• Announcements

    • gbarry

      Reach out to Evernote support on Twitter @EvernoteHelps   09/20/2016

      We've been leveling up our support across all channels. If you're active on Twitter, try your hand with our @evernotehelps feed. It's helmed by a crack team out of Austin, TX who are here to answer your questions. They're generally active from 7am-4pm CST.  https://twitter.com/evernotehelps  
Kurt Cubic

(Archived) (Archived) REQUEST: Additional encryption options for notebooks and syncing

787 posts in this topic

@heather

actually, i have to disagree with you here. the ability to encrypt an entire notebook would be quite nice.

1. would i put everything in there? no. as you said, it wouldn't be indexed.

2. would it be more convenient? undoubtedly. encrypting each note individually is quite a pain. and, currently you have to open up a separate application (like adobe) to encrypt the contents of attached files.

3. would it make evernote more useful? yes, because i cannot encrypt files in evernote on many platforms. encryption is actually impossible for me weeks at a time, because i do not have my osx laptop with me.

4. why not use dropbox? i don't need or want evernote to index my medical records, or materials with the sensitive information of third parties. i want it all in one place and accessible (note links or title searches), though. dropbox places it out of reach, especially if you travel and do not have an internet connection.

5. is this high priority? not for me. i would like it, of course, but there are many partiy issues i want to see evernote address first.

2 people like this

Share this post


Link to post
Share on other sites

I installed the Evernote application to my desktop and it opens when I click on the icon. How do I secure it so that it won't open without a password or some other code?

Share this post


Link to post
Share on other sites

You can log out via Tools > Options. Your notes are still in the file system. Up to you if you want to secure your whole hard drive upon OS login or what not.

Share this post


Link to post
Share on other sites

As for password protected notebooks - one of the major benefits of Evernote is our indexing system. That is what sets us apart from everyone else in the industry. If we can't index your data for searching, we honestly don't understand why you would want to use our product instead of anyone else's. It basically just turns us into file storage.

I'm not sure what password protecting a notebook fully implies, but let's assume for a moment that it means you encrypt the Note contents, but NOT the Note metadata.

If so, then EN searching could still be very powerful/useful as you can search for tags, title, dates, and other metadata.

So, we could have a Notebook whose Notes contents are more secure while still allowing useful searching.

Just a thought.

1 person likes this

Share this post


Link to post
Share on other sites

You may also find the "wide open databases" thread informative/enlightening if not overwhelming.

(Just trying to fend off yet another "WHAT? YOU MEAN MY DATABASE IS NOT ENCRYPTED FROM PRYING EYES/COMPUTER THIEVES/HACKERS?" thread.)

Share this post


Link to post
Share on other sites

At a guess, someone who would want to encrypt a note's contents would also want to encrypt its metadata, as metadata can carry private information as well, e.g. Title, tags, geographic location. Is search text (as from images) considered to be metadata as well? Its hidden from users, but it is part of a note's ENEX content.

Share this post


Link to post
Share on other sites

the title (120203 grumpy monkey bowel movements) would not necessarily have any sensitive data in it. the metadata just tells where i made the note, the tags, and so forth. i would prefer if this wasn't hidden. i guess i consider the metadata to be separate from the actual content of the note (text or file attachment).

Share this post


Link to post
Share on other sites

At a guess, someone who would want to encrypt a note's contents would also want to encrypt its metadata, as metadata can carry private information as well, e.g. Title, tags, geographic location. Is search text (as from images) considered to be metadata as well? Its hidden from users, but it is part of a note's ENEX content.

Perhaps that is how you would want it, but I think there are definitely a number of use cases where ONLY the Note content/attachment would be sensitive.

For example: Bank Statements and other financial statements.

My Title of "Bank ABC Jan 2012 Statement" and tags of "Financial" and "Bank" are not at all sensitive.

And let's not get technical here. Note "Content" means content from the User's prespective -- not how EN manages the note data.

Share this post


Link to post
Share on other sites

the title (120203 grumpy monkey bowel movements) would not necessarily have any sensitive data in it. the metadata just tells where i made the note, the tags, and so forth. i would prefer if this wasn't hidden. i guess i consider the metadata to be separate from the actual content of the note (text or file attachment).

:o TMI.

I can appreciate if people want all their data in one place. But IME, that's rarely, if ever happened & probably never will. I don't store most of my photo scans/digital photos in Evernote. That's on my hard drive & my Amazon S3 cloud. The photos are organized with ACDSee Photo Manager.

My passwords are not in Evernote. They are stored in SplashID - been using that app for about five years.

My home movies/videos are not in Evernote. Primarily due to size. Most of them aren't backed up in the cloud again due to size. The sheer volume & size makes uploading from a Cox high speed internet access in a residentail home prohibitive and the pricing/cost as well. So no cloud for them. However, they do get backed up to Western Digital Passport USB drives & stored in my safe deposit box.

My music is not stored in Evernote. iTunes is the organizer & the music is uploaded to my Amazon S3 cloud.

I'm one who prefers to use the best tool for the task. Yes, it would be nifty to have everything in one app. But like I said, I've never had the luxury of being in that position & don't see it happening anytime soon. So I fully agree with Heather when she says "If we can't index your data for searching, we honestly don't understand why you would want to use our product instead of anyone else's."

Share this post


Link to post
Share on other sites

Um, "At a guess", means I don't really know. As it happens, I don't really have a preference either way, since I don't use Evernote's encryption facilities. But people who care about security tend to really *really* care about security, and it's certainly something worth considering.

Oh, by all means, let's not get technical here, because security is not a technical subject. Oh right, I was merely asking a question about whether such information ought to be encrypted as well.

Share this post


Link to post
Share on other sites

While encypting the Note Content but not the metadata might not satisfy some users, it might be just enough security for many other users.

Seems like a good balance to me.

1 person likes this

Share this post


Link to post
Share on other sites

Or just don't do it at all, tell everyone that you aren't going to do it and then let users decide for themselves what they want to do.

A halfway house will just lead to confusion I'm sure.

1 person likes this

Share this post


Link to post
Share on other sites

For All. I said password and encryption, but didn't form the thought fully for you. I was interested in password encrypted notebooks in the cloud. As someone picked up, my alternative right now is to password encrypt the pdfs. But this does remove some functionality. I would love to click on a certain notebook called "medical", type a strong password, and have all my notes, records, and such pop up with full functionality. As a first step, the pin function now available on IPAD for all devices would help.

Heather's mentioned this, but if the whole notebook was encrypted, then we wouldn't be able to offer full functionality on it. Or we'd do some hardcore encrypting decrypting all the time for all the data in there. If we just offer password protection, your files are still on your hard drive and accessible outside of Evernote.

There is the possibility of encrypting note content (note body, attachments) and not the metadata (note title, tags, created date, creation source, etc). It is a interesting middle ground. I'm not sure it is something that I'd be completely happy with, but maybe I'd use it sometimes

Share this post


Link to post
Share on other sites

Or just don't do it at all, tell everyone that you aren't going to do it and then let users decide for themselves what they want to do.

A halfway house will just lead to confusion I'm sure.

Yeah there is the concern that we'd say we do encryption and someone doesn't realize note titles will be available and accidentally exposes sensitive information. Tough balancing act

Share this post


Link to post
Share on other sites

the title (120203 grumpy monkey bowel movements) would not necessarily have any sensitive data in it. the metadata just tells where i made the note, the tags, and so forth. i would prefer if this wasn't hidden. i guess i consider the metadata to be separate from the actual content of the note (text or file attachment).

:o TMI.

I can appreciate if people want all their data in one place. But IME, that's rarely, if ever happened & probably never will. I don't store most of my photo scans/digital photos in Evernote. That's on my hard drive & my Amazon S3 cloud. The photos are organized with ACDSee Photo Manager.

My passwords are not in Evernote. They are stored in SplashID - been using that app for about five years.

My home movies/videos are not in Evernote. Primarily due to size. Most of them aren't backed up in the cloud again due to size. The sheer volume & size makes uploading from a Cox high speed internet access in a residentail home prohibitive and the pricing/cost as well. So no cloud for them. However, they do get backed up to Western Digital Passport USB drives & stored in my safe deposit box.

My music is not stored in Evernote. iTunes is the organizer & the music is uploaded to my Amazon S3 cloud.

I'm one who prefers to use the best tool for the task. Yes, it would be nifty to have everything in one app. But like I said, I've never had the luxury of being in that position & don't see it happening anytime soon. So I fully agree with Heather when she says "If we can't index your data for searching, we honestly don't understand why you would want to use our product instead of anyone else's."

bm documentation ok (hopefully, with titles and metadata--you and heather may not get the value, but i do!).

bm photography, so-so.

bm videos no.

bm physical specimens, no.

i can live with that :)

Share this post


Link to post
Share on other sites

bm documentation ok (hopefully, with titles and metadata--you and heather may not get the value, but i do!).

bm photography, so-so.

bm videos no.

bm physical specimens, no.

Oh.

OH.

OHHHHH!!!!

(No wonder Monkey is grumpy! :o )

Share this post


Link to post
Share on other sites

While encypting the Note Content but not the metadata might not satisfy some users, it might be just enough security for many other users.

Seems like a good balance to me.

Signed.

Share this post


Link to post
Share on other sites

I've been waiting for Evernote to take security seriously for over one year. Until now, I've only taken the liberty to set a couple of YouTube users straight (privately) about the serious security implication of using Evernote for business purposes without DB encryption in the back-end. But nonetheless, non-technical users seem to ignore the true depth of risks and liabilities for increasingly using cloud-based applications even when news of network penetration and identity theft become more common.

I'm a Network Administrator, currently striving for a specialization in network security. Not an expert by a long shot, but I have to follow the industry trends up on a regular basis.

I remember seeing in the WSJ an article about the CEO of Evernote asking users why they don't use his application more. I tell you why users shouldn't use it yet... security.

I regrettably read that lots of users in this thread claim security is not their priority. Good for them. However, security shouldn't be an "add-on" feature. Instead it should be built into the most basic design from inception. Otherwise, you'll end up like the DoD, losing millions of dollars of equipment and possibly technology patents because they failed to implement encryption (on drones recently hacked and stolen by Iran). I bet someone in the defense contractor company said, "we just don't understand the usefulness" of encrypting our drones. I'll show you how your privacy might be at risk only by following the suggestions of Evernote's team besides the occasional condescending argument.

Not long ago, I saw a testimonial video from a K-12 student who claimed he used Evernote for everything in his last year in HS. I hope he didn't use it to keep FAFSA related info, or scholarship applications.

Then another video of a teacher who encouraged his class to submit assignments and give lectures, etc. The Mountclair Kimberley Academy seems to be increasingly using Evernote in their curriculum. Evernote is becoming a collaboration tool, much like SharePoint or AlFresco is used in the enterprise world. But yet, it seems that the devs haven't grasped at the idea of how their tool, as simple as it is, can someday become the default document sharing and archiving application. I wouldn't call it a platform yet, simply because unlike SharePoint, security it's not an integral part of the mix but rather a secondary feature around here. I hope you do explain to these fine institutions and users who appear in video that any and all data is clear in the back-end and therefore understand the risk of putting their name and reputation out there.

Let me ask you, how would you like your kid to send an athletic, administrative or academic application via Evernote with his/her S.S.N. on it and end up leaked out when one of your servers gets hacked or penetrated by an insider? Please don't attempt to explain how an inside job can't happen because of your physical security measures, any security consultant will argue that although less likely to happen statistically speaking, it can be far more devastating than an external attack if it ever does happen. Not only that, but as Sony's PSN fiasco of 2011 showed, as soon as an external attack gets past the firewall, (lots of times thanks to the unintended help of employee's computer practices), finding and exploiting non-encrypted data is fair game.

On the "8 Great Ways Couples Can Use Shared Notebooks" article, you suggested to upload and share the following:

  • Traveling Plans: Really... users should feel safe having itineraries, route maps, and other documents for easy access without encryption in the back end? Governments as well as criminal groups would have a field day if they can get access to DBs full of this info about their dissidents and people of interests; just ask Google and their Chinese government run-in a couple of years ago. Also, the icons on the website show an image of a passport, and although it's not enumerated in the lists, some people might feel encouraged to scan their passport into an unencrypted DB.
  • Shopping and To-Do-Lists: It may sound like low risk, think about people who might actually put their medication list on EN to remember have them picked up at their pharmacy. Now, that's something lots of people won't want to share with the world.
  • Sharing information about your kids... " class rosters to sports practices, vaccinations to everything in between": Really?... Seriously? I bet those parents who had their kids taken away legally wouldn't mind getting a hold of these. I'm sure it escapes everyone's minds since we never hear about this but "there are" people out there under witness protection who's privacy is paramount.
  • Doing your taxes: This is why I was mostly interested in EN. I wouldn't mind paying to have receipts OCRed and then indexed by year for my sales taxes, medical expenses or education expenses deductions. But guess what? Should I mention why having tax information in Evernote is a bad idea? It runs along the lines of clear non-encrypted DB.

I shouldn't mention to those small business owners (specially in healthcare and accounting fields) that entrusting their client's information in a company that is not HIPAA or Sabares-Oxley compliant is a very bad idea. They would be liable for damages if their information is compromised. Evernote as a company could also be liable for suggesting and promoting the use of a service that could potentially endanger institutions and companies.

I would also suggest inventors in need of taking notes to stay away from applications which could make them vulnerable to patent, copyright and trademark losses. It's their livelihood that's at stake and it would really suck if someone gets a hold of their next big idea before they are able to lock them on their name.

So how many types of users did we just excluded or alienated there?

As you can see, there are many "useful" instances where encryption and user privacy protection is of utmost importance. Now, encryption should be simple enough to be done at the client side before it leaves to the server. Yes, it would stop you from going through the user's data, but that's the whole point of privacy right? :) Indexing and OCR can be done at the client-side while the password/token is on memory. It's true what Heather mentioned, there are other programs that can do this much better than EN... at least in the small business and enterprise environment. But it's not your indexing that separates you from the crowd, it's the inability of EN to do encryption, OCR and Indexing seamlessly at the same time. Now, what makes EN most attractive to users like myself it's the fact that an individual can use the tool, without committing hundreds of dollars in a server-client application that we would have to maintain.

Client-side PDF encryption is a good 1st step, but still a workaround. Workarounds are not true solutions, but rather they should be seen as temporary fixes to those issues we don't have the expertise to resolve yet.

I (in my narrowly limited mind) only see two solutions to this issue: 1) Get better engineering to put security at the forefront of the application for the sake of those (regardless of how many) who use it in the ways you suggest, or 2) get a hell of an attorney and have it on a call basis.

1 person likes this

Share this post


Link to post
Share on other sites

Or let users know what is available and let them decide for themselves whether the service meets their requirements. If it doesn't then of course they should and are able to go and use something else.

Share this post


Link to post
Share on other sites

For a consumer based software program, I found this article on Evernote to be helpful and easy to read.

Is Your Data Safe In Evernote

http://michaelhyatt....n-evernote.html

The takeaway line: "There are no absolute guarantees in the world of digital media and cloud storage, but this is compelling enough to me."

He also mentioned that If you need more security, try TrueCrypt

Back on March 26, 2009 Evernote employee Dave Engberg mentioned the following:

"I personally feel that Evernote is appropriate to store things that you'd be willing to send over email via a high-end email provider. I.e. if you have something that you absolutely would never want to be stored "in the Internet" anywhere, then you wouldn't send it to someone via email, and you wouldn't store it in your Evernote account."

.

My interpretation of similar comments is that Evernote is for personal use. Corporations might use it, but need to be cautious. It is not an enterprise type software program.

Share this post


Link to post
Share on other sites

Or let users know what is available and let them decide for themselves whether the service meets their requirements. If it doesn't then of course they should and are able to go and use something else.

That scenario is covered under my 2nd option as they would still need a lawyer if breach happens.

If that's the option they decide to take, then they need to make sure the suggested use of the application won't put users at risk. At this moment, it just doesn't look ethical or even honest to tell your users to put tax or any of the other information in their servers with no encryption protection. It just creates a false sense of security, which is much worse than non-security.

@ Reaver, I've read the http://michaelhyatt....n-evernote.html article before. I think I've commented there before. Simply put, the person who wrote the article is not a security expert as the issue of database encryption was completely ignored... again creating a false sense of security when the issue is a huge red target on Evernote's servers.

Using Evernote in a local database, encrypted in the local HDD takes away from the attractiveness I mentioned of the server-client architecture cloud provides. If the answer to server security is, "don't use our servers" again it falls under option #2 of my first post.

The CEO should have realized by now that security is the awkward blue elephant in the room for many Evernote would-be users. Not whether their aging Blackberry or HP WebOS device can access the service. If he doesn't' realize this is a valid reason for users not to flock to his service as an integrated document archiving service, then too bad.

Share this post


Link to post
Share on other sites

Iregrettably read that lots of users in this thread claim security is not their priority. Good for them. However, security shouldn't be an "add-on" feature. Instead it should be built into the most basic design from inception.

While I find security a priority issue with me, I find your post not applicable to Evernote, no matter how much you want it to be. IMO, yes, a USER should ultimately be responsible for his/her own data. Not each & every individual app they may use. Additionally, security must be balanced with usability. I could live in a steel lined cave with a gazillon locks on the door in order to feel safe. But would I? No. Pretty much everything else I have to say on the subject has been already posted so I'm not going to repost them intertwined with your postings.

Until now, I've only taken the liberty to set a couple of YouTube users straight (privately)

Yay for you.

get a hell of an attorney and have it on a call basis.

This gets the drama queen vote for the week.

Share this post


Link to post
Share on other sites

Security and privacy are extremely important topics for Evernote users, and for good reason. Evernote would like to provide a single service to manage your memories for many years. To achieve this, we must provide a very high level of system and data security while offering users a variety of choices to manage their own privacy requirements. Here's a high-level overview of some of the ways in which your data is protected by Evernote.

  • When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel. Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers.

  • User data is not publicly accessible (e.g. via search engines) unless a user explicitly publishes one or more of their notebooks, in which case they may be accessed by other users.

  • Your login information is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

  • And, for all of our members, all note data is transferred over SSL, not just your login credentials.

We also offer enhanced privacy options that would not be available from services like email:

  • If you have sensitive text that you would like to remember (passwords, PINs, credit card numbers), you can encrypt that text in our clients using a passphrase that is never transmitted to Evernote. This encrypted text can only be decrypted and read on one of your computers after you’ve re-entered the encryption passphrase. The sensitive text is not readable on our servers or on your computer by anyone who does not know the passphrase.

  • If you have some notes that you only want to access from a single computer, you can place these into a “Local Notebook” on our Windows or Mac client. Notes in a Local Notebook are never transmitted to our service, so they aren’t accessible from the web, or from your other computers. This may allow a greater level of privacy for some notes, at the expense of the accessibility and reliability you would get from a private note on the service.

We recognize that user choice is an important component of privacy and security. We believe that no single option is going to meet the needs of all users, so we aim to offer a set of tools that let people balance their needs for accessibility, privacy and control.

Several of the company's founders (myself included) come from a strong encryption background (founders of CoreStreet, acquired by ActiveIdentity). For Evernote's consumer product, the current encryption algorithms are chosen more for exportability under the Commerce Department rather than strength, since our software permits the encryption of arbitrary user data with no escrow.

We'd be interested in offering something stronger in the future when we have the staffing to fight the lengthy export battle, but until then, we continue to advise users to use an external encryption solution to encrypt important files and then add these encrypted into Evernote.

7 people like this

Share this post


Link to post
Share on other sites

While I find security a priority issue with me, I find your post not applicable to Evernote, no matter how much you want it to be. IMO, yes, a USER should ultimately be responsible for his/her own data. Not each & every individual app they may use.

User should not be responsible of data once it leaves their client-side. There is no way a user can predict or prevent a breach in the server-side. That demarc point is important, specially in court.

Additionally, security must be balanced with usability. I could live in a steel lined cave with a gazillon locks on the door in order to feel safe. But would I? No.

You seem to think that security of any kind is just futile. Although it is well known that even perfectly layered security is penetrable one way or the other, the whole purpose is to discourage attackers by making it hard to get through. Database encryption with 128 bits would force the attacker to guess between 1 and 1^38 (1 followed by 38 zeros) or 149.7 trillion years to brute force the crypto key. Now... would it be worth it for anyone to spend 150 trillion years to do this? NO. :)

I offered a suggestion worth pursuing about doing OCR and Indexing when the key is on the clear at the client side. That's what LastPass, DocsVault and even DA Document Manager for WHS (in a limited way) do. Again, there are solutions when they are pursued, not when they are shutdown with a lazy excuse of the it's "not practical" kind.

Yay for you.

What kind of comment is that? I tell you which one, a condescending one. Ignorance is bliss.

This gets the drama queen vote for the week.

Another ignorant comment that doesn't add to the discussion of a serious concern. Maybe you should stay away from contributing in this type of discussions. It certainly doesn't make other users welcome to your community, something the OP predicted.

------------

@ Heather: Unfortunately, no one is putting data transmission or physical access to the servers in doubt. The problem is, without database encryption, it doesn't matter what type of measures you have in place physically or in client-server transmission. If only one node of your servers is compromised, it's all over. Just look at Sony's example I provided. Then all the info your company suggested by admission for your users to upload to those servers is compromised. I'm aware of the work Phil did in Engine 5 and CoreStreet, and that's even more reason why it amazes me database encryption seem to be such a hard nut to crack in EN. In addition, I'm not sure if you are aware that many companies decide to offer strong encryption to US/Canada users only, to avoid export issues. Bringing the standard down across the board seem as much of a bad idea as no encrypting databases.

Share this post


Link to post
Share on other sites
Yay for you.

What kind of comment is that? I tell you which one, a condescending one.

Matches your original statement.

The problem is, without database encryption,

This is deja vu all over again.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.