Level 5 jbenson2 2,147 Posted November 20, 2012 Level 5 Share Posted November 20, 2012 If the Government is able to read personal e-mails without a warrant, the next step is to read personal cloud-based info (Evernote).http://news.cnet.com...=news&tag=titleTrueCrypt with Evernote is looking more and more attractive to me.I only use Evernote on my Windows Client.The iOS version is far too slow and too small for my needs.I OCR all my PDF's before submitting them to Evernote.Are there any major drawbacks to using TrueCrypt with Evernote?Specifically - regarding searches for text, web captures, and PDF's? Link to comment
Level 5* GrumpyMonkey 4,319 Posted November 20, 2012 Level 5* Share Posted November 20, 2012 If the Government is able to read personal e-mails without a warrant, the next step is to read personal cloud-based info (Evernote).http://news.cnet.com...=news&tag=titleTrueCrypt with Evernote is looking more and more attractive to me.I only use Evernote on my Windows Client.The iOS version is far too slow and too small for my needs.I OCR all my PDF's before submitting them to Evernote.Are there any major drawbacks to using TrueCrypt with Evernote?Specifically - regarding searches for text, web captures, and PDF's?I am very uncomfortable about the legislation that has already been passed in the US, the legislation they plan to pass in the US, and the lack of protections for our data, especially under the Patriot Act. Perhaps I have learned different lessons from history than our legislators, but it seems to me that it is never a good idea for governments to have unfettered access to some of the most private information (journal entries, medical data, emails, etc.) of its citizens. I haven't found a solution yet to my concerns.Specifically, regarding cloud services like Evernote, as I understand it the government could compel Evernote to open up my account without my knowledge. There is nothing that Evernote could do about this, as far as I know. I don't see how encrypting my local drive with TrueCrypt would help me in this regard. Isn't the data still on Evernote's servers un-encrypted? I have my Mac hard drive encrypted with File Vault, so I have secured my local copies, but my understanding is that everything is still available without encryption on Evernote servers. Otherwise, how could I log in from my iPad and read my notes?Really, the only solution for this particular concern is something like SpiderOak, which encrypts everything it holds for you, and only you have the encryption key. If Evernote were to go to this so-called "zero knowledge encryption," I imagine it would dramatically impact all sorts of things like the speed of the service. Still, it might be something worth investing in for enterprise folks and unreasonably paranoid people like myself. I know I would be willing to pay more for it. Link to comment
Level 5 jbenson2 2,147 Posted November 20, 2012 Author Level 5 Share Posted November 20, 2012 I don't see how encrypting my local drive with TrueCrypt would help me in this regard. Isn't the data still on Evernote's servers un-encrypted? I have my Mac hard drive encrypted with File Vault, so I have secured my local copies, but my understanding is that everything is still available without encryption on Evernote servers.Ouch! Well that kills my desire to use TrueCrypt on Evernote. Link to comment
BurgersNFries 2,407 Posted November 20, 2012 Share Posted November 20, 2012 If the Government is able to read personal e-mails without a warrant, the next step is to read personal cloud-based info (Evernote).http://news.cnet.com...=news&tag=titleTrueCrypt with Evernote is looking more and more attractive to me.I only use Evernote on my Windows Client.The iOS version is far too slow and too small for my needs.I OCR all my PDF's before submitting them to Evernote.Are there any major drawbacks to using TrueCrypt with Evernote?Specifically - regarding searches for text, web captures, and PDF's?First, TC is not supported by EN. So if you have problems, they may suggest you remove the database from the TC volume.Second, TC only works on your computer, not the data in the cloud. Your Evernote database on the EN servers is no different than it is right now. The reason I use a TC volume on my computers is if my computers were to be stolen. Link to comment
Level 5* GrumpyMonkey 4,319 Posted November 20, 2012 Level 5* Share Posted November 20, 2012 I don't see how encrypting my local drive with TrueCrypt would help me in this regard. Isn't the data still on Evernote's servers un-encrypted? I have my Mac hard drive encrypted with File Vault, so I have secured my local copies, but my understanding is that everything is still available without encryption on Evernote servers.Ouch! Well that kills my desire to use TrueCrypt on Evernote.I am pretty sure that I am correct about this, but I think BNF is our resident TrueCrypt expert. It will secure your local files, which is very important, but it will not do anything to protect your data on Evernote's servers, so doesn't seem to address your concerns. If you do find a solution, please let us know![EDIT: Sniped by the expert herself.]By the way, one thing I have been meaning to do when I get some free time is to remove myself from the cloud, with the notable exception of Evernote. All of my GDrive, Gmail, Dropbox, and other information will get saved and erased at some point in the near future. It appears that GDrive (?) may have corrupted a bunch of my PDFs, so this will be no great loss -- fortunately, I have local versions that it I have had to painstakingly go through and check against the versions I was using / updating on the cloud. It appears that I am not the only one (https://productforums.google.com/forum/?fromgroups=#!topic/drive/I_zhc-WmcUo), but I am not 100% it was Google -- it could have been Dropbox before I moved the files into GDrive. I am a pretty satisfied SpiderOak user (they really need to improve the iPad app), and I think that is probably where all of my PDFs and other stuff will end up. I don't even have any particularly sensitive stuff in there of my own. It is simply an irrational (?) desire to maintain my privacy and maintain control over my data. Link to comment
BurgersNFries 2,407 Posted November 20, 2012 Share Posted November 20, 2012 Isn't the data still on Evernote's servers un-encrypted?Yes. Link to comment
Level 5 jbenson2 2,147 Posted November 20, 2012 Author Level 5 Share Posted November 20, 2012 First, TC is not supported by EN. So if you have problems, they may suggest you remove the database from the TC volume.Second, TC only works on your computer, not the data in the cloud. Your Evernote database on the EN servers is no different than it is right now. The reason I use a TC volume on my computers is if my computers were to be stolen.Thank you. I remember your post about the first point. And now I have a better understanding of the 2nd point.I guess the best solution is to move more stuff to local notebooks. Link to comment
BurgersNFries 2,407 Posted November 20, 2012 Share Posted November 20, 2012 [EDIT: Sniped by the expert herself.] By the way, one thing I have been meaning to do when I get some free time is to remove myself from the cloud, with the notable exception of Evernote. All of my GDrive, Gmail, Dropbox, and other information will get saved and erased at some point in the near future (it appear that GDrive (?) may have corrupted a bunch of my PDFs, so this will be no great loss). I am a pretty satisfied SpiderOak user (they really need to improve the iPad app), and I think that is probably where all of my PDFs and other stuff will end up. I don't even have any particularly sensitive stuff in there of my own. It is simply an irrational (?) desire to maintain my privacy and maintain control over my data. I will have to check SpiderOak out. However, one thing I've done to have some sensitive data in the cloud is to have a TC volume in Dropbox. Sounds like that may be similar to SpiderOak...??? Link to comment
BurgersNFries 2,407 Posted November 20, 2012 Share Posted November 20, 2012 Thank you. I remember your post about the first point. And now I have a better understanding of the 2nd point.I guess the best solution is to move more stuff to local notebooks.You're welcome.Or...password encrypt PDFs. Or have a TC volume in Dropbox. Link to comment
Level 5* GrumpyMonkey 4,319 Posted November 20, 2012 Level 5* Share Posted November 20, 2012 [EDIT: Sniped by the expert herself.] By the way, one thing I have been meaning to do when I get some free time is to remove myself from the cloud, with the notable exception of Evernote. All of my GDrive, Gmail, Dropbox, and other information will get saved and erased at some point in the near future (it appear that GDrive (?) may have corrupted a bunch of my PDFs, so this will be no great loss). I am a pretty satisfied SpiderOak user (they really need to improve the iPad app), and I think that is probably where all of my PDFs and other stuff will end up. I don't even have any particularly sensitive stuff in there of my own. It is simply an irrational (?) desire to maintain my privacy and maintain control over my data. I will have to check SpiderOak out. However, one thing I've done to have some sensitive data in the cloud is to have a TC volume in Dropbox. Sounds like that may be similar to SpiderOak...??? Well, the end result is that no one can read your stuff (short of the NSA -- maybe). But, the difference is that I can (when the iPad app works properly) access my data on SpiderOak even from a mobile device. Your solution (as far as I know) would mean that I could only access it on a desktop of some sort. It's not a big deal, of course, if you aren't relying on your mobile device. And, I suppose it is worth re-iterating (for people just joining the conversation in this thread) that the True Crypt solution is not officially supported by EN, so they'll want to be technically proficient to use it. Link to comment
cpchang 12 Posted February 6, 2013 Share Posted February 6, 2013 Thank you. I remember your post about the first point. And now I have a better understanding of the 2nd point.I guess the best solution is to move more stuff to local notebooks.You're welcome.Or...password encrypt PDFs. Or have a TC volume in Dropbox.I wish to make sure I understand you about TC volume in Dropbox. Do you meant a TC protected EN file?Let's say protection on cloud is my only concern (not the local computer). Would it work if I put all sensitive stuff in local notebooks and then store EN data in Dropbox? (Assuming data in Dropbox are encrypted). Do you think in this way everything in EN is synch'd through dropbox and I can access them in my multiple number of PCs, and I will be able to access only the nonsensitve stuff in my smart phones? Link to comment
BurgersNFries 2,407 Posted February 6, 2013 Share Posted February 6, 2013 Thank you. I remember your post about the first point. And now I have a better understanding of the 2nd point.I guess the best solution is to move more stuff to local notebooks.You're welcome.Or...password encrypt PDFs. Or have a TC volume in Dropbox.I wish to make sure I understand you about TC volume in Dropbox. Do you meant a TC protected EN file?Let's say protection on cloud is my only concern (not the local computer). Would it work if I put all sensitive stuff in local notebooks and then store EN data in Dropbox? (Assuming data in Dropbox are encrypted). Do you think in this way everything in EN is synch'd through dropbox and I can access them in my multiple number of PCs, and I will be able to access only the nonsensitve stuff in my smart phones?If I were putting the sensitive PDF into Evernote, I would password ENCRYPT it. (Not just password PROTECT it.) I know many free PDF viewers allow you to password encrypt, such as the free version of PDF XChange. If I were putting it into Dropbox, I would either password encrypt the PDF OR...create a Truecrypted volume in Dropbox. When the TC volume in Dropbox is mounted, you can then move sensitive data to it. Dismount it & Dropbox will do a block update of the TC volume, so the entire thing isn't re-uploaded. I do not put my live Evernote database in Dropbox. That's not a recommended procedure - something to do with the way EN syncs & Dropbox syncs can cause problems, is my understanding. Quite often, I put important data in not only Evernote but also Dropbox. That way, if for whatever reason, I can't access it one place, I (hopefully) can access it in another. Link to comment
skellam 114 Posted February 7, 2013 Share Posted February 7, 2013 If I were putting it into Dropbox, I would either password encrypt the PDF OR...create a Truecrypted volume in Dropbox. When the TC volume in Dropbox is mounted, you can then move sensitive data to it. Dismount it & Dropbox will do a block update of the TC volume, so the entire thing isn't re-uploaded.If you'd like a complete nerd run down of many of the cloud storage solutions and the security implications of the various approaches, Security Now! provided a good summary last year of available options. One of the solutions was SecretSync which automatically encrypts a folder in your DropBox which seems like a convenient way to do it. SpiderOak was praised highly for a secure approach to cloud storage with a "Trust No One" philosophy. Link to comment
cpchang 12 Posted February 10, 2013 Share Posted February 10, 2013 Thank you. I remember your post about the first point. And now I have a better understanding of the 2nd point.I guess the best solution is to move more stuff to local notebooks.You're welcome.Or...password encrypt PDFs. Or have a TC volume in Dropbox. I wish to make sure I understand you about TC volume in Dropbox. Do you meant a TC protected EN file?Let's say protection on cloud is my only concern (not the local computer). Would it work if I put all sensitive stuff in local notebooks and then store EN data in Dropbox? (Assuming data in Dropbox are encrypted). Do you think in this way everything in EN is synch'd through dropbox and I can access them in my multiple number of PCs, and I will be able to access only the nonsensitve stuff in my smart phones? If I were putting the sensitive PDF into Evernote, I would password ENCRYPT it. (Not just password PROTECT it.) I know many free PDF viewers allow you to password encrypt, such as the free version of PDF XChange.If I were putting it into Dropbox, I would either password encrypt the PDF OR...create a Truecrypted volume in Dropbox. When the TC volume in Dropbox is mounted, you can then move sensitive data to it. Dismount it & Dropbox will do a block update of the TC volume, so the entire thing isn't re-uploaded.I do not put my live Evernote database in Dropbox. That's not a recommended procedure - something to do with the way EN syncs & Dropbox syncs can cause problems, is my understanding. Quite often, I put important data in not only Evernote but also Dropbox. That way, if for whatever reason, I can't access it one place, I (hopefully) can access it in another. If I were putting it into Dropbox, I would either password encrypt the PDF OR...create a Truecrypted volume in Dropbox. When the TC volume in Dropbox is mounted, you can then move sensitive data to it. Dismount it & Dropbox will do a block update of the TC volume, so the entire thing isn't re-uploaded.If you'd like a complete nerd run down of many of the cloud storage solutions and the security implications of the various approaches, Security Now! provided a good summary last year of available options. One of the solutions was SecretSync which automatically encrypts a folder in your DropBox which seems like a convenient way to do it. SpiderOak was praised highly for a secure approach to cloud storage with a "Trust No One" philosophy.I will look into these..Thank you both! Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.