Jump to content

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing


Recommended Posts

  • Replies 786
  • Created
  • Last Reply

Keep in mind that this does not prevent anyone from viewing the copy of the notes stored on your PC; it's an unencrypted database file on your hard drive that can be freely examined without launching Evernote or knowing your password as long as someone has access to your PC/hard drive.

You can put the Evernote database folder into a Truecrypt container, though, if you want the local database to be encrypted. You'll have to launch Truecrypt and enter your decryption password each time before launching Evernote, though.

Link to comment
Ooops, reading over the question I just posted I now realize that my Evernote ID was necessary to post this question so that is one level of security lost to me. That seems an easy thing to solve, no? I mean, do we really have to sign up for a second Evernote account just to keep the primary logon ID secure? Or did I make some kind of mistake here?

Hey Guys! It has been about a year since I posted this and I've yet to get a reply. We have been discussing the migration from OneNote to Evernote on the Paperless forum on Yahoo. Evernote is starting to gain support from those who once were married to OneNote. However the question of security has come up and I'm over here checking to see if there have been any answers yet. The folks in the Paperless forum have two characteristics:

1) We are committed to a 100% paperless life style. This implies that solutions have to be comprehensive and simple. (So telling us to keep some stuff elsewhere because Evernote is not secure comes down to telling us to forget Evernote.)

2) We are serious about security. Assurances that "we have you covered" are not enough. We need to get specific and direct answers.

My first question is as cited ... WHY IS MY USERNAME shown on this forum when it is the same username needed to access my account? Think about it ... the UESERNAME is 1/2 of what someone needs to log in. No matter how secure your servers are, if anyone with a browser can troll this forum and harvest USERNAMES, I have to ask about security.

I mean, do you think my question is somehow insulting or impertinent? I'm not attacking anyone here, just asking about what seems to be a hole in the security. If I'm wrong about this, I'd love to hear about it so I can report back to the paperless group that this is not an issue. Or is the answer that we need two accounts: one to store data and a second to access this forum?

The other point that I think I made in an earlier post is that the whole PURPOSE of Evernote (in the marketing material) is to have a place for ALL of your stuff for universal access. The question about why anyone would risk it, begs the question. If I'm not going to risk it then what would I need Evernote for in the first place? I really (really, really, really) don't give a hoot about wine labels. What I DO care about is being able to pull up a picture of my driver's license or Passport or Airline Ticket when I have a problem late at night in some airport. And those are sensitive things. I would like to be able to lock them at the note level or be very sure of the security of the entire program.

I agree that I don't need old bank statements in Evernote. That confuses the question -- it is not what I keep there. I keep that kind of thing on my home PC and I never need immediate access to those old records. If I need access to the current statement, I just go on the banks website and get it there. No problem. But on the banks website, my ID is not displayed. There is no public form which displays my bank user ID. Not so with Evernote.

Lastly, to respond that "every user has to balance security with convenience" kind of side steps the question, don't you think? Of COURSE that is true. It is ALWAYS true. But if the obvious use of this program is to give me immediate access to sensitive material, then my balance has to be to not use it at all if it is not secure. Think about it ... "quasi security" is the most dangerous condition. Each time you use a program you have to evaluate if it is secure ENOUGH for this data. That is bound to lead to mistakes. The only security that is safe to use is the highest level you feel you need for the most sensitive material you deal with. What am I to conclude then? "So sad that it is not useful for its intended purpose. Hey, if I ever decide to get snooty about wine then maybe Evernote's security balance will be just the ticket." posting.php?mode=quote&f=30&p=48043#

Please tell me if I have any of this wrong. Or is the answer to my question about Evernote security that it is just not there and I should find another solution? Right now Dropbox is looking better and better.

P.S. I think Evernote is a superb program. I love that you are working hard to develop many partners. I don't have problems with the program. I love the interface. However, given its intended purpose, security is 100% of the function I need. User interface tweaking is great ... who does not love cool user interfaces? But without good security, the interface is of no concern.

Link to comment

My first question is as cited ... WHY IS MY USERNAME shown on this forum when it is the same username needed to access my account? Think about it ... the UESERNAME is 1/2 of what someone needs to log in. No matter how secure your servers are, if anyone with a browser can troll this forum and harvest USERNAMES,

The message board user name is only the same as your Evernote login name if you chose to use the same one. My Evernote account name is not BurgersNFries.

The rest of your post has been discussed & answered previously. Nothing has changed on Evernote's stance regarding passwords, security, encryption, etc.

Link to comment

My first question is as cited ... WHY IS MY USERNAME shown on this forum when it is the same username needed to access my account? Think about it ... the UESERNAME is 1/2 of what someone needs to log in. No matter how secure your servers are, if anyone with a browser can troll this forum and harvest USERNAMES,

The message board user name is only the same as your Evernote login name if you chose to use the same one. My Evernote account name is not BurgersNFries.

The rest of your post has been discussed & answered previously. Nothing has changed on Evernote's stance regarding passwords, security, encryption, etc.

On the first point, I don't recall I had a choice. I will dig around and see if I can change my login for this form. It would be great news to find that it is my ***** up and not a security hole.

On the second point, it clearly has NOT been dealt with (or at least I have not been able to dig it up by searching on "security" and "encryption". I'll await an official answer, and report back to the Paperless forum with what I hear. Right now security is a hot topic and Dropbox seems to have the edge there if the best answer is "don't put sensitive data into Evernote if you want to keep it secure". If that is the security level for Evernote it will be a big "fail".

Link to comment
On the first point, I don't recall I had a choice. I will dig around and see if I can change my login for this form. It would be great news to find that it is my ***** up and not a security hole.

Yes you did. It's not a security hole. Like I said, I have no Evernote account under the user name of BurgersNFries.

Right now security is a hot topic and Dropbox seems to have the edge there if the best answer is "don't put sensitive data into Evernote if you want to keep it secure". If that is the security level for Evernote it will be a big "fail".

If you think Dropbox is more secure than Evernote, you are sorely mistaken. At least IME. When it comes to being truly secure, IE keeping tax info from a hacker who hacks into Evernote servers or Dropbox servers, Dropbox is no more secure than Evernote. (Which is not to say either is easily hackable.) The only way to be totally secure from hackers is to have a secondary password that is not stored anywhere the host server can access it. IE, I have my Jungle Disk (online backup) encrypted with a 2nd password. So if someone hacks into JD's servers, they still cannot decrypt my data. The downside is if I forget that secondary password, I have a bunch of data that is meaningless to me b/c it cannot be decrypted. Dropbox talks a good story...but unless you have a 2nd password (that the host has no access to), it's a not all that secure, when it comes to items like social security numbers, pins, passwords, etc & hackers. Here's a hint: If the host says they can help you retrieve your data if you forget your password...it's not all that secure from hackers. Jungle Disk specifically says...when you add a (2nd) encryption password, if you forget it, they cannot retrieve your data. Same thing with Truecrypt. Heck, even Evernote tells you if you encrypt text within a note and forget the password, they can't help you. So unless Dropbox allows you to provide a 2nd encryption key, it's not as secure as they claim it to be.

Think of it like your safe deposit box key. It takes two keys to open the box. The bank (IE Dropbox, Evernote, Whomever) cannot open your encrypted data unless you provide the 2nd key. IE password.

Please note I'm not dogging Evernote or Dropbox. I use them both every day. But as far as security goes, if you'd put it into Dropbox, there's no reason to not put it into Evernote & vice versa.

Link to comment

Our forums have absolutely no connection to the Evernote service. We're just running a completely separate PhpBB forum server, which means you need to register for the forum and pick a username and password.

We've actually had a lot of complaints about this from people who expect to be able to post to the forum without creating a second account. We've considered changing it, but that's the way it works for now since we haven't had time to try to replace this old forum platform.

Link to comment
Our forums have absolutely no connection to the Evernote service. We're just running a completely separate PhpBB forum server, which means you need to register for the forum and pick a username and password.

We've actually had a lot of complaints about this from people who expect to be able to post to the forum without creating a second account. We've considered changing it, but that's the way it works for now since we haven't had time to try to replace this old forum platform.

I think this makes total sense. It's a little inconvenient to create another account, but this is greatly outweighed by the complexity and security of having an integrated system.

Link to comment
We've actually had a lot of complaints about this from people who expect to be able to post to the forum without creating a second account. We've considered changing it, but that's the way it works for now since we haven't had time to try to replace this old forum platform.

I would prefer that you leave everything like it is. I don't mind creating a second account, if that prevents the possibility of exploiting the forum to retrieve data from the user database.

There might be bugs in the phpbb forum software, which may can be used to do that. Why take the risk?

Link to comment
  • 2 weeks later...

For work/business data security is crucial. Therefore I want to propose the feature of fully encrypted notebooks - even under the condition that these notebooks do not have all features of normal Evernote notebooks.

A minimal and incredible useful enhancement would be the possibility to add a third type of notebooks in addition to synced and local notebooks. Encrypted notebooks. All notes in the notebook are encrypted with an high standard encryption (e.g. AES 256) and transmitted to/stored on the Evernote server. Encryption is performed only locally using the passphrase. Lost passphrase, lost notes. No access on the Evernote Web. In other words: no unencrypted data leaves the client machines. I am not sure if it possible to add encryption to iOS and Android versions of your software, but I would find it extremly useful even if limited to the full-OS clients. Sharing would be the nice, if possible (by sharing the folder normally via evernote and sharing the passphrase on an individual channel (personel, phone, ...)).

Link to comment
  • Level 5

It's great to offer new ideas and kick the pros and cons around on this forum.

My immediate reaction to developing a full encryption program into Evernote (or a partial one to cripple the mobile users)?

Holy Cow - absolutely no!

Use a 3rd party program like TrueCrypt, but don't pull a group of engineers away from their primary mission. They have enough to do right now. Just look at all the requests that are dominating this forum. Tabs, bullets, fonts, searches, sub-folders, constantly changing mobile platforms, photo editing, etc.

Putting aside the added complexities involved for the users, I can just imagine what would happen if a world-wide program like Evernote has to face the security hoops that RIM is jumping through right now in countries like India.

For the corporate folks, there are many other programs out there that will satisfy their needs. And it will cost. Check out the variations of SAP or SalesForce.com. Why the extra cost? Because of all the added security and IT driven requirements. Don't add all that corporate excess baggage to a consumer driven product that does a great job and is well priced.

Link to comment

Sadly there is no software like Evernote that works cross-platform Win/Mac/Linux. One could try with a weird combination of Evernote local folders, Truecrypt and Dropbox to gain added security. I have already tried this but the files on Mac and Win are not the same, so you can not bridge platforms with this approach. I do not see to much added complexity for the users - it would still be an option to create an encrypted notebook, not a must ;)

I do not know about legal aspects though, I am from Europe and these discussion are quite relaxed here...

Link to comment

I vote no. There are already programs designed to safeguard sensitive data, including various password managers.

I keep my sensitive data out of Evernote & in a TrueCrypted container. (Although I also keep my EN database in a TC container, too, in case my computer gets lost/stolen.) If I need to access something sensitive from my computer, I use Logmein on my iPhone & connect to the home computer.

BTW, I don't know why people often think Dropbox is so much more secure than Evernote. Any data you put into Evernote is just as secure as if it were in Dropbox. Dropbox talks a good story, but any data you put in Dropbox is not encrypted & safe from hackers (unless you do it yourself using WinRar or a TC container or something along those lines), since a separate encryption password is not used.

Link to comment
I vote no. There are already programs designed to safeguard sensitive data, including various password managers.

I keep my sensitive data out of Evernote & in a TrueCrypted container. (Although I also keep my EN database in a TC container, too, in case my computer gets lost/stolen.) If I need to access something sensitive from my computer, I use Logmein on my iPhone & connect to the home computer.

BTW, I don't know why people often think Dropbox is so much more secure than Evernote. Any data you put into Evernote is just as secure as if it were in Dropbox. Dropbox talks a good story, but any data you put in Dropbox is not encrypted & safe from hackers (unless you do it yourself using WinRar or a TC container or something along those lines), since a separate encryption password is not used.

That is exactly my point: there are various means to secure some specific data: several pw-managers for passwords, some note-managers for notes, some encryption software for all kind of files. Truecrypt pimps Dropbox, and so on. BUT: no chance to get a superb note manager like Evernote to secure all of your notes (and not just special ones for special purposes) as soon as the leave your client to be transmitted and stored in the cloud. At least I was not able to find one, that works at least cross platform between Mac and Win (Tips welcome!). One could have it all in one application and technically, it would not be that difficult to add encryption on a per notebook-basis...

Link to comment
That is exactly my point: there are various means to secure some specific data: several pw-managers for passwords, some note-managers for notes, some encryption software for all kind of files. Truecrypt pimps Dropbox, and so on. BUT: no chance to get a superb note manager like Evernote to secure all of your notes (and not just special ones for special purposes) as soon as the leave your client to be transmitted and stored in the cloud. At least I was not able to find one, that works at least cross platform between Mac and Win (Tips welcome!). One could have it all in one application and technically, it would not be that difficult to add encryption on a per notebook-basis...

True. And I'm still hunting for that Porsche that goes fast, jumps high, gets good mileage & doesn't cost me an arm & a leg in insurance & tags. :(

And really, please don't add your thoughts on whether something should be easy to implement or not. No one really knows unless you're intricately involved in EN development. Something that may be very, very easy to implement in one, two or three platforms may be problematic on the fourth. Anyone who's been in software development for more than a month has surely encountered situations where, "This should be just fine" and then it isn't.

Link to comment
  • 3 weeks later...
  • Level 5*

A search for "notebook passwork" turned up this thread: http://forum.evernote.com/phpbb/viewtopic.php?f=56&t=21039&p=89078&hilit=notebook+password#p89078 (there were others, but this one is pretty recent). The implication seems to be that notebook passwords are not 'on the list', or at least very high on it, but that may be a faulty interpretation on my part.

~Jeff

Link to comment

I desperately am looking for this option. I do keep some sensitive data in Evernote and having the ability to lock/encrypt notebooks so that they could not be accessed without the password would make things so much easier. I'm not going to go through each and every note I have in that notebook and select the text to encrypt it. That just isn't practicable.

Link to comment
I desperately am looking for this option. I do keep some sensitive data in Evernote and having the ability to lock/encrypt notebooks so that they could not be accessed without the password would make things so much easier. I'm not going to go through each and every note I have in that notebook and select the text to encrypt it. That just isn't practicable.

Then I would suggest something like a password manager would be a better option for your sensitive data. I use SplashID & you can store more than just passwords in them.

Link to comment

I have a password manager, I use LastPass - but I don't see how using LastPass can allow me to Clip a webpage, add data that might be sensitive / private, and protect it? Not to mention I don't want to use multiple programs.

I'm not talking about a note with a simple login/pw/credit card number, etc. The note may contain a great deal of data and information that I might not want accessed for whatever reason. Currently I keep them local only on a system that is locked down pretty well, but I would love to be able to have this information available to me for access and reference from another PC or via my smartphone as needed. Being able to create a secure notebook(s) which I can simply put this type of information and keep it sync'd would be very useful.

Link to comment
I have a password manager, I use LastPass - but I don't see how using LastPass can allow me to Clip a webpage, add data that might be sensitive / private, and protect it? Not to mention I don't want to use multiple programs.

I'm not talking about a note with a simple login/pw/credit card number, etc. The note may contain a great deal of data and information that I might not want accessed for whatever reason. Currently I keep them local only on a system that is locked down pretty well, but I would love to be able to have this information available to me for access and reference from another PC or via my smartphone as needed. Being able to create a secure notebook(s) which I can simply put this type of information and keep it sync'd would be very useful.

I use Logmein on my iPhone to connect to my home computer to access sensitive data, which is stored in a Truecrypted container. If I don't want someone to have access to it, I don't put it in Evernote, since it's not stored encrypted on the EN servers.

Link to comment
A search for "notebook passwork" turned up this thread: http://forum.evernote.com/phpbb/viewtopic.php?f=56&t=21039&p=89078&hilit=notebook+password#p89078 (there were others, but this one is pretty recent). The implication seems to be that notebook passwords are not 'on the list', or at least very high on it, but that may be a faulty interpretation on my part.

~Jeff

That's what it looks like to me too. Not sure why it's not on their list as everyone wants/needs security.

Link to comment
  • Level 5

That's what it looks like to me too. Not sure why it's not on their list as everyone wants/needs security.

Another Evernote comment:

  • It's on our list of things to consider, but we've been prioritizing features and fixes for things that don't have any other solution on the device, whereas this is a minor "nice to have" that largely overlaps with an existing capability of the device (phone-level pin lock).
viewtopic.php?f=45&t=20040&p=88116&hilit=list+other#p88116

Evernote already offers some powerful protection with text encryption and non-sync'd notebooks.

Other folks have added even more security with Truecrypt to protect their data.

Link to comment
Another vote for encrypted notebooks. I currently use a small truecrypt drive for my sensitive information and sync it to Dropbox. It would be nice to eliminate this and integrate into Evernote.

Evernote is just as secure as Dropbox. If you'd put it into Dropbox, there's no reason to not put it in Evernote:

viewtopic.php?f=38&t=20772&p=87405&hilit=dropbox#p87405

Link to comment
  • Level 5*

Yawn, it's pretty clear from the comments from Evernote staff who post on here that this isn't going to happen in the near future. If it's something that you require then it's probably best to look for another product.

Link to comment

PLEASE add some type of application launch password.

Call the new product "Evernote Professional" or "Evernote Enterprise" and charge more for it. I'd upgrade from my Premium account for this feature alone. No smileys here... I'm serious.

Keith

Link to comment
  • Level 5
Hear, hear. I will upgrade to a paid sub when per-note or even just per-launch passwords are implemented.

Per-note passwords (via encryption) are already here.

That is correct. And there are a variety of other security options available. Using non-sync'd notebooks is quite effective. Using the built-in PIN system available in most mobile devices is another method. SSL helps for WiFi use. There are several behind the scenes security procedures mentioned on the Evernote blog as well. And for very strong encyrption, there is TrueCrypt.

Link to comment

How complex can you make this? TrueCrypt, PGP, per note text encryption...

At a minimum there should be an Evernote startup passcode similar to the type that many other iPad/iPhone apps already have (Including Dropbox app, Goodreader app, etc.).

Yes, we all know about the iPad/iPhone's system passcode lock. That's not enough. If you don't know why, you probably don't have kids or colleagues who ask to use your cool device.

Keith

Link to comment
  • Level 5
How complex can you make this? TrueCrypt, PGP, per note text encryption...

At a minimum there should be an Evernote startup passcode similar to the type that many other iPad/iPhone apps already have (Including Dropbox app, Goodreader app, etc.).

Yes, we all know about the iPad/iPhone's system passcode lock. That's not enough. If you don't know why, you probably don't have kids or colleagues who ask to use your cool device.

Keith

Don't try the "my kids want to use my iPad without any supervision" excuse.

How complex? This webpage addresses your question. If Evernote was just supporting Windows desktops it would be one thing, but...

http://www.evernote.com/about/download/all.php

Link to comment

>>>>>Don't try the "my kids want to use my iPad without any supervision" excuse.<<<<

It's no excuse. It's life. I share my iPad with my children and friends.

My desire that the developer add an application passcode is not unreasonable. I am a premium customer and I like would like to see Evernote improve.

Lastly, the sarcasm and condescension in your reply is unnecessary.

Link to comment
It's no excuse. It's life. I share my iPad with my children and friends.

Then I would suggest you don't intall Evenote on a shared device. I treat my iPhone like a credit card & for the few times I hand it over to someone, I watch it like a hawk. I can see that an iPad may be a family/friends device. But then I wouldn't install email, contact info, calendar info, etc (anything you don't want someone messing with) b/c you don't know when someone may mess it up either intentionally or accidentally.

Link to comment
  • Level 5*
My desire that the developer add an application passcode is not unreasonable. I am a premium customer and I like would like to see Evernote improve.

It's not an unreasonable request, but Evernote doesn't seem to see the feature as a high priority for them. There's plenty of posts by Evernote folks on the forum that express their view; here's one: http://forum.evernote.com/phpbb/viewtopic.php?f=45&t=11237#p64939 (found it by searching on 'security engberg'; Dave Engberg is the Evernote CTO).

~Jeff

Link to comment
It's no excuse. It's life. I share my iPad with my children and friends.

Then I would suggest you don't intall Evenote on a shared device. I treat my iPhone like a credit card & for the few times I hand it over to someone, I watch it like a hawk. I can see that an iPad may be a family/friends device. But then I wouldn't install email, contact info, calendar info, etc (anything you don't want someone messing with) b/c you don't know when someone may mess it up either intentionally or accidentally.

Sigh...

Link to comment

Evernote is just as secure as Dropbox. If you'd put it into Dropbox, there's no reason to not put it in Evernote:

The main point I was trying to make was my desire to eliminate Truecrypt from the workflow. If the file is encrypted properly then I really don't have to worry about how secure it's storage location is. Also a 4GB encrypted drive file can't be shuttled to Evernote with their bandwidth restrictions hence my using Dropbox vs. Evernote.

Link to comment
  • Level 5*
.

The CTO needs to hear from all the premium customers who want improved security. If enough of us speak up the priorities will change.

There are plenty of us who couldn't care less about this.

(Yawn).

Link to comment
  • Level 5*
Yawn, it's pretty clear from the comments from Evernote staff who post on here that this isn't going to happen in the near future. If it's something that you require then it's probably best to look for another product.
Link to comment
.

The CTO needs to hear from all the premium customers who want improved security.

That's fine.

If enough of us speak up the priorities will change.

Not necessarily.

It's no excuse. It's life. I share my iPad with my children and friends.

Then I would suggest you don't intall Evenote on a shared device. I treat my iPhone like a credit card & for the few times I hand it over to someone, I watch it like a hawk. I can see that an iPad may be a family/friends device. But then I wouldn't install email, contact info, calendar info, etc (anything you don't want someone messing with) b/c you don't know when someone may mess it up either intentionally or accidentally.

Sigh...

Not sure why the sigh. Yes, I know you want a PIN on your EN for iDevice. But given the EN stance, I offered up what I do. Personally, I jailbroke my iPhone the first week I had it & added "Lockdown", so I can add a PIN to sensitive apps that don't have it. But again, I consider my phone like a credit card b/c I don't want anyone accidentally (or otherwise) getting into email, contact, calendar info. Plus, I just don't want it getting lost/stolen b/c that's just the way I am.

And yes, if I had an iPad that was considered a family & friends device, I would not put anything on it that was even remotely important to me b/c I don't want anyone accidentally deleting/changing contact info, calendar info.

I guess the other option is to keep adding +1's to the "YES I WANT A PIN CODE" messages about a feature EN has repeatedly said they will not do & continue to wait & hope that one is added...which may or may not ever happen... (shrug)

Link to comment

The main point I was trying to make was my desire to eliminate Truecrypt from the workflow. If the file is encrypted properly then I really don't have to worry about how secure it's storage location is. Also a 4GB encrypted drive file can't be shuttled to Evernote with their bandwidth restrictions hence my using Dropbox vs. Evernote.

Evernote files probably will never be encrypted. And certainly not in the near or not so near future. True encryption requires a password that the "host" does not have access to. If Evernote cannot get to your data, it cannot index your data. Indexing the data is part of Evernote's focus. They do allow non-sync'd notebooks, if you want them. Those notes are not indexed. If you want/need to store sensitive info in non-sync'd Evernote notebooks that you want to be somewhat portable, then yeah, you're going to have to put them onto a TC container in Dropbox (I've heard that's possible but haven't investigated it myself) or a WINRAR'd file (with password) in Dropbox or a TC container on a thumb drive (which is what I use for my netbook) or some other manner that involves "true" encryption.

Link to comment
Another vote for encrypted notebooks. I currently use a small truecrypt drive for my sensitive information and sync it to Dropbox. It would be nice to eliminate this and integrate into Evernote.

Evernote is just as secure as Dropbox. If you'd put it into Dropbox, there's no reason to not put it in Evernote:

viewtopic.php?f=38&t=20772&p=87405&hilit=dropbox#p87405

No offense, but instead of always simply "poo-pooing" what other people would like to see in Evernote, you may want to read thoroughly what they post first. They stated they use truecrypt to encrypt the files first before syncing to Dropbox. Outside of selecting all text you want encrypted, there is no way to accomplish this easily inside of Evernote.

I love Evernote, use it ALL DAY LONG, but not having password protected or encrypted notebooks is really a lacking security feature.

Link to comment
No offense, but instead of always simply "poo-pooing" what other people would like to see in Evernote,

Dude...I don't always "poo-poo" what others want. Just repeating what's been posted by Evernote CTO as well as explaining WHY the encryption probably will never be added. I would think you'd find that good to know.

you may want to read thoroughly what they post first. They stated they use truecrypt to encrypt the files first before syncing to Dropbox. Outside of selecting all text you want encrypted, there is no way to accomplish this easily inside of Evernote.

If he meant he sends the Truecrypt container to Dropbox, then I misunderstood. My bad.

Link to comment

Seems to me there currently are two options one can use to resolve the 'security' problem for Evernote:

  • 1. Log out of your Evernote account after you've used it; or
    2. Put a passcode on your mobile device/Require a password to wake your computer from sleep

I go for the latter option so that I have as much control as I can over who can access my data on my iPad/iPhone. And with iOS 4.2 it's possible to use a more secure password than the four digit passcode. And if I want to let someone play with my iPad I log out of Evernote so they are unable to access the data on it.

Link to comment
  • Level 5*
Yawn, it's pretty clear from the comments from Evernote staff who post on here that this isn't going to happen in the near future. If it's something that you require then it's probably best to look for another product.
Link to comment

New EN user here who jumped the gun and signed up for premium before I discovered these gaping security limitations. Had I known there were no usable encryption features, there's no way I would have upgraded to premium. To me encryption is a MUST for any online storage/collaboration service, so I just assumed it was built into EN.

I keep ALL of my documents in EN, including bank statements, tax returns, etc...totally paperless household. Because I use it like this, ALL of my notebooks are local only. I would really like to have access to my documents from all of my devices, and I would also really like the safety net of having them stored "in the cloud". For this to happen, EN needs to encrypt my files on their servers using a custom key, at a minimum. I don't care about the notebooks not being locally encrypted, but for me it's a deal-breaker if the files are not encrypted when in the cloud.

Even if I have to give up bells and whistles like OCR due to the EN cloud servers not being able to open an encrypted file, that's fine with me. I use EN to organize, and remotely access my docs, that's it. I can't dream up a reason why I'd ever need the OCR feature, since I can find anything I want quickly within my notebook tree.

Just my two cents....

Link to comment
New EN user here who jumped the gun and signed up for premium before I discovered these gaping security limitations. Had I known there were no usable encryption features, there's no way I would have upgraded to premium. To me encryption is a MUST for any online storage/collaboration service, so I just assumed it was built into EN.

EN does include encryption for text. I think (emphasis on think), encrypted PDFs are ok, too. If that doesn't suit your needs, you may want to take a look at Jungle Disk. There's even an iPhone app, to access your JD files from your phone. (Maybe other mobile devices but I don't know.) However, I would recommend you do some due diligence next time, to insure whatever app you go with, suits your needs.

Link to comment
Seems to me there currently are two options one can use to resolve the 'security' problem for Evernote:

  • 1. Log out of your Evernote account after you've used it; or
    2. Put a passcode on your mobile device/Require a password to wake your computer from sleep

I go for the latter option so that I have as much control as I can over who can access my data on my iPad/iPhone. And with iOS 4.2 it's possible to use a more secure password than the four digit passcode. And if I want to let someone play with my iPad I log out of Evernote so they are unable to access the data on it.

Absolutely. If you just Logout of your account on iOS your offline notebooks are still retained by Evernote but you can't access them without typing in your password. Not sure what other type of security you'd like added?!

Link to comment

I already use Jungledisk to backup my files in bulk. It's fantastic for that, and meets all my security requirements, but it doesn't have the presentation layer that EN does. Sounds like I might have to sacrifice a bit though...

Link to comment
I already use Jungledisk to backup my files in bulk. It's fantastic for that, and meets all my security requirements, but it doesn't have the presentation layer that EN does. Sounds like I might have to sacrifice a bit though...

FWIW, I use Jungle Disk and Evernote. I've used Jungle Disk since it was a free app. (Four years? Five?) This post explains how I think they complement each other.

Link to comment
  • Level 5
Dumb noob question/comment, but would the encryption feature do it for you guys? It's my understanding that sensitive parts of a note ie a password or account number can be encrypted.

Encryption of a phrase, password, PIN, SSN# or account number is a powerful way to protect your sensitive data.

But there are some users who want a notebook (or entire database) locked down using software built into Evernote.

The only effective solution for entire notebook or database encryption I have seen is with a 3rd party program such as TrueCrypt.

Link to comment

I'd like to add my +1 to the OP's post. I actually came here to see if Evernote has implemented these features yet.

This is why I now use Simplenote + Notational Velocity. I lose some on the multimedia features, but my notes are safely encrypted on my work machine and the passphrase isn't save in the Keychain. My personal stuff is synced to my work machine still, but it's all but impossible to retrieve.

I don't have any convenient option on Evernote to dictate which notebooks I do or don't want to sync to a particular machine. In my specific case, I do want my personal notebooks synced to my personal computer, but not to my work computer. I do want my work notebooks synced to my work computer, but not my home computer. I want all my notebooks synced to my iPhone, and laptop.

Link to comment
  • 1 month later...

This would be a nice feature. For example, If I wanted to take a photo of a sensitive document ie W2, Credit Card, Bank Statement etc. There's really no "text" to encryption but you wouldn't want just anyone looking at the photo. But the question remains, just how secure is Evernote?

Link to comment
This would be a nice feature. For example, If I wanted to take a photo of a sensitive document ie W2, Credit Card, Bank Statement etc. There's really no "text" to encryption but you wouldn't want just anyone looking at the photo. But the question remains, just how secure is Evernote?

This topic has already been discussed at great length. Please search the board on "security". The "wide open databases" thread is lengthy but pretty much covers all aspects of the topic.

Link to comment
Does that really matter Burger & Fries. So what if I want to reply to a post thread that I took the time to read. Leave me, and my posts alone.

Yes, it matters. You've posted about something that has already been discussed at great length & I pointed this out to you. No need for you to be rude.

(And no, my post is not off topic. It's very much ON topic, AAMOF.)

Link to comment
  • Level 5
This would be a nice feature. For example, If I wanted to take a photo of a sensitive document ie W2, Credit Card, Bank Statement etc. There's really no "text" to encryption but you wouldn't want just anyone looking at the photo. But the question remains, just how secure is Evernote?

Yes, it would be a nice feature. I can encrypt my social security number in text but not a photo of the actual SS card. But photo encryption it is not available. So it becomes a judgment call on your part. The marketing manager at Evernote puts his tax returns on his Evernote account. Other people rely on a 3rd party encryption system to protect their data. The rule of thumb is that if you are comfortable sending the image through a service like GMail, then you can be comfortable with Evernote.

Link to comment
I just don't think I would upload that much sensitive info in my notebook without knowing how secure it is. .

Like I said above, this is discussed already, in other threads. You can research it yourself, in the existing threads, if you want. Most of us who volunteer our time to help on this board are not particularly interested in reposting info that has already been posted many times before. Especially when there is quite a bit of info to cover, as is the case with this topic.

Link to comment
  • Level 5
Yeah, I agree and good point. I just don't think I would upload that much sensitive info in my notebook without knowing how secure it is. Plus, I wonder if you can use a password protected PDF. Haven't tried that but at least it would be one "layer" of protection.

Yes, a password protected PDF can be added to Evernote.

Link to comment

Hi there,

I just have a quick question. I wanted to relocate my Evernote database to an encrypted TC container file using this tutorial, but actually after trying to assign the new drive character, it only creates an empty "Database" folder, but doesn't move the files!

a. Do I have to move the files manually myself? (As EN seems to refuse to use the new path otherwise?)

b. Did I make any error, e.g. do I have to put a full path into the new container? (Or rather the local dropbox path "C:\..."?)

c. Could it be anyhow connected to the fact that the container itself currently resides inside my Dropbox?

The container is of course large enough, being around 200 MB, while my database is around 90 MB.

Thanks for your help in advance!

Link to comment

Hi, I was wondering if there is any way to use Windows 7 built-in encryption feature to encrypt the Evernote database. For more information about this feature, see: http://mintywhite.com/windows-7/7security/encrypt-files-hard-drive-windows-vistaseven/.

Which folder would I need to encrypt? Are there any problems by using this method that you can foresee? Is this as secure of an encryption as something such as TrueCrypt?

Link to comment
  • Level 5

Sorry I don't have an answer to your question. But this question has prompted a question of my own: Why the desire to store your entire EN database on an encrypted TrueCrypt container? If there is sensitive information in there, you do realize that the EN staff have access to it right? Things you put in EN are not "private".

Here's an important excerpt taken directly from the company's privacy policy:

As a rule, Evernote employees do not monitor or view your personal information or content stored in the Evernote service, but it may be viewed if we learn that our Terms of Service may have been violated and confirmation is required, or we otherwise determine that we have an obligation to review it...

This is a (nice?) way of saying that EN basically has complete, unfettered access to your data. Exactly how and who determines when EN "has an obligation" to review your personal data? I would assume that any reasonably high-level employee can simply log on to their servers and start banging away at it, without requiring any sort of court intervention, subpoena or even notifying the user. If I am wrong about any of this please do correct me.

Link to comment
  • Level 5

This is a (nice?) way of saying that EN basically has complete, unfettered access to your data.

If I am wrong about any of this please do correct me.

The same can be said about Google, GMail, Yahoo, etc. Evernote has been very open about their security.

As I recall from one of the Evernote podcasts, even the CEO does not have access to your data.

From the Evernote blog: "When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel. Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers. Your login information is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems."

Link to comment
  • Level 5
Well if you think that locking a server in a cage protects the data inside it, then I guess you wouldn't mind locking your PC in a similar cage and emailing me the IP address & administrative password? :shock:

Why don't you go and troll on the Google website for a while?

Link to comment
  • Level 5

Whoa, take a deep breath. I wasn't trolling nor was I attacking you. I was trying to point out a flaw in the OP's logic (if his intent was to shield his personal or private information). I am an avid EN user, and I love the product. But I think people these days are generally quite uninformed about privacy & security, especially with regard to web services such as EN and how their data might be used or shared. Facebook is of course the textbook example, but it applies to EN as well. Some people are undoubtedly putting sensitive information in their notebooks, and they might not be aware that this is being stored in unencrypted form.

Link to comment
Hi there,

I just have a quick question. I wanted to relocate my Evernote database to an encrypted TC container file using this tutorial, but actually after trying to assign the new drive character, it only creates an empty "Database" folder, but doesn't move the files!

a. Do I have to move the files manually myself? (As EN seems to refuse to use the new path otherwise?)

b. Did I make any error, e.g. do I have to put a full path into the new container? (Or rather the local dropbox path "C:\..."?)

c. Could it be anyhow connected to the fact that the container itself currently resides inside my Dropbox?

The container is of course large enough, being around 200 MB, while my database is around 90 MB.

Thanks for your help in advance!

I have my EN database in a Truecrypted drive. All you have to do is go to tools/options/general tab & change the location of the database. EN should move the file(s) for you. I don't have my TC'd container in Dropbox, but that shouldn't matter.

Why the desire to store your entire EN database on an encrypted TrueCrypt container? If there is sensitive information in there, you do realize that the EN staff have access to it right? Things you put in EN are not "private". .

Although EN conceivably has access to my database, I'm sure there are regs & security in place to prevent an employee from casually perusing my data. If anyone seems to think EN would casually allow employees "unfettered access", then I would suggest they simply not use EN. I can't imagine why anyone would want to use their product if that's how they felt about the company.

Having my EN database in a TC'd container is to prevent someone who accesses my computer (either with or without my consent) from being able to access my EN database.

I do not store sensitive info in my EN database b/c the data on the EN servers is not encrypted. Therefore, in the rare event that the EN servers were to get hacked, all the hacker would find in my account is boring information like why I chose one set of martini glasses over another, what I packed for my latest vacation, my email archive, scans of letters/cards I've received and written over the years, blah, blah, blah.

Link to comment
I have my EN database in a Truecrypted drive. All you have to do is go to tools/options/general tab & change the location of the database. EN should move the file(s) for you. I don't have my TC'd container in Dropbox, but that shouldn't matter.

Thanks BurgersNFries for your answer.

Sadly exactly that doesn't work! Do I have to move the EN database file first and rewrite the path in some *.ini?

This is what I had to do for Thunderbird and Postbox 2. I use Evernote v."4.2.2.3900 Public" by the way.

@tjanke42: You are of course right and this was kind of without thinking about it properly (and late at night). I'll just store the container nearby the original database place...

Link to comment

I too store my Evernote database in a Truecrypt container on ALL the PCs on which I have Evernote installed. If anybody accesses that computer or steals my equipment then they don't get ready access to my data. I even have my Dropbox within my Truecrypt container. I start Truecrypt then once I've mounted the container as a drive I fire up Evernote and Dropbox which are both configured to access their files inside my Truecrypt container. Takes a bit longer to get things going but it blocks against casual access quite satisfactorily I think.

I don't store sensitive information in either Evernote or Dropbox, I just want to protect it against physical access to the computer.

Link to comment

*edit* First of all, Tufty I still can't move my EN directory, do you have any tips as you use it successfully? I mounted the thing and try to change the drive letter in the EN settings, but it won't move the *****!...

I even have my Dropbox within my Truecrypt container.

Hmm, already read this several times and thought about it. But is this so crucial to you, that you let go the possibility of mobile access of data either useful to you at this moment or critical?

For example: If I'm on the go, I might want to dive into this or that PDF file I've got in my dropbox (because I'm bored in the train or airport and have no laptop handy) or even NEED this PDF file (to look at it or further process), in this case you won't give any access to your mobile? Or would you on the opposite give full access to your smartphone (all cases assuming you own one :D), i.e. the smartphone being the weak spot?

I personally don't care about most of my data in the dropbox, I even didn't yet encrypt any personal data there (in my data folder), as it's either highly or lightly password protected. But I'll think about it, as I don't access it often. BUT for me it is important that SOME data do not in any case get accessed via web or mobile! So these data is encrypted in volumes, which I can only mount from my desktop PC. Hope this'll work well.

Link to comment

I was just reading through this...just giving my 2 cents:

Frankly, this discussion animated me to put even more risky stuff into Evernote. :D Why?

Erm yeah, maybe because "trust EN > trust iPhone". Before the stuff was all on my iPhone camera roll. I mostly photographed a lot of personal and medical information, as I finally got myself a proper smartphone last year. But this isn't secure at all! The thing is: I did this in the first place because I might + will need this information some time! (Heard people getting away from a alcohol police control by showing their ID photographed on their iPhone :lol:)

So before I either didn't have it or had it plain accessible via my iPhone, only secured by my PIN.

The problem is, even Roboform does not have an option to store pictures or related. I don't know about LastPass etc., maybe someone can tell me more. So yeah, the only weak point at the moment is my phone. So of course I need to take care of my smartphone like the holy grail, even under influence of drugs and girls. :lol:

And the Evernote iPhone App. Can you please offer an additional layer of security like asking for yet another PIN (maybe six numbers, not only four)? Ok I could just log-out every time, and re-login, but I'm too lazy for that frankly. :D Admittedly I also don't even know my Evernote password :shock: because my otherwise tight security system ;) only used long, highly secure passwords that I mostly don't personally know and are only stored inside my password managers!...

Link to comment
Sadly exactly that doesn't work! Do I have to move the EN database file first and rewrite the path in some *.ini?

.

No, like I said (and is explained in the tut you linked to), you just move the location in the tools/options dialog box. If this isn't working for you, you're going to have to be more specific about the symptoms and/or error messages.

I too store my Evernote database in a Truecrypt container on ALL the PCs on which I have Evernote installed. If anybody accesses that computer or steals my equipment then they don't get ready access to my data. I even have my Dropbox within my Truecrypt container. I start Truecrypt then once I've mounted the container as a drive I fire up Evernote and Dropbox which are both configured to access their files inside my Truecrypt container. Takes a bit longer to get things going but it blocks against casual access quite satisfactorily I think.

I don't store sensitive information in either Evernote or Dropbox, I just want to protect it against physical access to the computer.

I do this exact same thing with both EN & Dropbox. Yes, it does slow down the start up process a bit, but a small price to pay for the added security, IMO.

Hmm, already read this several times and thought about it. But is this so crucial to you, that you let go the possibility of mobile access of data either useful to you at this moment or critical?

For example: If I'm on the go, I might want to dive into this or that PDF file I've got in my dropbox (because I'm bored in the train or airport and have no laptop handy) or even NEED this PDF file (to look at it or further process), in this case you won't give any access to your mobile?

I don't know what you mean by this. You seem to be thinking if the Dropbox folder on a laptop/desktop is encrypted, that you cannot access the files in the Dropbox from a mobile device? If that's what you're thinking, that is not true. That's the point of Dropbox (and Evernote.) If those files are encrypted in a non-mounted TC container on my desktop, I can still access the files from my iPhone, using the Dropbox app. (You do have to insure that if you make any changes on the laptop/desktop that they do get sync'd up to the Dropbox cloud before closing Dropbox & un-mounting the TC container, of course.)

Link to comment
It's funny that the new Evernote home page shows an image of a "litigation argument" being stored in Evernote:

[attachment=0]tmp.jpg[/attachment]

If only files adding in Evernote looked this beautiful, and the fact that you could add a caption to it with the filename displayed on the file. *Dreams*

Link to comment
Sadly exactly that doesn't work!

No, like I said (and is explained in the tut you linked to), you just move the location in the tools/options dialog box. If this isn't working for you, you're going to have to be more specific about the symptoms and/or error messages.

Dear BurgerNFries, I know that. Yes it isn't working.

I immediatly explained the symptoms in my first post.

1. A "Database" folder is created in the directory of the TC container.

2. But the files are not moved and

1. the old path persists in the EN settings.

It seems I should file a support ticket? v.4.22 is not beta anymore, or is it just "public beta"?

PS: Sucks that there is no RSS feed for forum threads available. ;p

Link to comment
  • Level 5

philipp-grunwald,

Please open Help/Activity Log, try moving your database using Tools/Options/General dialog and check if there are any errors reported in the log. They may help you to resolve the issue. If not, you can move your Evernote file manually using the following procedure:

1. Find out current location of Evernote data files checking the Tools/Options/General "Evernote local files" entry field

2. Completely shut down Evernote using File/Exit

3. Move all Evernote folders from current location to a new one...

4. Change HKCU\Evernote\Software\Evernote\Evernote\EvernotePath registry value to point to a new location

For example, if Evernote files are at the default location:

C:\Users\\AppData\Local\Evernote\Evernote

... you move folders Databases, Logs, AutoUpdate, Dicts from above to:

X:\Evernote files

... and set EvernotePath registry value to:

X:\Evernote files

Hope this helps. Please let us know the error that prevents Evernote from moving its files using Tools/Options/General. Evernote uses the standard shell service to copy its files, so be careful: Windows may have the same problem when you copy those files manually.

Thank you,

/Peter

Link to comment

Log details:

00:31:26 [10984] Changing Evernote files location to: I:\

00:31:27 [10984] Closed database: C:\Users\\AppData\Local\Evernote\Evernote\Databases\.exb (102MB +0B)

Log closed on 2011/02/21 00:31:27 (UTC+1:00)

Log opened on 2011/02/21 00:31:27 (UTC+1:00)

00:31:27 [10984] Could not copy Evernote files, SHFileOperation() call returned 183

00:31:27 [10984] Opened database: C:\Users\\AppData\Local\Evernote\Evernote\Databases\.exb (102MB Fixed)

That is all I got. And yeah, I noticed some issues with moving files in general today, as I was moving a lot of files (into TrueCrypt and otherwise).

*edit* Older log entries (with different error messages):

Log opened on 2011/02/19 22:31:34 (UTC+1:00)

22:31:34 [10104] Could not copy Evernote files, SHFileOperation() call returned 5

22:31:34 [10104] Opened database: C:\Users\\AppData\Local\Evernote\Evernote\Databases\.exb (84.3MB Fixed)

22:31:49 [10104] Changing Evernote files location to: I:\

22:31:50 [10104] Closed database: C:\Users\\AppData\Local\Evernote\Evernote\Databases\.exb (84.3MB +0B)

Log closed on 2011/02/19 22:31:50 (UTC+1:00)

By the way, I wonder where the plus 15 MB in just two days come, but I think it's due to some photo entries from my iPhone...

Link to comment
Evernote files probably will never be encrypted. And certainly not in the near or not so near future. True encryption requires a password that the "host" does not have access to. If Evernote cannot get to your data, it cannot index your data. Indexing the data is part of Evernote's focus. They do allow non-sync'd notebooks, if you want them. Those notes are not indexed.

I agree that password protected files couldn't (shouldn't) be indexed, that is what I would expect. But I don't see the non-sync'ed folders being a good workaround. My coworkers and I want to collaborate on company-sensitive docs through the sharing feature, so we'd want our notes to be sync'ed. (And I'd also like to pw-protect some files, yet access them both from iPhone and my laptop.)

I guess because both the iPhone app and the Mac client EN never log us out (and if I'm wrong about this, please let me know how I can be prompted for my password each time), I'm leery because as long as you have access to my device, you have access to my entire EN (yes..I do have a wake-from-sleep PW and autolock, but still...) Seems to me a PW at the app level, or at the note level, is a reasonable request. (Regarding the Dropbox comment, yes my Dropbox volume is always mounted, but I am able to store pw-protected pdf's and office docs on it, for the added security).

One question: if we have a PW-protected pdf that we attach to an EN note, is the PW feature preserved? And can work with LiveUpdate, etc? Maybe that is the way to go: the EN note itself isn't pw-protected, but the pdf attachment is? ****Oh, I see that this was answered in a note I hadn't gotten to yet.***

I'm an EN noob, so if I understand something incorrectly here, please set me straight! Thanks,

Karen

Link to comment

Idea: Is it possible that you have mounted a _removable_ drive with truecrypt but the evernote-database needs a _fixed_ drive? Some programs don't allow saving their data to removable drives, especially true databases.

I had the same issue with truecrypt and another program some time ago and the "trick" was to mount the drive with a parameter so that it is mounted as a fixed drive because the standard-mout of truecrypt is a removable drive.

Link to comment

I was checking the DropBox software and, to be honest, It has no relation to what you can do with Evernote.

EN, as long as I have been using it, was made so you can take quick notes, remember things that you ussually wrote on you Cellphone, Papers, Notes, etc, and make them easy searchable with the help of Tags, Notebooks, Text-Image Searching and a lot more.

By the other hand, DropBox is a great option if you want to share and store ANY kind of data and have access to that files wherever you go, instead of bringing USB's, Store Devices or Emails of your files. But the little I have checked up, DropBox doesn't have the ability to quickly search your notes by specific notes and it entirely depends on a Folder on your computer, so it's like the server is ALWAYS checking your Folder computer. To me, that's a lot riskier than what EN does.

That's my opinion. I also have some case-sensitive data stored on my EN account, but I try to keep them as safe as possible with little tricks (Don't name the file or Notebook as obvious as it could be, putting "hints" of the word instead of the actual word, if they're PDF files have a Password option, etc)

But seriously, DON'T PUT YOUR BANK ACCOUNT ON EVERNOTE. In fact, don't put it on a place where someone can have access on it, it's like leaving a bunch of money right on the Dinner Table of your house. Even if is your house, leaving it on a place where anyone that can enter your house can see it is insane.

Link to comment

mrossk, good point. It's not true though that TC mounts as removable drive as default, yet I think I had it activated on several containers.

But I deactivated it anyways, because there was not much usage except for WinAmp *buh* bugging me to "manage" these drives. -.-

Yet sadly this didn't help, I checked again and got the first error message posted above again when looking into the log file.

I'm a bit unhappy that no one seems to care though, I mean I provided the log content and description and am ready to deliver more stuff if necessary, yet I need some kind of input from the Evernote Pro's/Devs!

Link to comment
I'm a bit unhappy that no one seems to care though, I mean I provided the log content and description and am ready to deliver more stuff if necessary, yet I need some kind of input from the Evernote Pro's/Devs!

Did you submit a support inquiry? (Toward the bottom of the help/support page.) If so, you would have received an auto reply email with a case number. If you post the case number here, one of the EN employees can follow up on it.

Link to comment
Did you submit a support inquiry?

*edit* Case-ID: 198434

I didn't expect this to be such a big deal. I just thought it was still my fault (human error ;)).

While I wonder how this should change anything, as I currently have only the above information to submit anyways...

By the way, imho using the forum also has an advantage for Evernote, this way they don't need to reply to the same stuff over and over again, as this thread is accessible to the (registered) public and not just in my (encrypted :P) e-mail folder!

Link to comment

Hi guys, I wish we could password protect out evernote account on our Mac/pc. I share both my macs with my family and even with different user accounts, other administrators can access my evernote notebooks. Anyone know of a way of locking my evernote files from other administrators? If not, how about password protecting local notebooks or accounts on your drives like OneNote does.

Thanks! :P

Link to comment

The Windows built-in encryption has the following limitations, so I'd say no it's not as good a TrueCrypt, especially the one about copying to a non-NTFS volume (eg. FAT) decrypts the file! These are from here:

http://www.microsoft.com/resources/docu ... x?mfr=true

Only files and folders on NTFS volumes can be encrypted. Because WebDAV works with NTFS, NTFS is required when encrypting files over WebDAV.

Files or folders that are compressed cannot also be encrypted. If the user marks a file or folder for encryption, that file or folder will be uncompressed.

Encrypted files can become decrypted if you copy or move the file to a volume that is not an NTFS volume.

Moving unencrypted files into an encrypted folder will automatically encrypt those files in the new folder. However, the reverse operation will not automatically decrypt files. Files must be explicitly decrypted.

Files marked with the System attribute cannot be encrypted, nor can files in the systemroot directory.

Encrypting a folder or file does not protect against deletion or listing files or directories. Anyone with the appropriate permissions can delete or list encrypted folders or files. For this reason, using EFS in combination with NTFS permissions is recommended.

You can encrypt or decrypt files and folders located on a remote computer that has been enabled for remote encryption. However, if you open the encrypted file over the network, the data that is transmitted over the network by this process is not encrypted. Other protocols, such as Single Socket Layer/Transport Layer Security (SSL/TLS) or Internet Protocol security (IPSec), must be used to encrypt data over the wire. WebDAV, however, is able to encrypt the file locally and transmit it in encrypted form.

Link to comment

I'd like this feature as well. It seems strange that I can't keep notes secure within the application. I migrated to Evernote from Google Notebook but because of this I might be moving back...

Link to comment
It seems strange that I can't keep notes secure within the application. I migrated to Evernote from Google Notebook but because of this I might be moving back...

Evernote's focus is to allow you to quickly retrieve info. Encryption would prevent your notes from being searchable. (That's the Cliff Notes version.) Please search the board on 'security' if you want more information, since this topic has already been discussed a lot.

Link to comment

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...