(Archived) Data Protection in a post PRISM world....

[rimez 12]

I was just reading through the thread about Evernote building a datacenter in China and it got me thinking about the current news about the NSA PRISM program.

 

I would like to understand the position of Evernote with regards to FISA requests. I'm an American citizen living abroad (for the past 12 years) so these developments concern me.

 

If Evernote is receiving FISA requests, will the Evernote community be informed?  Would you publish some type of transparency report? I would appreciate an official response on Evernotes position on the subject of data privacy. 

 

And yes, I have read your privacy which is very general (like most cloud providers). It would be nice to have clarification on your position in light of these developments.

 

The fact that EN doesn't provide HTTPS to non-paying customers (however I believe this applies to desktop users) is simply stupid (I am a paying user FWIW). The whole discussion about the Chinese data center bugs me because no one mentioned to users that unless they are paying, their communication could be intercepted. It says to me that EN doesn't care too much (or don't understand) about data security.

 

With all due respect to EN evangelists, please, I would prefer an official statement and not your opinion (esp., using the argument that if I am doing nothing wrong then I should not be worried).

[GrumpyMonkey 4,319]

I was just reading through the thread about Evernote building a datacenter in China and it got me thinking about the current news about the NSA PRISM program.

 

I would like to understand the position of Evernote with regards to FISA requests. I'm an American citizen living abroad (for the past 12 years) so these developments concern me.

 

If Evernote is receiving FISA requests, will the Evernote community be informed?  Would you publish some type of transparency report? I would appreciate an official response on Evernotes position on the subject of data privacy. 

 

And yes, I have read your privacy which is very general (like most cloud providers). It would be nice to have clarification on your position in light of these developments.

 

The fact that EN doesn't provide HTTPS to non-paying customers (however I believe this applies to desktop users) is simply stupid (I am a paying user FWIW). The whole discussion about the Chinese data center bugs me because no one mentioned to users that unless they are paying, their communication could be intercepted. It says to me that EN doesn't care too much (or don't understand) about data security.

 

With all due respect to EN evangelists, please, I would prefer an official statement and not your opinion (esp., using the argument that if I am doing nothing wrong then I should not be worried).

Hi. I understand that you do not want my opinion (I am an Evangelist), and so I will not provide it, except to note that I am unlikely to ever say "if I am doing nothing wrong then I should not be worried." In fact, quite the opposite (I stated my thoughts pretty clearly in the thread you referenced -- http://discussion.evernote.com/topic/25869-solved-dont-put-datacenter-in-china/ -- and my position remains the same, because like many people back then, I figured that something PRISM-like existed). See this post if you are interested in my opinion on the topic of dealing with the current cloud environment (http://www.christopher-mayo.com/?p=288). In particular, I would recommend looking at my thoughts on local notebooks. Now, on to some facts.

I wanted to clarify two points. First, Evernote uses https for Free and Premium users. I could be wrong about your country, but please explain where you have seen that it does not use https, so that we will all know the specifics. In relation to this point, Evernote also uses SSL to transmit date for Free and Premium users. Second, the Evernote service in China is for Chinese users and is entirely separate from the one in the US. It has no bearing on this conversation about PRISM, or US laws, as far as I can tell.

Unless Evernote intends to break the law, and there is no evidence of this, then it must comply with legitimate requests for data from the US government. Furthermore, it is prohibited by law from telling its users when they have done so. Personally, I do not like the law, but it is what it is. This is general information, and not my opinion.

[Metrodon 2,184]

And this is a user forum that Evernote staff occasionally contribute to. If you want an 'official' answer then you should probably open a support request.

 

Whatever Evernote say, I have no confidence that any cloud app is ever safe from being hacked or from government eyes. Knowing that helps me decide what to put in the cloud and what to keep under my tin foil hat. As adults, we should all make the same value judgement and take responsibility for the security of our own stuff.

[cwb 225]

I could be wrong about your country

 

 

I'm not sure "country" quite categorizes that destination.

 

Perhaps "realm" would fit better.

From what I gather, some have suggested Snowden go there.  No extradition treaty.

[cwb 225]

At least as far as my packet sniffer is concerned, EN is using SSL/443, not port 80.  Tested on both a paid and non-paid account.

But pretty recent traffic on that point to be fair:

http://discussion.evernote.com/topic/37735-free-version-per-evernote-no-ssl-encryption/

The cancel page no longer says that.

 

SSL would provide protection from PRISM style passive eavesdropping.

Unless they passively grokked the private key during SSL renewal, I guess, and that perhaps is likely.

 

Of course, do not rely on the built in RC2.

 

There's nothing preventing encrypting blocks of sensitive text with PGP or the like.  I do wish there were some better browser based encryption options.  I have a feature request into LastPass to consider adding a right click option to encrypt a block of text, and store the key with the URL just as with a Generated Password.

[GrumpyMonkey 4,319]

At least as far as my packet sniffer is concerned, EN is using SSL/443, not port 80.  Tested on both a paid and non-paid account.

But pretty recent traffic on that point to be fair:

http://discussion.evernote.com/topic/37735-free-version-per-evernote-no-ssl-encryption/

The cancel page no longer says that.

 

SSL would provide protection from PRISM style passive eavesdropping.

Unless they passively grokked the private key during SSL renewal, I guess, and that perhaps is likely.

 

Of course, do not rely on the built in RC2.

 

There's nothing preventing encrypting blocks of sensitive text with PGP or the like.  I do wish there were some better browser based encryption options.  I have a feature request into LastPass to consider adding a right click option to encrypt a block of text, and store the key with the URL just as with a Generated Password.

There was some confusion on the website wording. That's all. We have SSL, and with the exception of two-factor authentication, the Free and Premium accounts have identical feature sets in terms of security.

The OP, although an American, is subject to surveillance (as I understand what is happening), and I think is rightfully concerned about his rights as a US citizen. Unfortunately, as Metrodon said, no matter what Evernote says about its security (I think they have been doing a good job with it), it really doesn't matter, because they are subject to US laws, which the OP seems to know. Just like Google, Facebook, and others releasing nearly identical statements, there isn't much they are legally allowed to say or do. They have to work within the constraints of the law.

My own opinion (I am giving this to you, not the OP, who doesn't want to hear it) is that the onus is now on Evernote (and other cloud providers) to give us an encryption option. You mentioned LastPass, which is a zero-knowledge encryption system -- they don't know what the encryption key is, and if the government wants the data they have, all they can do is hand over a bunch of encrypted and unreadable (for the time being, at least) files. If Evernote would do this, they would still be in compliance with US law, but it would offer their customers, especially ones residing overseas, some peace of mind.

I like your LP feature request. Let me know how that turns out

[megsaint 441]

Some warrants, such as the one Verizon was supposed to have been served recently, bar the company in question from even acknowledging that they were even served. It would be impossible for Evernote to inform their customers or provide any type of "transparency" report under such circumstances.

[cwb 225]

 

if Evernote would do this, they would still be in compliance with US law, but it would offer their customers, especially ones residing overseas, some peace of mind.

 

 

For sure.  Not holding breath while they view RC2 as a limitation imposed by US export restrictions though.

[skodai 1]

For what it's worth, I've started encrypting files that contain sensitive information with Axcrypt (http://www.axantum.com/axcrypt/) before adding them to Evernote. It's Windows only, so I'm only able to view those files on my PCs, and those files cannot be indexed by Evernote, but it does add a layer of security. The utility is very easy to use and hasn't had any issues.

 

Of course you can't use it to encrypt actual notes, but that isn't a concern of mine. If I have sensitive data I want in Evernote, I create a file (Word doc, PSF, text file, whatever) and encrypt that.

[GrumpyMonkey 4,319]

For what it's worth, I've started encrypting files that contain sensitive information with Axcrypt (http://www.axantum.com/axcrypt/) before adding them to Evernote. It's Windows only, so I'm only able to view those files on my PCs, and those files cannot be indexed by Evernote, but it does add a layer of security. The utility is very easy to use and hasn't had any issues.

Of course you can't use it to encrypt actual notes, but that isn't a concern of mine. If I have sensitive data I want in Evernote, I create a file (Word doc, PSF, text file, whatever) and encrypt that.

I use Adobe Acrobat Pro with 256 bit encryption (Axcrypt has 128?). One caveat, though. The last time I checked, if you try to decrypt 256 bit on the iPad, only the Adobe Acrobat app can do it.

[cwb 225]

Indeed there are a bunch of ways to go.

 

I don't often need to worry about file protection with EN, but if I was I would suggest considering something as simple as 7zip.  If you're going to encrypt, you might as well compress it too.

• It's free
• cross platform
• portable
• uses AES-256 encryption
• you can save it as a self extracting executable so if the destination doesn't have it, and you don't have rights to install it, or use the portable version, you can just double click the .exe supply the password and extract the files.

I can already store text and files encrypted in LastPass, with far better security.

Moreover those attachments can be viewed and opened even on my mobile devices within the LastPass client.

 

My main focus is on parts of the EN notes themselves.  I want as much metadata and search-ability as possible, while just providing security around sensitive text bits.  This is only workable likely because 99% of my content doesn't need any special handling.  Those that do, really do.

 

I'm highly mobile in my needs so a decryption component requiring a desktop client isn't going to fly.

 

So for me it needs to be one of:

• Built into something I'm already using (Evernote, LastPass)
• A standardized encryption method with cross-platform native app options on desktop and mobile.  Likely that means something PGP based and I havent taken the time to sift through the 38 hits on PGP in the ios AppStore
• Something Javascript based (while waiting from an improvement in one of the above two options) which will run in any browser including mobile. (Open to suggestions others may be working with). Some candidates:
  • ​PGP implemented in Javascript: http://www.hanewin.net/encrypt/PGencode.htm
  • Leaning towards this: http://www.fourmilab.ch/javascrypt/  demo page
    • ​I can run the javascript locally, or off my own servers - so there's no trust issues.
    • The handy part about it being browser based is that LastPass store/sync/type the encryption key for me and it works in the internal LastPass mobile browser as well.

[cwb 225]

 

I use Adobe Acrobat Pro with 256 bit encryption (Axcrypt has 128?). One caveat, though. The last time I checked, if you try to decrypt 256 bit on the iPad, only the Adobe Acrobat app can do it.

 

 

If you encrypt the native formats in 7zip AES-256, you can install izip/izip.com (or one of the other 7zip capable ios apps), and open the 7zip file from Evernote or LastPass, decrypt the archive, then "Open In" to open any of the documents inside the archive with the native handlers on iphone/ipad

 

With some effort you can round trip it.

"Open In" iZip to put it back in an archive, and select the Archive and "Open In" Evernote to attach it back.

[Lite1 2]

...

 

There's nothing preventing encrypting blocks of sensitive text with PGP or the like.  I do wish there were some better browser based encryption options.  I have a feature request into LastPass to consider adding a right click option to encrypt a block of text, and store the key with the URL just as with a Generated Password.

I also use Lastpass and like your suggestion to LP. Hope you can nag LP enough to make that happen. There seem to many on EN who also use LP.

[Guest mrossk]

If you only need to read encrypted text from your android-smartphone then I can recommend LibreOffice. You can encrypt this documents in Windows and there are (free) readers for android (maybe also for iOS) which can decrypt and show the document with one step. No need to safe an archive (7zip), extract it and open the text. Of course for files it is better to use an archiver.

[cwb 225]

Adding to your post on the "maybe also for iOS" part.  There appears to be only one title for that on iOS.  OOReader, free but requires a paid Pro upgrade to handle encrypted files.  It's read only, and not clear if it supports only the the 3.5.x and older OO format which was Blowfish, or the current AES format.

 

Otherwise, OpenLibre is a good cross platform option for everywhere except iphone/ipad.

[chuckgcs 2]

PRISM is nothing but an upgrade to an decades old process. Contrary to the OP's request here is my (experienced) opinion. If you have information that you are concerned about others knowing, never, ever store it "in the cloud", or on your local device unless it is strongly encrypted. As has been documented for many years now, the NSA began (warrantlessly) monitoring our communications in the nineteen sixties. Contrary to the media-promoted myths, warrant-less monitoring was in full swing many years before G. W. Bush got anywhere near the White House. Just Google for "echelon program" plus "NSA" to get an understanding of how very not secure your information is now, and has been, when governments are involved.

[cwb 225]

Yup, and:

http://en.wikipedia.org/wiki/Operation_Ivy_Bells

http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0

 

But also go in knowing, that until everyone is encrypting everything, it will flag you.

http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/

[Loose Cannon 4]

Evernote could help protect our privacy and help to make us just that little more secure if they stored our data in encrypted form on their disks.

That way if a hacker compromised their servers our data wouldn't be stored in the clear.

 

Two factor authentication would also be a great idea.

[GrumpyMonkey 4,319]

Evernote could help protect our privacy and help to make us just that little more secure if they stored our data in encrypted form on their disks.

That way if a hacker compromised their servers our data wouldn't be stored in the clear.

 

Two factor authentication would also be a great idea.

Hi. Evernote has two-factor authentication. It would be nice if Evernote had an encrypted notebook, but at this time they don't, so I'd recommend keeping sensitive data in a local notebook for the time being.

[rimez 12]

 

Evernote could help protect our privacy and help to make us just that little more secure if they stored our data in encrypted form on their disks.

That way if a hacker compromised their servers our data wouldn't be stored in the clear.

 

Two factor authentication would also be a great idea.

Hi. Evernote has two-factor authentication. It would be nice if Evernote had an encrypted notebook, but at this time they don't, so I'd recommend keeping sensitive data in a local notebook for the time being.

 

Data encryption on disk is really the only option I know of. My understanding (it may be wrong) is is that the issue is how would EN be able to index your notes for searching. My question, if this is true, couldn't this be done locally (the indexing) on the user machine without the keys ever being transmitted back to EN?

The EN webclient would need to be developed to include offline access. It would basically have to have the same functionality of the current desktop clients.

Two-step authetication is awesome, but this is about the key to the door... not the contents of the house. EN still have access to my data, unencrypted.

The point of my thread was to get some kind of assurance from EN that they understand the importance of our privacy and that they would be tranparent with regards to data requests. Unfortuantely, I suppose because this is a touchy subject, they remain silent.

EN, as a cloud service provider, really need to assure it's users that their data really is private and safe. All cloud services should be doing this from this point on.

[GrumpyMonkey 4,319]

Two-step authetication is awesome, but this is about the key to the door... not the contents of the house. EN still have access to my data, unencrypted.

Of course. That is why you will see me in the 2fa threads asking what the point of 2fa is if we don't have encryption on the servers. I was merely responding to the poster who seemed to be making a feature request (2fa) for a feature that already exists.

 

The point of my thread was to get some kind of assurance from EN that they understand the importance of our privacy and that they would be tranparent with regards to data requests. Unfortuantely, I suppose because this is a touchy subject, they remain silent.

What will they say that they have not already said here http://blog.evernote.com/blog/2011/03/24/evernotes-three-laws-of-data-protection/ or in the privacy statement here http://evernote.com/legal/privacy.php

They have to follow US laws, just like every cloud provider, and this means that they have to turn over data to the US govt. if they receive a legitimate request.

 

EN, as a cloud service provider, really need to assure it's users that their data really is private and safe. All cloud services should be doing this from this point on.

What can they say besides what they have said? The meaningless gibberish in the press statements from Google and others is a result (I think) of being bound by laws that explicitly prevent them from talking openly about the laws. In other words, they are legally gagged. Again, under those circumstances, what can they say?

Ideally (in my opinion), we would have an encrypted notebook, and Evernote could make a post like this

https://spideroak.com/privacypost/online-privacy/prism-user-privacy/

Right now, Evernote actually provides a very secure solution, and they can make a post saying this about Local Notebooks:

"Notes in a Local Notebook are never transmitted to our service, so they aren’t accessible from the web, or from your other computers. This may allow a greater level of privacy for some notes, at the expense of the accessibility and reliability you would get from a private note on the service." http://blog.evernote.com/blog/2008/04/15/evernote-privacy-and-security/ That doesn't solve the issue of unencrypted data on the server, but it is an immediately available solution for anyone.

I think you and I share similar concerns about privacy and access to our data, but I am just unclear about what you want Evernote to say about it, when (as I mentioned) they are legally constrained from doing so, and really would probably be unable to say anything beyond what they have already said. Maybe, if you could specify what you want to hear, Evernote staff would be more able to respond. If you want a direct answer, though (they read but don't necessarily comment on threads in this forum), a support ticket is the way to go (see the link in my signature).

[rimez 12]

oof... where to begin?

 

To answer the last question about what I would expect from Evernote... I think you nailed it with the spideroak statement. I'm looking for the same thing. Basically it gives the user the impression (it may in fact NOT be reality) that they (the provider - EN in this case) care enough about data privacy and user rights to quickly assure their userbase. EN hasn't. It's remained silent. I should not have to create a support request for them to make this statement. It should come natrual to them... obviously it doesn't.

 

The issue with Local notebooks is that they cannot be search (at least I have tried and failed).  I still need search.

 

With regards to their privacy statement... their privacy statement cleary states that they have access to your data and can use this data for an investigation (see section II).

They do say that a user can encrypt the text but as far as I understand this is only secuirty theatrics as the enryption used is rather weak.

 

In the end, I think the only thing that's really going to make me comfortable with my data on EN servers is full encyption.

 

till next time....

 

 

P.S. Sorry for scooping you up into my last post - my comment about the 2step authentication was not intended for you. I just clicked "quote" like the lazy bloke I am.

[GrumpyMonkey 4,319]

oof... where to begin?

 

To answer the last question about what I would expect from Evernote... I think you nailed it with the spideroak statement. I'm looking for the same thing. Basically it gives the user the impression (it may not in fact NOT be reality) that they (the provider - EN in this case) care enough about data privacy and user rights to quickly assure their userbase. EN hasn't. It's remained silent. I should not have to create a support request for them to make this statement. It should come natrual to them... obviously it doesn't.

 

The issue with Local notebooks is that they cannot be search (at least I have tried and failed).  I still need search.

 

With regards to their privacy statement... their privacy statement cleary states that they have access to your data and can use this data for an investigation (see section II).

They do say that a user can encrypt the text but as far as I understand this is only secuirty theatrics as the enryption used is rather weak.

 

In the end, I think the only thing that's really going to make me comfortable with my data on EN servers is full encyption.

 

till next time....

 

 

P.S. Sorry for scooping you up into my last post - my comment about the 2step authentication was not intended for you. I just clicked "quote" like the lazy bloke I am.

No worries

I think Evernote cares deeply about the security and privacy of our data, and they have gone to great lengths to provide us with the tools we need to control our data. The problem (as I see it) is that like almost every other cloud service, they were established with the expectation that having data stored un-encrypted would be sufficient if safeguards against unauthorized physical and electronic access were put in place. Some users have grocery lists and the like in their accounts, and so they do not care much about encrypting it. They are fine with what we have now. Other users (like myself) would actually like to see a lot more done, because we have data with various levels of sensitivity ranging from grocery lists to material from third parties that we are legally obligated to ensure is kept confidential and secure (this rules out most cloud options).

SpiderOak is actually a rare exception to the rule among cloud services, because they provide zero knowledge encryption. As far as I know, no other major service does this. For example, Dropbox encrypts your data, but they hold the keys, so if the government compels them to hand over data, the end result is the same. It would be nice if Evernote (and Dropbox) went in the direction that SpiderOak has gone, but expecting them to do it seems a little unrealistic. I think we will have to present a more convincing case if we want them to completely re-consider their approach to security! If you were in the company, you could put together a proposal, and present something concrete, but even then it would still have a long way to go. This is tough stuff, and that is why so few companies are doing it.

I have made feature requests in the past for zero knowledge encryption of at least a notebook, if not the entire database, and I appreciate that you are asking for it as well. Basically, we are in agreement here. However, the fact that they have not done it does not mean they don't care, or that they are not listening. It simply indicates (in my opinion) that they have a different opinion about where they want to go with the service. It's easy for us to request something, but it is another thing entirely to take a request and implement it. There are a lot of factors that could make it difficult or impossible for them to accomplish, even if they agree with the request.

Anyhow, you can encrypt things into PDFs with 256-bit encryption and be relatively secure with the data you put on the cloud. Obviously, encrypting file by file is hardly ideal, but it is a possible solution. You could also upload encrypted data packages of some kind, but they wouldn't be accessible on mobile, for example, so I am not sure if this is really a viable solution for most of us.

Local notebooks can be searched (the last I checked) and they don't go onto the cloud, so they are a great solution if you are willing to put up with the inability to sync the data to your other devices.

[gbarry 2,658]

The point of my thread was to get some kind of assurance from EN that they understand the importance of our privacy and that they would be tranparent with regards to data requests. Unfortuantely, I suppose because this is a touchy subject, they remain silent.

 

Reiterating Metrodon's suggestion, I would contact support for official responses regarding data requests or any related concerns.

[rimez 12]

 

The point of my thread was to get some kind of assurance from EN that they understand the importance of our privacy and that they would be tranparent with regards to data requests. Unfortuantely, I suppose because this is a touchy subject, they remain silent.

 

Reiterating Metrodon's suggestion, I would contact support for official responses regarding data requests or any related concerns.

 

 

 

As lame as it is, I'll have to quote myself:

I should not have to create a support request for them to make this statement. It should come natrual to them... obviously it doesn't.

 

 

 

...with regards to my statement about not having search for offline notebooks - let me correct myself, the actual note text can be searched. However, documents cannot be searched. I have a lot of document attachements. This is what is important to me. 

[cwb 225]

It's still the wrong question IMO though.

Prism doesn't require Evernote to even know their user data is being slurped.

And for direct Fisa requests, US law prevents them from being transparent.

As you've discovered, local notebooks, and encryption (of the sort being asked for in various threads) both would prevent document/attachment indexing by the "air" servers.

http://blog.evernote.com/tech/2011/05/17/architectural-digest/

[GrumpyMonkey 4,319]

The point of my thread was to get some kind of assurance from EN that they understand the importance of our privacy and that they would be tranparent with regards to data requests. Unfortuantely, I suppose because this is a touchy subject, they remain silent.

 

Reiterating Metrodon's suggestion, I would contact support for official responses regarding data requests or any related concerns.

 

 

As lame as it is, I'll have to quote myself:

I should not have to create a support request for them to make this statement. It should come natrual to them... obviously it doesn't.

 

 

...with regards to my statement about not having search for offline notebooks - let me correct myself, the actual note text can be searched. However, documents cannot be searched. I have a lot of document attachements. This is what is important to me.

Hi. If you are using a Mac, you have an extraordinary range of options for searching your notes, because your notebooks (including local ones) are easily accessed by other apps. I would recommend taking a look at HoudahSpot (a front-end for Spotlight) as an easy way to search your notes. You might also consider BBEdit and EasyFind, though they are probably for the technically inclined. HoudahSpot is quite useful, and because of search issues with Evernote (a topic for another thread) I find myself using these third-party services a lot.

[cwb 225]

I guess there's also some transparency already clear regardless of whatever Evernote says.

We now know that as soon as you turn on encryption, you're subject to long term NSA archival.

 

If your data passes through the UK, you are guaranteed archived for 3 days (more to be expected in proportion to Moore's law).

We don't know to what degree other countries employ the same.

 

The thing is that it you can't look at it as simplistically as what country is the client in and what country is the server in.

Internet traffic routing and peering agreements are such that any number of your packets may travel through the US or the UK even if neither endpoint are located there.

It's based on peering agreements, least cost routing, latency, etc.

 

Bringing this back to Evernote...

 

I think there may be little to gain asking Evernote to be any more transparent on direct access issues.  There's likely better traction to be had for US citizens to lobby their members of congress for FISA law tweaks and oversight.

 

What Evernote could be transparent on, or take action on is Perfect Forward Secrecy

If it's already there, great, that should be highlighted.

If it's not, that's the real protection to be offered.

It's one thing to say the Evernote client uses SSL, but if the Evernote client and servers will agree to use elliptic curve Diffie-Hellman in the SSL setup, then that's what it would take to stop worrying about traffic interception and future decryption.

 

See http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypted-tomorrow.html for clarity.

 

When/if, implemented on the Evernote Client/Server side, then we also need to contrain ourselves to using Firefox, Chrome or Opera as our browser when accessing the Evernote Web interface.  At least for now, you'll not get any of that protection in Internet Explorer or Safari.

 

[ZZZ 135]

Can anyone tell me what I could do if I WANT the government to look at my notes?  Because frankly, I'd feel pretty special and important if I knew someone at the NSA wanted to read my Evernotes.

 

Honestly, there is nothing more humorous than reading people on cloud based forums putting on a show about "how can I know my data isn't being read and what can you assure me of*".  No one can assure you of anything, so either store your data locally, or encrypt it, or get over it.  Note, this is NOT an endorsement of such government programs, but come on, what do you expect EN to tell you?!

 

*After which they promptly post the most private details of their lives on their Facebook wall.

[cwb 225]

Can anyone tell me what I could do if I WANT the government to look at my notes?  Because frankly, I'd feel pretty special and important if I knew someone at the NSA wanted to read my Evernotes.

 

 

 We already did.  Turn on encryption in some of your notes, and use the web version with Internet Explorer.

The RC4 and non-PFS SSL would be the next best thing to pig latin.

[cwb 225]

Ok Evernote. Round 2 of catch up to Google. Their SSL now supports perfect forward secrecy.

http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/

[Sugeeth Krish 473]

Can anyone tell me what I could do if I WANT the government to look at my notes?  Because frankly, I'd feel pretty special and important if I knew someone at the NSA wanted to read my Evernotes.

 

Honestly, there is nothing more humorous than reading people on cloud based forums putting on a show about "how can I know my data isn't being read and what can you assure me of*".  No one can assure you of anything, so either store your data locally, or encrypt it, or get over it.  Note, this is NOT an endorsement of such government programs, but come on, what do you expect EN to tell you?!

 

*After which they promptly post the most private details of their lives on their Facebook wall.

Evernote didn't assure us, off course. But, if it doesn't take this issue seriously, by next year, BitTorrent sync is going to develop a note taking app ( or a third party app built on btsync platform ) on its existing cloud. Already people paying for dropbox and drive are going to kiss them goodbye and switch to bt sync. Evernote has no competitor at the moment only cos of its unique note based app in cloud, but it shouldn't be complacent and take things for granted.

[cwb 225]

PFS:

Google: yes

Evenote: Not yet

 

As easy as:

 

Evernote's Apache version needs to be >=2.3.3

 

mod_ssl contains:

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2SSLHonorCipherOrder OnSSLCipherSuite ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:RC4-SHA

Then there's the client side, but hopefully that's no issue if using a standard library such as OpenSSL.

[ZZZ 135]

Evernote didn't assure us, off course. But, if it doesn't take this issue seriously, by next year, BitTorrent sync is going to develop a note taking app ( or a third party app built on btsync platform ) on its existing cloud. Already people paying for dropbox and drive are going to kiss them goodbye and switch to bt sync. Evernote has no competitor at the moment only cos of its unique note based app in cloud, but it shouldn't be complacent and take things for granted.

 

...and if Facebook doesn't take user privacy more seriously they are going to be overtaken by Diaspora .

 

To be clear though, I do of course agree EN should not be complacent, no company ever should. 

[Sugeeth Krish 473]

Comparing Evernote with Facebook on any count is stupid. Facebook thrives on data mining and En is not

Phi libin, Evernote CEO once said that. Fb Is a social platform. You put on Facebook what you want others to see. En is in many ways anti social since you put content only which you wish to see or share with select group of people.

[ZZZ 135]

Comparing Evernote with Facebook on any count is stupid. Facebook thrives on data mining and En is not

 

Not understanding that I didn't compare Evernote with Facebook is stupid.  I compared one out of touch geek statement to another out of touch geek statement.  Rather than further debate , we could always just revisit this thread in 2 years and see whether that BitTorrent sync note taking app, or any other Bit Torrent app, caused so many people to kiss EN goodbye.

[cwb 225]

Maybe there is some more room for transparency from Evernote, confirmation of the concept of the giving/being compelled to release previous expired and perhaps active SSL private keys.

http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/

Still solvable with Forward Secrecy enabled.

It's time to bring EN's encryption into the 21st century.

[StoreItAll 0]

I think we need to separate out multiple issues. Specifically:

1. Garden-variety hackers who merely break in and steal data.
2. Governments who, through force of law compel cloud services to reveal user data (e.g., PRISM).

 

The answer for #1 is that Evernote needs better encryption, specifically for all data in transit at at least more data at rest than is currently provided. Generally, encryption messes up things like indexing and search. Fine. I'm good with that. If I want a file attachment, picture, or audio data encrypted, I should be able to do that through the Evernote clients and Evernote should make sure that the data is always and forever stored in an encrypted format. I'm willing to give up any indexing on the content in order to achieve security. I'm fine with metadata for a particular note, such as title, tags, etc., remain in the clear. It's the content that I'm sensitive to. Given the fact that Evernote provides an ability to encrypt text snippets but not attachments, pictures, and audio, the typical excuse by Evernote apologists that Evernote can't encrypt because it would interfere with indexing is a bit of a farce -- Evernote has already provided text encryption that interferes more with indexing that it would for average file attachments and audio files. So, stop making excuses and get on it with. I want to store things in Evernote that I do not want to fall into the hands of a hacker if they are able to penetrate Evernote's defenses, the same way I encrypt snippets of text today.

 

The answer for #2 is that people concerned with government-level intrusion will have to use their own independent encryption technique like PGP at the file level. Simply, governments could compel Evernote to build in a back-door, so if you're worried about PRISM, you have to either keep your data local or you have to store it with encryption that is 100% under your own control. That is not to say that Evernote-provided encryption might not help you with your own local despotic government. But since Evernote is a US corporation, you might be subject to US eavesdropping.

 

The two things are not the same and need to be dealt with separately.

 

Personally, I'm far more worried about #1 than #2 (though I'm very worried about that, too). Ideally, I'd have convenient encryption options at the note, attachment, picture, and audio level, to mirror that at the text snippet level currently in place. That would ensure that my data is always and forever encrypted both in transit to Evernote's servers as well as on disk.

[cwb 225]

Mostly agree with you on #1.  But it's not quite broken out enough.

• The in-note encryption should indeed be more simple to use to encrypt the entire note, not just text.  Adding an attachment shouldn't bar you from being able to at least Select All, and encrypt, but there should be an easier button to do just that.
• The RC2 encryption stopped being an industry standard 6 years before Evernote was released as a product.  Clearly time to move on.
• Some camps don't expect or require non-escrowed key encryption.  The data could be encrypted or not on the Evernote server side.  But they do want it encrypted on the EN client side.  It's local shared-PC issues they want addressed.  Now that Evernote has the website front down battened down with 2 factor, and transparency on who, what and when your data is accessed, most users are more likely to have their local side compromised through various vectors, than the Evernote online side.

As for #2.  

Most, if they're honest are completely fine with a court ordered access to a single targeted account, within a functioning oversight framework.

That's very different than knowing everything is collected and data-mined after a 2 year delay when an expired SSL private key is turned over to the NSA, allowing previously encrypted and real-time cloned/mirrored and stored data to be unencrypted after the fact.

And done so outside of a clear and transparent oversight framework.

 

Especially when #2 can be overcome with 3 lines in an Apache mod file, and a little more CPU overhead when setting up the session.

It takes it back to what we expect.  Want access to my data?  Produce a court order, and be up front about it.

[GrumpyMonkey 4,319]

I think we need to separate out multiple issues. Specifically:

1. Garden-variety hackers who merely break in and steal data.
2. Governments who, through force of law compel cloud services to reveal user data (e.g., PRISM).

 

The answer for #1 is that Evernote needs better encryption, specifically for all data in transit at at least more data at rest than is currently provided. Generally, encryption messes up things like indexing and search. Fine. I'm good with that. If I want a file attachment, picture, or audio data encrypted, I should be able to do that through the Evernote clients and Evernote should make sure that the data is always and forever stored in an encrypted format. I'm willing to give up any indexing on the content in order to achieve security. I'm fine with metadata for a particular note, such as title, tags, etc., remain in the clear. It's the content that I'm sensitive to. Given the fact that Evernote provides an ability to encrypt text snippets but not attachments, pictures, and audio, the typical excuse by Evernote apologists that Evernote can't encrypt because it would interfere with indexing is a bit of a farce -- Evernote has already provided text encryption that interferes more with indexing that it would for average file attachments and audio files. So, stop making excuses and get on it with. I want to store things in Evernote that I do not want to fall into the hands of a hacker if they are able to penetrate Evernote's defenses, the same way I encrypt snippets of text today.

 

The answer for #2 is that people concerned with government-level intrusion will have to use their own independent encryption technique like PGP at the file level. Simply, governments could compel Evernote to build in a back-door, so if you're worried about PRISM, you have to either keep your data local or you have to store it with encryption that is 100% under your own control. That is not to say that Evernote-provided encryption might not help you with your own local despotic government. But since Evernote is a US corporation, you might be subject to US eavesdropping.

 

The two things are not the same and need to be dealt with separately.

 

Personally, I'm far more worried about #1 than #2 (though I'm very worried about that, too). Ideally, I'd have convenient encryption options at the note, attachment, picture, and audio level, to mirror that at the text snippet level currently in place. That would ensure that my data is always and forever encrypted both in transit to Evernote's servers as well as on disk.

 

Personally, I'm of the opinion that the two are essentially the same, and we should not distinguish between "benevolent" invasions of our privacy and "malicious" ones. In both cases, our privacy is being violated. We should not have to give up our privacy to anyone in order to use a cloud service. A zero-knowledge encryption scheme (Evernote does not have the password) would solve both problems. This is something that SpiderOak already does and Google is working on implementing (if the rumors are true). 

 

Ideally, if a third party asked Evernote for our password and username, they literally couldn't provide it, because they wouldn't know it. If a third party broke into the servers (physically or virtually), they literally couldn't read the encrypted data, because no one but the user has the keys. This is the only type of security solution that I think would be worth implementing. 

 

Obviously, you'd lose out on a lot of the features that make Evernote work, so this wouldn't be for the entire account. I envision the encryption working for a notebook. Perhaps, instead of choosing to make a notebook sync or keep it local (the current options) we could add the option to encrypt it.

[cwb 225]

I can't believe I'm on this side of the argument this time...
 

we should not distinguish between "benevolent" invasions of our privacy and "malicious" ones

Why?  You do plenty of other places.

Living in community means giving up some agreed upon measure of personal rights and freedom for the sake of not impinging on someone elses, who is equally entitled to theirs.

 

You can have all the privacy and freedom you want, on your own property.

 

When you go out in public, we all have rights and expectations.  You cant live and act in ways that transgress the safety and happiness of those around you.

 

So there's a long list of areas, we don't and can't expect to do what we want all the time, and submit to a greater level of scrutiny.

Starting with renting instead of owning, living in an apartment block with close quarters/common areas/thin walls, taking a community bus vs driving alone in your own car, driving in the wilderness vs. a shared public road, being in public spaces or transit of any kind.

 

We might complain about airport security, or cameras on the street, invading our privacy.  But when significantly less than 100% of neighbors are behaving in a good neighborly fashion, the rules get re-calibrated to curb the abuse back into expected societal norms.

 

It doesn't matter if you're playing a vuvuzela at 2am in your city home's back yard, or playing with grenades on a commercial flight to extort some outcome according to your own personal agenda.

You don't GET to have that "privacy" and "personal rights" in a community.

 

And when you use a public shared cloud property (like the Evernote's and others of the world), you don't get to use that to collaborate on any significantly deviant from societal norms activity.

There is no personal property under the umbrella of Evernote.

We didn't even buy and own the client software.

 

Review the EULA: http://evernote.com/eula/

 

So long as we remain registered users, and abide by the terms, we may use the software and the service.

There's no privacy other than what they grant us.

And if everything was non-escrowed encryption based, how would they monitor and enforce the terms of use conditions?

 

As I believe even you have said, if we don't want to participate in that, for some portion of our data, the tool Evernote provides is non-synced local notebooks.

 

---

 

So I do make a distinction between benevolent and malicious.  I don't expect malicious individuals to abide by the rules.  Hence, public facing surfaces require extra security measures.

The EN website, the SSL encryption for the data in transit (not all wifi and packet routes are equal, and you have no idea whose digital "property" your packets will transit getting to Evernote).

 

The endpoints, exposed to "benevolent" privacy invasion, are supposed to play by the community accepted rules.  We by the proxy of the officials we continue to elect, within a transparent process, decide what those rules are.

 

Where a good deal of the emotion around PRISM arises, is that we thought we understood the rules and expectations.  And it turns out the ones we expected to be able to trust, are playing fast and loose with the rules.

 

So ultimately the changes needed are in those we elect, and the laws enforcing oversight.  We can't give up on that trusted framework and seek to circumvent it with a default mistrust, and encrypt everything.  The evil that's in none of our best interest, and which the government is poorly reacting to will flourish right along with our "personal privacy".

 

--

 

So yes, I think the current encryption is lame and useless.  It's neither pleasant to use, or effective in any way, accept neutering the usefulness of Evernote for that encrypted text.  It should be fixed, but I'm not particularly sussed about it being non-key escrowed.  I'd be just as happy to have whole note and/or whole notebook AES encryption on the client side and still have it searchable on the Evernote server side.  In other threads, I've expanded on how that might be done.

 

I WOULD like to see SSL fixed with forward secrecy, because it's extremely low effort on EN's part, and it pushes the government back in the direction of being transparent and playing by the agreed upon rules.

[GrumpyMonkey 4,319]

I am terribly sorry to respond in such a perfunctory manner to your lengthy post. I am much busier (and less visible on the forums) these days, and can't post as much as I would like. One point: a government is not a person. It is a collection of individuals that, whatever their individually good intentions, can do terrible things in aggregate if not closely monitored for abuse. That's just what happens with institutions. No country or institution has ever had a monopoly on the abuse of power. 

 

Whatever your feelings on the matter, a zero-knowledge encryption scheme solves (as far as I can tell) the problem. Of course, if you would like to give your encryption keys to whatever benevolent entity you would like, please feel free to do so. 

[cwb 225]

individuals vs institutions...

 

Indeed.  And countries can be both more and less than the sum of their individuals (and often both at the same time).

I don't see what that changes.

Neighbors need to be neighborly.

Every handful of individuals eventually goes down that path of discovery, from families, to community associations, to municipal, on up to federal governments.  Things get somewhat tortured at the global level and the UN due to a lack of recognized alignment of shared goals and values.

But I don't see where that changes anything when it comes to agreed upon community rules and transparency, and working to that end.

Be that an Evernote Forum, or an NSA mandate and it's oversight.

 

I agree that zero-knowledge encryption does all you say.

And with merely my IT/dev hats on, there's a simple elegance to it.

It unfortunately also does more.

It does more to Evernote dev timelines, Evernote support costs, all the way up to loftier poly-sci impacts.

With my bus/dev and citizen hats back on, it's the more part (what else does it do) that's too problematic, for it to be a simple solution.

 

I'm not sure enough thought is being given to that, in the asking for certain encryption features.

 

I think it's wrong to circumvent affecting corrective feedback on human behavior, be it on "our guys" or "the other guys".  

I think it's wrong to enable "the other guys", in the pursuit of our own selfish "privacy" goals.

 

It's possible to obtain through other directions, most of the desired outcomes.  Balanced personal privacy,  curtailing community abusive activity and those who practice it, and both allow and encourage NSA-esque entities back into the confines of their original mandates.

 

Zero knowledge encryption doesn't fix any problems, it just escalates them, while letting you opt out of some of the mess, until the mess gets deeper.  And it pushes the NSA-like entities further in the wrong direction.

At the absolute best possible, most naive possible outcome, zero knowledge encryption only exerts a fixing pressure on "our guys", if we all use it, for everything.

And because that's a Utopian unobtainable (especially in the U.S.), I submit it's wasted time and effort.

[GrumpyMonkey 4,319]

individuals vs institutions...

 

Indeed.  And countries can be both more and less than the sum of their individuals (and often both at the same time).

I don't see what that changes.

Neighbors need to be neighborly.

Every handful of individuals eventually goes down that path of discovery, from families, to community associations, to municipal, on up to federal governments.  Things get somewhat tortured at the global level and the UN due to a lack of recognized alignment of shared goals and values.

But I don't see where that changes anything when it comes to agreed upon community rules and transparency, and working to that end.

Be that an Evernote Forum, or an NSA mandate and it's oversight.

 

I agree that zero-knowledge encryption does all you say.

And with merely my IT/dev hats on, there's a simple elegance to it.

It unfortunately also does more.

It does more to Evernote dev timelines, Evernote support costs, all the way up to loftier poly-sci impacts.

With my bus/dev and citizen hats back on, it's the more part (what else does it do) that's too problematic, for it to be a simple solution.

 

I'm not sure enough thought is being given to that, in the asking for certain encryption features.

 

I think it's wrong to circumvent affecting corrective feedback on human behavior, be it on "our guys" or "the other guys".  

I think it's wrong to enable "the other guys", in the pursuit of our own selfish "privacy" goals.

 

It's possible to obtain through other directions, most of the desired outcomes.  Balanced personal privacy,  curtailing community abusive activity and those who practice it, and both allow and encourage NSA-esque entities back into the confines of their original mandates.

 

Zero knowledge encryption doesn't fix any problems, it just escalates them, while letting you opt out of some of the mess, until the mess gets deeper.  And it pushes the NSA-like entities further in the wrong direction.

At the absolute best possible, most naive possible outcome, zero knowledge encryption only exerts a fixing pressure on "our guys", if we all use it, for everything.

And because that's a Utopian unobtainable (especially in the U.S.), I submit it's wasted time and effort.

 

Frankly, I don't know who "us" and "them" is. I also don't know about the costs for Evernote to implement this. If SpiderOak (small) and Google (large) can manage it, Evernote can too (if they want to do it).

 

What I do know is that you and I are not in a community (in terms of our data). We share a shard or maybe a rack, but that doesn't mean you (or anyone else) ought to be given the ability to violate our privacy for the chance to find damaging information about them. You cannot (legally) wander into my house and go through my things, and neither can the government. We accept this protection from unreasonable search or seizure (in the US it is the 4th Amendment), and I think our digital possessions ought to be treated in a similar fashion. Unfortunately, it appears that the court is currently unwilling to see this as a violation of our 4th Amendment rights, and Congress is unwilling to act.

 

I am not interested in trying to steer the NSA one direction or another. I do not know what corrective behavior means in this context. All I can say is that the NSA is doing its job as it has been authorized to do so by the government, and I actually have no bone to pick with them. I certainly do not "trust" them to protect the data they have stolen from me any better than the government protects its own top secret data from hackers, leakers, whistleblowers, etc. In fact, I expect that I have had all of my data harvested (I communicate overseas on a regular basis) and that it is probably a permanent part of every search query now (though, I hear disturbing reports about their supposed ineptitude at even doing basic search operations).

 

Instead, I recommend a solution that improves our overall security and solves this particular issue. I think it is reasonable, and it is certainly telling that other companies are there already (or are moving in that direction). Evernote may not do it. That's fine by me, and I can understand their choice, but speaking for myself, the illusion of security (the "good" guys can give my memories a full body cavity search but not the "bad" guys) isn't the level of security I want. I don't see much point in advocating for partial solutions like Dropbox (your database is encrypted, but they have the key), and that is why I have been asking for years (?) for an encrypted notebook. 

 

I've written way too much already on this. I think I've made my point, however unconvincingly. As I recommended earlier, there are some things people can do to deal with the current situation. In the case of Evernote, local notebooks are terribly limited, but probably the best solution for people concerned about their privacy/security. It says a lot about Evernote that they had the foresight to implement a feature like this, and I greatly appreciate that they take security seriously.

[cwb 225]

You mention Google, but they haven't released Drive encryption yet, and if you re-google the rumors they indicate a decision hasn't been made but one possible form is encrypted but they hold the key.

If government wants access, they have to request it transparently.

All much like Dropbox already does, and along the lines of what I've said.

We shall see.

You and I will agree to disagree then.