feel equally comfortable putting that info into Evernote.

evernote-fan · February 10, 2012

I am not a lawyer... in fact, I am a 'Product Associate' for the company I work for... but you may want to revisit the export restrictions since I think 64-bit RC2 is a little old. Our 'flagship' product is a password manager which uses 256-bit AES encryption, and we can export it to anywhere that's not on the control list of "countries the united states doesn't like".
Thanks for the feedback. The government relaxed things a bit in 2004, but symmetric encryption over 64 bits still requires an explicit review and approval by Commerce (http://www.bis.doc.g...s64bitsnup.html). We're working through this process ...
Thanks

Are there any news concerning a stronger encryption algorhythm than RC2?

JMichaelTX · February 10, 2012

Simple two factor authentication Using Google Authenticator

Below is a quote/suggestion that seems relevant to our discussion.

Evernote don't need to code their own app to generate the unique codes, they can just use the open source Google Authenticator app to generate the codes.
The code for adding support for Google Authenticator is quite simple http://www.brool.com...or-your-website.
It should probably be an optional premium option, so those that don't want to use it don't have to.

Can anyone from Evernote comment if this is a viable solution worth considering?

heather · February 10, 2012

We've been discussing the benefits/detriments of two-factor authentication internally for around a year.

If/when we do this, we probably won't introduce a third party product into the mix, but one of the main hurdles we have is in the ease of access for our trunk product connections.

JMichaelTX · February 10, 2012

We've been discussing the benefits/detriments of two-factor authentication internally for around a year.
If/when we do this, we probably won't introduce a third party product into the mix, but one of the main hurdles we have is in the ease of access for our trunk product connections.

Thanks for sharing this with us. It is good to know that you are considering this security technology. I just hope it is not too much longer before you make a decision.

I'm also glad you brought up access by Evernote Trunk Products. This is actually one of my big concerns.

As I understand it (and please correct me if I'm wrong), when I give my permission to a Trunk App, I am in fact giving them full access to my account: read, add, edit, delete.

If this is correct then I am concerned. For example, I may buy an App to only ADD Notes to Evernote, like Fastever and Genius Scan+.

The ONLY thing these apps should ever do is:

Read my account for Notebooks and Tags
Add the Note I create through the Trunk App

Yet, these apps could read Notes and delete Notes, which would be a huge security issue for me.

Please tell me I've got it wrong.

Assuming I'm correct, I made a post earlier this week concerning the need for more granular permissions.

heather · February 11, 2012

Our API allows for Create, Read and Update note Permissions. Depending on the application, they may use any combination of those. The ones that "Create/Update" notes to your account (AwesomeNote comes to mind) would like to be able to delete notes from your account as well, so it is designed to "Read" your account and pick up certain tagging.

JMichaelTX · February 11, 2012

Our API allows for Create, Read and Update note Permissions. Depending on the application, they may use any combination of those.

Well, at least the Trunk App can't delete my notes.

Is there any control over which permissions they can use?

Is there anything which prevents an app like Genius Scan+ (which on Creates Notes in the app) from Reading or Updating my notes?

I don't recall being asked when I installed Genius Scan+ for specific permissions.

So, in theory, is there anything that prevents a Trunk app from sending my Evernote login credentials (stored in the Trunk App) to their server, and then mining my account for sensitive info?

Brendan · February 11, 2012

As for password protected notebooks - one of the major benefits of Evernote is our indexing system. That is what sets us apart from everyone else in the industry. If we can't index your data for searching, we honestly don't understand why you would want to use our product instead of anyone else's. It basically just turns us into file storage.
I'm not sure what password protecting a notebook fully implies, but let's assume for a moment that it means you encrypt the Note contents, but NOT the Note metadata.
If so, then EN searching could still be very powerful/useful as you can search for tags, title, dates, and other metadata.
So, we could have a Notebook whose Notes contents are more secure while still allowing useful searching.
Just a thought.

I've been thinking about the idea of password protected notebooks and how it could be implemented using a similar security model to lastpass where encryption/decryption is done on the client and the server can't decrypt the data.

At the moment we have two types of notebooks, synchronised and local. Local is more secure, but has a bunch of limitations. Synchronised has lots of awesome features. What if there was a halfway solution that offered more security but still had some limitations.

My idea is that premium users have an option to create an encrypted notebook for storing things like bank statements, passports and medial records.

- The notebook would be password protected.

- Notes would be encrypted client side and the server would only receive encrypted notes.

- OCR would need to be done client side.

- When you created the notebook, you could have the option to disable indexing note contents/attachments for searching , as indexes would probably need to be stored cleartext for efficient searching. Still other note metadata like note titles and tags.

- Changing the password on an encrypted notebook would mean all notes would have to be downloaded, decrypted reencrypted and re-uploaded. This would be easier than downloaded the encrypted pdfs to disk, changing the password and then re-adding the new pdf to a note.

- 3rd party apps probably would not work with these encrypted notebooks, but if you are worried about the security of you bank statements, you probably don't want to be sharing those details with 3rd party apps anyway.

- Might only be available on windows/mac to start with, then other clients depending on uptake.

I'd imagine most users would continues to use normal synchronised notebooks for most things, but use encrypted notebooks for things we are more paranoid about.

ps. There is quite a bit of information how lastpass works at http://www.grc.com/sn/sn-256.htm and http://www.grc.com/sn/sn-257.htm, as well as lastpass.com

BurgersNFries · February 11, 2012

Yet we are talking about an application that is designed, built and maintained by highly experienced individuals - the CTO built security systems by the US government for example. I'm guessing that in the end their experience and skills set outweighs yours and as I have pointed out already in this thread, it is up to each user to take responsibility for his own security based on the service that Evernote offers.
This really feels like you are flogging a dead horse.

Metrodon · February 11, 2012

One of my marvellous wagers coming.......

If encrypted notebooks arrive on any Evernote platform in 2012 I will munch down on one of these beauties...

I am pretty confident my palate will finish the year untraumatised.

jbenson2 · February 11, 2012

One of my marvellous wagers coming.......

Evernoted

.

dlu · February 11, 2012

One of my marvellous wagers coming.......

If encrypted notebooks arrive on any Evernote platform in 2012 I will munch down on one of these beauties...

I am pretty confident my palate will finish the year untraumatised.

Now that's is going into my Evernote account.

jefito · February 11, 2012

Not all green things are good...

Metrodon · February 11, 2012

that is a particularly vivd image, i am sure the evil little s***bag is staring at me.

Brendan · February 11, 2012

Yet we are talking about an application that is designed, built and maintained by highly experienced individuals - the CTO built security systems by the US government for example. I'm guessing that in the end their experience and skills set outweighs yours and as I have pointed out already in this thread, it is up to each user to take responsibility for his own security based on the service that Evernote offers.

This really feels like you are flogging a dead horse.

As a new user to these forums, I find it interesting that in most of the discussions that interest me I find the "evangelists" usually appear to be trying to shut down discussion about evernote security. Is it that evernote has papal infalability, and whatever evernote is doing must be right and don't discuss otherwise. It would be nice if the "evangelists" were more welcoming (like the experts on the You Need A Budget forums - youneedabudget.com/forum)

As a systems architect with 14 years experience working on web applications I find that security is something is underestimated by average users, and they don't realize they need it until it's too late. While "each user to take responsibility for his own security based on the service that Evernote offers" seems like a easy position to take, there are a number of features that other cloud services provide that could help users take responsibility.

Eg,

LastPass - Encrypted Notes with a Trust No One security model, where lastpass can't access your notes even if they wanted to. Multi factor authentication, Recognised devices, History of Last Pass Logins, One time passwords.
Facebook (https://www.facebook...gs?tab=security) Login Notifications, Login Approvals, Recognised Devices and Active Sessions.
Google - Login Notifications, 2 factor authentication, Recognised Devices and Active Sessions.

I think Evernote is an awesome service. I'd love it if it more security features and then it would achieve Phil's goal of a "a consumer-facing service that really would help you remember everything". I could throw out all the paper in my filing cabinet and pay money to lastpass for the rest of my life.

GrumpyMonkey · February 11, 2012

@brendan

i am sorry to hear that you feel like evangelists are trying to shut down discussions. i haven't seen their input that way myself. let me take this opportunity to welcome you to the forums

good points about security issues. but, i am not sure evernote is getting a fair shake here. lastpass, as far as i understand it, doesn't search your notes. evernote does. i don't know how evernote will be able to search notes it cannot access, so encryption on a large scale presents some significant challenges. maybe i am just inexperienced, because i don't have the experience you have with web applications. i guess my point here is that security is very difficult to get right.

what about evernote competitors? in my experience, most apps have single factor authentication. most apps do not offer encryption (evernote does for designated notes). facebook and google appear to offer more security features, but they also (literally) have billions of dollars to spend, and i think their targets (individuals and corporations) are a little more ambitious at this point than evernote's (mainly individuals). evernote is expanding, though, and seems to be appealing more and more to corporate environments, so maybe things will change.

i have asked on the forums for evernote to offer encrypted notebooks. i think that would be a great feature. but, i am sure there are technical challenges and legal ramifications that need to get sorted out, even if they implemented such a thing. at any rate, regarding the multiple verifications, heather wrote somewhere (i think) that evernote has been mulling this over.

JMichaelTX · February 12, 2012

As a new user to these forums, I find it interesting that in most of the discussions that interest me I find the "evangelists" usually appear to be trying to shut down discussion about evernote security. Is it that evernote has papal infalability, and whatever evernote is doing must be right and don't discuss otherwise. It would be nice if the "evangelists" were more welcoming (like the experts on the You Need A Budget forums - youneedabudget.com/forum)

There have been several other posters that have observed this same, uncalled for, behavior. I too don't understand why we can't have a respectful discussion about serious issues. I for one have chosen to just ignore all of these irrelevant posts so as to get on with a discussion of the topic at hand. Don't let them deter you. Please feel free to speak your mind. I appreciate the comments of a person with your experience.

I think Evernote is an awesome service. I'd love it if it more security features and then it would achieve Phil's goal of a "a consumer-facing service that really would help you remember everything". I could throw out all the paper in my filing cabinet and pay money to lastpass for the rest of my life.

I quite agree.

I just read a quote by Evernote CEO Phil Libin where he stated:

Our goal is to be the permanent, trusted and ubiquitous place for all your lifetime memories. We're committed to making Evernote fit into every part of that life - school, work, family, hobbies, etc.

Phil says ALL your memories, not just the non-sensitive ones.

ALL your memories, not just your personal ones.

Clearly financial, legal, and medical information are part of everyone's life and memories.

So how do we secure those memories in Evernote?

That is what this discussion is all about.

I'm sure that Evernote designed what they thought would be a secure system.

Perhaps some are well-satisfied with the current system.

Clearly, there some of us that feel additional security is needed.

Evernote has already made some changes to improve security when they changed all transmissions to/from their servers to 128-bit encryption.

So, I have already asked Heather several questions that she has not responded to yet. It is the weekend and I definitely want to allow ample time for a considered response. So I look forward to hearing from her next week.

Those of you who feel like we are "beating a dead horse", do all of us a favor and unsubscribe from this thread.

Brendan · February 12, 2012

i am sorry to hear that you feel like evangelists are trying to shut down discussions. i haven't seen their input that way myself. let me take this opportunity to welcome you to the forums

Thanks for the welcome.

.
i guess my point here is that security is very difficult to get right.

Security is very difficult. Ignore corporate requirements (as it's not evernote's market), security is important and it needs to be made easy for the average consumer (I'm thinking my mum & my wife).

good points about security issues. but, i am not sure evernote is getting a fair shake here. lastpass, as far as i understand it, doesn't search your notes. evernote does. i don't know how evernote will be able to search notes it cannot access, so encryption on a large scale presents some significant challenges.

Lastpass allows title searching, but not full content searching.

What I'm asking for evernote already supports in a round-about way. If I was encrypting the entire note text using evernote, as well as encrypting the pdf's before attaching, I'd have title/date/tag searching but not full content searching. I would be encrypt that text in our clients using a passphrase that is never transmitted to Evernote.

What i'd like to have a notebook that encrypts the contents of every note and attachment that is put in the notebook (but not the meta data). It would use a single passphrase that is never transmitted to Evernote. That would be simple enough of my mum and my wife to use. They wouldn't put most things in the encrypted notebook, but the few things where security is more important than full text search (like scan of passport, banking and medical records).

megsaint · February 12, 2012

I am pretty confident my palate will finish the year untraumatised.

I like Brussel sprouts.

BurgersNFries · February 12, 2012

New round of evangelist bashing. Lovely.

I find it interesting, if not odd, that when users familiar with the forum direct new users to existing threads that it's classed as"shutting down" a discussion. Except for Evernote employees, everyone here is volunteering their time to post. There is no need to rediscuss what's already been discussed numerous times before (especially when the topic is somewhat current) and for people who volunteer their time to need to repost what they've already posted in the past. I would also add that I find it rude, when new users join a forum & try to continue a discussison, when pretty much everything that needs to be said has already been said, especially in the most recent past. IOW, flogging a dead horse.

jbenson2 · February 12, 2012

Hmmm....

"Simply because someone disagrees with you or has a different opinion doesn't automatically make it "negative." (Although some people tend to take that stance.) forums are comprised of a lot of people with differing opinions, POVs, mannerisms, etc. It's pretty much guaranteed if you post one thing that there will be someone who disagrees with you. This isn't Dr. Phil and that's the way message boards have been since the days when you had to dial in and you had to pay for your browser."

Source: BurgersNFries last month:

http://discussion.ev...post__p__120263

jefito · February 12, 2012

As a new user to these forums, I find it interesting that in most of the discussions that interest me I find the "evangelists" usually appear to be trying to shut down discussion about evernote security.

Well, Brendan, as a new user to the forums, perhaps you don't understand that first of all, the evangelists are individuals, with our own opinions, and we do not all act in concert (you're not alone in making that error; some people never seem to get that right). So please try to keep it to individual references, ok?

Maybe if you stick around for longer than a cup of coffee or two, you'll see that the folks you conveniently lump together as 'evangelists' actually have helped out a lot of people with their Evernote issues (I'm not claiming that we're alone in that endeavor, there are many others who do as well), and will continue, whether or not new folks can't figure that out. Notice that the original poster did that with the intent of suppressing the evangelists' input. How was that for respectful discussion? Well, when you lead off your forum existence with throwing a couple of elbows, you're probably going to get a couple thrown back at you. *shrug*

Is it that evernote has papal infalability, and whatever evernote is doing must be right and don't discuss otherwise. It would be nice if the "evangelists" were more welcoming (like the experts on the You Need A Budget forums - youneedabudget.com/forum)

Sorry, not paid to be welcoming, though I am sometimes -- actually I'm not paid at all. And I don't believe that Evernote is infallible, though I think what they're doing is cool, and I do believe that they have a lot more experience in certain areas -- security for one -- than I do.I'm generally happy to defer to them in those areas.

Good luck, though.

Metrodon · February 12, 2012

Get lost Brendan....only kidding......

I think one of the main reasons that you as a new user may feel that Evangelists are 'closing down' conversations may be stem from the fact that we have been around a while and have seen a number of these conversations appear time after time. This thread is a great example, a new guy joins the board and immediately writes a long post about Evernote being completely insecure and the end of the world being nigh.

There has been a huge amount of discussion around this topic over the years, with very senior Evernote employees (the CTO) chiming in and making their position clear. Evernote is what it is, an application that a commercial company sells to make money. So far they have been really very successful and seem to have an experienced and talented leadership group with it has to be said is a decent background in commercial and government security. If this team believes that two factor authentication, server side encryption, all users being recommended to wear tin foil hats when using the app would make a significant impact to the number and value of the user base then we would have seen it already. I'm not saying that none of these things are going to happen in the future (maybe not the tin foil hat bit), user profiles changes as do requirements. But I always suggest doing a little research on an application before jumping into a new forum and shouting out the things that I believe to be key or what I believe to be the gaping holes. If I were to behave like that, then I'd honestly expect the regulars to flame the s*** out of me for being such an ignorant t***.

Metrodon · February 12, 2012

I am pretty confident my palate will finish the year untraumatised.
I like Brussel sprouts.

I looked for an "Unlike" button for this post.

gazumped · February 12, 2012

Wow - just came late to the party (having dipped in briefly several pages ago). I didn't flag this topic because I thought it was simply going to be a repeat of several previous requests. Having skipped through the latest pages I can see I was wrong - congratulations to everyone involved on highlighting the issues in full. I do sympathise with any software provider though on security issues. The vast bulk of their audience seems largely immune to security concerns, and happy to conduct personal business via Facebook and mobile, and commit sensitive data to innapropriate storage. It's a long, slow and thankless task to change attitudes - I've worked on some programmes to do that, and still have the scars - and people still take the view that access to their data should be as quick and simple as possible, while still presenting any evil hacker with a blank wall of rejection. The old principle still applies though - "two people can keep a secret if one of them is dead" - if you want to keep stuff confidential, don't save it in the cloud.

megsaint · February 12, 2012

The old principle still applies though - "two people can keep a secret if one of them is dead" - if you want to keep stuff confidential, don't save it in the cloud.

Some of us are quite aware of the security issues and still chose to store things in Evernote (or elsewhere) that perhaps you might not. I, for one, don't need anyone to change my attitude on the matter and wouldn't thank anyone who presumed to think they had the right to do so.

jefito · February 12, 2012

I like Brussel sprouts.

I like them too -- served on a golf tee, and using a 3-wood as my utensil.

heather · February 12, 2012

Our family was having a discussion last night over personal security. While my mother was fairly well secure, my father, who has much sensitive data on his laptop, does not encrypt anything because of one incident once where he forgot the encryption password of an .xls file. I said, well, yes, it's definitely good to have a "Dead" file (somewhere on this board we talk about "collecting passwords/logins/etc" for your beneficiaries for after you die), and having all that information on paper - but it should be in a safe, secure location - locked away. But for everyday usage, it's not a good idea to have passwords written down.

I'm not talking tin-foil-hat stuff here. If someone were to steal your laptop when you got up for a second from a Starbucks, they're not likely targetting you for corporate espionage. Their goal is likely to swipe-and-wipe. But, if you make it easy for them, they'll take a peek on that machine before they do and look in all the easy places to get whatever info they can about you. If you've got a locked screensaver, well, then, you've made it just a *little* bit harder. If you've got an encrypted portion of your hard drive where you store all your sensitive files, it's even harder.

With cloud security, it's a little different. In all the cases I've seen over the years (here and in my former companies) of account hacking with *damages* (malicious intent to harm the user), it's *almost always* been targetted against that particular individual (spouses, coworkers, roommates, etc). These are people who have both motive to attack you, and have had physical access to your machine/devices. They know your password. They have access to your email address. They know the password to your Pin Lock. You've handed them your iPad while it was unlocked, or let them use your computer to check their email. You've invited them into your personal space, and they've violated the trust you placed in them.

This is not meant to scare anyone - I'm just trying to explain that we have said, from day one, that we can add features that will give people a "false" sense of security, but we don't want to do that. The main point of failure will always be personal, no matter how good we get.

gbarry · February 12, 2012

The main point of failure will always be personal, no matter how good we get.

Ditto on the corporate front. Following industry standards on all your IT is only going to get you half the way there. Almost all major Infosec operations focus entirely on people security issues. Badged-lock access, tailgating, clean-desk policy, locking out external drives, written passwords, leaving crap on whiteboards, etc etc etc.

Metrodon · February 12, 2012

That's why I like to use "password" as my password for everything - means I never forget it and never have to write it down.

GrumpyMonkey · February 12, 2012

That's why I like to use "password" as my password for everything - means I never forget it and never have to write it down.

long passwords are confusing. i just use "a"

BurgersNFries · February 12, 2012

LOL!!! I love the "you made me take it down in the wrong way" part.

BurgersNFries · February 12, 2012

I posted that before watching the whole thing. ROFLMAO!

GrumpyMonkey · February 12, 2012

the ending is classic. it never fails to make me laugh, because it is so close to reality, at least in my experience

kapps · February 13, 2012

Evernote, I really like your work and your App. It becomes more important to me every day. But PLEASE make it possible to password-protect individual notes AND individual notebooks. Can you also make it possible to switch notebook visibility on and off (I use Evernote to show stuff to clients, and don't want certain folders to be seen).
As has been discussed at great length already (including this thread), EN leaves encryption/password protection up to the user.

First of all, thanks a lot for all the info in this discussion.

May I pls ask you a question regarding your setup.

You mentioned that your use of EN is restricted to non specific data and you store sensitive data to a TC volume and then onto jungle disk.

1. Would you not achieve the same security and greater convenience by storing the sensitive data in Local notebooks and have the EN database in a TC volume.

2. Re: the 2nd Password Encyrption from Jungle Disk. As I understand, a TC volume would require a password plus an optional key file. Are you suggesting/preferring the use of a password beyond these.

Please excuse me if I have mis understood anything, its my first use of EN and TC. Thanks.

BurgersNFries · February 13, 2012

May I pls ask you a question regarding your setup.
You mentioned that your use of EN is restricted to non specific data and you store sensitive data to a TC volume and then onto jungle disk.
1. Would you not achieve the same security and greater convenience by storing the sensitive data in Local notebooks and have the EN database in a TC volume.
2. Re: the 2nd Password Encyrption from Jungle Disk. As I understand, a TC volume would require a password plus an optional key file. Are you suggesting/preferring the use of a password beyond these.
Please excuse me if I have mis understood anything, its my first use of EN and TC. Thanks.

I do not have any Truecrypted containers in Jungle Disk. No need, since I encrypt my Jungle Disk "buckets" with an encryption password. I only use TC containers on my hard drives and have one in Dropbox. I have one in Dropbox so that I can backup my Evernote exb file, which includes sensitive data in local (non-sync'd) notebooks). The reason I have to backup my Evernote exb file to Dropbox is because it exceeds the Jungle Disk file size limit of 5 gigs.

kapps · February 13, 2012

Thanks for your reply. This seems a neat balance between security and convenience.

The only issue that crossed my mind, is that if the EN database is on a mounted TC volume, this becomes accessible to a network intruder. The only way around this would be to setup a workflow to mount/dismount at every occasion.

BurgersNFries · February 13, 2012

Thanks for your reply. This seems a neat balance between security and convenience.
The only issue that crossed my mind, is that if the EN database is on a mounted TC volume, this becomes accessible to a network intruder. The only way around this would be to setup a workflow to mount/dismount at every occasion.

You're welcome. Regarding the network intruder - I work from home & have my wifi password protected. And it almost never happens that anyone else uses my computer, since my husband & most guests have their own laptop/tablet/mobile device. And the TC container is mounted as a drive to the computer, so not easily accessible from another computer, even on the same wifi.

The one loose end is that I do leave my computer on 24/7 & the main TC container mounted. BUT...I figure if someone broke in they are not going to sit down at the computer. (It's a desktop.) I figure they are going to quickly unplug the components & pack them up & get out. In that case, the TC containers are now locked up. Like you said, there has to be a balance between security & convenience. So that's a risk I'm taking, since I use my computer often throughout the day & night. I don't want to have to mount the TC container each time I need it.

kapps · February 13, 2012

I see, I think I need to understand the ins and outs of TC a bit more.

From what you are saying, TC would be inaccessible if someone turned the computer off and took it away (even if it is added as an automatic mount ?). May I ask you what you mean by "wifi password protected". WAP2 Personal is what I have been recommended and of course selecting a strong password.

BurgersNFries · February 13, 2012

From what you are saying, TC would be inaccessible if someone turned the computer off and took it away (even if it is added as an automatic mount ?).

Yes. I do have my main container set up to auto mount. But the password still needs to be entered. So if someone turned on my computer, TC would get ready so mount the container as the V drive, but they would need to know the password.

May I ask you what you mean by "wifi password protected".

I mean that someone can't be sitting in a car in front of my house & hop onto my WIFI network b/c they would need to know the password. WAP2 is one type of password. So if you have yours set up with a WAP2 password (strong password), then that's good.

nova47 · February 13, 2012

(delete, delete, delete) "Humm, maybe I didn't send it."

Hysterical !

kapps · February 13, 2012

Ok, thanks. I will have a look at TC now and aim to accomplish along these lines. Very helpful.

spip72 · February 13, 2012

Evernote, I really like your work and your App. It becomes more important to me every day. But PLEASE make it possible to password-protect individual notes AND individual notebooks. Can you also make it possible to switch notebook visibility on and off (I use Evernote to show stuff to clients, and don't want certain folders to be seen).

+1 for adding encryption to a note or entire notebook.

GrumpyMonkey · February 13, 2012

just to be clear, you can encrypt note text. you cannot encrypt note attachments (unless you use a third party app like adobe). you cannot encrypt notebooks.

BurgersNFries · February 13, 2012

+1 for adding encryption to a note or entire notebook.

(sigh)

It's becoming very clear that some people don't read the threads. It's a darned shame. There are a lot of informative & helpful posts on this board, if you just read them.

JMichaelTX · February 13, 2012

+1 for adding encryption to a note or entire notebook.

Evernote has resisted adding this feature for some time. But as more and more users ask for it, perhaps they will reconsider.

If anyone else reading this thread would like this feature, please feel free to express your support for the feature.

JMichaelTX · February 14, 2012

With regard to access by Evernote Trunk Partners, it states the following in the Evernote Blog Evernote's Three Laws of Data Protection, dated March 24, 2011:

If you choose to connect your Evernote account with one of our many partners, you may be giving the partner access to your data. We will tell you how the partner application will access your account and you can turn off access whenever you want.

I do not recall ever receiving any type of notice from Evernote as to "how the partner application will access your account", nor how "you can turn off access whenever you want".

How to you transmit this critical information to us?

How do we "turn off access whenever you want"?

Is there some place in my Evernote Account settings that shows the access that has been granted to all Evernote Trunk Partners?

JMichaelTX · February 15, 2012

I'd like to review Evernote security in context of similar cloud services.
Does anyone know how Evernote security compares to:
Microsoft Office 365
Google Docs
Specifically, do either of these well-known cloud services provide for encryption of documents in their server storage?

I need to add another cloud service: DropBox

DropBox does provide for encryption of documents in their server storage.

From DropBox Help:

Dropbox uses modern encryption methods to both transfer and store your data.
Secure Sockets Layer (SSL) and AES-256 bit encryption
Dropbox website and client software have been hardened against attacks from hackers
Public files are only viewable by people who have a link to the file(s). Public folders are not browsable or searchable
Dropbox uses Amazon's Simple Storage Service (S3) for storage, which has a robust security policy of its own. You can find more information on Amazon's data security from the S3 site or, read more about how Dropbox and Amazon securely stores data.
Access via third-party apps
Some third party apps with Dropbox integration will ask for permission to access your Dropbox. To grant access, you will need to log in to your Dropbox account and explicitly press the Authorize button when prompted. You can visit the My Apps section of your account settings to review the apps you've granted permission to and revoke access at your discretion.

Brendan · February 15, 2012

it is up to the user to decide what security precautions are necessary for their individual cases. for your own medical records, i would recommend encrypting the pdf before uploading it to evernote.

I've searched the forums but haven't found any good discussions on the details of what security precautions individuals takes.

This is my workflow I'm doing to encrypt and redact documents before adding to evernote. I'd be interested to hear others feedback.

New Zealand's Privacy Act requires that personal information that I collect on other people (excluding family) must be highly protected. I have rental properties so I'm encrypting the tenancy agreements that have my tenants details on them, and then also saving them redacted in the same note so that the personal details (like address, phone number, drivers license details) are blacked out, but non-personal details are still easily accessable (like start date, amount paid, the property inspection and the water meter reading). Other sensitive documents I might keep just encrypted, and not have a redacted version of them.

Encrypt:

- Before adding a PDF to evernote, open it using PDF XChange Viewer.

- Go to Document Properties -> Security.

- Set Security Method to Password Security.

- Set Compatibility to Acrobat 9.0 and later (256-bit AES).

- Check Require a password to open the document.

- Enter my password twice. I'm using LastPass for Applications so I don't need to remember (or even know) the password that is 50 characters, upper & lower case, numbers and symbols.

- Click Ok twice, then save document as "useful name (encrypted).pdf".

- Optionally run the OCR, so that I can search for words inside the secure pdf.

Redact (CIA style - like http://www.aclu.org/...cial_Review.pdf ):

- With the document still open in PDF XChange Viewer, use the rectangle tool to draw black boxes over private details. At this stage, the boxes can be hidden by cho osing to hide comments.

- Print the document to the pdf driver, and save the document as "useful name.pdf". This will "burn" the boxes onto the document and ensure the information underneath is hidden.

Evernote:

- Select both files and drag to evernote. This will create one note with both files attached.

- When you look at the note, you should see a big white box as well as the redacted document. Evernote has an issue where it tries to preview encrypted pdfs (ticket #16051-67570), so you need to right click on the big white box and choose 'View as Attachment'.

- Double clicking on the encrypted file will open my pdf viewer and prompt for a password. I use LastPass for Applications to fill in the password prompt.

Evernote for Android:

- The reason I saved one file with "(encrypted)" in it is so that when I view the note in Evernote for Android, I know which one is encrypted and which one is not.

Windows Software I'm using:

- PDF XChange Viewer. Free from http://www.tracker-s...xchange-viewer.

- PrimoPDF pdf printer driver (but I think any pdf printer driver would do).

- LastPass for Applications (lastpass.com). Generates strong passwords and remembers them for me and provides multi factor authentication. I can't get to my password to open the encrypted pdfs without entering a password that is never transmitted over the network, as well as google authenticator token.

jbenson2 · February 15, 2012

I've searched the forums but haven't found any good discussions on the details of what security precautions individuals takes.

I'm not sure if the Evernote forum is the best place to get answers on a New Zealand law. After scratching the surface of the New Zealand Privacy Act, I found the bureaucratic mumbo gumbo too deep for me to figure out. Especially after reading the gem that said "Almost every person or organisation that holds personal information is an agency."

The Privacy Act controls how "agencies" collect, use, disclose, store and give access to "personal information".

Personal information is information about identifiable, living people.

Who is exempt?

Yup, you guessed it: Members of Parliament and the news media.

At the heart of the Privacy Act are twelve privacy principles.

• collection of personal information (principles 1-4)

• storage and security of personal information (principle 5)

• requests for access to and correction of personal information (principles 6 and 7, plus parts 4 and 5 of the Act)

• accuracy of personal information (principle 8)

• retention of personal information (principle 9)

• use and disclosure of personal information (principles 10 and 11), and

• using unique identifiers (principle 12).

And even with all these restrictions, I found more articles pushing for a stronger Privacy Act: "Dentures Needed For The Toothless Tiger".

Good luck. I don't envy you. I would not use Evernote to meet all these legal requirements.

.

spip72 · February 16, 2012

+1 for adding encryption to a note or entire notebook.
(sigh)
It's becoming very clear that some people don't read the threads. It's a darned shame. There are a lot of informative & helpful posts on this board, if you just read them.

I understand some people believe that securing Evernote data is not Evernote business. I also understand that some people believe that Evernote is not a place for sensitive data. I disagree. If Evernote should not be used for personal or business related information - then what is left? Music lyrics and food recipes? It would make me so sad that a tool as good as Evernote (in many regards the best tool on the market as far as I can see) could only be used for such limited purposes.

I've searched the forums for solid advice on how to protect the Evernote data on multiple platforms including the cloud, mobile devices and PC clients. I've found messages ranging from that I'm wrong in even asking for this, to suggestions on workarounds such as encrypting parts of every note or deploying 3rd party encryption engines. I regard all these suggestions as detours from the most obvious, user-friendly no-nonsense solution: simply encrypt the notebooks, and ask for the decryption password when entering evernote or after some timeout period has passed. I have password vault software on multiple platforms that fully support this in a very non-intrusive way. Simply take a look at tools like SBSH Safewallet. It works perfectly. And yes, of course you can search in the data even though the datafiles are encrypted.

Why not put the very limited effort of supporting notebook encryption into Evernote, and Bang! You have a tool the supports much wider usage patterns!

Thanks!

dlu · February 17, 2012

Why not put the very limited effort of supporting notebook encryption into Evernote, and Bang! You have a tool the supports much wider usage patterns!
Thanks!

I think the issue is that it wouldn't be a very limited effort.

BurgersNFries · February 17, 2012

And yes, of course you can search in the data even though the datafiles are encrypted. !

No, Evernote cannot index your data when it's truly encrypted. True encryption means the host does not have access to the encryption password. If the host had access to the encryption password, then what good does that do other than give some users a false sense of security? Anytime a host can give you your encryption password, if you forget it, then your data is not truly secure. You think hackers are smart enough to hack into a server but not smart enough to figure out where the encryption passwords are stored???

GrumpyMonkey · February 17, 2012

i think the encryption issue is a big one, and it is certainly a question worth asking.

1. i do think evernote could have the encryption keys. they don't have to be on the same server, and they could therefore be more difficult for hackers (or moles) to reach. the problem i see with this, as has been pointed out already, is that it is just more difficult, and leaves the possibility of incursion up in the air. i wouldn't be satisfied with this.

2. we could do encryption where only we have the passwords. why not? but, that is basically what we are already doing. i think if evernote gave the mac and windows clients the ability to encrypt a folder (just like we do with our own documents, but this time evernote would be supplying the encryption capability for the whole folder), then that would probably silence a lot of concerns. however, i wonder if they could legally do this. they already have to dumb down their text note encryption.

the demand out there is obvious and widespread, especially in the face of recent revelations about certain countries (who shall remain nameless) that have made devastating incursions into major businesses in recent years. unless evernote can somehow manage #2 at the folder level, i think the only reasonable solution is to continue as we have been--encrypting our own stuff.

evernote could do a much better job on their web site and in these forums of explaining the situation. otherwise, we get to go around and around every new thread on the subject. this is where a wiki would come in handy

JMichaelTX · February 18, 2012

i think if evernote gave the mac and windows clients the ability to encrypt a folder . . .

@GM, do I assume correctly that where you have used the term folder that you mean notebook, since Evernote does not have folders?

GrumpyMonkey · February 18, 2012

yep. notebook. thanks.

spip72 · February 19, 2012

And yes, of course you can search in the data even though the datafiles are encrypted. !

No, Evernote cannot index your data when it's truly encrypted. True encryption means the host does not have access to the encryption password. If the host had access to the encryption password, then what good does that do other than give some users a false sense of security? Anytime a host can give you your encryption password, if you forget it, then your data is not truly secure. You think hackers are smart enough to hack into a server but not smart enough to figure out where the encryption passwords are stored???

I do not know the architecture of neither the Evernote server(s) nor the Evernote clients. But in general terms, if by "index your data" you mean a table of keywords and links to the notes they appear in, that would be possible to do even when the indexing engine does not know the password. I'm no expert, but I can think up a few general options.

Option A) The indexing engine would simply index the encrypted data. When using the index to look up notes that contain one or more keywords, the software would simply encrypt the keywords supplied by the user, then look up the keywords in the encrypted form in the index.

Option Alternatively, you could build the index using the password supplied by the user (but only stored in volatile RAM during the session. This could, for example, be triggered whenever the user supplies the password on the client or on the website), then encrypt the index itself using that password. Searching using the index would require the password to decrypt the index. A theoretical drawback of option b could be, that the index is so large that it would require significant resources to decrypt the index prior to searching it.

Even if it would not - for some reason - be feasible to encrypt the data stored centrally on the Evernote servers, I would say that encryption of the offline data stored on my PC and my smartphone will work for me. If the Evernote client applications are build using a 3+ layered architecture with a data access layer at the bottom level (which is very common imho) it would require encryption/decryption logic in the one layer responsible for file i/o. This would also mean that if I ever forgot the password, Evernote could delete the offline storage and rebuild it from the online (unencrypted) data, using a new password I chose.

But I do realize that I do not know the application details. Surely it is very possible that previous architectural choices makes it very expensive to implement encryption of online/offline storage now. Or are there additional obstacles that I can't imagine?

BurgersNFries · February 19, 2012

And yes, of course you can search in the data even though the datafiles are encrypted. !
No, Evernote cannot index your data when it's truly encrypted. True encryption means the host does not have access to the encryption password. If the host had access to the encryption password, then what good does that do other than give some users a false sense of security? Anytime a host can give you your encryption password, if you forget it, then your data is not truly secure. You think hackers are smart enough to hack into a server but not smart enough to figure out where the encryption passwords are stored???
I do not know the architecture of neither the Evernote server(s) nor the Evernote clients. But in general terms, if by "index your data" you mean a table of keywords and links to the notes they appear in, that would be possible to do even when the indexing engine does not know the password. I'm no expert, but I can think up a few general options.

Personally, my money is on what the CTO of Evernote says, rather than someone who is not familiar with the inner workings of Evernote:

Yes, "can't search encrypted content" is an intentionally abbreviated reply. The longer version would be:
If a server has access to encrypted data, and access to the keys required to decrypt that data (for searching, display on the web, etc.), then anyone who successfully attacks that server has access to your data. If someone can gain control of that server, then the encryption has absolutely no value (other than making things slightly inconvenient). The attacker can make the server decrypt the data and read whatever she wants.
Meaningless encryption offers the illusion of security, which is frequently more dangerous than intentionally and transparently omitting encryption.
The only "meaningful" encryption would require that Evernote does not have a copy of the keys to decrypt the data at all. I.e. we just store a big blob of data that can only be decrypted by a client that has the keys. This would mean: no web interface, no "thin" mobile clients, no image processing/OCR, etc. If you lose/forget your personal encryption key/passphrase, then your data is basically unrecoverable (since Evernote doesn't keep a copy of the key).
This is actually what we do for the "encryption" feature within Evernote ... if you select some text in a note and encrypt it, that is encrypted with your passphrase, and Evernote does not have any secret "back door" to read your encrypted data. This is why you can't search for the contents of encrypted regions from the web ...
I.e. you're talking about an opaque file storage service, like one of the secure backup services. Not "Evernote." While these sorts of services have their place, that's not what Evernote's consumer service aims to be.

dlu · February 19, 2012

A theoretical drawback of option b could be, that the index is so large that it would require significant resources to decrypt the index prior to searching it.

While I'm not an expert in encryption or security either, I'm pretty sure 5 gigs is enough to slow it down considerably. There are people with large accounts that say our search is a touch slow already.

Even if it would not - for some reason - be feasible to encrypt the data stored centrally on the Evernote servers, I would say that encryption of the offline data stored on my PC and my smartphone will work for me... This would also mean that if I ever forgot the password, Evernote could delete the offline storage and rebuild it from the online (unencrypted) data, using a new password I chose.

This, more or less, is what you get if you use the data protection capabilities of each operating system. For example: http://en.wikipedia.org/wiki/FileVault and http://support.apple.com/kb/HT4175

In general I think it makes more sense to use the operating system level protection instead of having each individual application do it

GrumpyMonkey · February 20, 2012

just to jump in here on something dlu said. i don't know if i have a large account (6000 notes and a few gigabytes), but search for me is not necessarily slow. "instant search" for things i am not really looking for is the problem. once the search string is completed, search is lightning fast.

because search begins somewhere around three characters into my search query, it is looking for a whole lot of stuff. it is agonizingly slow. i am digging my eyeballs out with spoons here while i wait.

if evernote waited until we finished and pressed enter, i bet there would be fewer complaints about search speed.

an option here (toggle for instant search like you find in your google preferences) would be nice

Owyn · February 20, 2012

@GM.

The Web Client smart search box works as you desire. With some other features in the bargain.

GrumpyMonkey · February 21, 2012

i know. but, it fails on the ipad. too bad

fortunately, the ipad doesn't have instant search. even though it is a much slower processor the searches actually end up displaying about the same speed, and with much less frustration

SethH · February 22, 2012

With regard to access by Evernote Trunk Partners, it states the following in the Evernote Blog Evernote's Three Laws of Data Protection, dated March 24, 2011:

If you choose to connect your Evernote account with one of our many partners, you may be giving the partner access to your data. We will tell you how the partner application will access your account and you can turn off access whenever you want.

I do not recall ever receiving any type of notice from Evernote as to "how the partner application will access your account", nor how "you can turn off access whenever you want".

How to you transmit this critical information to us?

How do we "turn off access whenever you want"?

Is there some place in my Evernote Account settings that shows the access that has been granted to all Evernote Trunk Partners?

There are two ways that you can authorize a partner application to access your Evernote account. The first, used mostly by web applications, is OAuth, a standard web authorization mechanism. When a partner application requests access to your Evernote account via OAuth, you'll be presented with a screen like the following:

You can see a list of partner applications that you have granted access to via OAuth by visiting https://www.evernote...Settings.action and click on the Applications tab, which will show you a screen that allows you to revoke access to any of these apps. If you haven't authorized any applications, the Applications tab won't appear.

The second way that you can authorize a partner application to access your Evernote account is by providing it with your Evernote username and password. This type of authorization is typically used by mobile and desktop applications. When you provide your Evernote username and password to a third party application, you're trusting it with complete access to your Evernote account. You can cut off access from all partner applications by changing your Evernote password at https://www.evernote...ettings.action.

We're working on a mechanism that will show you all of the applications that have accessed your account, regardless of the authentication mechanism that they used.

Jeff510 · February 23, 2012

I need to add another cloud service: DropBox

DropBox does provide for encryption of documents in their server storage.

From DropBox Help:

Keep in mind regarding Dropbox, while they do store your data in encrypted databases, they hold the encryption key. You are still at their mercy to keep the keys protected. They can decrypt your stuff, (and would do so upon law enforcement request) and would be quite susceptible to an "inside job" themselves.

I've read this thread with great interest, and enjoyed the substantive back-and-forth. I take online security very seriously, and it's something I think about with Evernote.

I don't keep the most protected of my information on Evernote. I don't keep medical records, tax records, social security numbers, etc... on here. That stuff lives on my own computer, and in encrypted cloud backup via Crash Plan.

I fully understand and share some of the concerns about keeping certain kinds of data in Evernote. As a very happy and enthusiastic Evernote customer, one might even say an "evangelist" with my family and friends, I would still counsel people to not use it for their most sensitive information. I love the service and use it for all kinds of things, but there are limits.

That is not to say that I couldn't love EN even more if I had the capability of an encrypted notebook. Frankly, I would very much like that. But even without, I can find enough uses for EN to be quite happy about. I think it is an understandable request, but I can understand why they wouldn't want to go that direction. But also, it's probably not a good idea to then promote uses like storing passwords or passports and stuff like that...

BurgersNFries · February 23, 2012

I need to add another cloud service: DropBox
DropBox does provide for encryption of documents in their server storage.
From DropBox Help:
Keep in mind regarding Dropbox, while they do store your data in encrypted databases, they hold the encryption key. You are still at their mercy to keep the keys protected. They can decrypt your stuff, (and would do so upon law enforcement request) and would be quite susceptible to an "inside job" themselves.

Jeff510 is absolutely correct. From this page: (emphasis mine)

"Can I specify my own private key for my Dropbox?

To ensure everyone has the ability to view and share files on the web painlessly, Dropbox currently does not support the creation of your own private keys."

Over a year ago, I posted on this topic here.

anjoschu · February 23, 2012

Brendan, thanks for sharing your workflow.

Redact (CIA style - like http://www.aclu.org/...cial_Review.pdf ):
- With the document still open in PDF XChange Viewer, use the rectangle tool to draw black boxes over private details. At this stage, the boxes can be hidden by cho osing to hide comments.
- Print the document to the pdf driver, and save the document as "useful name.pdf". This will "burn" the boxes onto the document and ensure the information underneath is hidden.

As for redacting -- for searchable PDFs I don't know if this is really enough: As to my knowledge, printing to a PDF will fuse the boxes to the pages, yes, but text underneath is still retained as plain text in character form (not as an image, nor deleted). I'm on Mac (so no XChange Viewer for me), but when I blacken out sensitive information in a searchable PDF with boxes, then print to a PDF file, open it, then select all text in the file and copy it to the clipboard (CMD-A/Ctrl-A, CMD/Ctrl-C), and then paste into a text editor, I am able to extract all text from behind the "fused" black boxes. Could you try to test this in your environment?

Brendan · February 23, 2012

Brendan, thanks for sharing your workflow.
Redact (CIA style - like http://www.aclu.org/...cial_Review.pdf ):
- With the document still open in PDF XChange Viewer, use the rectangle tool to draw black boxes over private details. At this stage, the boxes can be hidden by choosing to hide comments.
- Print the document to the pdf driver, and save the document as "useful name.pdf". This will "burn" the boxes onto the document and ensure the information underneath is hidden.
As for redacting -- for searchable PDFs I don't know if this is really enough: As to my knowledge, printing to a PDF will fuse the boxes to the pages, yes, but text underneath is still retained as plain text in character form (not as an image, nor deleted). I'm on Mac (so no XChange Viewer for me), but when I blacken out sensitive information in a searchable PDF with boxes, then print to a PDF file, open it, then select all text in the file and copy it to the clipboard (CMD-A/Ctrl-A, CMD/Ctrl-C), and then paste into a text editor, I am able to extract all text from behind the "fused" black boxes. Could you try to test this in your environment?

I took the Evernote for Windows user guide (http://www.evernote.com/about/support/EvernoteForWindows-UserGuide.pdf), followed the steps I described and drawing black boxes over every case of the word "Evernote" on page 1, printed page 1 to a seperate file (http://dl.dropbox.com/u/293425/EvernoteForWindows-UserGuide%20Redact.pdf) and then OCR'd it (http://dl.dropbox.com/u/293425/EvernoteForWindows-UserGuide%20Redact%20OCR.pdf). If I use searching using Adobe reader or PDF XChange Viewer, I cannot find any cases of the word "evernote". When I select all, copy and paste, there are no cases of the word "evernote".

I'd really appreciated it if others could review the PDF I produced and verify my results, and perform the same steps and see if you get the same results.

Brendan

anjoschu · February 24, 2012

I see. The step of redacting and printing to a pdf (result http://dl.dropbox.co...de%20Redact.pdf), using your combination of tools, seems to turn the whole document into (vector) graphics or something, resulting in a non-searchable pdf (because text has apparently been turned into graphics). I don't know whether the redacting step or the printing-to-pdf-step has done this?

I will try to get text out of your documents as soon as I get home.

anjoschu · February 24, 2012

Just as I thought -- using the right tools, it's easy to read the hidden text from the redacted document you posted (both in the pre-OCR and the post-OCR version).

The steps I took are as follows:

1. Open PDF in OpenOffice.org (LibreOffice should work, too)

2. Select all (CMD-A / Ctrl-A).

3. Select line style "solid" --> you now see the outlines of all the non-covered letters.

4. Select fill style "invisible" --> the black blocks are now transparent and you can read the text underneath. (you could also ungroup the whole thing and delete the black boxes).

Explanation:

Your redaction or print-to-pdf tool converts all letters to vector graphics. That's why you can't copy-paste them (which is good). But the graphics objects of the letters underneath the black blocks are still there. So, any person who has software to edit PDFs can simply remove the black blocks and see what's underneath.

I had to go via the less-than-perfect PDF functionality of OpenOffice because I don't have the full Adobe Acrobat software. OpenOffice displays some details wrong, that's why I had to select the line style "solid" in order to see the text. If you have the Full Adobe Acrobat (not Reader) or similarly capable software, you could simply move or delete the black boxes.

In a nutshell, the information under the blocks has to be destroyed, not hidden. You could achieve this by exporting the redacted PDF in (non-layered!!) bitmap format like png. Maybe there's an option in your pdf-printer driver which allows this.

Edit: Here's an article about proper redaction, including a short survey of tools and guidelines available: http://acrobatusers.com/tutorials/redacting-pdf-files-survey-tools

gazumped · February 24, 2012

If the aim of all this is to redact documents effectively and permanently, how about

redact documents with black boxes as described
print document.
Edit paper copy further if necessary with marker pen.
scan printed version
delete original (or move it to secure archive)

BurgersNFries · February 24, 2012

Wow...simply applying an encryption password sounds like a lot less hassle...

anjoschu · February 25, 2012

Wow...simply applying an encryption password sounds like a lot less hassle...

It does, doesn't it. There may actually be some sort of legal difference between securing certain information and not keeping certain information (encrypted or not).

Loose Cannon · February 26, 2012

First they ignore you, then they laugh at you, then they fight you, then you win. - Ghandi

My vote is definitely for improved password protection!

I suggested this in my own post here:

I also agree that some "evernote evangelists" tend to have an abrasive attitude on this topic, while not displaying any knowledge of Best Computer Security Practices, especially when considering that cloud data storage is pretty new. See:

Do You Encrypt Your Data? A Plea to Businesses from an Identity Theft Victim

I am not trolling so I'll move on.

The product should be enhanced in the future to support encryption. Evernote should not store your most personal data on disk in plaintext period.

If this presents a problem for the indexing paradigm/functionality they've employed, then they should give you the option of turning it off in favor of security, and/or should transition the indexing functionality to the client.

I don't mind making my CPU work just a bit harder to search, even on mobile devices.

There are many other things they could do to, like support Google based HMAC based OTP's (one-time-passwords) or even SMS notification when logging in from new devices, etc.

My 0.02 cents.

First they ignore you, then they laugh at you, then they fight you, then you win. - Ghandi

Metrodon · February 26, 2012

First they ignore you, then they laugh at you, then they fight you, then you win. - Ghandi
My vote is definitely for improved password protection!
I suggested this in my own post here:
http://discussion.ev...authentication/
I also agree that some "evernote evangelists" tend to have an abrasive attitude on this topic, while not displaying any knowledge of Best Computer Security Practices, especially when considering that cloud data storage is pretty new. See:
Do You Encrypt Your Data? A Plea to Businesses from an Identity Theft Victim
I am not trolling so I'll move on.
The product should be enhanced in the future to support encryption. Evernote should not store your most personal data on disk in plaintext period.
If this presents a problem for the indexing paradigm/functionality they've employed, then they should give you the option of turning it off in favor of security, and/or should transition the indexing functionality to the client.
I don't mind making my CPU work just a bit harder to search, even on mobile devices.
There are many other things they could do to, like support Google based HMAC based OTP's (one-time-passwords) or even SMS notification when logging in from new devices, etc.
My 0.02 cents.
First they ignore you, then they laugh at you, then they fight you, then you win. - Ghandi

Evernote have made it very very very very clear that they are not currently encrypting data server side - they have also not given any indication that they plan to change this.

If you aren't happy with this level of security then Evernote isn't currently the app for you.

I'm sure if they ever decide to change their mind then there will be lots of press about it - they are good at marketing and so you'll know and can come back if you want to.

cuteynfatal · March 8, 2012

At the risk of stepping into some serious doo-doo, I'd like to offer some perspectives as a new EN premium user. If someone asks me to recommend EN, I would tell them:

I started using EN because, like most EN users, I needed a cloud-storage with easy retrieving function. In various magazines, EN's founders have promoted the system as a place to "store your memories". Great so far.
Like most average users, I am concerned about security. If my ipad happens to be unlocked and someone opens EN, they could read my personal journal entries (for example).
The forum seems to suggest: If you're concerned about security, you are on your own. Find a way to encrypt each piece of document whether in your local or online notebooks.
My choices
- I can not use EN to store sensitive data - this practically eliminates the ability to "store my memories."
- I can figure out how to encrypt each document. I'm not a techno-phobe, but I'm not going to search and learn how to encrypt PDFs, Jpgs, etc. Essentially, I'm forced to create my own seatbelt in order to drive EN (as someone wrote elsewhere in this thread).

[*]I understand there's a trade-off between accessibility and levels of security. I don't want a steel cage. It's like a cabinet in my house. Some drawers are locked others are not. I want the ability to password-lock some notebooks, if I choose. I want a simple toggle-switch.

[*]Without a simple solution, EN is not a tool for the masses. I can't recommend it to my friends anymore than I would recommend a car without seat belts.

[*]EN's choices

Give the average user an easy way to lock our documents; or
Be satisfied with its current, tech-savvy customers and forget about (and stop promoting to) EN to the mass market as a memory-storage.

Respectfully,

GrumpyMonkey · March 8, 2012

hi cuteynfatal. here is a hose to wash off some of that doodoo you stepped into

first of all, i wouldn't let anyone touch my ipad. besides being kind of gross (a shocking number of people have poor personal hygeine and do not wash hands after making their own doodoo), it's sort of dangerous, considering how much access to sensitive things like email and evernote they will have. so, number one: it's your responsibility to secure your devices.

but, let's say that one of the unwashed masses gets a hold of your device and tries to open up evernote. if you have evernote's passcode lock feature on (see settings), the interloper can't see a thing. see? evernote has got your back

now, go tell your friends that their memories and private stuff may not be as secure as fort knox, but it is more secure than email or any other number of services they use!

Metrodon · March 8, 2012

The Grumpster has nailed it and Evernote have been very clear over the years on this subject. It is the user's responsibility to secure their device. Evernote will helpfully provide a couple of little extras like PIN codes for mobile devices and text encryption inside of notes. Locking a computer or mobile device is incredibly simple and protects all your data.

Brendan · March 8, 2012

Locking a computer or mobile device is incredibly simple and protects all your data.

Actually, locking your Android Gingerbread device doesn't protect your data if it is stolen and you have your USB settings set to 'Mass Storage' (Settings, Wireless and Network, USB Settings on 2.3.3). Android issues 20924,18670,18463, 23900 all mention that the dialog is displayed to allow you to mount the internal SD Card as a USB Drive even when the device is locked.

Once you (or the thief) have the drive mounted, can go to \Evernote\notes\ and look around at your offline notebooks. There appears to be one content.enml per note (which is plain text xml), and has refers to any attachments. Attachments are in the same directory with a .dat extension, and can be renamed to .pdf or .jpg as appropriate. (The enml file tells you the type of attachment). Any files that are not manually encrypted are easily viewed.

but, let's say that one of the unwashed masses gets a hold of your device and tries to open up evernote. if you have evernote's passcode lock feature on (see settings), the interloper can't see a thing. see? evernote has got your back

now, go tell your friends that their memories and private stuff may not be as secure as fort knox, but it is more secure than email or any other number of services they use!

Are you saying that Evernote is more secure than Gmail or even Facebook (when two factor authentication is enabled for each of the services) in the case where your locked device with a decent pin code is stolen?

Also, when locking your Android device, it's also not best to use a screen lock "pattern", given the ease of smudge attacks:

In one experiment, the pattern was partially identiﬁable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them. - http://static.usenix...papers/Aviv.pdf

I've personally tried it with fellow colleagues phones, and just holding the phone on the correct angle to the light has given me a 50% success rate on 4 phones.

GrumpyMonkey · March 8, 2012

1. i don't use android. i tried, but it doesn't work for the stuff i do. too bad really, but security was certainly one of my concerns. i don't know if there is a solution for the problem you mentioned.

2. i think evernote is more secure than your email. clearly. if i leave my ipad unlocked, as far as i know, anyone can access my email and i have no way to protect myself. press the mail icon and you have access to all of my sexting. evernote gives you a four pin combination option to lock it all down. at least, that is how it works in ios (poster's example).

3. i don't really get into the pattern thing. you get ten tries on my iphone with four digits. good luck! not exactly connected with evernote, but the point is, if you have an ipad (the poster's example) evernote and apple give you a lot of tools to protect yourself, if you use them.

deverill · March 10, 2012

I just came to the party but brought extra chips and sodas so I hope it is forgiven.

There have been several excellent points made in this post on both sides of the fence, so to speak. I'd like to offer my own also.

1. Security has a maxim that says your security is sufficient if the effort to break into the data is greater than the value of the information. In my case, I store nothing that is valuable enough to be worth hacking into Evernote's servers. An "inside job"er so feared by some would be sorely disappointed if they got everything in my Evernote account.

2. There are serious issues that Heather mentioned regarding exporting technology like encryption. Just look at the years and dollars Phil Zimmerman (PGP) spent defending himself against arms exportation allegations. I defer to Evernote Execs to decide when and how to handle encryption. I'm thankful for what they offer me and if I want better security before they have it I can find it on my own. I consider it arrogant for me to try to tell them what they have to go through for such a feature when it is their company and their lives destroyed should they be convicted of such a crime. Especially since they are offering a service and not trying to force everyone to use it like a dictatorial government would force their people to do certain things. I have the choice to stay or go... they have the choice of what to offer and how it affects their bottom line. It seems to be working for them so far and certainly works for me.

3. As a programmer I understand there are potentially some critical technology issues. One mentioned already is the ability to search and offer up to the user anything encrypted. Another is the manner in which information is stored in Evernote. It is entirely possible that it is simply not practical to do whole-notebook encryption. I seem to remember a discussion which I can't fine (in the old forums?) in which Dave Engberg (CTO) said that the way notes are stored makes it a big challenge to encrypt a whole note because Evernote is so flexible you can store pictures, word docs, spreadsheets, html, rtf, etc. (Forgive me if I mischaracterized the statement - I'm going from memory and didn't Evernote it.) I again defer to the principals of the company and their technical staff to make these decisions.

4. If you (no one in particular) feel strongly that "Everyone needs to know how terrible Evernote is!" then I would suggest you get a blog and start posting. Get big enough the news reporters come to you for interviews. Put your security certifications and degrees on display behind you so the cameras can show how right you are. I can imagine going to McDonalds with signs and a dead cow draped over my shoulders yelling about how horrible their food is. I would quickly be escorted away by the men with shiny badges and steel bracelets. There is nothing wrong with certifications, least anyone misunderstand my point. I'm merely saying that if you can show you are a greater authority on the topic than Evernote and feel strongly about it and you want to make the point, do so from your study/office/blog/etc., not a new person every couple of weeks all over again in the forum Evernote has set up for us to help each other and for them to drop into and offer help as well. Additionally, mentioning security issues, asking questions, making a factual point is not what I address here but rather the 'you guys suck/are evil/etc' type sentiment.

The bottom line is that for me the security provided by Evernote is greater than the value of my information and I should worry more about my home security that may allow someone to break in and get my paper backups of my taxes than worrying about Evernote having an insider or outside hacker getting into my files. This is a personal decision we each must make when deciding to use Evernote or not. If you think like I do then we will carry on. If you don't then I'm sorry to see you go but please don't feel you are obligated to try to drag the company down when you go.

This is not directed at any one person or the people on one side of the discussion or the other!!! In fact, this thread is so long I don't remember the names of anyone involved in the conversation to a meaningful extent. I intend merely to address the issues mentioned and not those who mention them. To repeat my opening sentence, "There have been several excellent points made in this post on both sides of the fence, so to speak."

GrumpyMonkey · March 11, 2012

great points deverill. thanks for posting them.

i'll just address the first one here. i think one of the problems these days is that information thieves are so good that they can suck out everything by everyone, and extract useful information from it, so the benefits of breaking into a service like evernote (remember everything!) far outweigh the risks (none if overseas) or costs.

this isn't fantasy fear mongering, but something that has happened to major corporations. experts estimate that penetrations happen on a regular basis for all of the top companies in the us. that's not evernote. yet. but, i am sure many executives at many companies use evernote, so...

this doesn't mean evernote could or should give us more encryption, but i think we ought to be clear that evernote is surely a target.

as long as users understand this and take appropriate precautions, i think it is ok as it is. evernote has made it clear that they take security seriously, but also will not offer false security to users. this is perhaps better than dropbox, which, for all of its great security, actually exposed every single person's data to the entire world last year. i was pretty disappointed.

anyhow, i'm comfortable with the security so far (equivalent to what you have with your email client), but whatever encryption they can offer (if possible) would be welcome!

JMichaelTX · March 11, 2012

1. Security has a maxim that says your security is sufficient if the effort to break into the data is greater than the value of the information. In my case, I store nothing that is valuable enough to be worth hacking into Evernote's servers. An "inside job"er so feared by some would be sorely disappointed if they got everything in my Evernote account.

The key phrase here is "I store nothing that is valuable enough to be worth hacking into Evernote's servers."

I take this to mean that you do not store anything sensitive, like legal, medical or financial data.

If that works for you then Evernote as it is would seem to provide adquate security.

But Evernote strongly advertizes itself as being the tool to help you store and remember ALL of your "memories".

While I could devise separate storage approaches for storing my memories, I would much prefer to have one place to put it all, provided it has adequate security.

If Evernote would provide the ability to encrypt all notes in a given Notebook, my security needs would be met.

2. There are serious issues that Heather mentioned regarding exporting technology like encryption. Just look at the years and dollars Phil Zimmerman (PGP) spent defending himself against arms exportation allegations.

It's not clear why this is at issue with respect to Evernote. Evernote already provides encryption for blocks of text within a Note.

So obviously this encryption is being done without violating any US Federal laws.

Why can't this same encryption be applied to the whole Note?

deverill · March 11, 2012

That is a valid point, Grumpy. Evernote holds things not just for me but for, apparently from a previous post, confidential communications with my attorney (he's not my lawyer but maybe my lawyer does too.)

JMichael, not exactly. I store things in Evernote that would make you cringe but they don't seem a problem for me. So what if a hacker does the improbable and gets in and sees that I have great Cholesterol and lousy Sugar (Diabetes). He could, perhaps, social engineer me to buy cheap foreign drugs from me but I'm not as vulnerable to social engineering as the average guy. I'm not immune but buying drugs somewhere besides my local pharmacy is just dumb to me... (that's me! If anyone else does it then that's fine too!)

Your point about their advertising (examples) is valid. They need a disclaimer on every mention of bills, taxes, medical reports, etc that they "recommend" us to put into Evernote if they do not change their security. That is only wise to keep their customer who misunderstands security from losing important stuff.

I think to address point #2 further I would have to know what kind of encryption the "block of text" method uses. I threw that out since it is legitimate but really I think it is more point #3 and the technology they have - I think they convert everything to HTML internally so does that pose a problem with regards to encryption? I dunno but it is a potential stumbling block for whole-notebook encryption.

This is definitely good conversation to have, especially with participation by Evernote, but I always try to remind myself that if they say NO there may be good reasons for it and as a customer consuming their service they don't really owe me an explanation of the details of it. At work I figure if the CEO tells me to sweep the parking lot I can either do it or find another job... I work for him. I do have the right to express my opinion about it but have to accept the consequences of doing so. Although we don't work for Evernote our options are similar. We can make our opinions known and either do it their way or find another life-archiver. From what I've seen I can only say "good luck with that" since nothing compares IMO.

Thanks for the replies guys.

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing

Recommended Posts

JMichaelTX 4,117

Link to comment

ZonicBoom 3

Link to comment

heather 604

Link to comment

GrumpyMonkey 4,319

Link to comment

ZonicBoom 3

Link to comment

jefito 5,589

Link to comment

heather 604

Link to comment

GrumpyMonkey 4,319

Link to comment

ZonicBoom 3

Link to comment

GrumpyMonkey 4,319

Link to comment

Metrodon 2,184

Link to comment

ZonicBoom 3

Link to comment

Metrodon 2,184

Link to comment

dlu 628

Link to comment

JMichaelTX 4,117

Link to comment

Metrodon 2,184

Link to comment

heather 604

Link to comment

BurgersNFries 2,407

Link to comment

evernote-fan 34

Link to comment

JMichaelTX 4,117

Link to comment

heather 604

Link to comment

JMichaelTX 4,117

Link to comment

heather 604

Link to comment

JMichaelTX 4,117

Link to comment

Brendan 17

Link to comment

BurgersNFries 2,407

Link to comment

Metrodon 2,184

Link to comment

jbenson2 2,147

Link to comment

dlu 628

Link to comment

jefito 5,589

Link to comment

Metrodon 2,184

Link to comment

Brendan 17

Link to comment

GrumpyMonkey 4,319

Link to comment

JMichaelTX 4,117

Link to comment

Brendan 17

Link to comment

megsaint 441

Link to comment

BurgersNFries 2,407

Link to comment

jbenson2 2,147

Link to comment

jefito 5,589

Link to comment