(Archived) Cautionary Tale

[Scooter 11]

I had a major malfunction today.  Actually, it started a few days ago when my laptop died and I moved to a new one.  That is a tale of woe in and of itself, but I'm here to talk about how this effected Evernote and how you can avoid a terrible mistake I just made.

 

I have used all my notebooks to sync to the cloud, except one in which I stored vital data (accounts, recipts, licences, etc. - serious stuff).  Though I comptetely trust the intent of Evernote...  things happen, so my goal was to keep this data off the server.  I back this 'local only' stuff up by exporting it from Evernote, encrypting it, and saving it in multiple drives.  All was well until my laptop died.  So I download a fresh copy of the mac client, and sync it all back up.  This works great - didn't even take as long as I thought it would.  Then, i took my latest export of my 'local' stuff and imported it, then went to make coffee while it ran.  It ALSO worked as advertised.  It brought that notebook back into my account the same as it was before...  except it was no longer a local notebook!  It has all synced to the servers while I was away from the desk.

 

So, the first thing I want to do is warn others to be more careful and less stupid than I, and the second is I'd like to know if Evernote does any encryption of it's stored data.  I know it's probably secure in transit, but what if evernote is hacked?

[GrumpyMonkey 4,319]

I had a major malfunction today.  Actually, it started a few days ago when my laptop died and I moved to a new one.  That is a tale of woe in and of itself, but I'm here to talk about how this effected Evernote and how you can avoid a terrible mistake I just made.

 

I have used all my notebooks to sync to the cloud, except one in which I stored vital data (accounts, recipts, licences, etc. - serious stuff).  Though I comptetely trust the intent of Evernote...  things happen, so my goal was to keep this data off the server.  I back this 'local only' stuff up by exporting it from Evernote, encrypting it, and saving it in multiple drives.  All was well until my laptop died.  So I download a fresh copy of the mac client, and sync it all back up.  This works great - didn't even take as long as I thought it would.  Then, i took my latest export of my 'local' stuff and imported it, then went to make coffee while it ran.  It ALSO worked as advertised.  It brought that notebook back into my account the same as it was before...  except it was no longer a local notebook!  It has all synced to the servers while I was away from the desk.

 

So, the first thing I want to do is warn others to be more careful and less stupid than I, and the second is I'd like to know if Evernote does any encryption of it's stored data.  I know it's probably secure in transit, but what if evernote is hacked?

Hi. Evernote does not encrypt the data on its servers. To create a local notebook, you have to select it when you see the dialog box. Specifically, you get this message:

"Your notes have been placed into a local notebook named 'Import My Notes'. The total size of the imported notes is 9.3 KB and you have 994.7 MB of unused quota remaining. Would you like these notes placed into a synchronized notebook?"

Fortunately, none of your data has been compromised -- just erase everything and re-import it into a local notebook. I don't know how things work on the backend at Evernote, but my guess is that deleted things will eventually be written over, and I know that they destroy all hardware when they upgrade it, so there is very little to worry about, in my opinion, and I am something of a tinfoil hat kind of guy.

http://www.christopher-mayo.com/?p=288

Yes, ideally the data would never have left your computer in the first place. I'd say that mistakenly syncing the data to a company like Evernote that takes data security very seriously, though, is probably nothing to lose any sleep over.

[gazumped 11,663]

So far as I know an ENEX import works the same for Mac as it does for windows,  and it's not notebook-specific.  If you import the notes you have to tell Evernote where to put them.  If they should go in a local-only notebook,  that's just fine.  But if you just imported them...  inappropriate things happen.  As you should know,  Evernote was hacked once.  No serious loss or damage ensued,  but everyone had a sudden change of password to work through.  If you material is on the servers,  it's less secure than if it never left your hard drive.  But then how confident are you that someone couldn't hack your computer and steal your data directly?

 

If you want to find out if anything can be done to scrub your data from the servers,  you're best off raising a support ticket.  I don't know what else to suggest...

 

EDIT:  other than - read Grumpy's post;  he obviously has the inside line on this one!

[BurgersNFries 2,407]

I had a major malfunction today.  Actually, it started a few days ago when my laptop died and I moved to a new one.  That is a tale of woe in and of itself, but I'm here to talk about how this effected Evernote and how you can avoid a terrible mistake I just made.

 

I have used all my notebooks to sync to the cloud, except one in which I stored vital data (accounts, recipts, licences, etc. - serious stuff).  Though I comptetely trust the intent of Evernote...  things happen, so my goal was to keep this data off the server.  I back this 'local only' stuff up by exporting it from Evernote, encrypting it, and saving it in multiple drives.  All was well until my laptop died.  So I download a fresh copy of the mac client, and sync it all back up.  This works great - didn't even take as long as I thought it would.  Then, i took my latest export of my 'local' stuff and imported it, then went to make coffee while it ran.  It ALSO worked as advertised.  It brought that notebook back into my account the same as it was before...  except it was no longer a local notebook!  It has all synced to the servers while I was away from the desk.

 

So, the first thing I want to do is warn others to be more careful and less stupid than I, and the second is I'd like to know if Evernote does any encryption of it's stored data.  I know it's probably secure in transit, but what if evernote is hacked?

 

I'm Windows only but my experience on Windows is as GM described.  When you import notes via enex files, you are asked if you want to place in a sync'd notebook or not.  If you do not take care to read the dialog box & answer appropriately, yes the notes may be moved to a sync'd notebook. 

[heather 604]

Just to add to this, once you move the data off our servers, they're gone for good. So, no harm, no foul.

 

Granted, this very thing has caused some of our users to complain that we were unable to restore things they had unintentionally *removed* from our servers. However, if its not there, we can't restore it. And this is pretty much why.

[BurgersNFries 2,407]

Just to add to this, once you move the data off our servers, they're gone for good. So, no harm, no foul.

 

Granted, this very thing has caused some of our users to complain that we were unable to restore things they had unintentionally *removed* from our servers. However, if its not there, we can't restore it. And this is pretty much why.

 

But, but, but... don't you have backups on servers?  (Ok this may be a bit on the edge...)  I know at my work, we retain backups for several months, some even years for legal issues.  So if I accidentally add my bank statement to a sync'd notebook, EN syncs & then I realize my error & move it to a local notebook & sync, won't that note live somewhere in the bowels of EN for a while longer...??? 

[GrumpyMonkey 4,319]

Just to add to this, once you move the data off our servers, they're gone for good. So, no harm, no foul.

 

Granted, this very thing has caused some of our users to complain that we were unable to restore things they had unintentionally *removed* from our servers. However, if its not there, we can't restore it. And this is pretty much why.

 

But, but, but... don't you have backups on servers?  (Ok this may be a bit on the edge...)  I know at my work, we retain backups for several months, some even years for legal issues.  So if I accidentally add my bank statement to a sync'd notebook, EN syncs & then I realize my error & move it to a local notebook & sync, won't that note live somewhere in the bowels of EN for a while longer...???

Indeed. Even erased isn't gone, and that is precisely why Evernote destroys hardware when they are done with it. I think Heather means that the staff can't get at it under normal conditions. It isn't gone, right, and it is also on that backup server, right?

Again, I think the oP has nothing to worry about. We are just speaking about technicalities.

[Scooter 11]

Those were all my reasons for keeping it off the servers in the first place.  But I was dumb.  My point in posting was not to complain, but to share my experience.  I'm a quasi tech savvy non-moron, and I did this.  Since it was one of those 'head smiting' things I thought I'd share it so others won't make the same mistake.  It's one of those obvious things that dosen't hit you till you've already done it.

 

I've removed all the data, and I don't think it was backed up anywhere (I'm off the impression that backups happen over night in the US) and am pretty sure it's safe.  But I wanted to warn others and hear that it was probably not the end of the world one more time. 

[BurgersNFries 2,407]

Indeed. Even erased isn't gone, and that is precisely why Evernote destroys hardware when they are done with it. I think Heather means that the staff can't get at it under normal conditions. It isn't gone, right, and it is also on that backup server, right?

Again, I think the oP has nothing to worry about. We are just speaking about technicalities.

Yeah, I do realize these backups would be even less accessible than our live EN database is (which is not accessible at all except for notes/notebooks the user shares with others and/or any successful hacker).  And I agree that it's a technicality & not necessarily worthy of worrying about.  (That's what I was trying to convey when I said it was on the edge...I just didn't use the correct verbiage.)  But I also subscribe to the theory that once it's on the internet, one must accept that it may be out there forever.  Having said that, putting something into a private cloud account like Evernote is not the same as publishing something on a public web page for public consumption.  Remember back in the day when Yahoo was king & you could pull up cached webpages that had long since been taken down?  But I do think people need to understand this issue.  Knowledge is power & all that jazz.