Jump to content
Robert G

Application Authorization and Access

Recommended Posts

I know that when I authorize an application to use my Evernote account, it can retrieve notes as well as change them.

 

My question is, does that give the application's servers, or developers, the ability to read my notes or save them?

 

I keep sensitive data in my Evernote account that I would not want to trust with developers and organizations that I really know nothing about.  I would think that access to read my notes outside of my actual device would be a really terrible idea for the security of the service and would render the advantage of using 3rd party applications not worth the trade off.

 

Evernote's definitions are a little vague.  They state clearly that the "application has access" but doesn't say anything about how the application can store or use the information it retrieves.

 

There are several apps I would REALLY love to use, but I'm just not sure I can trust the system to protect my data.

 

Am I worrying too much with this?

Share this post


Link to post

I know that when I authorize an application to use my Evernote account, it can retrieve notes as well as change them.

 

My question is, does that give the application's servers, or developers, the ability to read my notes or save them?

 

I keep sensitive data in my Evernote account that I would not want to trust with developers and organizations that I really know nothing about.  I would think that access to read my notes outside of my actual device would be a really terrible idea for the security of the service and would render the advantage of using 3rd party applications not worth the trade off.

 

Evernote's definitions are a little vague.  They state clearly that the "application has access" but doesn't say anything about how the application can store or use the information it retrieves.

 

There are several apps I would REALLY love to use, but I'm just not sure I can trust the system to protect my data.

 

Am I worrying too much with this?

 

Hi. Welcome to the forums. 

 

If someone can access your data, then they can store it, so you should assume that they have full access to everything in your account. If you have sensitive data, I recommend you don't put it on the cloud in the first place, but, if you do, you may want to have it in a separate account or encrypted if you use third-party integrations.

 

Ideally, we'd be able to limit access to certain notebooks, have encrypted notebooks, etc., but we aren't there yet. You have to manually create barriers.

  • Like 1

Share this post


Link to post

 

I know that when I authorize an application to use my Evernote account, it can retrieve notes as well as change them.

 

My question is, does that give the application's servers, or developers, the ability to read my notes or save them?

 

I keep sensitive data in my Evernote account that I would not want to trust with developers and organizations that I really know nothing about.  I would think that access to read my notes outside of my actual device would be a really terrible idea for the security of the service and would render the advantage of using 3rd party applications not worth the trade off.

 

Evernote's definitions are a little vague.  They state clearly that the "application has access" but doesn't say anything about how the application can store or use the information it retrieves.

 

There are several apps I would REALLY love to use, but I'm just not sure I can trust the system to protect my data.

 

Am I worrying too much with this?

 

Hi. Welcome to the forums. 

 

If someone can access your data, then they can store it, so you should assume that they have full access to everything in your account. If you have sensitive data, I recommend you don't put it on the cloud in the first place, but, if you do, you may want to have it in a separate account or encrypted if you use third-party integrations.

 

Ideally, we'd be able to limit access to certain notebooks, have encrypted notebooks, etc., but we aren't there yet. You have to manually create barriers.

 

 

Thanks for the follow up!  I don't really have anything by itself that is sensitive, but it doesn't take much for someone to piece together enough data to cause a problem.  The only really sensitive data I have in Evernote I store in local notebooks, but that's after I file them there.  Typically, I dump everything into an "inbox" notebook until I have time to filter things later on.  So that being the case, even sensitive data resides in a synced notebook at least temporarily during that process.

 

I agree, Evernote really should make it where we can choose what folders 3rd party apps can have access to and not just allow all of them.  There is just too much room for abuse otherwise.

Share this post


Link to post

I have a mix of very sensitive data on Evernote and then mostly stuff that isn't sensitive.  This data is in a mix of different notebooks.

 

How do I segregate what is allowed on the cloud and what isn't allowed on the cloud?

Share this post


Link to post

You can create a new notebook (use the File Menu, not the button) and choose it to be "Local Notebook" and not "Syncronized Notebook".  Local notebooks do not sync with Evernote's servers and reside solely on your device.  Obviously, that means backups are crucial since it's not on the cloud like other notebooks.

 

Here's how it looks on a Mac.

https://www.dropbox.com/s/uybfrcosr0qupkc/Screenshot%202014-04-09%2015.53.50.png

 

Edit:  You cannot change the type of a Notebook after it's created, so you have to create a new one as Local and move your files into it.

Share this post


Link to post

Thanks, Robert.  Let's say I want the sensitive stuff stored on both my laptop and my ipad.  Do I have to re-create the local notebook on the iPad and then re-create the note, or can I give both the iPad and the laptop access to the same notebook?

Share this post


Link to post

Since Evernote uses their servers as the tool to sync the data, Local notebooks will only be on the single device that created it.  To my knowledge, iPad app doesn't support Local notebooks at all, only synced ones.  So that means any of your Local notebooks would be solely on your laptop.  That's the downside.

 

It seems that our choices are, create a Local notebook for sensitive data and have no other access to it...OR...don't use any third party apps that have note access. I trust Evernote as a whole, but as soon as you give an app access to your notes it's no longer as secure (or so it seems to me).  I hate that we can't dictate which notebooks are off limits to outside apps, synced or not.  There are some great apps out there that I would love to use, but I can't justify the risk.

Share this post


Link to post

Boy, no kidding.  This is especially disturbing for me because I'm developing an app myself that will require this access.

 

What I would really like is the ability to set access to any given note since I have sensitive notes in different notebooks.  

 

I guess what I will do is to create a separate account for all sensitive data and then not use any third party apps for that account.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...