Jump to content

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing


Recommended Posts

Hi there,

in terms of data security, how do you guys out there think about encryption for Evernote's database(s) and the connection used for syncing through the web ?

I could imagine to store _all_ of my stuff in the cloud but still have concerns regarding sensitive documents e.g. salary checks, contracts and think it's worth thinking about increasing security up to a level that is even common for e-mail, online banking and shopping already these days.

Ciao for now,

Michael

Link to comment
  • Replies 786
  • Created
  • Last Reply

Hi there,

in terms of data security, how do you guys out there think about encryption for Evernote's database(s) and the connection used for syncing through the web ?

I could imagine to store _all_ of my stuff in the cloud but still have concerns regarding sensitive documents e.g. salary checks, contracts and think it's worth thinking about increasing security up to a level that is even common for e-mail, online banking and shopping already these days.

Ciao for now,

Michael

Regarding the connection used for syncing, last I knew Evernote uses SSL:

Regarding database encryption...discussed at great length already on the board. Please search the board for more info.

Link to comment

using tcpview I only see EN using high ports for syncing the database but did not know it's encrpyted already.

Anyway, you're right BurgersNFries, according to this http://discussion.evernote.com/topic/13393-firesheep/page__st__20#entry76780 it looks like EN uses SSL.

Regarding local encryption I found another post here on how to use TrueCrypt for encrypting your database http://www.40tech.com/2009/09/01/4-steps-to-secure-evernote-on-a-shared-computer/

This one describes on how to encrypt specific notes using EN onboard tools: http://techie-buzz.com/how-to/encrypt-password-protect-evernote-notes.html even though to date it only works for plain text in one single note it already goes in the right direction. I think I'll wait and see what's gonna happen instead of setting up crazy batch script-controlled TrueCrypt stuff.

Link to comment

The issue likely has more to do with the business model. Most people who want encryption want it because they want to be able to upload documents, notes, etc... Part of the business model for free storage, relies on their ability to scale effectively. Its likely to accomplish this, they use storage deduplication at some level (e.g. file, byte, etc..). Offering encryption at the file level would likely break or radically erode the storage value prop if they are doing deduplication.

That said, they could offer a premium service over and above what they offer now, but its not clear how they would do this architecturally.

Not sure if this is the case, just some thoughts.

Greg

Link to comment
  • 1 month later...

Today I have discovered that Evernote is completely insecure. The text bellow refers to Evernote for Windows, but it may apply to other versions, too.

Here is how to test for the HUGE security problem in Evernote:

1. Log out of the Evernote by using the File - Sign out menu item.

You would think your Evernote is secure now, and that someone who has access to your computer can't see your personal stuff you stored in Evernote because they don't know the password. Right? This is a perfectly reasonable expectation.

In fact, there is a method of accessing your private Evernote data in less than 1 minute, provided the person has access to your PC. Just follow the next steps:

2. Cut the Internet connection. This can be done physically by unplugging your modem or network card (just pull the cable out), or in software by disabling your WiFi connection. Someone knowledgeable can do this in less than 10 seconds, it is very easy.

3. Start the Evernote application. You will be prompted for a password.

You think your data is protected by the password? WRONG!!! Think again!

4. Enter the name of your account and ANY made-up password... a reasonably long password. Such as "tralalalalalablablabla"...

Evernote will complain it can't connect to the Evernote servers, and will offer you to "open the local database"... click on the Open button that appears.

Voila! Your precious data stored in Evernote is completely available to anybody who has access to your computer for a few minutes. Which happens quite often - your boyfriend or girlfriend, your boss, your friend can access the PC for a few minutes.

I have also found out that the data is stored unencrypted on disk, in a SQLite database. So even if they fix the huge security problem I described, if they keep the data unencrypted, someone a bit more knowledgeable can easily load the SQLite file in Notepad and read the information you stored in Evernote.

In my opinion this is completely irresponsible from the Evernote company. And it is completely avoidable:

- they could encrypt the local data on disk using a good algorithm such as Blowfish

- they could store a checksum or hash of your password, and check if the password is correct even if offline

Both measures sdhou.

I have almost 300 notes stored in Evernote, and I was confident they can't be accessed by someone working on my PC because I thought Evernote was secure. I will move all my data to Google Docs during the next few days and will quit using Evernote. I want my data to be secure and not exposed to people that I allow to work on my PC.

Before this shocking discovery which I made by mistake (my Internet was down) I was considering purchasing Evernote Premium.

Evernote staff, if I was you, I would consider this a MAXIMUM PRIORITY issue. It is very serious.

Link to comment

I am moving away from Evernote for this reason. I just discovered you can open all the notes without knowing the password if the internet connection is offline (or if you cut it by pulling out the cable).

This is a horrible security hole.

Link to comment

I am moving away from Evernote for this reason. I just discovered you can open all the notes without knowing the password if the internet connection is offline (or if you cut it by pulling out the cable).

This is a horrible security hole.

No, this is not a security hole.

Regarding the connection used for syncing, last I knew Evernote uses SSL:

http://discussion.ev...__20#entry76780

Regarding database encryption...discussed at great length already on the board. Please search the board for more info.

Link to comment
  • Level 5*

Today I have discovered that Evernote is completely insecure. The text bellow refers to Evernote for Windows, but it may apply to other versions, too.... Evernote staff, if I was you, I would consider this a MAXIMUM PRIORITY issue. It is very serious.

Hi. Welcome to the forums. On the Mac, your data is even more easily accessible by simply clicking on the Spotlight icon and searching! I consider this a nice feature myself :)

http://www.princeton...ght-search.html

I appreciate your effort to inform other users, and this gives us an opportunity to talk about security. The "solution" to the "problem" is to take responsibility for your stuff by securing your data. It's free and easy to do. You can create separate user accounts on your computer and encrypt your drive. If you do these two simple things, which everyone really ought to be doing, then you don't have much to worry about with any of your data (emails, browsing history, downloaded files, work documents, etc.).

Of course, Evernote has commented on how the logout procedure works in Windows.

http://discussion.ev...bal/#entry10279

They have also talked about application locking.

http://discussion.ev...ote/#entry31680

They recommend relying on the tools you already have available to secure your data.

http://discussion.ev...bal/#entry10342

They have also talked about privacy and security for sensitive data you don't want on the cloud.

http://blog.evernote...y-and-security/

And, for the adventurous and tech savvy, they have even offered unsupported suggestions for encryption solutions on the Mac.

http://discussion.ev...ent/#entry39293

As for Google Docs, is that password protected on your computer? As I recall, you cannot even access them when offline (did they finally get an offline editor?), but everything in your GDrive is totally accessible, so I don't think your original solution of leaving the Evernote service is going to work well for you.

Link to comment
  • Level 5*

I am moving away from Evernote for this reason. I just discovered you can open all the notes without knowing the password if the internet connection is offline (or if you cut it by pulling out the cable).

This is a horrible security hole.

Dan, please see my response to your thread here.

http://discussion.evernote.com/topic/32485-i-have-discovered-evernote-is-completely-insecure/#entry175661

As BNF said, it is not a security hole, but how the application is designed. It is good that you have a sense of how it works, so you can secure your data to fit your situation.

Link to comment

Yes, I understand and appreciate your opinion. In my opinion, the Evernote company should FIX the problem instead of just acknowledging and documenting it and claiming it's not a problem.

Because the problem exists and is completely fixable.

Many of the things you say are inconvenient and can't be done in many cases. For example, yes, in some cases you can create a Guest account on your PC. But what if the person you need to give access to your PC needs an administrator account? For example, a programmer who needs to install some tools temporarily. Or a boss - the boss comes and says "I need to work on your PC for 15 minutes" - you may not be able to switch to a Guest account. Or it could be a boyfriend or girlfriend, or a nosy parent or child who works on the same PC and wants to install games.

Keep in mind that no matter whether the data is stored locally or in the cloud, it CAN be made secure using encryption (at least for the documents which are not shared). An example of a secure cloud solution would be LastPass.

Evernote uses SQLite. There are encryption extensions for SQLite, which the Evernote developers could use to secure the local database. Also, with the kind of funds that Evernote keeps raising (just read TechCrunch and you'll see) they could just hire a developer to add encryption to SQLite (if the existing extensions are not good enough). This is inexcusable.

As a result of this discovery I am uninstalling the Evernote app from my PCs, phone and tablet and will move my documents to Google Docs during the next week.

Link to comment

Yes, I understand and appreciate your opinion. In my opinion, the Evernote company should FIX the problem instead of just acknowledging and documenting it and claiming it's not a problem.

Because the problem exists and is completely fixable.

Again, it's not a problem. And it's not "fixable". If your data were truly & securely encrypted, EN would not have access to the encryption password & therefore would not be able to index your notes.

As a result of this discovery I am uninstalling the Evernote app from my PCs, phone and tablet and will move my documents to Google Docs during the next week.

That's fine & certainly your choice.

Link to comment
  • Level 5*

Nice rant/handwringing exercise, Dan. Way to go. Now if we can get the 2FA gang in here, we can have a real party.

Well, unfortunately, you forgot step 0, which is LOG OUT OF YOUR ACCOUNT BEFORE LETTING SOMEONE ELSE HAVE ACCESS TO YOUR COMPUTER.

Evernote may or may not be insecure, but for goodness'sake, don't give away the game yourself. Once you let people into your house, unsupervised, what's stopping them from raiding your fridge? Or wrecking your furniture? Want security? Then at least use your computer in a secure manner. All those "excuses" you give for letting someone have access to your account are really excuses for not using your computer securely. Or not learning to create separate accounts for other users. Security is inconvenient; if you want it, you need to deal with the inconvenience. If you don't want to deal with the inconvenience, then your stuff will be insecure. And that's on you.

And if you move on to Google Docs, good luck. But if you don't fix the problem you have with not logging out properly, that will be just as "insecure" as this situation.

Link to comment
  • Level 5*

Yes, I understand and appreciate your opinion. In my opinion, the Evernote company should FIX the problem instead of just acknowledging and documenting it and claiming it's not a problem.

Well, I think we will have to agree to disagree, because I don't see the problem. Google Drive, Drobox, etc. are all set up the same way. And, you cannot access your Google Docs offline (as far as I know), so you actually have less functionality (actually, a lot less, but that is another discussion) and even less security (anyone can modify your stuff on the Google cloud at will).

Many of the things you say are inconvenient and can't be done in many cases. For example, yes, in some cases you can create a Guest account on your PC. But what if the person you need to give access to your PC needs an administrator account?

Do you want to give anyone else administrator privileges on your machine?

For example, a programmer who needs to install some tools temporarily.

Programmers do not get access to my computer.

Or a boss - the boss comes and says "I need to work on your PC for 15 minutes" - you may not be able to switch to a Guest account.

If the boss wants to use my computer because they cannot afford one for themselves (?) then I would say "No. Get your own." It is my computer, and that would be the same as my boss asking to use my cellular phone, or some other bizarre behavior. On a work computer don't install your personal Evernote account. Use Evernote on the Web at www.evernote.com.

it could be a boyfriend or girlfriend, or a nosy parent or child who works on the same PC and wants to install games.

Why would anyone (nosy or not) be working on my computer? It is my computer. If they want to use a guest account, then that's fine with me (although, I don't know what I will use in the meantime).

I guess the point here is that you'll want to keep control of your own stuff by locking it down and not letting others use it.

As a result of this discovery I am uninstalling the Evernote app from my PCs, phone and tablet and will move my documents to Google Docs during the next week.

Well... that will make your stuff less secure and even more susceptible to tampering, but I guess if that works best for you, then you've gotta do what you've gotta do.

Link to comment

I am sorry but the problem I described above is certainly 1000% FIXABLE.

The local database should be encrypted. The index needed for search should be encrypted too.

Sorry, but no it's not "fixable" Period. End of story.

Please read this thread to educate yourself about encryptIon & why true, secure encryption would prevent/prohibit Evernote from indexing notes, which is part of their niche (including OCR'ing text in images).

Nothing new to discuss here.

Link to comment

As I have explained:

- Logging out of my machine does not fix the problem if the person who accesses it needs an administrator account. Examples: a colleague who needs to install software on the machine in order to work, a boss who asks for access and requires you to give him access in your account, a child who wants to install and play games, etc. When logged in as an administrator you can access all the local files.

- You can't always log out of the computer. There are people who will see that as a sign of mistrust. For example, a nosy parent, a child, a spouse, a boyfriend or girlfriend.

Link to comment
  • Level 5*

- Logging out of my machine does not fix the problem if the person who accesses it needs an administrator account. Examples: a colleague who needs to install software on the machine in order to work, a boss who asks for access and requires you to give him access in your account, a child who wants to install and play games, etc. When logged in as an administrator you can access all the local files.

Gotcha. And, as I have explained, the easy solution is to say, "my computer, my rules." If you are on a work computer, I'd use the web. Personally, I bring my own computer / iPad to work and use Evernote there :)

- You can't always log out of the computer. There are people who will see that as a sign of mistrust. For example, a nosy parent, a child, a spouse, a boyfriend or girlfriend.

Personally, I don't care how they see it, because I value my privacy, even if they are family. There are all sorts of things I prefer to do in private rather than on display in front of family members, and I'd say my digital stuff falls into that category.

Link to comment

As has been stated above, what you are explaining is a security issue with all of the data on your PC. It is your responsibility.

When it comes to work, the information is highly likely not secure in the way that you want it to be on work computers: they have the rights to access any data on their systems if they need to (that includes wiping it). The only circumstance I can see someone in a professional setting breaching such a boundary anyway, is if they had the right or need to. Unfortunately in any other circumstance your work would probably tell you that it's your fault for having personal data on your work PC. Most companies aren't keen on it or even actively discourage it/ ban it. (this may vary on country though, I'm in the UK) You should stick with the web browser if your concerned about colleagues etc seeing/ accessing your data in EN at work. Close tab - problem solved! (not too mention that your colleagues are highly unlikely to search your data while your sat next to them, are they?)

IMO kids shouldn't be allowed on an adults personal/ administrator login for any reason. They should have their own account that's protected and setup with the things you want them to access and nothing else. For their safety when it comes to the internet and your safety when it comes to your computer. Trust me, as a 9 year old I minced my mum's computer by messing around with sys files. It's easily done!

The issues you have here aren't for EN to solve. If you want a way to set up separate logins at home that doesn't sound like your 'hiding' your data from people, why don't you create a special login for everyone in your household? It makes access easier for everyone as they can have their own, tailored login to meet their own needs.. when you switch you log off, so that they can access their stuff without having to sift through someone else's. Use this latter point as the focus and I don't see why it would be a problem. Everyone get's their own histories, bookmarks, shortcuts, access etc. 2 or more people on 1 login can be very very cluttered and it's understandable for everyone to want their own work space on the computer, free of other people's information.

Link to comment

I'm afraid I'm with the majority on this one Dan.

What are you storing in Evernote that is so sensitive anyway? Don't forget that it's also up on Evernote's servers, and also across any other machines you have Evernote installed on with that account (eg your phone).

The other point is that your data can be made much more secure on your work computer by not having a local database at all - just don't install the Evernote app. Use the browser and go to www.evernote.com and log in that way. It's actually a pretty good interface (unless they ***** that one up too like they have with Evernote v5 for Mac... sorry, couldn't resist that little dig!)

A computer over which you do not have total control - such as a work computer - is a computer that you should NOT be installing ANYTHING that accesses stuff you don't want others to see. That includes Evernote, Dropbox, signing in to your Facebook account with the browser set to auto-login, etc etc - all common sense stuff.

It's not up to Evernote to compensate for your own silly breaches of security behaviour.

Link to comment

My "solution", which GrumpyMonkey has already alluded to, is to keep my Evernote database within a Truecrypt container. If someone else needs access to my computer (e.g. I have to take it to a technician for repair) I just need to log out from Evernote, then dismount the Truecrypt container. Sure it's an extra step, but it's secure, easy, and foolproof (I think).

Link to comment

My "solution", which GrumpyMonkey has already alluded to, is to keep my Evernote database within a Truecrypt container. If someone else needs access to my computer (e.g. I have to take it to a technician for repair) I just need to log out from Evernote, then dismount the Truecrypt container. Sure it's an extra step, but it's secure, easy, and foolproof (I think).

That's what I normally do. (I'm currently having EN database issues so have moved my exb file out of a TC container. But on the flip side, it's rare that anyone else ever uses my computers.) The other reason I love this option is b/c I keep my computers on 24/7 & I also keep my TC containers mounted. I may be wrong here...but I figure if anyone were to break into my home & steal my computers, they are not going to take the time to sit down & examine my computer at that time. I figure they are going to unplug things, pack them up quickly & get the hell out, asap. By doing that, they will have dismounted my TC containers & so will not have access to my sensitive data, unless they were to choose to do a brute force attack. And since I'm simply not in the realm of people who would be good brute force targets (I'm not a billionaire, never in the CIA & never slept with a president), I figure that's good enough.

Link to comment
  • Level 5*

My "solution", which GrumpyMonkey has already alluded to, is to keep my Evernote database within a Truecrypt container. If someone else needs access to my computer (e.g. I have to take it to a technician for repair) I just need to log out from Evernote, then dismount the Truecrypt container. Sure it's an extra step, but it's secure, easy, and foolproof (I think).

That's what I normally do. (I'm currently having EN database issues so have moved my exb file out of a TC container. But on the flip side, it's rare that anyone else ever uses my computers.) The other reason I love this option is b/c I keep my computers on 24/7 & I also keep my TC containers mounted. I may be wrong here...but I figure if anyone were to break into my home & steal my computers, they are not going to take the time to sit down & examine my computer at that time. I figure they are going to unplug things, pack them up quickly & get the hell out, asap. By doing that, they will have dismounted my TC containers & so will not have access to my sensitive data, unless they were to choose to do a brute force attack. And since I'm simply not in the realm of people who would be good brute force targets (I'm not a billionaire, never in the CIA & never slept with a president), I figure that's good enough.

Note to self: When I break into BNF's house, do not unplug drives. Gotcha. Thanks!

Link to comment
  • Level 5

Evernote uses SQLite. There are encryption extensions for SQLite, which the Evernote developers could use to secure the local database. Also, with the kind of funds that Evernote keeps raising (just read TechCrunch and you'll see) they could just hire a developer to add encryption to SQLite (if the existing extensions are not good enough). This is inexcusable.

On windows yes. As has been said, it's also in a file/folder structure on Mac's.

But it would seem that there are some good areas to look at.

SQLCipheris Open Source AES full SQLite encryption for C/C++, Obj-C, QT, Win32/.NET, Java, Python, Ruby, Linux, Mac OS X, iPhone/iOS, Android, MonoTouch, andMono for Android.

I think the barrier there is their belief that they are limited in their options due to US export restrictions on encryption. Hence the built in encryption options being RC2.

AFAIK, those have been removed and shouldn't be binding to Evernote (use in some countries excepted): re: http://en.wikipedia....#Current_status

However my eyes crossed when I tried to parse the horses mouth: http://www.bis.doc.g...stion6sub_2.htm

Remember though that wouldn't seem to include all attachments. That's a separate folder.

Have to agree that TrueCrypt would be your option.

Link to comment
  • Level 5

Sorry, but no it's not "fixable" Period. End of story.

That's not my read actually (not that I'm planting a flag on the issue one way or another).

As I hear him, he's only worried about local encryption. Something that would allow another account on the same PC with administrator credentials to browse over to his evernote folder and read the contents without having to know his Evernote credentials.

That doesn't have to hinder any Evernote functionality, and change any Evernote server functionality.

Assume that you mearly wrap every Evernote client Write and Read command in an Encrypt/Decrypt event.

The client does everything it currently does. Instead of opening the database, and accessessing a record, it's adding one more step.

Indexing isn't affected, it just has more work to do while doing it. Just like when the Client syncs to evernotes servers using SSL. It still does it's thing, it's just adding SSL encryption decryption on top of it. The SSL encryption is only there during the transport.

The Evernote servers don't do anything different. Maybe they have their own encryption on the datastore, I don't know. The point is though that the client is syncing unencrypted data to the back end servers. Just like evernote running on an iPhone is automatically hardware encrypting the data. The whole phone is hardware encrypted for every read/write. But data synced to the cloud has already been decrypted as part of the regular file access API's.

It sounds like you're thinking he means something like the LastPass model where data is encrypted locally and sent as is to the cloud servers, and they can't read any of it, it's your client that does all the encrypt/decrypt stuff locally. And yes, that wouldn't work at all for what Evernote currently does.

While I don't think it would be a lot of effort for Evernote, and could certainly garner them some marketing cred (especially for Evernote Business).

But as said, it's an easy self serve fix with TrueCrypt, BitLocker etc (right click the folder in Windows and choose "encrypt" - windows version dependent).

He's going to need to do the same thing anyway if he's going to use Google Drive, DropBox etc. The cloud side might be encrypted but the local PC side isn't unless you add it (they're just sycing local folders). Sure he mentions Google Docs rather than Google drive, but something to consider is that then your data is ONLY in the cloud. There's no local copy for offline use, or including in your backup regime.

Link to comment
  • 3 weeks later...

I have just started using Evernote and I have been trying to encrypt a note, but can't seem to do it.

I have watched the short video which says right click on a word or words that you want to encrypt, but I don't have the same list when i right click as the one in the video.

I am wondering, is it only the paid for version that allows encryption?

Link to comment

I have just started using Evernote and I have been trying to encrypt a note, but can't seem to do it.

I have watched the short video which says right click on a word or words that you want to encrypt, but I don't have the same list when i right click as the one in the video.

I am wondering, is it only the paid for version that allows encryption?

What client are you using?

Link to comment

Thank you for the replies.

I don't seem to be able to encrypt text, from the Windows client. When I right click on text, I don't get the option to encrypt, thats why I was wondering if it's only available on the paid version.

Link to comment
  • Level 5

I don't seem to be able to encrypt text, from the Windows client. When I right click on text, I don't get the option to encrypt, thats why I was wondering if it's only available on the paid version.

When you select the text inside the note and right click, you should have a popup window that looks like this:

http://www.evernote....c8a014e6e29618f

Link to comment
  • Level 5

Thank you, I got it now. i was using evernote from my browser.

You're welcome.

One more tip - don't forget the encryption code you use. If you forget it, Evernote cannot help.

Link to comment
  • Level 5*

I will remember.

Can I ask, how well do you trust the encryption. Would you for example, save bank details in Evernote.

If you search the forums, you'll find a lot of discussions about this. It depends a lot on your own tolerance vs need for convenience. In my case, I keep all of my attachments (with a small handful of exceptions) in Dropbox for easy access, and use Evernote for my "notable" things. This keeps my database small, and usable on my Macbook Air. If we had offline / online notebooks on the desktop, then I would put my bank stuff into Evernote, but only after preparing the PDFs with 256-bit encryption first.

Link to comment

I will remember.

Can I ask, how well do you trust the encryption. Would you for example, save bank details in Evernote.

I prefer to use a true password manager for that info. Not that I don't trust EN's encryption. I was using one well before I used EN. And I prefer using the right tool for the task.

Link to comment
  • Level 5

Can I ask, how well do you trust the encryption. Would you for example, save bank details in Evernote.

On Evernote podcast #18, Andrew Sinkov, the Evernote VP of Marketing, said he stores his tax returns on Evernote. He said it could be kept local, but he prefers to keep it sync'd via the server.

New feature planned: 2 factor authentication is in the works

When you add a note to Evernote, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel.

Some of the key points that give me confidence in Evernote security are:

* Evernote mitigates risks through a layered set of security policies and technologies.

* Your login information is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

* There's no uber-index of contents of accounts ... we maintain separate user search indices of each user on decentralized storage with no cross-access between individual servers.

* Like a secure banking site, we encrypt the connections via SSL so that someone on your network can't see your data go by. Your checking balance is not encrypted in your bank's databases, however, and your notes are not encrypted within Evernote.

* Our Privacy Policy and Terms of Service restrict what we can (and would) do with your data ... in particular, we have never (and will never) give your own data to other parties.

* When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel.

* Physical access to all storage (online and offline-backup) requires multiple authentication factors in protected facilities, and is restricted to only the four full-time IT/Operations staff that maintain the servers.

* Even Phil, the CEO, doesn't have passcards and keys to the data center. Security policy says that the departure of any such staff will result in full rekey and change of all passwords, etc.

* Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers.

* If you have some notes that you only want to access from a single computer, you can place these into a "Local Notebook" on our Windows or Mac client. Notes in a Local Notebook are never transmitted to our service, so they aren't accessible from the web, or from your other computers.

Some comments from the Evernote CTO

http://discussion.ev...ted/#entry48994

Evernote Privacy and Security

http://blog.evernote...y-and-security/

Evernote's 3 laws of data protection

http://blog.evernote...ata-protection/

Is your data safe?

http://michaelhyatt....n-evernote.html

Link to comment
  • 2 weeks later...

Hi All,

I read through some of the posts about this topic and it seems to be a decent arguement for both sides. Im not trying to pick one here but can say i dont like the idea of not having my evernote data encrypted. Few questions:

1. If the arguement is that your data cannot be indexed properly if it was to be encrypted shouldnt this trade off be left in the hands of the users? I use evernote similar to a dropbox type setup to sync my notes over my devices and be able to work on the same lists or documents no matter where i am. That being said my documents are my thoughts and personal info, isnt everything you create personal? Why wouldnt evernote offer an option of encrypting the data or at the very least not allow access to it unless you logged in correctly with your username AND password? Personally i wouldnt care about the indexing, i organize my notebooks and titles in such a manner that i dont even use the search function. Do i have the wrong software here? Should i just switch to google docs?

2. Why would it be so hard to offer a feature to encrypt your data? Couldnt the database remain encrpyted until you input a valid username and password at which point it unencrypts and indexes? I dont fully understand encryption but most it seems that most storage applications these days offer some type of security. Isnt evernote for storage and organization of your notes? Why wouldnt this feature be included letting users protect their personal info?

Sorry if i seem uneducated on the topic but it seems like a simple answer. Users are eventually going to want their data to be secure. It should be an option to have you notes secure. Maybe make this an offering on the premium evernote? Maybe some type of partnership with truecrypt i keep hearing about to just encrypt your evernote database?

Thanks, sorry for the long post.

Link to comment
  • Level 5*

Hi Kyle. Sorry but I'm not going to attempt to answer your questions - this has all been discussed before. The fact is that Evernote can't realistically do encryption in the same way that your car can't fly. Like a car, Evernote is designed to be a general workhorse that you can use for a wide range of applications, and it mainly needs to be supremely efficient in filing information and finding it again. It doesn't claim to be Fort Knox, and there's lots of help around in the way of add-in chains and bolts and locks if that's a problem for you. It could be that you'll be better served by other software. The 40M+ current users of Evernote would be hugely (and loudly) inconvenienced if the basic structure of the database were altered sufficiently to allow encryption, so I don't think the company will introduce the feature simply to ensure they get your account.

Link to comment
  • Level 5

1. If the arguement is that your data cannot be indexed properly if it was to be encrypted shouldnt this trade off be left in the hands of the users? I use evernote similar to a dropbox type setup to sync my notes over my devices and be able to work on the same lists or documents no matter where i am. That being said my documents are my thoughts and personal info, isnt everything you create personal? Why wouldnt evernote offer an option of encrypting the data or at the very least not allow access to it unless you logged in correctly with your username AND password? Personally i wouldnt care about the indexing, i organize my notebooks and titles in such a manner that i dont even use the search function.

I guess a follow-up question I have for you is, what about your local mail client, all the documents in your documents folder?

Unless you add encryption to those on your own, they aren't encrypted either. Even your Dropbox files are all sitting unencrypted in a folder in your user profile.

All of it is visible to any other user with local admin permission without knowing your login passwords.

Yet it's all encryptable with additional software.

I guess the question is why should Evernote be any different than all your other local data?

My Soapbox for Evernote security remains the web interface. I can live with the local physical access protection. But the website side is out of my control. That needs to be toughened for my liking.

Do i have the wrong software here? Should i just switch to google docs?

And I'm not sure Evernote without indexing and search, is Evernote anymore. Maybe it is the wrong product...

But remember that there's no encryption with google docs either. There's optional 2 factor authentication but that's again on the public web access side.

If you're using Google Drive, just like dropbox and Evernote, you have an unencrypted local copy, readable by anyone with physical access unless you add an encryption wrapper like Truecrypt/BitLocker/File Vault

2. Why would it be so hard to offer a feature to encrypt your data? Couldnt the database remain encrpyted until you input a valid username and password at which point it unencrypts and indexes? I dont fully understand encryption but most it seems that most storage applications these days offer some type of security. Isnt evernote for storage and organization of your notes? Why wouldnt this feature be included letting users protect their personal info?

Evernote *could* do encryption, but it's not trivial with multiple platforms. And as we know, Evernote doesn't often do non-trivial features (unless it's futzing with the UI).

Link to comment
  • Level 5

The 40M+ current users of Evernote would be hugely (and loudly) inconvenienced if the basic structure of the database were altered sufficiently to allow encryption, so I don't think the company will introduce the feature simply to ensure they get your account.

Only if they goof it up like the UI updates.

As in earlier threads, they could pretty simply (not simple by Evernote standards, I mean simple by normal developer standards) add SQL lite encryption for windows, Mac, Linux, iOS, Blackberry, Android.

There would be no database structure changes. It would be completely transparent to the end users.

Via paid or BSD licensed community edition or an unlimited perpetual license for $2K.

The reasons may more in the areas of entropy and non-sexiness of bullet point items to VC's.

Link to comment

The fact is that Evernote can't realistically do encryption in the same way that your car can't fly. Like a car, Evernote is designed to be a general workhorse that you can use for a wide range of applications, and it mainly needs to be supremely efficient in filing information and finding it again.

Hi Gaz, I know its been discussed but i havent seen a good answer. I dont think its asking the car to fly, i think its asking the car to come with power windows or power locks or a car alarm or air conditioning. Its a pretty basic request these days for an application to take security risks into consideration. I am not asking them to change the whole database which would effect their 40million users, i am simply asking them to allow an addon or solution that some users who are concerned about their data to encrypt it. Make it so its not the default and those users who dont care dont have to turn it on. Simple, they are unaffected. While users who want power locks or a car alarm to protect their property can enable it.

I would be willing to bet that if Evernote ran a poll asking its 40 million users if they were concerned about the fact that any person with admin access to their machine could view the concernents of their Evernote files, the vast majority would say they cared. I would also be willing to be that the majority of those 40 million users dont know about this security risk.

Link to comment
  • Level 5*

Guys, if you don't think it's especially difficult to change up 40M users who have every possible shade of shared notebooks between them and are already (somewhat) happy with the way Evernote works for them, then I strongly suggest you set up in competition and prove you're right and everyone else is wrong. Meantime please don't make too much noise - I'm going to be in bed.

Link to comment

I would be willing to bet that if Evernote ran a poll asking its 40 million users if they were concerned about the fact that any person with admin access to their machine could view the concernents of their Evernote files, the vast majority would say they cared.

Of course they care. But caring & expecting Evernote to be the gatekeeper are two entirely different things. If you're going to have sensitive information on your computer, you need to educate yourself about how to keep it secure. As Gazumped has said, this has been discussed at great length on the board already. Nothing is new here.

Link to comment

I guess a follow-up question I have for you is, what about your local mail client, all the documents in your documents folder?

Unless you add encryption to those on your own, they aren't encrypted either. Even your Dropbox files are all sitting unencrypted in a folder in your user profile.

All of it is visible to any other user with local admin permission without knowing your login passwords.

Yet it's all encryptable with additional software.

I guess the question is why should Evernote be any different than all your other local data?

This is a great point. I guess if you look at it like any other file syncing software or document storage technique its relitivly the same. But this brings up the point that all of those other file storeage techniques are dated and insecure. How great woud it be if Evernote was not only an amazing document organization and synccronization tool but also offered cutting edge security features to protect your data as well. The very nature of the application screams "Use me to store all your stuff because im so easy to use and really amazing at keeping all your documents synronized across your devices!" I think with that excitement it becomes easy to over look security issues and i figured a great piece of software should have a security offering. Someone has to lead the way and set the example to offer the features people want. I supose i will just have to keep my eyes peeled for a feature request poll or something so i can weigh in.

Link to comment
  • Level 5

Guys, if you don't think it's especially difficult to change up 40M users who have every possible shade of shared notebooks between them and are already (somewhat) happy with the way Evernote works for them, then I strongly suggest you set up in competition and prove you're right and everyone else is wrong. Meantime please don't make too much noise - I'm going to be in bed.

[mumble mumble], some of the noise is stating that this would be overly difficult or disruptive Gaz. I can and have argued both sides of this, but you're going to push my buttons if you keep asserting that this would be difficult or disruptive, as the reason not to pursue it. It's NOT. Pick a different reason.

The cross platform code extensions to add encryption to the database that Evernote is already using ranges from free to cheap.

Semantically the coding effort goes from:

#Read routine:

[database read into variable and display]

#Write routine:

[database write from variable]

#Search routine:

[database read into variable and compare to search query]

To:

[include cross platform encryption code block]

#Read routine:

[database read into variable]

[decrypt variable]

[display variable]

#Write routine:

[encrypt variable]

[database write from variable]

#Search routine:

[database read into variable]

[decrypt variable]

[compare to search query]

Total overhead is a few milliseconds on each transaction.

You're merely wrapping what you're already doing in an encrypt/decrypt call.

Just like on the iPhone/iPad Apple is already wrapping every read/write Evernote does in AES encryption.

Do you feel the difference accessing your Gmail or facebook page without encryption over HTTP vs with SSL encryption over HTTPS?

Did 10's and 100's of million gmail/facebook/whatever site users feel any disruption or complain when SSL transport encryption was introduced on top of their service?

No, it was a non-issue.

The only thing felt and expressed by those who noticed was appreciation, and an increase in comfort using the service.

There are no legions of negative users going, "Dagnabbit, there goes another service encrypting my stuff again. If you don't stop making my computing experience safer and more secure, I'll move over to someone who will..."

Link to comment
  • Level 5

Some help for forum users who think this is a non-issue

In the upper right corner

Drop down menu for your user name

Manage Ignore Preferences

Add a new user to list

Ignore Posts

Ahh, that's a lot better now.

Link to comment
  • Level 5*

Ideally, everything I have would be encrypted, so I support this idea in principle.

However, developers of other programs tell me encryption will make their programs slower, so it makes sense to me that Evernote would suffer the same fate as well. I don't know any details about this. My account is already pokey at times, though, without encryption (beachballs on the Mac and non responsiveness on Windows), and I want to see the searches work faster and more accurately, so I don't see adding another potential barrier to these as terribly high on my list of priorities. If Evernote can pull it off without significantly impacting performance, that's great. If not, then I'll wait.

Is anything easy to implement across every major platform on just about every gadget available? Somehow, I'd guess that if highlighting takes years to arrive on every platform, then encryption has to be a little more difficult than it looks :)

Link to comment
  • Level 5*
The cross platform code extensions to add encryption to the database that Evernote is already using ranges from free to cheap.

Semantically the coding effort goes from:

...(pseudo-code clipped)...

Total overhead is a few milliseconds on each transaction.

Think I'd quibble with this, a bit (or at least probe your thoughts). While your approach is simple/reasonable enough, how does it scale for searching, particularly the searching that takes place when you just start typing in the search info control? That would seem to depend on how much Evernote caches search information (presumably some of that might be decrypted information obtained from the text search indexes stored with each note, but there are other search criteria available as well). If the note database is large enough, and you need to decrypt on some non-cached item, then that "few milliseconds" could add up.

Just like on the iPhone/iPad Apple is already wrapping every read/write Evernote does in AES encryption.

Not knowing anything about iOS encryption regimes, is this on every read/write to the file system, or every online transaction?

Do you feel the difference accessing your Gmail or facebook page without encryption over HTTP vs with SSL encryption over HTTPS?

This seems to be a horse of a different color: the encrypt/decrypt applies to the internet transaction, not the calculations that are performed by the back-end, right? Or do we know that those are encrypted on the server? A few milliseconds is nothing compared to the latency of the transaction itself.

Link to comment
  • Level 5*
The cross platform code extensions to add encryption to the database that Evernote is already using ranges from free to cheap.

Semantically the coding effort goes from:

...(pseudo-code clipped)...

Total overhead is a few milliseconds on each transaction.

Think I'd quibble with this, a bit (or at least probe your thoughts). While your approach is simple/reasonable enough, how does it scale for searching, particularly the searching that takes place when you just start typing in the search info control? That would seem to depend on how much Evernote caches search information (presumably some of that might be decrypted information obtained from the text search indexes stored with each note, but there are other search criteria available as well). If the note database is large enough, and you need to decrypt on some non-cached item, then that "few milliseconds" could add up.

Just like on the iPhone/iPad Apple is already wrapping every read/write Evernote does in AES encryption.

Not knowing anything about iOS encryption regimes, is this on every read/write to the file system, or every online transaction?

Do you feel the difference accessing your Gmail or facebook page without encryption over HTTP vs with SSL encryption over HTTPS?

This seems to be a horse of a different color: the encrypt/decrypt applies to the internet transaction, not the calculations that are performed by the back-end, right? Or do we know that those are encrypted on the server? A few milliseconds is nothing compared to the latency of the transaction itself.

And, Gmail is not stored locally on your device. In other words, Google can use its servers and processors to deliver speed (assuming an encrypted database, which I highly doubt). Evernote is local on your device, so you are asking the program and the server to work together encrypting and decrypting, right? I'd say this is not so simple, but as I have no experience coding for such things, I cannot say for certain.

Link to comment

Interesting discussion. The main issue seems to be that the original poster had assumed that the local data was secure without a valid login. On some level, that is a reasonable assumption. I assume that my cached web pages are secure when I am not logged into my bank. Then again, I don't assume that local Outlook emails are secure when I am not logged into Exchange. I guess this is a question of expectations.

While I am not a security expert, I can already see issues with encrypting the data and synchronizing it across devices. Specifically, key management can get ugly, especially with local (is that the term for unsynchronized?) notebooks. What key should be used to encrypt the synchronized local data?

Assume the key is your password and you have a lot of synchronized data on machine X and Y. Machine X is rarely used, maybe a personal netbook that you only use when on the road. Machine Y is used all the time during the day. For whatever reason, you need to change your password (lost, stolen, you feel like changing passwords often, whatever), so you change it on machine Y. Machine Y knows that the local cache is now invalid for the new password. It either is smart enough to re-encrypt everything locally, decrypting with the old password then encrypting with the new, or it flags the whole cache as invalid and performs a full resynchronization. Sometime later when on the road, you forgot you have changed your password and fire up machine X while on the airplane without an internet connection. The machine asks for your password and you supply the new password. Unaware that the password has changed, machine X steadfastly refuses to let you access your data with the new password. From your pespective, machine X has locked you out of your data. When you get an internet connection, you hop on this forum and complain loudly about how you were not able to access your data on the airplane.

When machine X gets an internet connection it may allow a log in, but then the machine notices that it cannot decrypt the local data. If it is smart enough, it will invalidate the local cache and do a complete resynchronize of the local cache. Frustrated and confused, you have changed your password again on machine X to a newer password still, allowing this same drama to play out when you come home and try to work using machine Y. In the end, you are quite upset and an enormous amount of resync data traffic has taken place.

It gets ugly fast.

Link to comment

Interesting discussion. The main issue seems to be that the original poster had assumed that the local data was secure without a valid login. On some level, that is a reasonable assumption. I assume that my cached web pages are secure when I am not logged into my bank. Then again, I don't assume that local Outlook emails are secure when I am not logged into Exchange. I guess this is a question of expectations.

While I am not a security expert, I can already see issues with encrypting the data and synchronizing it across devices. Specifically, key management can get ugly, especially with local (is that the term for unsynchronized?) notebooks. What key should be used to encrypt the synchronized local data?

Assume the key is your password and you have a lot of synchronized data on machine X and Y. Machine X is rarely used, maybe a personal netbook that you only use when on the road. Machine Y is used all the time during the day. For whatever reason, you need to change your password (lost, stolen, you feel like changing passwords often, whatever), so you change it on machine Y. Machine Y knows that the local cache is now invalid for the new password. It either is smart enough to re-encrypt everything locally, decrypting with the old password then encrypting with the new, or it flags the whole cache as invalid and performs a full resynchronization. Sometime later when on the road, you forgot you have changed your password and fire up machine X while on the airplane without an internet connection. The machine asks for your password and you supply the new password. Unaware that the password has changed, machine X steadfastly refuses to let you access your data with the new password. From your pespective, machine X has locked you out of your data. When you get an internet connection, you hop on this forum and complain loudly about how you were not able to access your data on the airplane.

When machine X gets an internet connection it may allow a log in, but then the machine notices that it cannot decrypt the local data. If it is smart enough, it will invalidate the local cache and do a complete resynchronize of the local cache. Frustrated and confused, you have changed your password again on machine X to a newer password still, allowing this same drama to play out when you come home and try to work using machine Y. In the end, you are quite upset and an enormous amount of resync data traffic has taken place.

It gets ugly fast.

Any true encryption will use a different password than your login password.

Any time a cloud service can tell you your encryption password (click "forgot password') and/or can help you restore your data, your data is NOT secure from hackers. Do you think hackers are smart enough to be able to hack into a cloud server but not smart enough to figure out where the encryption passwords are located??? Although there is no 100% security from hackers, unless the data is encrypted using a password the "host" does not have access to, then your data is not very secure from hackers. IOW, if you do not provide a second, encryption password & you are warned that if you forget it, you will not be able to recover your data, then the "host" is storing the encryption password somewhere. And hackers can get to it. That's what they do.

Jungle Disk (a TRUE backup/encryption cloud) says, if you encrypt your "bucket" & forget your password, you are SOL. They cannot help you recover your data.

Truecrypt, another TRUE encryption app, also says, if you forget your encryption password, kiss that baby good by. They cannot help you.

Evernote states any text you encrypt in Evernote notes is not indexed...same reason as above. And if you forget the password, they cannot help you recover it.

Link to comment
  • Level 5
My account is already pokey at times, though, without encryption (beachballs on the Mac and non responsiveness on Windows), and I want to see the searches work faster and more accurately, so I don't see adding another potential barrier to these as terribly high on my list of priorities.

Just off the cuff I'd suggest that we don't likely search realtime on every note. We search on indexes and cached meta-data. In compute speak, most of the time the hardware/OS/Software is in a wait loop waiting on us to enter stuff. There's more than enough time between cursor blinks to digest a note, incrementally add to the indexing and metadata caches, encrypt, and store it.

Just like the search in Windows, or Spotlight on the Mac, that searching is done ahead of time in the background during idle moments to build search indexes so that when you do the search it can be snappy and immediate because you're searching on a small (relative) highly optimized/organized index to find what you're looking for. That index then points you to the actual file location to do the reading.

How well and error free that's done likely has more to do with the search anomalies we see from time to time. Or the differences in implementation on different platforms which lead to the oft threaded complaints on "why does my search in Evernote on X find things that a search in Evernote on Y can't?"

The indexes and metadata caches may or may not be encrypted, or even in the same database. So I'm suggesting that encryption adds little performance impact on the data storage/retrieval, and it may or may not even come to play in the search.

At least until someone starts a thread "I have discovered my evernote search metadata is completely insecure"

Link to comment
  • Level 5

If the note database is large enough, and you need to decrypt on some non-cached item, then that "few milliseconds" could add up.

See previous post. Wether a database is encrypted or not, at least at first we search on indexes, metadata and caches, not the data itself.

Not knowing anything about iOS encryption regimes, is this on every read/write to the file system, or every online transaction?

Both. Evernote provides the encryption on the online transactions. iOS provides it on every read/write. It's why "wiping" an iPhone used to take hours until the 3GS, and now is just a moment. Now everything is on an encrypted file system. Wiping a device means simply deleting the decryption key, and the data is rendered pseudo random noise.

http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf

This seems to be a horse of a different color: the encrypt/decrypt applies to the internet transaction, not the calculations that are performed by the back-end, right? Or do we know that those are encrypted on the server? A few milliseconds is nothing compared to the latency of the transaction itself.

It's generally the case that though you can calculate a little more work being done if you look at it, but it falls off into the margins of having any effect on the user experience given all the other sources for latency. Computers do math really well. We aren't doing anything substantially different in this case than altering the storage form from a human readable one to a non-human readable one.

Link to comment
  • Level 5*

By pokey, I meant the rendering of note content (long notes take especially long on the iPad), the time it takes to complete a search (beachballs as it is, and lots of "loading" on the iPad), and even the time it takes to create a new note. I would think that if encryption were easy and had no noticeable impact on performance, then Evernote would have implemented it already. Still, you make a good case, and perhaps it is giving the developers food for thought.

Link to comment
  • Level 5

And, Gmail is not stored locally on your device. In other words, Google can use its servers and processors to deliver speed (assuming an encrypted database, which I highly doubt).

That's an assumption. Yours may not be, but mine is. Remember it's just a mail service. The web interface is only one. It's also IMAP/POP3/Exchange ActiveSync.

To the point though, it was one example of encryption you use every day. There are many we could look at.

I can encrypt a zip folder of many files on my desktop and it takes no longer to compress/decompress or navigate through it reading documents than if it isn't encrypted.

Any of those files within could also be encrypted, and my whole user profile could be encrypted (like file vault on MacOS). Or the whole drive encrypted with TrueCrypt.

So any one file could be encrypted over and over multiple times, and the file/folder/OS/Drive levels. And yet the user experience is no different and it takes no longer to navigate to it and read it. Why? because most of the time (for battery and thermal management) the CPU is halted, doing nothing but waiting for you.

Evernote is local on your device, so you are asking the program and the server to work together encrypting and decrypting, right?

Nope. It's completely transparent. The server doesn't need to know how the client is storing the data. Just as the client doesn't need to know if the server is storing it's data encrypted. And the client/server discussion layer everything has already been decrypted.

Link to comment
  • Level 5

While I am not a security expert, I can already see issues with encrypting the data and synchronizing it across devices. Specifically, key management can get ugly, especially with local (is that the term for unsynchronized?) notebooks. What key should be used to encrypt the synchronized local data?

Actually it can work quite simply. Look at LastPass. It does just that, just as cross platform as evernote.

The encryption key is never your password BTW, it's just what encrypts your encryption key, and why you can change your password without re-encrypting your data. But even that can be handled smoothly. There are several things you can do you trigger re-encryption of your stored data, and that all propagates out nicely.

But I digress because that's not the model I was suggesting.

Evernote's clients store things very differently depending on the OS platform it's running on. It makes some sense to use the tools that a hardware and OS platform offers. Why write and maintain code to duplicate what the hardware and OS vendor have already provided right?

On iOS, I wouldn't for example suggest adding any encryption.

On a non-jailbroken device, the apps are sandboxed. One app can't look at anothers data. And they're all sitting in an encrypted file system.

Windows/Linux/MacOS aren't as locked down as that. So encryption is one tool available to plug those holes and add in an expectation of privacy that the OS doesn't provide.

So I'm NOT suggesting that data be encrypted locally and sent to the cloud in encrypted form. That does require that each client download already encrypted data, and deal with key distribution.

We already have transport encryption, and not all clients perhaps need in situ encryption (or already have it).

The only place database encryption needs to be is on less secure desktop platforms for their own local storage. Adding a few commands to the read/write storage routines.

You're making some of the clients a little more robust in their local storage handling.

Nowhere else does the existing Evernote frabric change at all.

A desktop evernote client reads an encrypted database, decrypting on the fly, and then does all the normal Evernotey stuff.

Just as before, when it syncs to the server, it's taking (by now) unencrypted data, adding SSL encryption for the internet transport and handing it off to Evernote servers. The evernote servers remove the SSL encryption and store it locally in what ever manner they do (with or without local encryption).

All clients and servers share un-encrypted data over an encrypted SSL tunnel as they all currently do, and store it locally in their own particular manner, with the addition of encryption as needed.

It's like a person using the existing postal mail service deciding their mailbox isn't secure enough storage. So they lock the mailbox and put a mail slot on the front, or put a mail slot in their front door.

The original poster to this thread didn't per se have a problem with the post office, or the mailman, he has a mailbox issue in that anyone could use the mailbox and gain access to the mail.

He only needs a mailbox solution, not a revamp of the postal system.

And the difference here is that Evernote provides the primary mailbox, so the Oliver Twist-esque "please sir, I want some more", falls to them.

Yes we can teach one in the forum to make their own gruel, or a few dozen later readers.

But it's a pretty simple fix for Evernote to bed it down for good.

Link to comment
  • Level 5

By pokey, I meant the rendering of note content (long notes take especially long on the iPad), the time it takes to complete a search (beachballs as it is, and lots of "loading" on the iPad), and even the time it takes to create a new note. I would think that if encryption were easy and had no noticeable impact on performance, then Evernote would have implemented it already. Still, you make a good case, and perhaps it is giving the developers food for thought.

A. I think we can observe that other 3rd party evernote clients can launch, post, search, and read as fast (and almost always) faster than the iPad evernote client (names witheld lest it spur more debate but I count 5 on my iPad, more if you include those which only post). So there are plenty of non sequitur latency issues there which have no bearing on the issue. But lets not open rabbit holes on development and certain egress inabilities in the areas of wet paper bags.

B. Really? We're going to add yet one more "I would think that if ... had a noticable impact on forum whining ... then Evernote would have implemented it already..." When did I miss the about face and we're all in sync with Evernote on Feature/Fix priority?

Link to comment

A. I think we can observe that other 3rd party evernote clients can launch, post, search, and read as fast (and almost always) faster than the iPad evernote client (names witheld lest it spur more debate but I count 5 on my iPad, more if you include those which only post). So there are plenty of non sequitur latency issues there which have no bearing on the issue. But lets not open rabbit holes on development and certain egress inabilities in the areas of wet paper bags.

AFAIK, there is yet to be a third party mobile app that does everything the EN mobile app does and does it faster. I use several third party iOS apps. One only SENDS text. One only SENDS images. One doesn't let you merge notes (among other things.) Also, the third party apps are responsible only for the OS they are working under. IOW, if a note modified on a third party app in iOS creates a problem on your Android device, it's doubtful the third party iOS dev is going to devote much time to that.

Link to comment
  • Level 5

AFAIK, there is yet to be a third party mobile app that does everything the EN mobile app does and does it faster. I use several third party iOS apps. One only SENDS text. One only SENDS images. One doesn't let you merge notes (among other things.) Also, the third party apps are responsible only for the OS they are working under. IOW, if a note modified on a third party app in iOS creates a problem on your Android device, it's doubtful the third party iOS dev is going to devote much time to that.

I don't want to speak for others but I didn't say "everything" I said, launch, post, search, and read. Those are the key things I do with my mobile Evernote data, and are a superset of the things Gumpy said were already slow to him on his iPad, and he would not like to get slower.

I was suggesting those things need not be as slow as they are when demonstrably other approaches to some of the evernote client experience don't exhibit that lag. And to be fair, even the evernote client is regaining some lost ground, but it still doesn't compare well on speed.

Or put another way, if an iPad evernote client is slow in the UI experience, it's not primarily because of a storage read/write bandwidth bottleneck. An iPad 2 should be able to write to an SQLite database between 50 and 2000 records per second depending on how you handle the transaction committing, and queries on thousands of records takes milliseconds. An iOS device can sometimes read/write to the same SQLite database faster than a disk based Windows desktop client can. Encryption on top of that is a blip.

If I copy the entire text of Abraham Lincoln's Lyceum Address into an encrypted note in Evernote and Lastpass, I can launch, search on text for the note and decrypt the note in each. Both apps require me to enter a PIN first on launch.

Decryption is instantaneous on both, even though LastPass is using 256 bit AES instead of Evernote's 64 bit RC2, plus LastPass has to decrypt my password first which is hashed with SHA 256 one thousand times.

Launching, authenticating, downloading the note, finding it by search and opening it is where all the overhead is.

In LastPass it's 3-13 seconds, in Evernote it's 16-30 seconds.

Clever HD is even faster that LastPass, but alas can't yet decrypt Evernote items. If it could, Evernote's shame would be perhaps worse.

I might toss out EgretList, Awesomenote HD, and CleverHD.

I don't have a stopwatch list to give out but in user experience they're all faster to launch, sync with my evernote account and give quick access to notes, note content, and the ability to check off some todos or edit some text and sync them back.

And EgretList is doing even more pertinent work than Evernote, showing me the number of unchecked todo's (over a thousand currently) in each saved search.

All that to say, encryption is a trivial blip. Where Evernote is or isn't slow is a whole different thread, different reasons, and won't get worse with encryption.

Link to comment

I don't want to speak for others but I didn't say "everything" I said, launch, post, search, and read.

But if all the EN app did was "launch, post , search, and read", I'd guess it may do it just as fast as the third party apps.

(really long post)

All that to say, encryption is a trivial blip

I can't say if encryption is trivial or not & IMO, is not the issue. Evernote has provided a valid reason to not include any more encryption than what already exists. Securely encrypted data cannot be OCR'd and/or indexed, which is one of EN's strong selling points. I can live with that (in fact, I don't even use their encryption) & prefer to not waste my time second guessing their stance.

Link to comment
  • Level 5

But if all the EN app did was "launch, post , search, and read", I'd guess it may do it just as fast as the third party apps.

I can't agree there.

As an example (not saying what Evernote is or isn't, not seeing the code), a well written app which makes use of multi-threading etc, defers non-critical items so that startup isn't hindered. Work items are done in a different thread in the background so that there are minimal modal events, blocks, or sluggishness to the UI.

All of that to say, an app doing work, shouldn't stall the user interface.

And startup items should be optimized so that the user can get to work without delay on app launch.

Wether an app has 10 or 100 features might have a bearing on load time, but once it's running, it should have no impact on the user experience.

All 100 features aren't actively doing stuff all the time, or even while you're staring at a new empty note painfully/haltingly animating itself into the foreground.

I can't say if encryption is trivial or not & IMO, is not the issue. Evernote has provided a valid reason to not include any more encryption than what already exists. Securely encrypted data cannot be OCR'd and/or indexed, which is one of EN's strong selling points. I can live with that (in fact, I don't even use their encryption) & prefer to not waste my time second guessing their stance.

That's not at all the encryption type being discussed on the last couple pages here.

The local encryption being discussed is no barrier to OCR or anything else.

The data the local client sees is already decrypted.

The data sent to Evernote's cloud servers is already decrypted.

The data you see once you properly log into Evernote is already decrypted (but only the records you're looking at, one wouldn't waste CPU decrypting records you aren't viewing).

This is purely a client storage discussion. You'd only see the encryption if you looked at the files directly without using Evernote.

And this is predicated on the bug that the OP claims to be experiencing in the Mac client being fixed.

His steps can't be duplicated on the current Windows Evernote client.

Link to comment
  • Level 5

If your stuff is that confidential, you probably shouldn't be using a cloud based storage app. A password secured, encrypted thumb drive like a Data Traveller 6000 might be better.

Not clear to me who that was directed at.

It would seem to be a sad throw in the towel on certain not yet mature cloud apps.

In this day there's no good reason for the limitation (and in fact the original poster is flagging a LOCAL storage issue, not a cloud storage issue.) Ironically in this thread, with his consern, his data is safer from his perspective in the cloud on Evernote's servers than they are in Evernote on his local PC. At least the cloud servers functionally use his username and password as a barrier.

As for me and my data, I'm eyes wide open. I don't put sensitive stuff in Evernote.

But I'm totally at peace with all my backup data in the cloud because it's encrypted, and totally at peace with all my passwords and sensitive data in the cloud in LastPass. Because it's well tested encryption, with 2 factor authentication.

There's no good reason to throw in the towel on "the cloud". When done right, it's more secure than your local desktop.

Link to comment

There's no good reason to throw in the towel on "the cloud". When done right, it's more secure than your local desktop.

This was all i was really trying to say. If lastpass can be a free, lightweight, secure, syncronizing application why cant Evernote follow the same concept. I dont want to figure out how to use Truecrypt. I dont want to carry a thumbdrive thats easily lost. Eventually everyone will have a document or note they want to take which is sensative and I dont want to have a seperate method or application for storing those documents. I want the Evernote I know and love to give users the option (keyword here is option, it doesnt have to be a feature thats enabled by default) to be more secure. Pick an encryption key, pick a username and pick a password. Everytime i launch Evernote it asks for a username and password. It only lets me view my documents if i get the login credentials correct. Handle the encryption in the background. Simple. But i guess its harder then it seems. Sorry to dig up old topics, it just seemed like a simple feature at the time. :wacko:

Link to comment

Understood. But from my POV, the power of Evernote is tagging and OCR of notes, which would be of no purpose if files were encrypted. I'd like the developers to focus on getting full handwriting recognition up and running. The new LiveScribe wifi pens sync to Evernote, and it's a powerful combination that would blow everything else out of the water if the cloud servers could do full transcription of handwritten notes. Every student who sits in class and takes notes would be interested.

If you want to encrypt or protect documents then there are other ways to do that on your local computer and upload the encrypted or password-protected file to Evernote and just use it as a cloud storage server. As a premium user, my 2 cents to the developers is to expand the functionality in ways that build on the product's existing strengths and unique features, namely tagging, text recognition, voice recording, and OCR of handwriting from LiveScribe.

Link to comment
  • Level 5

Understood.

I'm not sure.

Re-read above.

As discussed, this encryption approach loses no features. And unlike the current in-note encryption (which also doesn't affect tags) allows full search of encrypted text, and unlike the current encryption encrypts file attachments (on Windows but not a Mac which stores those outside the database).

Since we're throwing 2 cents around, I'll argue encryption buys more than speech to text.

Encryption is trivial and cheap to do, and I'll argue affects more of the user base.

Speech to text is hard to code, expensive to license, and expensive on server resources each time it's used going forward.

There's a bucket backlog of broken existing features, and feature requests I hope see's some progress.

Link to comment
  • Level 5*

Since we're throwing 2 cents around, I'll argue encryption buys more than speech to text.

Encryption is trivial and cheap to do, and I'll argue affects more of the user base.

Speech to text is hard to code, expensive to license, and expensive on server resources each time it's used going forward.

There's a bucket backlog of broken existing features, and feature requests I hope see's some progress.

Speech to text in Evernote isn't something that I would prioritize, especially after more than a decade now of using some of the best software for it (Dragon Naturally Speaking) and only achieving some measure of success after the software has been sufficiently trained. I wouldn't mind it if Evernote had such capabilities, but I recognize that it would be no easy matter. Personally, I think the same thing could be said about the difficulties of encryption. In the end, though, regardless of whether you agree on that point, Evernote staff have made their position regarding privacy, security, and encryption pretty clear over the years.

I've collected together some of the posts that Evernote staff have made about privacy, security, and encryption. Hopefully, this will give forum members some idea of the issues involved with encryption, and where things stand at the moment.

https://www.evernote...8eb5e51622df76e

Link to comment
  • Level 5

Thanks grumpy. An Interesting read. And a bit depressing when looking at how dated some of the views are.

If a company isn't security focused, or I would argue, user or marketing focused to design these types of safeguards in to head problems off before they happen, or become a black eye to your product after an event, then it falls to the userbase to put the pressure on.

Look at how it took Firesheep to be downloaded millions of times to expose the problem of lack of SSL encryption for the entire session, not just the login when on open wifi.

Meanwhile people are wondering how someone sitting in a non-encrypted Wifi hotspot at starbucks can know the name of everyone with a laptop on in the store, and be reading all their private mail, dropbox documents, and facebook posts, even after they've closed their laptop and long gone.

http://en.wikipedia.org/wiki/Firesheep

Very quickly, Google, Facebook, and others adopted the change.

Others like Yahoo, dragged their feet. Only this week is it an option at Yahoo, but it's not on by default, you have to dig through your preferences to turn it on.

Evernote does so for web access to your content, but not here in the forums. They do at least set a very short expiry on the token/cookie... But login here while at somewhere like Startbucks without wifi encryption, and anyone else can login as you too.

Now the same type of problem is coming to light with all the widgets on websites (like and +1 buttons, etc).

Other areas of concern from the Evernote posts:

US export restrictions limiting them to 64 bit.

Those went away in 2011, at least if you don't allow export to Cuba, Sudan, Iran, Syria and North Korea.

It's a very long list of free mass market programs without an "escrowed key" using AES 256, from Lastpass to Z7ip. US export restrictions aren't a reason any longer

Most of the other posts in your share seem stuck in a narrow view of how and where to apply encryption.

It can and should be thoughtfully applied without the user having to know or care about it.

Exhibit A: The chrome browser. Like Evernote, it keeps it's data (your history, bookmarks, passwords, settings, etc) in a SQLite database. Like Evernote, it syncs that data to its servers and to an SQLite database on every device, mobile or desktop, cross platform, where you install Chrome and login. You can open your browser at home, and get access to your passwords, history and open browser tabs as they were in Chrome on your desktop at work.

You don't have to know or care about the fact that parts of that database are encrypted, nor did you have to do anything special to turn it on or use it.

Yet what does that do for you? It means that if you open the database with anything other than Chrome you can't read those passwords and other sensitive bits. If it's you logged into your browser within your windows account, you can technically retrieve your key and read it...

but if anyone else in any other windows account tries, they can't read those bits.

If they copy your database to their PC, they can't read those bits.

If they reset your windows account password to login as you, they still can't read the passwords.

And have you ever heard anyone complain about the difficulties and problems or cumbersome issues with Chrome due to it's use of encryption?

It's just there, turned on for everyone, protecting you from problems you didn't know you had to worry about, before they have a chance to happen.

If one is thinking the encryption which helps ensure the privacy that Evernote says it cares about, in anyway hinders searching or other features, or complicates syncing or crossplatform/3rd party clients, you just aren't thinking about it or using it right.

The encryption Evernote currently has and what Evernote complains about limiting searching, breaking 3rd party clients, and complicating US export controls, serves an entirely different purpose than the one discussed here to address the issue in this threads first post.

Link to comment
  • Level 5*

In summary cwb, what Grumps reproduced is Evernote's current position on this issue. As a commercial organisation they do not as a rule discuss forthcoming features and so a ton of security changes may be on the way or they may not be.

Either way, until they make an official announcement it seems very unlikely that there will be any further discussion from them on the subject.

Link to comment
  • 2 months later...

Maybe EN staff should ask Mint.com/Intuit staff how they keep user's data secured and yet available for the core functionality of their platform. EN, I could get you in contact with a couple of helpful Mint people. I've helped them fix a few issues with banking sites before. Until then, I continue to see Evernote as "the little cloud service that couldn't"... care enough about its user's security options, that is.

 

Somehow, "I told you so" doesn't quiet cut it.  :rolleyes:

Link to comment
  • Level 5*

Maybe EN staff should ask Mint.com/Intuit staff how they keep user's data secured and yet available for the core functionality of their platform. EN, I could get you in contact with a couple of helpful Mint people. I've helped them fix a few issues with banking sites before. Until then, I continue to see Evernote as "the little cloud service that couldn't"... care enough about its user's security options, that is.

Somehow, "I told you so" doesn't quiet cut it. :rolleyes:

Somehow, I think Mint is an entirely different setup. The amount of data they would need to encrypt and decrypt in each account is probably only a tiny fraction of what each of us has in our Evernote accounts (at least in my case -- maybe Donald Trump is different).

The only overlap I see is with passwords and the storage of personal data for users. Is this what you meant? The thread here is asking for encryption of notebooks. I'd like to see the notebook encryption option, but if Evernote can't make it work, it doesn't mean they don't care about security options. Please see the link in my previous post for detailed explanations from Evernote staff about the issue.

By the way, I don't think Mint encrypts our data in its database either. It uses encryption in transferring data (so does Evernote), and it encrypts backups (I don't know if Evernote does), but I have never seen them say they encrypt the database. It may be that they do, but I just haven't come across them saying it.

Link to comment
  • Level 5*

Ohh, yeah they do: https://www.mint.com/how-it-works/security/security-technology/

  • Your bank login credentials are encrypted.
  • We apply bank-level data security standards. This includes encryption, auditing, logging, backups, and safe-guarding data.

We know that Mint encrypts passwords (who doesn't?), but does Mint say anywhere that it encrypts databases? It explicitly says it encrypts "backups" of the databases, but curiously never says it encrypts the databases that are in use. That seems odd to me.

In the portion of the page you copy/pasted, there is encryption at levels equivalent with banks, but encryption of what? Many banks do not encrypt their databases (I've seen the claim that 21% of financial institutions and insurance agencies don't). It could just mean encryption of communications (SSL) like banks do. In other words, the only difference I see between Mint and Evernote is that Evernote is actually more transparent about its security precautions. Maybe it actually cares more :)

Link to comment
  • 1 month later...

what about a simple encrypt note function which includes pics? Sometimes you want for different reasons a single note encrypted.

Encryption of selected text only is quite inconvenient in particular because you can do it only with the desktop client.

Link to comment
  • 2 months later...

Evernote uses SSL as a crutch in lieu of providing actual security for the vast amounts of user data it stores on its servers.  Our data is stored in plaintext, which means that any compromised servers would yield attackers unrestricted access to the entire database of any and/or all users.

 

Because Evernote is such a rich treasure trove of data, it is only a matter of time before an APT attacker makes use of data stored in evernote.

 

What someone out there should do is build a plugin or extension to evernote that allows users to easily PGP encrypt notes before sending them off to be stored.  In fact, there is no reason you cannot do this already, other than that this process would not seamlessly decrypt your notes i.e. you would have to manually decrypt the notes on each client platform.

Link to comment
  • 3 weeks later...

Evernote uses SSL as a crutch in lieu of providing actual security for the vast amounts of user data it stores on its servers.  Our data is stored in plaintext, which means that any compromised servers would yield attackers unrestricted access to the entire database of any and/or all users.

 

Because Evernote is such a rich treasure trove of data, it is only a matter of time before an APT attacker makes use of data stored in evernote.

 

What someone out there should do is build a plugin or extension to evernote that allows users to easily PGP encrypt notes before sending them off to be stored.  In fact, there is no reason you cannot do this already, other than that this process would not seamlessly decrypt your notes i.e. you would have to manually decrypt the notes on each client platform.

 

I fully agree, but the "someone" who needs to do this is Evernote. It's amazingly silly for them to provide for the encryption of snippets of text in the middle of a text body while ignoring the encryption of whole bodies, attachments, pictures, and other things. Particularly in the wake of the PRISM scandals, they need to step up and provide for the encryption of all those pieces of data. I'm fine if they don't want to encrypt metadata like note titles, tags, etc. Those can and should still be used for search purposes.

 

Replies like, "Just use <random external program> to do your encryption first" don't fly for me. You can easily replace those with, "Just use <service other than Evernote> that supplies encryption from the get-go."

Link to comment

Replies like, "Just use <random external program> to do your encryption first" don't fly for me. You can easily replace those with, "Just use <service other than Evernote> that supplies encryption from the get-go."

I don't think anyone is disputing that if encryption is a deal breaker for you that you should choose another app/service. That's not EN's focus.

Link to comment
  • 2 weeks later...
  • 2 months later...

Surely I am not the only one requesting this feature.

I do almost all the writing on Evernote now but still use PENZU for personal journals.

Evernote rocks and would love to do all of my writing in Evernote.

Link to comment
  • Level 5*

Surely I am not the only one requesting this feature.

I do almost all the writing on Evernote now but still use PENZU for personal journals.

Evernote rocks and would love to do all of my writing in Evernote.

Of course you aren't! I've merged your thread with this existing one. There are a few other threads about this as well.

As far as Penzu goes, maybe it is great, but why'd they get rid of their terms of service? Apparently, as far as i can tell, you write confidential or secret info into an app that syncs with a cloud service at an unknown location, with no idea what kind of security is used, no idea who might be reading it, and no idea what someone might be doing with it. This is quite possibly one of the least secure looking applications I have ever seen. Read here for some more secure solutions (including Evernote local notebooks).

http://www.christopher-mayo.com/?p=288

If someone does have data on Penzu, let me know. Otherwise, even un-encrypted, I'd say Evernote's transparency alone makes it a far more secure option.

[Edit] The 2009 Penzu TOS is still around, but just hidden now from mobile users. I assume this is the only one, but cannot tell. A lot of their old site is inaccessible now except through cached pages. Apparently, it is a Canadian service.

https://penzu.com/m/terms

I found the 2009 privacy policy as well. They apparently have some form of zero-knowledge encryption, something which I have asked Evernote to do for a while. Penzu sounds very interesting, but I wish we knew more. At any rate, Evernote would do well (in my opinion) to adopt zero knowledge encrypted notebooks (at least one).

https://penzu.com/m/privacy

[Edit 2] There is a 2011 version of the tos and privacy statement. The revision is better, I think (It's too bad that web designers so often feel the need to deprecate their site for mobile users -- I had to use a non-Safari browser on the iPad to fake my way onto the regular site).

Link to comment

Some news on this subject:

 

Phil Libin, Evernote CEO, was at the Dublin Web Summit on November 1st, and made two points which I think are important:

1) Evernote is very serious about protecting their users' data. He gives no details, though.

2) He is against excessive surveillance, which he feels undermines the public's trust in tech corporations and the cloud. It is unclear whether he plans on lobbying against this alongside Google and others, but he supports the initiative.

 

These points are pretty reassuring regarding Evernote's commitment to user privacy.

 

Second, from the Evernote Podcast episode 40, from October 30th, around 51 minutes in:

"We actually got a super cool, uh, we're really really beefing up how we do client-side encryption across the board […] it's something we are hard at work now across multiple clients."

 

Still no ETA, other than "soon".

Link to comment
  • Level 5*

Some news on this subject:

 

Phil Libin, Evernote CEO, was at the Dublin Web Summit on November 1st, and made two points which I think are important:

1) Evernote is very serious about protecting their users' data. He gives no details, though.

2) He is against excessive surveillance, which he feels undermines the public's trust in tech corporations and the cloud. It is unclear whether he plans on lobbying against this alongside Google and others, but he supports the initiative.

 

These points are pretty reassuring regarding Evernote's commitment to user privacy.

 

Reassuring???

 

There is nothing new here.  These are the same basic statements Libin has been putting out for as long as I can remember.

 

As my mother used to say, "The path to Hell is paved with good intentions."  Words are nice, but it is actions that count.

 

I'll be reassured when Evernote offers encryption on a Notebook basis.

Link to comment

 

Some news on this subject:

 

Phil Libin, Evernote CEO, was at the Dublin Web Summit on November 1st, and made two points which I think are important:

1) Evernote is very serious about protecting their users' data. He gives no details, though.

2) He is against excessive surveillance, which he feels undermines the public's trust in tech corporations and the cloud. It is unclear whether he plans on lobbying against this alongside Google and others, but he supports the initiative.

 

These points are pretty reassuring regarding Evernote's commitment to user privacy.

 

Reassuring???

 

There is nothing new here.  These are the same basic statements Libin has been putting out for as long as I can remember.

 

As my mother used to say, "The path to Hell is paved with good intentions."  Words are nice, but it is actions that count.

 

I'll be reassured when Evernote offers encryption on a Notebook basis.

 

 

Maybe. I'm relatively new to Evernote, so this is the first time I heard him say these things.

 

I agree on words vs actions though. This (passwords stored in MD5) and this (use of RC2 for encryption) are making me uneasy about storing anything sensitive in Evernote, but it's good to see Phil say he's working on it. Still not there, but hopefully they'll deliver.

Link to comment
  • Level 5*

 

Maybe. I'm relatively new to Evernote, so this is the first time I heard him say these things.

 

I agree on words vs actions though. This (passwords stored in MD5) and this (use of RC2 for encryption) are making me uneasy about storing anything sensitive in Evernote, but it's good to see Phil say he's working on it. Still not there, but hopefully they'll deliver.

 

 

 

You are wise to be cautious about storing sensitive info in Evernote.  Many of us have adopted the practice of not putting anything into Evernote that is sensitive unless it is first encrypted.  Many PDF apps provide this capability.

Link to comment

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...