(Archived) automatically sending financial documents to evernote

[organizing 3]

anyone have links to discussions/descriptions about automatically sending financial documents to en?

thanks,

doug

[jefito 5,589]

You can email them to your Evernote email account. You can also download them and save them to an Evernote import folder.

[JMichaelTX 4,117]

You should be aware that Evernote does NOT encrypt either the Note or its attachments. Evernote's current policy is one of "buyer beware" and they push the security onto the user. If your documents contain sensitive info you may want to encrypt prior to upload to Evernote.

[organizing 3]

You should be aware that Evernote does NOT encrypt either the Note or its attachments. Evernote's current policy is one of "buyer beware" and they push the security onto the user. If your documents contain sensitive info you may want to encrypt prior to upload to Evernote.

Seems like a huge omission. After all, for many, the main attraction of en would be a central/cloud location to store all personal documents. Some of the documents stored with en are going to be very personal. If someone hacks into en servers--some would say it's not if, but when somebody hacks into en servers--all those personal documents will be available to the hacker... Without the added effort of having to unencrypt each customer's en account? Am I missing something?

[BurgersNFries 2,407]

You should be aware that Evernote does NOT encrypt either the Note or its attachments. Evernote's current policy is one of "buyer beware" and they push the security onto the user. If your documents contain sensitive info you may want to encrypt prior to upload to Evernote.

Seems like a huge omission. After all, for many, the main attraction of en would be a central/cloud location to store all personal documents. Some of the documents stored with en are going to be very personal. If someone hacks into en servers--some would say it's not if, but when somebody hacks into en servers--all those personal documents will be available to the hacker... Without the added effort of having to unencrypt each customer's en account? Am I missing something?

Since this has already been discussed *at great length* on the board, already, please search the board on security and/or encryption. In a nutshell, EN cannot index encrypted notes.

[organizing 3]

You should be aware that Evernote does NOT encrypt either the Note or its attachments. Evernote's current policy is one of "buyer beware" and they push the security onto the user. If your documents contain sensitive info you may want to encrypt prior to upload to Evernote.

Seems like a huge omission. After all, for many, the main attraction of en would be a central/cloud location to store all personal documents. Some of the documents stored with en are going to be very personal. If someone hacks into en servers--some would say it's not if, but when somebody hacks into en servers--all those personal documents will be available to the hacker... Without the added effort of having to unencrypt each customer's en account? Am I missing something?

Since this has already been discussed *at great length* on the board, already, please search the board on security and/or encryption. In a nutshell, EN cannot index encrypted notes.

What about en providing an account option which allows encryption at the expense of indexing? I guess searching would be on titles and tags?

FishNTacos

[jbenson2 2,147]

What about en providing an account option which allows encryption at the expense of indexing? I guess searching would be on titles and tags?

FishNTacos

Already done!

1.) Individual text information can already be encrypted.

or

2.) For more security, put your notes into a non-synchronized local Evernote notebook. Never hits the cloud.

or

3.) For higher security, use TrueCrypt to protect your Evernote notes.

[JMichaelTX 4,117]

What about en providing an account option which allows encryption at the expense of indexing? I guess searching would be on titles and tags?

FishNTacos

Those that oppose auto-encryption of Evernote Notes at the Note or Notebook level often conveniently fail to recognize that great searching of Notes could still be provided by encrypting ONLY the Note contents/attachments, but NOT the Note metadata (like Title, Tags, Dates, attributes).

This would provide a high degree of security while preserving a very powerful and useful search capability.

[GrumpyMonkey 4,319]

It is not buyer beware. The app is free and well-supported by rational, carefully-considered procedures. JM may not agree with them, but they are entirely transparent and quite serious about security and trust.

Evernote has discussed data security on their podcasts, on their site, in news articles, and on the forums. Their policy is clear: they do not encrypt their database, and provide minimal encryption on the desktop clients only for plaintext. If you want to encrypt your data, you are welcome, and even encouraged to do so. This may change someday, and I have suggested things along these lines that I would like to see as well (encrypted notebooks and sections of our accounts behind a firewall of sorts and inaccessible to third-party integrations), but for now, we don't have these things.

As the topic has been discussed at great length, rather than rehashing points that have already been discussed, how about discussing how you deal with sensitive data like financial statements? We can talk about Evernote's policies regarding encryption in one of the many other threads after people have read and digested the various positions that have already been elaborated.

By the way, as I mentioned in another thread, if you encrypt PDFs of your financial data, then please be aware that trying to open a 256-bit encrypted PDF in iOS (4.4) will crash the app. 256-bit encryption is currently not supported by many apps (only Adobe Reader as far as I know), so you'll want to use 128-bit if you plan to access the files from within Evernote on the iPad or iPhone.

[JMichaelTX 4,117]

It is not buyer beware. The app is free and well-supported by rational, carefully-considered procedures. JM may not agree with them, but they are entirely transparent and quite serious about security and trust..

GM I submit it is "buyer beware" for these reasons:

1. Evernote does NOT provide adequate security for sensitive notes/attachments, even though it is advertised as being a place to store ALL your personal information.
   
2. While Evernote does acknowledge that they do NOT auto-encrypt Notes and attachments in the Forum and in a few Blogs, they do NOT make this clear on their main web site where the product is being advertised.
   
3. IMO, this is the equivalent of providing this notice in very small fine print in a long Terms & Conditions agreement that no one ever fully reads.
   
4. While there are ways the user can encrypt documents before attaching to an Evernote Note, I submit that many, many, if not most, users don't know they need to do this, or if they do, don't know how to do it. Encrypting your own documents is mostly limited to "power users".
   

IMO, Evernote should clearly and boldly state on their main web page for Evernote that Notes are NOT encrypted, and that the user should carefully consider encrypting their own documents before uploading to Evernote.

If Evernote wanted to be really user-friendly, they would also provide a link options, techniques, and software choices for encrypting your own documents that will be uploaded to the Evernote cloud.

[GrumpyMonkey 4,319]

It is not buyer beware. The app is free and well-supported by rational, carefully-considered procedures. JM may not agree with them, but they are entirely transparent and quite serious about security and trust..

GM I submit it is "buyer beware" for these reasons:

1. Evernote does NOT provide adequate security for sensitive notes/attachments, even though it is advertised as being a place to store ALL your personal information.
   
2. While Evernote does acknowledge that they do NOT auto-encrypt Notes and attachments in the Forum and in a few Blogs, they do NOT make this clear on their main web site where the product is being advertised.
   
3. IMO, this is the equivalent of providing this notice in very small fine print in a long Terms & Conditions agreement that no one ever fully reads.
   
4. While there are ways the user can encrypt documents before attaching to an Evernote Note, I submit that many, many, if not most, users don't know they need to do this, or if they do, don't know how to do it. Encrypting your own documents is mostly limited to "power users".
   

IMO, Evernote should clearly and boldly state on their main web page for Evernote that Notes are NOT encrypted, and that the user should carefully consider encrypting their own documents before uploading to Evernote.

If Evernote wanted to be really user-friendly, they would also provide a link options, techniques, and software choices for encrypting your own documents that will be uploaded to the Evernote cloud.

1. There is no buyer. Evernote is free. How could it be "buyer beware"?

2. It is difficult NOT to know about encryption and Evernote. This is a basic best practice that you should be following for ANY cloud service, not just Evernote. Evernote makes their encryption options clear on their main site (https://support.ever...9 3&docID=23768), they also make their position about encryption clear on their website (https://support.ever...0 4&docID=23797), and in their blog (http://blog.evernote...y-and-security/). You can see Evernote talking about encryption on YouTube (see "DigitalNow 2009 Phil Libin - Clip 11 of 11"). You can hear Evernote talking about encryption in podcasts #1, #9, and #27. Tech writers outside of Evernote regularly write about encryption and Evernote (http://howto.cnet.co...ernote-desktop/). Book authors warn you to encrypt sensitive data in it (http://www.informati...books/240000930). Heck, even Wikipedia has information on this (http://en.wikipedia.org/wiki/Evernote).

3. See #2.

4. I cannot speak for many users, but I think most people are woefully unprepared for the security challenges in ANY cloud environment, so it seems like a heavy burden to place this all on Evernote.

5. Evernote should declare their encryption policies boldly on their main page because how many other sites do this? Really, this sounds absurd to me. I suppose they should also put in bold letters that the iPad doesn't have stacks Everyone has issues they care about, but I submit that a lot of people probably don't care so much about encrypting their stuff (even though they would like the security -- all of the benefits without the effort).

Where do we agree?

There are a couple of things we probably do agree on, though. The Evernote site (in my humble opinion) is in desperate need of a redesign, and some serious thinking needs to go into how they restructure it, because it is very difficult to navigate and find information. Any decent Google-fu will get you where you want to go, but that is just another way of saying that the design is failing. It may have been OK when it was made, but Evernote has grown, and it is time to update that site.

The documentation needs work. As I have mentioned elsewhere, Evernote needs to dedicate an employee to documenting each client and maintaining that documentation with every iteration. Of course, this would include how to handle encryption.

[organizing 3]

What about en providing an account option which allows encryption at the expense of indexing? I guess searching would be on titles and tags?

FishNTacos

Already done!

1.) Individual text information can already be encrypted.

or

2.) For more security, put your notes into a non-synchronized local Evernote notebook. Never hits the cloud.

or

3.) For higher security, use TrueCrypt to protect your Evernote notes.

The speed and ease of one-button, one-step sending to en is important to me. Most of my sensitive documents arrive in pdf format. Besides, a key en feature is its ubiquity across platforms--I don't want to have documents stored on my pc when they are needed on my android phone. As another poster suggested, I think that en should provide an encrypt configuration switch so that all data is encrypted--metadata (tags, titles, etc.) is left unencrypted and searchable.

[jefito 5,589]

It's great to make suggestions, and surely there are a number of people who want this functionality. But prior comments by Evernote staff lead me to believe that they're not interested in providing it. That may change, of course, but since this functionality doesn't appear to be forthcoming any time soon, my advice to you would be either to find a way to encrypt/decrypt Evernote attachments on whatever clients you're using, or find a different solution altogether.

[JMichaelTX 4,117]

I no longer concern myself with what Evernote says they won't do, or are not interested in doing.

I have observed several major reversals in their long stated policies/markets/features, the most recent of which is providing a version that is more suitable for businesses.

To state the obvious, we do have to accept the current feature list if we want to use Evernote now. There may be work-arounds in some cases.

But that doesn't mean that we can't keep on asking for the features that are important to us.

It is rarely clear to us outsiders how Evernote makes their feature decisions.

But I have see at least a couple of cases where it appeared that Evernote was directly responding to user requests.

[Tim Watts 1]

I was discussing this with a colleague yesterday.

As Evernote is file agnostic (excepting that they can be clever with certain known filetypes), surely it would be a relatively simple matter to bolt a GnuPG or similar encryption engine into each client? Yes you can do this manually, but it's so clunky as to be a right PITA. No TrueCrypt does not help - I am not worried about the security of my laptop, only my data in the cloud - see below.

The web could be handled too via a Java applet.

This would involve (as far as I can see) no server changes.

Then the user has a choice. High end encryption (say 2048 bit key minimum) and no fancy document introspection or low security and convenience. In either case we still get the categorisation and multiple device access from cloud.

You see - I can not ever use Evernote for going paperless until that happens, as my paperwork includes medical, financial and other sensitive stuff. It's very nice to see assurances that the servers are "in a locked cage with only 4 sysadmins holding cards", but:

1) That assumes I trust Evernote - I don't. Sure you are all nice folk, but I have no basis for trusting you. I will pay you for a service as long as I don't need to trust you.

2) I very very much do not trust your government. The Patriot Act renders the "4 cardholders" claim pretty worthless.

3) Hackers. They are everywhere. EN is a target for sure. One day, something's going to leak.

So come on guys - address the problem and I would happily pay a couple of hundred dollars a year for say 10-30GB.

I have looked at the competion - SpiderOak. Nice system, but none of the categorisation and metadata features of EN. There's a gaping hole in the market and one day, someone's going to fill it - so why not?

Yes - please take this as a feature request!

Best,

Tim Watts

England