Jump to content

(Archived) Possible Solution to Encryption - not perfect!

srm

By srm
in Windows Archive

Recommended Posts

srm

srm 1

Posted
Posted

I've been reading through lots of posts on how to make Evernote more secure. Here's one suggestion. It involves a few compromises but might be suitable for some people, particularly if you want to keep sensitive information of a business nature in Evernote and only use on personal computers and not mobile devices.

 

The scenario is 2 laptops, both running Windows (though the solution in principle also applies to Macs). It won't work with mobiles or tablets.

 

1. Install DropBox on each machine

2. Install BoxCryptor on each machine. This will perform on the fly encryption of everything in a mountable drive within DroxBox.

3. Install Evernote for Windows on each machine, and put the Evernote database in a Boxcrpytor folder.

4. Use Evernote, but put everything in local notebooks, which do not sync with the Evernote cloud.

 

Although the local notebooks don't sync with Evernote servers, their contents (i.e. the Evernote database) does sync across DropBox machines so will be kept in sync across the two machines (and any others which are added).

 

Can anyone see any flaws with this, other than the obvious ones:

 

1. Can't share notes with other people

2. Won't work on iOS or Android because even though there are DropBox and BoxCryptor apps, you can't tell the Evernote mobile client where to locate its database.

 

BoxCryptor drives can be set to auto-mount when a particular user logs in (e.g. on a home machine which has BitLocker enabled), or not (for example on a work machine where the encrypted drive could be mounted manually when the user logs in). Also protects against the work machine being stolen if the hard drive is not encrypted. 

 

The data is secure on both machines, syncs between them and nothing (confidential) is stored within the Evernote cloud in a human-readable form.

 

I've not tried this out, but would appreciate any feedback on the suggestion.

 

Thanks.

 

srm

Link to comment
BurgersNFries

BurgersNFries 2,407

Posted
Posted

I've been reading through lots of posts on how to make Evernote more secure. Here's one suggestion. It involves a few compromises but might be suitable for some people, particularly if you want to keep sensitive information of a business nature in Evernote and only use on personal computers and not mobile devices.

 

The scenario is 2 laptops, both running Windows (though the solution in principle also applies to Macs). It won't work with mobiles or tablets.

 

1. Install DropBox on each machine

2. Install BoxCryptor on each machine. This will perform on the fly encryption of everything in a mountable drive within DroxBox.

3. Install Evernote for Windows on each machine, and put the Evernote database in a Boxcrpytor folder.

4. Use Evernote, but put everything in local notebooks, which do not sync with the Evernote cloud.

 

Although the local notebooks don't sync with Evernote servers, their contents (i.e. the Evernote database) does sync across DropBox machines so will be kept in sync across the two machines (and any others which are added).

 

Can anyone see any flaws with this, other than the obvious ones:

 

1. Can't share notes with other people

2. Won't work on iOS or Android because even though there are DropBox and BoxCryptor apps, you can't tell the Evernote mobile client where to locate its database.

 

BoxCryptor drives can be set to auto-mount when a particular user logs in (e.g. on a home machine which has BitLocker enabled), or not (for example on a work machine where the encrypted drive could be mounted manually when the user logs in). Also protects against the work machine being stolen if the hard drive is not encrypted. 

 

The data is secure on both machines, syncs between them and nothing (confidential) is stored within the Evernote cloud in a human-readable form.

 

I've not tried this out, but would appreciate any feedback on the suggestion.

 

Thanks.

 

srm

 

Since it sounds like BoxCryptor is like Truecrypt, I'd suggest you search the board on the words Truecrypt & exb.  Here's one thread:

 

http://discussion.evernote.com/topic/36624-changing-evernote-data-location-to-dropbox-folder/

Link to comment
srm

srm 1

Posted
  • Author
Posted

Thanks. There are some discussions but not specifically with this scenario.  

 

Interestingly, the warnings about using DropBox as a location for the database are sensible, but the issues can easily be avoided. For example, I set my Evernote options to sync manually and do this one at the start and once at the end of the day, then shut the application down. DropBox then syncs and there's no corruption. 

 

The only difference with my post above is that I'm proposing using only local notes so that there's zero chance of anything non-encrypted being stored outside my own control.

Link to comment
BurgersNFries

BurgersNFries 2,407

Posted
Posted

Thanks. There are some discussions but not specifically with this scenario.  

 

Interestingly, the warnings about using DropBox as a location for the database are sensible, but the issues can easily be avoided. For example, I set my Evernote options to sync manually and do this one at the start and once at the end of the day, then shut the application down. DropBox then syncs and there's no corruption. 

 

The only difference with my post above is that I'm proposing using only local notes so that there's zero chance of anything non-encrypted being stored outside my own control.

 

Yeah, I would caution those who are not very computer savvy from doing this.  Those who elect to do this should do so knowing there are potential pitfalls & they should have a solid understanding of what they are doing.  Also know that this is not a scenario supported by Evernote.  Not that that means it's a bad thing - just that it's not supported & may be a factor if you have an Evernote problem & submit a support ticket.  I normally store my exb file in a TC container.  If I have to submit a support ticket, I've been known to move it out of there to eliminate that as a possible cause of the problem & I understand why.  When you're in support, you need to know you're dealing with someone using the latest version of the software (in case their problem has been resolved in the current version).  And you need to be dealing with supported situations.to eliminate the unsupported scenarios from possibly being the cause of the problem.  IOW, you need to have a baseline. 

 

Having said all this, if this works for you then great.  It's not something I would do.

Link to comment
srm

srm 1

Posted
  • Author
Posted

Hi

 

Yes, I'd agree that this isn't something for the casual user and people should understand it's a unsupported solution and only a workaround. If Evernote offered a database-level encryption solution that would be ideal but from the various posts I've read on this forum, that won't happen anytime soon, if ever. 

 

I can't believe people are happy to store confidential company data in the cloud unencrypted. I'd imagine doing so breaches the terms and conditions of many companies' data protection policies and I wouldn't risk it.

 

Thanks for commenting, though. I think I'll try the local notebook option and see how it goes. Shame as I switched from OneNote to Evernote because of limited OneNote functionality!

Link to comment

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...