Jump to content
2019 Calendar Templates Read more... ×

Idea

Recommended Posts

  • 0

Hi All,

You may have noticed that all threads requesting Password Protected Notebooks have been merged into this thread, regardless of platform specificity.

(This is a separate request from the ability password protect the Evernote App itself)

This was done in order to better enable us to quantify and qualify user requests, and amplify their voice.

While this does not mean this is a feature that will be coming, we certainly want to relay user feedback/sentiment to our various teams.

Moving forward, please put all commentary and votes for Password Protected Notebooks here!

  • Thanks 1

Share this post


Link to post
  • 2

Just jumping on the bandwagon here. Would love to have the ability to password protect at a notebook level. Then have password protected notebooks be excluded from search unless you enter the password to unlock those notebooks. And heck, maybe even also have protected notebook results, even when unlocked, be available (optionally) after the click of a button or link. For example, let's say you have Notebook A, Notebook B, and Notebook C. B and C are protected with different passwords. Notebook A is unprotected. You run a search. Results look like this: 

Result 1, result 2, result 3, etc. (all from Notebook A).

[see results from locked Notebook B] -> click on this and you'll be prompted for a password to unlock notebook B.

[see results from locked Notebook C] -> click on this and you'll be prompted for a password to unlock notebook C. 

In the left column, in the notebooks view, you would see a little lock symbol (like a padlock) next to locked notebooks. When unlocked, the lock symbol padlock would look unlocked. Click on the padlock again and you lock that notebook. 

On mobile, the experience might be a little different. You might allow the use of a PIN instead of a password, or Touch ID (iOS), face unlock, pattern unlock, etc. 

  • Thanks 2

Share this post


Link to post
  • 1

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

This has been discussed a lot already. Please search the board for more info. Also, if something is truly/securely encrypted, the host does not have it. So if you forget your encryption password, the host cannot send it to you or help you recover it. IOW, your encrypted data is gone.

  • Like 1

Share this post


Link to post
  • 1

Add me to the list of users who would like to see notebook level, zero knowledge, encryption. As we go down the path toward increasing surveillance (and a police state, all in the name of 'safety'), we cannot expect companies to resist government pressure to open the kimono, so zero knowledge encryption is a must. 

 

I'd still use local notebooks since we know that use of encryption itself is enough attract NSA surveillance and efforts to defeat your encryption. But it would be great to have the option to encrypt notebooks stored in the cloud that we need to access on a mobile device.

  • Like 2

Share this post


Link to post
  • 1

And we should be able to password protect/encrypt individual notes in their entirety -- not just higher level notebooks.  (the encrypt text feature is not a worthy substitute).  I guess this an obvious extension of the original idea, but nevertheless...

 

 

  • Haha 1

Share this post


Link to post
  • 1

What a great point. Evernote really needs to get it together.

  • Like 1

Share this post


Link to post
  • 1

Well, it's interesting to see how some people are strongly rejecting certain ideas, and defending them/justifying lack of any action by EN as if this will have a negative effect on them personally. Really strange.

To support this request I have a simple explanation and if anyone (be it "guru" or just "member") can provide an explanation why this is not reasonable I am really looking forward to response:

I want to lock/encrypt/password protect a table and image inserted in a note. I'm listening.

Current text encryption can be used for things you use rarely. I mean, decrypting it, adding some text and then again SELECT ALL->encrypt->password.... this is almost "last resort" option. Again, I am not a person that keeps "life-altering" things in EN but sure would like to prevent anyone seeing a list of some table data, or my login passwords to random sites, loan management tracking etc.

I mean, notebook or note lock will do the job and it's kinda surprising to see that this topic is open for almost 5 years now and I haven't seen any NO, NOT NOW or MAYBE's from EN officials. Maybe there is but I missed it though....

  • Like 1

Share this post


Link to post
  • 1

Dear all,

I plan to migrate from OneNote to EN for my daily planning and for my private content and notes, I have upgraded to Premium.... but Password lack is a show stopper for me !

I do not need encryption, I'm not trying to protect from Hackers or terrible cyber criminals !!!!

 

I just want to avoid that my private thoughts and ideas pops up on my desktop or mobile while I am browsing my daily planning.

Same I do not want that my kids or other eyes gets access on my private things when they browse on my pc or mobile!

So a password protection (not encryption, encryption is not needed, just simple password!!!!) for notebook or sections or notes is what I am asking for.

I know I will limit search function, I know I will probably limit integration from other sources (like sending from Outlook to a password protected area), probably also more nice function will be restricted ...... but please, add the function !!!  I will decide whether to use it or not, why you decide for me? 

 

You are such great developers, why are you so reluctant to include this function...

if someone does not want the password, he just have to avoid to use it, isnt' that easy?

 

Hope you will change your mind soon

Cheers

Richard

 

Share this post


Link to post
  • 1

I'm yet another Evernote user who would like to be able to password protect a specific notebook. I feel like people have been asking for this feature for about eight years.... It couldn't really be that hard.

Share this post


Link to post
  • 1

Yes! Let's make Evernote even better by having this feature in. I'm pretty sure, you'll get a lot of new users just by adding this feature. If tomorrow, a competitor comes up with a similar app as Evernote and that new app comes with "password protection" feature as we're discussing, I'll move to that app. *Evernote Team*, it's that critical.

Share this post


Link to post
  • 0

I'm OK with my notebook being gone if I forget my encryption key... that is fine :) I need the ability to fully encrypt notebooks as well.... I realize you can encrypt pieces of individual notes but that's just not user-friendly enough.  This is a major dilemma for me in being able to migrate to Evernote... 

 

Also, I feel like the desktop client should be able to have a timeout where you are required to enter a PIN to get back in, just like the iPhone and iPad apps.  It's a great feature.

  • Like 8

Share this post


Link to post
  • 0

Gees, this would be a great feature. I keep my employee review notes in Evernote and I find it hard to keep them encrypted and out of sight as a group.

  • Like 5

Share this post


Link to post
  • 0

I use Evernote casually because there is no 'Zero Knowledge' encryption ala Spideroak.  Notebook level encryption as a premium feature would make me a paying customer.

  • Like 8

Share this post


Link to post
  • 0

Yeah... leaving the desktop app open is just way too dangerous.... I don't see why this would be so hard to make? I actually upgraded to premium before I realized I couldn't encrypt notebooks... (oops :)  It's still cool software but without being able to store sensitive information, it really isn't that useful as a one-stop place for all of my notes.

  • Like 2

Share this post


Link to post
  • 0

Yeah... leaving the desktop app open is just way too dangerous.... I don't see why this would be so hard to make? I actually upgraded to premium before I realized I couldn't encrypt notebooks... (oops :)  It's still cool software but without being able to store sensitive information, it really isn't that useful as a one-stop place for all of my notes.

 

 

It may not be that it's too hard.  It may simply be that it's not a priority, since EN's niche is collecting, organizing & retrieving info.  If the info is securely encrypted, EN would not have access to the encryption password & would not be able to index the data.  Please search the board on encryption, if you want more info.

Share this post


Link to post
  • 0

Thanks for the reply BurgersNFries. Maybe it would become a priority if it was a small amount of extra money... I'd pay an extra $5/yr to be able to mark a notebook as encrypted.  It's OK if that encrypted data is not indexed... It can be made understood to users that anything in the encrypted notebooks will not show up in search results.  I would sit down and:

 

1. Tally up the number of Evernote premium subscribers.

 

2. Conservatively estimate the amount of development time, as well as time for updating help documentation, entering the extra password in the mobile apps, etc.

 

3. Run the numbers at 10% of Evernote Premium users paying the fee for "Evernote High Security Notebooks".

 

4. Also factor in the number of users who might be on the fence about paying for Evernote who will be pushed over the edge by this new feature.  I realize this is hard to calculate but I'm sure the number is greater than zero :) Actually, I know it's at least one from Jpetroski's post above!  These are brand new paying customers, this number can add up quickly.

 

I realize that you are an evangelist but to change priorities you have to show the business value.  Maybe it's not there?  Maybe they don't want to charge any "add-ons" to keep the pricing simple, in that case they need to put some serious effort into estimating #4 above.

 

At the end of the day, this feature will come to Evernote.  The question is, when will it come and how much money is it costing Evernote to not have this feature?

  • Like 4

Share this post


Link to post
  • 0

Yes, this feature would be great. This is really the only feature I would want as a premium customer. The other things that you get are OK, but for me some encryption would seal the deal.

 

As for now I can't use Evernote for all my notekeeping purposes, which is a little sad.

  • Like 1

Share this post


Link to post
  • 0

The ability to password protect and encrypt a single notebook within Evernote would be great for the reasons already mentioned above.

  • Like 1

Share this post


Link to post
  • 0

Forget it folks, I, and many others have tried...they don't want to hear it.  Some "antis" here are more vocal than others.

Share this post


Link to post
  • 0

Forget it folks, I, and many others have tried...they don't want to hear it. Some "antis" here are more vocal than others.

Where are the antis? If you search the board, I think you'll find lots of support for it, and also many users who are ambivalent, but does anyone say they "don't want the option to encrypt notebooks," or they "are anti-encryption"?

If by "they," you mean Vernote, then I can assure you they have heard. You can even find them in some of the threads responding. Just because they disagree and don't do everything we suggest doesn't mean they are not listening. Have we convinced them yet? No. But, maybe recent events are moving us closer to it.

Maybe, if you offered your specific security concerns, and specific reasons for wanting it then that would be more convincing.

Share this post


Link to post
  • 0

You can count my vote among those looking for a more serious approach to encryption in EverNote. In light of the recent NSA/PRISM surveillance scandal I simply cannot justify - as a non U.S. citizen - storing sensitive business information in EverNote, where it could be extracted at will by U.S. intelligence officials engaged in industrial espionage.

  • Like 1

Share this post


Link to post
  • 0

No worries there.  Last year they announced building a datacenter in China.  No Prism access there.  :)

 

You may think you're being funny, tongue in cheek or showing to the world that "it's not only the U. S. that is bad" but in reality all you're doing with the above contribution is strengthening my argument in favour of more comprehensive encryption options for those prospective users, who are serious about using Evernote for enterprise purposes.

 

And in any case the Patriot legislation also covers data centres abroad as long as the operating company is based in the U. S. This was admitted by Microsoft already years ago: http://www.zdnet.com/blog/london/defense-giant-ditches-microsofts-cloud-citing-patriot-act-fears/1349

 

http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225

 

Competitionwise the Americans have really shot themselves in the foot, when they decided to coerce their cloud services industry to facilitate their spying business. No wonder they wanted to keep it a secret to the world (as in "NOFORN").

  • Like 1

Share this post


Link to post
  • 0

It was indeed intended to show that we shouldn't be myopic on NSA surveilance of US based data centers.

You should assume that you're subject to metadata (if not more) surveilance where-ever you are.

 

Note that the UK collects more metadata than the US (though through agreement, they share access to one anothers data)

http://www.wired.com/threatlevel/2013/06/gchq-tapped-200-cables/

 

They aren't going to say anything about the spy taps they have on foreign undersea cables, but that's been known for a very long time.

So you have to assume that your data is being sifted over by:

  • Your own government, plus any they have intelligence agreements with
  • The governments of any countries your packets pass through
  • The governments of any enemies of your government through clandestine undersea taps (if ours are doing it, one has to assume some likelihood it happens the other way)

Being inside or outside the US, with a data center inside or outside the US, likely makes very little difference.

 

The only recent news here is that it's recently become news to some people (and perhaps the getting of a renewed sense of the scope creep enabled by moores law).

Act accordingly.  Though the horse left the barn on that requirement long ago.

 

http://en.wikipedia.org/wiki/Operation_Ivy_Bells

http://www.nytimes.com/2005/02/20/politics/20submarine.html?_r=0

 

Using encryption now, just flags you for permanent archiving: http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/

  • Like 1

Share this post


Link to post
  • 0

BUMP yes please.

 

You can count my vote among those looking for a more serious approach to encryption in EverNote. In light of the recent NSA/PRISM surveillance scandal I simply cannot justify - as a non U.S. citizen - storing sensitive business information in EverNote, where it could be extracted at will by U.S. intelligence officials engaged in industrial espionage.

 

Very well put

 

This PRISM thing is at the very least a PR disaster for US tech. Its really making me think about what onlime services to use and from what countries.

Share this post


Link to post
  • 0

I am just adding my YES vote for folder encryption. I use a separate program for that now, and lack of folder encryption is the main reason I don't keep financial or legal documents in Evernote.

  • Like 2

Share this post


Link to post
  • 0

I am just adding my YES vote for folder encryption. I use a separate program for that now, and lack of folder encryption is the main reason I don't keep financial or legal documents in Evernote.

For sensitive data, my recommendation is to use Evernote's local notebooks. When you need sensitive data on mobile devices, if you are using iOS, VoodooPad is nice (wifi or iTunes sync with no Internet).

http://www.christopher-mayo.com/?p=288

Ideally, an encrypted notebook will be made available soon. Splitting data up (local/synced or VoodooPad/Evernote) is very inconvenient and inefficient. The alternative, though, is to expose your data (and that of any third parties you might have) to government(s) surveillance and subsequent loss to hackers / other countries (ask the US government where their military secrets went http://www.cbsnews.com/8301-201_162-57586624/how-chinese-hackers-steal-u.s-secrets/).

  • Like 2

Share this post


Link to post
  • 0

I've been an Evernote user for years, and the request for encrypted notebooks has been raised repeatedly.  I would love to have such a feature and would be willing to pay more for it, and would gladly sacrifice the ability to have the contents of encrypted notebooks indexed and searchable.  Unfortunately, I suspect that this requested feature is either extremely low priority or against Evernote's idea that everything should be searchable, and as such, I don't expect it to happen.

 

From a certain perspective, I think not providing greater encryption capabilities is almost negligent.  With such a large user base, you know that some people are storing sensitive documents and data in EN, thinking it is relatively secure (I have known such people - keep in mind that a majority of the world is not that tech sophisticated and when they see things like SSL encryption, they presume their data is always encrypted and absolutely safe).  Yes, these people should know better, and providers such as EN are not required to babysit such people, but if you are aware that people are using your product in an unsecure manner, shouldn't you do something about it?  Just my 2 cents.

 

 

  • Like 3

Share this post


Link to post
  • 0

 

The last couple of minutes of this interview indicate that new "sexy" encryption options will be available "soon" (by the end of the year apparently)

 

http://techcrunch.co...ar-old-startup/

 

 

Yep. Thanks again for finding that.

 

If you want to know the exact spots where relevant stuff is said, see this post http://discussion.evernote.com/topic/39180-password-protect-evernote-in-total/?p=220064

Share this post


Link to post
  • 0

By the way, Google storage now has encryption. It seems to be roughly equivalent to what Dropbox already has as well. It might sound good to some people, but Google has the keys, so they can be legally compelled to turn your data over to a government and hackers can get a hold of it, so it is (in my opinion) nothing more than a false sense of security. This is not the encryption I want to see in Evernote (and it sounds to me in the interview that it isn't the encryption Evernote wants either).

http://www.pcworld.com/article/2046802/google-to-encrypt-cloud-storage-data-by-default.html

 

This is the kind of encryption I want from Evernote. A notebook encrypted in this manner with zero-knowledge encryption would be ideal.

https://spideroak.com/faq/questions/23/

 

By the way, there is (as Phil mentioned in the interview) a lot of confusion out there about this Prism thing. I am no expert, so please correct me if I am wrong, but if Google holds the key, unlocks the door to your data, and hands the data to the government (as they are legally obligated to do in some cases), then how is their encryption of data on their servers addressing any of the privacy/security concerns that people have about the government over-reach? To my amateur mind, reporting that claims Google is somehow addressing these concerns (see the Verge, for example http://www.theverge.com/2013/8/16/4627232/google-cloud-storage-automated-128-bit-aes-security) sounds bizarrely misinformed, under-researched, and poorly analyzed.

 

I truly hope this kind of (in my opinion) blather is not affecting the thinking folks at Evernote (like smoking the Halfling's weed, as Saruman would say). 

  • Like 2

Share this post


Link to post
  • 0

By the way, there is (as Phil mentioned in the interview) a lot of confusion out there about this Prism thing.

 

Not just Phil, but even the people-in-charge don't know what is going on with the NSA.

WaPo’s bombshell: Feinstein didn’t know about NSA’s audit of privacy violations

The big story is that Congress, overseers of the NSA and guardians of the public’s privacy, seems to have zero idea of how many “incidents” there are. And that includes the congressional watchdog-in-chief — the chairman of the Senate Intelligence Committee Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it. The NSA, it seems, really is an island unto itself inside the federal government.

http://goo.gl/k7caQV

 

Share this post


Link to post
  • 0

 

By the way, there is (as Phil mentioned in the interview) a lot of confusion out there about this Prism thing.

 

Not just Phil, but even the people-in-charge don't know what is going on with the NSA.

WaPo’s bombshell: Feinstein didn’t know about NSA’s audit of privacy violations

The big story is that Congress, overseers of the NSA and guardians of the public’s privacy, seems to have zero idea of how many “incidents” there are. And that includes the congressional watchdog-in-chief — the chairman of the Senate Intelligence Committee Dianne Feinstein (D-Calif.), who did not receive a copy of the 2012 audit until The Post asked her staff about it. The NSA, it seems, really is an island unto itself inside the federal government.

http://goo.gl/k7caQV

 

 

 

You raise an important point about making an informed decision about our data. In my opinion, we will probably not know the full extent of surveillance and abuse for many decades to come, and once your data is turned loose, you have no control over it, and it will float around in data centers forever. It may already be too late for some people. For all we know, some of our data ended up in Russia with Snowden.

 

I use the plural "data centers" here, because a lot of this data will escape from government servers through hacking, freedom of information requests, loss, and other means. It has happened before. It is happening. It will happen again. What happens when governments, corporations, and nefarious individuals (including those in the institutions) gain access to our "second brains"? This is some unsettling stuff. 

 

That's why I think it is a good idea for Evernote to institute something like this. The debate really isn't about what Prism does or doesn't do (interesting as it  is), but about instituting a policy that (in large part) removes the "trust" factor from the equation. With a zero-knowledge encrypted notebook, Evernote wouldn't have access, their employees wouldn't, and neither would the government. We don't have to "trust" every govt. official (in several governments, if information sharing news is accurate). We take the power out of their hands and put it in ours. That seems like the safest course of action no matter how this Prism thing turns out.

  • Like 4

Share this post


Link to post
  • 0

Hey GM,

 

That's why I think it is a good idea for Evernote to institute something like this. The debate really isn't about what Prism does or doesn't do (interesting as it  is), but about instituting a policy that (in large part) removes the "trust" factor from the equation. With a zero-knowledge encrypted notebook, Evernote wouldn't have access, their employees wouldn't, and neither would the government. We don't have to "trust" every govt. official (in several governments, if information sharing news is accurate). We take the power out of their hands and put it in ours. That seems like the safest course of action no matter how this Prism thing turns out.

 

I think you may be right here. Even though Evernote's business model doesn't depend on advertising/tracking (which is good for us!), they aren't immune from unreasonable government requests. I found an article that explains this quite clearly:

 

Indeed, the cooperation [between intelligence agencies and 'cloud' companies] was usually “voluntary” in large part because companies couldn’t afford to seem uncooperative, says another private-sector official who would speak about classified issues only on condition of anonymity. “The ways that pressure works in Washington are very subtle,” he says. “No one’s getting bribed, or punished outright. But it’s the good little Indian that gets rewarded. And these companies needed the goodwill of the NSA and other agencies.”

 
[…]
 
If industry refused, the NSA had the unique ability to both reward and punish, thanks to its implicit veto power over deals and exports
 

If the government wants something, they'll get it. I love Evernote, but I think that the Uplink motto "Trust is a weakness" applies here. :D

  • Like 1

Share this post


Link to post
  • 0

If people are really worried about storing "encrypted" data in evernote and the government getting it. Then you have bigger problems and really shouldn't even be commenting in this forum.

I just want to keep prying eyes off of my data, that's it nothing else. It's more of a "feel good" than anything else. I've been looking for something cross platform that I can use for journaling my life, family, friends, venting - getting things off my mind without others reading it because I left my machine unlocked & someone went snooping. While this would be rare, it could happen. This would give me peace of mind. I often spell things out as I see them, which, could upset someone if they read it. My thoughts are my thoughts - period... One of the only things I can control these days (I tend to ***** that up to)

 

Looking forward to the update. Been a light user for several years, with the announcement of "secure data" I purchased for the year. Something I dont do very often.  

 

Cheers

  • Like 3

Share this post


Link to post
  • 0

There were many things that they said would never be done in EN but this has been a "sexy year" for new features.

 

I'll add my vote for allowing encrypting / PW protecting notes without having to log out of the whole EN program.

Share this post


Link to post
  • 0

This is good news indeed!!!!!

 

I prefer client-side key storage, but hey, right now in this environment, I'll take anything.

Share this post


Link to post
  • 0

If people are really worried about storing "encrypted" data in evernote and the government getting it. Then you have bigger problems and really shouldn't even be commenting in this forum.

 

??????

  • Like 2

Share this post


Link to post
  • 0

I've been an evernote premium customer for a few years now and pretty happy with the service.  However, it has become clear that it's no longer possible to trust service providers with my data, despite the best intentions of the service providers to keep my data private.  So, I'm hoping that Evernote will enhance their product to give users like me the option to use zero-knowledge encryption as GrumpyMonkey mentioned in his post:

 

This is the kind of encryption I want from Evernote. A notebook encrypted in this manner with zero-knowledge encryption would be ideal.

https://spideroak.co...q/questions/23/

 

 

 

I understand this may cause some features, like server-side OCR to not work correctly (or at all).  Maybe giving me the option to have my attachments OCR'd might be useful, perhaps some hand-waving assurances that you'll return the OCR'd info and destroy the object.  Or maybe not at all.

 

In this version of the product, EN is reduced to being a storage provider for my data synchronization needs as well as a supplier of high quality client applications.

 

I'm now actively searching for a solution like this, perhaps built over a service like SpiderOak (that I try to use preferentially to DropBox) or something else.  While I have particular reason to distrust EN as a service provider, it seems to me that to solve my problem I don't NEED to try my service provider, and as a matter of good hygiene, I probably shouldn't trust service providers unless absolutely need to.

 

Share this post


Link to post
  • 0

I think that encrypted notebooks are one of the most needed features! Not truly safe? Hey! It's my choice!!! They don't provide cars without brakes because they can wear out. Check your brakes, but brakes are usefull. World is full of softwares and devices with drawbacks. You can put your accounts into an usb key and that can be stolen but... it's not a reason to not produce usb keys!!!

Encrypted/password-protected notebooks are usefull for a lot of semi-sensitive or sensitive data. Period. Drawbacks in term of indexing, security, ecc.? Let me know. I will decide if the option fits me. And I know will fit!

  • Like 1

Share this post


Link to post
  • 0

I use the in-note encryption feature quite a lot but I think I have read in the past that it's a really weak form of encryption (something about export of munitions being applied to crypto software?).  In which case, what's the point?

Share this post


Link to post
  • 0

I use the in-note encryption feature quite a lot but I think I have read in the past that it's a really weak form of encryption (something about export of munitions being applied to crypto software?).  In which case, what's the point?

As far as i am concerned, the current encryption seems pointless, though in practical terms, even it is unlikely to be broken. I certainly wouldn't see any point in using it for a whole notebook when better levels of security are available. Ideally, we'll get this feature, it will use at least 256 bit encryption, and it will be zero knowledge.

Share this post


Link to post
  • 0

 

I use the in-note encryption feature quite a lot but I think I have read in the past that it's a really weak form of encryption (something about export of munitions being applied to crypto software?).  In which case, what's the point?

As far as i am concerned, the current encryption seems pointless, though in practical terms, even it is unlikely to be broken. I certainly wouldn't see any point in using it for a whole notebook when better levels of security are available. Ideally, we'll get this feature, it will use at least 256 bit encryption, and it will be zero knowledge.

 

 

 

The NSA didn’t weaken a crypto standard. Rather, it put a backdoor inside the standard. There’s an important difference. As a consequence, if you use Dual_EC_DRBG, you’re still well-protected if the adversary you’re defending against isn’t the NSA. But if it is, you’re pretty much stuffed.

 

http://grahamcluley.com/2013/09/nsa-cheated-cryptography/

 

You may find this interesting.  I interpret this to mean all known forms of encryption can be and are being subverted by the NSA.  Perhaps there are algorithms in a tool like TrueCrypt that don't use the Dual_EC_DRBG standard, but you'd have to do some research to find out.  

 

 

Give me six lines written by the most honorable of men, and I will find an excuse in them to hang him.
- Cardinal Richelieu

Share this post


Link to post
  • 0

 

 

You may find this interesting.  I interpret this to mean all known forms of encryption can be and are being subverted by the NSA.  ...

 

 

 

I don't believe this.  Here is why.

 

Edward Snowden stated:

 

Snowden's response: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."

 

 

 

http://www.businessinsider.com/edward-snowden-email-encryption-works-against-the-nsa-2013-6

 

 

 

 

 

AND

 

Bruce Scheier has already stated NOT to use EC.

 

 

 

Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

 

 

 

 

http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

 

 

 

Scheier also states:

 

 

 

Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That's how you can remain secure even in the face of the NSA.

 

 

What I glean from all this is the fact that stronger crypto systems have the best chance of working.  But even better would be non-NSA influenced ciphers;  Twofish and Threefish come to mind.  Apart from the latter, and One Time Pads, AES256 seems to be the best choice. (Although adopted by the NSA, it is my understanding it was not developed by the NSA.  Instead it was the "winner" in a search for a new crypto system.  The winner: Rijndael)

 

(PS  I am not a cryptographer, but I follow those that are.)

  • Like 1

Share this post


Link to post
  • 0

In my opinion, we are discussing of two completely different needs, and I think it's a mistake, trying to reconcile them.

Someone just needs a password protection on notebooks or, let me say so, a "soft" encryption. Useful for personal journaling, not-so-important accounts and so on. Nothing they care to protect from government... They only want to protect from prying eyes. Let's say "private" notebooks.

Others need to store completely unreachable information. Not necessarily terrorists. Maybe politicians who do not want to let someone put his nose on anything private, or professionals who have to keep some data confidential, or, simply, normal people who are concerned to store safely the login data of the bank account. They need a safe or a vault. Let's say "safe" notebooks.

Or maybe, the same person (me, for example) has the two needs.

Why not just make available the two different features?

"Private" notebooks, with just a password. Not strongly protected but searchable and, maybe, password recovery option.

"Safe" notebooks, REALLY encripted, totally or in part. I mean: totally encripted, or searchable titles but unsearchable content. Without password recovery option, of course.

You will NEVER succeed to make a compromise beetween the two solutions or convince the users they do not need one or the other solution. It's a useless struggle.

Share this post


Link to post
  • 0

It might be a subtle point but I think a PIN might be better than a "password".  Just like on the mobile devices.  I wouldn't want someone getting carried away thinking there's any security behind that.  I do want to deny casual use if someone is granted brief access to my desktop, without having the hassle of logging in and out of Evernote in the desktop client.  But all of the data is still there for the gleaning if you look at the backend. For that, there's no substitution for encryption.  It's not hard and doesn't have to add noticeable overhead.

Share this post


Link to post
  • 0

It might be a subtle point but I think a PIN might be better than a "password".  Just like on the mobile devices.  I wouldn't want someone getting carried away thinking there's any security behind that.  I do want to deny casual use if someone is granted brief access to my desktop, without having the hassle of logging in and out of Evernote in the desktop client.  But all of the data is still there for the gleaning if you look at the backend. For that, there's no substitution for encryption.  It's not hard and doesn't have to add noticeable overhead.

 

Agreed, a PIN on the desktop app would be great.  I don't want to have to lock my workstation all the time, especially at home where others want to use the computer.  Just need a PIN to get into the desktop app once it's minimized in the task tray and you open it back up.

Share this post


Link to post
  • 0

Actually I was wondering why not doing something totally different in order to get right this done without really encrypt the data.

As far as I can see it, some people want that the notebook needs to be password protected but on the other side evernote doesn't want to do this as it would cost more and the system isn't build for that.

So why not just password protect the notebook so when you first want to open it, it asks for a password just to look at it, this can't be so hard to be implemented.

Together with an auto logout, that asks for a password when the file is shown more than like five minutes, you have almost the same,e thing as people are asking for as a someone that wouipd like to see it needs password anyways.

  • Like 1

Share this post


Link to post
  • 0

Sadly no, a password prompt and auto-timeout (as is in place in mobile EN clients with premium account) has nothing to do with the needs enumerated in this thread.

That's not to say it's not worthwhile, even in addition to encrypted notes/notebooks (be it local, remote, local and remote - non-key-escrowed), but it just addresses the requests of other use cases in other threads.

For now breath is likely best conserved until EN releases what they already have baking in the oven and we kick it around a bit.

Share this post


Link to post
  • 0

Sadly no, a password prompt and auto-timeout (as is in place in mobile EN clients with premium account) has nothing to do with the needs enumerated in this thread.

That's not to say it's not worthwhile, even in addition to encrypted notes/notebooks (be it local, remote, local and remote - non-key-escrowed), but it just addresses the requests of other use cases in other threads.

 

Actually you misunderstood me.

I said, that single documents should be password protected again, so that the mobile client can stay open as most users like it.

I am not sure if you ever worked with password protected documents in Office, but while your computer might have a password and you can leave it unlocked all day long, just to open this one document, you need an extra password again.

So just password protect a Notebook, so you need to enter maybe a different password than your Evernote password just to open the notebook.

This way most people have what they want, as they just want that people can't open single notebooks from evernote, while all the other ones are an open book to everyone that comes along the computer.

Share this post


Link to post
  • 0

Ok, got it.

Isn't that already essentially addressed on the mobile client with PIN support?

Now if we're talking about bringing that over to the desktop side, it sounds appealing, except that somewhere near half of the users I've read posting requests in that area know that the data can still be read on the back end, either in the same account looking at the Evernote folder and sqlite database itself, or the same from another admin level account on the same computer.

Adding local per note/notebook side encryption then serves both halves of the feature request. It blocks both in-evernote and out-of-evernote read attempts.

And this is completely separate from any discussion of the evernote server side handling/non-handling/awareness of the encryption. This would be local client encryption only, with data decrypted on every authenticated read (be that the Evernote user, or a sync operation).

Share this post


Link to post
  • 0

In the attempt to find a Mac replacement for Ms OneNote, Evernote comes up at the top of the list. However, I'm shocked that it's not possible to password protect a whole notebook (local or synced), and to set a desired timeout/lockout period (i.e. 1,5,10,15 min). Even Microsoft figured out this one! So far, Evernote isn't winning my over. :(

Share this post


Link to post
  • 0

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I didn't know there was a way to encrypt a single note, I know that I can encrypt selected text but not a complete note. I am going to go and look for that feature. 

 

I do agree though that an option to encrypt a complete notebook would be great.

Share this post


Link to post
  • 0

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I didn't know there was a way to encrypt a single note, I know that I can encrypt selected text but not a complete note. I am going to go and look for that feature.

I don't believe that there is. You can encrypt a note's text content, but not a whole note, as far as I know.

Share this post


Link to post
  • 0

That's what I thought, I didn't see anything about an entire note. That would be sweet if we could do that also. I personally don't like the concept of encrypting only a section of text within a note, I think encrypting a note and/or a notebook would be a game changer.

  • Like 1

Share this post


Link to post
  • 0

I live Evernote's tag line (Remember everything).  For me, that includes, for example, confirmations of bill payments.  In some cases, those include full account numbers for a credit card, for example.  I'd like to be able to encrypt my entire "Finances" notebook.  I am already a premium user - it's an important feature, if Evernote means what it says in its tagline.

 

Share this post


Link to post
  • 0

I live Evernote's tag line (Remember everything).  For me, that includes, for example, confirmations of bill payments.  In some cases, those include full account numbers for a credit card, for example.  I'd like to be able to encrypt my entire "Finances" notebook.  I am already a premium user - it's an important feature, if Evernote means what it says in its tagline.

 

To avoid putting this sort of info into the cloud, I store the bill, statement, and payment details in a local non-sync'd notebook.

This makes the info only available on my home computer.

  • Like 2

Share this post


Link to post
  • 0

jbenson2 - brilliant solution - it just never occurred to me!  (It would still be nice to have an option in between local only and not local but not encrypted, but for now, this solves my immediate problem.)  Thanks!

Share this post


Link to post
  • 0

I have had it with this on-going debate and Evernote's stubborn dodging / not hearing the very strong arguments for notebook-level encryption.

 

I am migrating to the first alternative (simple) note taking app I come across which does offer better encryption functionality. I am willing to pay for it, and sacrificing other Evernote functionalities is no problem. Hope some developers are reading along...

Share this post


Link to post
  • 0

Evernote's on-going stubborn dodging / not hearing the very strong arguments for notebook-level encryption.

 

What are you talking about? Their CEO, Phil Libin, has promised they were working on precisely this (notebook-level encryption), and planned to release it before the end of the year or shortly afterwards.

 

From the Evernote Podcast episode 40, from October 30th, around 51 minutes in:

"We actually got a super cool, uh, we're really really beefing up how we do client-side encryption across the board […] it's something we are hard at work now across multiple clients."

Share this post


Link to post
  • 0

 

The last couple of minutes of this interview indicate that new "sexy" encryption options will be available "soon" (by the end of the year apparently)

 

http://techcrunch.co...ar-old-startup/

 

 

He also said that new stuff was on the horizon in this article.

 

Good luck with your new app!

Share this post


Link to post
  • 0

I have had it with this on-going debate and Evernote's stubborn dodging / not hearing the very strong arguments for notebook-level encryption.

The same could be said about users who seem to think because they want something, Evernote should give it to them.  Or users who can't accept the fact that maybe, just maybe, Evernote has discussed said feature & either put a low priority on it (for whatever reasons - time/resources (translate: engineer hours), other/more pressing priorities, etc) or totally nixed the idea altogether.  Evernote never really has been about storing sensitive data, although they do allow you to encrypt text in notes.  There are a lot of other ways to store sensitive data, including encrypting it & putting the file in Evernote.  There are true password managers that handle stuff like this brilliantly.  The fact of the matter is, if this is a deal breaker for you, you need to find another app that better suits your needs.  Good luck with your search.

Share this post


Link to post
  • 0

 

I have had it with this on-going debate and Evernote's stubborn dodging / not hearing the very strong arguments for notebook-level encryption.

The same could be said about users who seem to think because they want something, Evernote should give it to them.  Or users who can't accept the fact that maybe, just maybe, Evernote has discussed said feature & either put a low priority on it (for whatever reasons - time/resources (translate: engineer hours), other/more pressing priorities, etc) or totally nixed the idea altogether.  Evernote never really has been about storing sensitive data, although they do allow you to encrypt text in notes.  There are a lot of other ways to store sensitive data, including encrypting it & putting the file in Evernote.  There are true password managers that handle stuff like this brilliantly.  The fact of the matter is, if this is a deal breaker for you, you need to find another app that better suits your needs.  Good luck with your search.

 

 

Please read the preceding two pages of user contributions expressing similar wishes as to the future functionality of the Evernote product before diving in here with your apologist Evernote defense, which seems largely based on the premise that a product cannot develop beyond what it once was. History proves you wrong on that count and the fact of the matter is there may well have been more people than you think, who stored sensitive data in Evernote and who have only now become aware of the capabilities of US industrial espionage.

Share this post


Link to post
  • 0

I have had it with this on-going debate and Evernote's stubborn dodging / not hearing the very strong arguments for notebook-level encryption.

This is not a debate, it's just user discussion. Obviously, Evernote has heard the request (viz. Phil Libin's pronouncements). Evernote may do this and deliver it this year, or they may not (for whatever reason). Best to wait until it's been delivered before you make plans to integrate it into your workflow.

Share this post


Link to post
  • 0

Please read the preceding two pages of user contributions expressing similar wishes as to the future functionality of the Evernote product before diving in here with your apologist Evernote defense, which seems largely based on the premise that a product cannot develop beyond what it once was. History proves you wrong on that count and the fact of the matter is there may well have been more people than you think, who stored sensitive data in Evernote and who have only now become aware of the capabilities of US industrial espionage.

I've read the posts.  I've been here much longer than you have.  And please don't misconstrue what I said.  If you *really* read what I posted & don't jump to a knee jerk reaction, you'll see you're not comprehending what I said.  This is not  "debate" & I fail to see why you need to drag "history" into this.  The fact that you disagree with Evernote's decision is fine.  But it's *their* product & *their* decision.  Again, if this is a deal breaker for you, you should find an app that better suits your needs. It's really that simple.

Also, once again...

 

The same could be said about users who seem to think because they want something, Evernote should give it to them. Or users who can't accept the fact that maybe, just maybe, Evernote has discussed said feature & either put a low priority on it (for whatever reasons - time/resources (translate: engineer hours), other/more pressing priorities, etc) or totally nixed the idea altogether.

Share this post


Link to post
  • 0

I have had it with this on-going debate and Evernote's stubborn dodging / not hearing the very strong arguments for notebook-level encryption.

The same could be said about users who seem to think because they want something, Evernote should give it to them.  Or users who can't accept the fact that maybe, just maybe, Evernote has discussed said feature & either put a low priority on it (for whatever reasons - time/resources (translate: engineer hours), other/more pressing priorities, etc) or totally nixed the idea altogether.  Evernote never really has been about storing sensitive data, although they do allow you to encrypt text in notes.  There are a lot of other ways to store sensitive data, including encrypting it & putting the file in Evernote.  There are true password managers that handle stuff like this brilliantly.  The fact of the matter is, if this is a deal breaker for you, you need to find another app that better suits your needs.  Good luck with your search.

 

Please read the preceding two pages of user contributions expressing similar wishes as to the future functionality of the Evernote product before diving in here with your apologist Evernote defense, which seems largely based on the premise that a product cannot develop beyond what it once was. History proves you wrong on that count and the fact of the matter is there may well have been more people than you think, who stored sensitive data in Evernote and who have only now become aware of the capabilities of US industrial espionage.

BNF has a right to her opinion on the topic, just as you do. This is a user discussion board. Let's discuss!

I don't know that history proves anything, but I would say it is generally not terribly helpful with prognostication. I would say history is a great resource for understanding how things have become the way they are today. I am just speculating here, but the fact that Evernote lacks particularly strong encryption and has very few encryption options is probably a reflection of the vision that Evernote has of the service as something akin to your email account--ubiquitous access + a basic level of security. They don't appear to have been interested aiming to create a locked down environment. Several of the Evernote employees have a background in security systems, so it seems to be a choice, not an oversight.

In this sense, BNF is correct, right? She is stating that this is how it has been, pointing out that Evernote employees probably aren't the incompetent or evasive figures the poster has portrayed them as, speculating that they will continue on this course, and suggesting that users might want to consider alternative solutions if they have strong security needs. Her comments seem reasonable to me. And, I can assure you that she reads nearly everything that is posted on this forum. Heck, with 11,000 posts, she's posted in most of the threads!

Evernote might have signaled a shift recently based on the comments made by the CEO about upcoming encryption features. It will be interesting to see what happens. Personally, I'd like to see all kinds of improvements in security, including encrypted notebooks.

  • Like 2

Share this post


Link to post
  • 0

But it's *their* product & *their* decision.  Again, if this is a deal breaker for you, you should find an app that better suits your needs. It's really that simple.

 

 

Thanks for reminding us that EverNote is Evernote's product and that EverNote's owners can decide how they want EverNote to develop.

 

For the rest of us I would argue that what should be relevant for Evernote's future strategy and growth ambitions is what prospective customers want and how their existing customers are responding to developments in society by changing their preferences for security vs functionality for example.

Share this post


Link to post
  • 0

This is irrelevant meta-nonsense based on kindergarten logic. Nobody disputes that a company can react with the stance that you describe and that I would label as "taking their marbles and going home".

 

What should be relevant for Evernote's future strategy and growth ambitions is what prospective customers want and how their existing customers are responding to developments in society by changing their preferences for security vs functionality for example.

Judging by the time stamps, I am guessing that you are responding to BNF here. Again, I don't think what she is saying is nonsense. Of course, I agree that they should aim for further growth and so forth, but I leave it to them to figure out how they want to allocate resources. I have no inside knowledge, so I cannot say if it is good or bad that they don't have encrypted notebooks yet. It is an issue for me, but I doubt I am representative of the larger user base.

Share this post


Link to post
  • 0

This is irrelevant meta-nonsense based on kindergarten logic. Nobody disputes that a company can react with the stance that you describe and that I would label as "taking their marbles and going home".

What should be relevant for Evernote's future strategy and growth ambitions is what prospective customers want and how their existing customers are responding to developments in society by changing their preferences for security vs functionality for example.

Of course Evernote listens to their customers & adds features based upon that. What is at issue here is that the feature *you* want has not been implemented. So basing your claim on that is flawed.  As others have said above, Phil mentioned something about security by year end.  However, as with due dates/reminders, the end product may not be what you are expecting it to be.  So as Jeff said, it would be wise to adjust your workflow to the way Evernote works today. 

 

Several of the Evernote employees have a background in security systems, so it seems to be a choice, not an oversight

Nor a lack of ability.

Edited by BurgersNFries
Corrected quote

Share this post


Link to post
  • 0

Several of the Evernote employees have a background in security systems, so it seems to be a choice, not an oversight

Nor a lack of ability.

I think you are quoting me here, right?

Indeed. I think the Evernote developers (at least, in my experience) are extremely competent. I wouldn't be surprised if they are among some of the best in their respective fields. This doesn't mean they will make the "right" decisions (amazingly, they have not implemented all of my suggested changes). It does mean, though, that they have probably thought through all of this a lot more deeply than we have :)

  • Like 1

Share this post


Link to post
  • 0

Several of the Evernote employees have a background in security systems, so it seems to be a choice, not an oversight

Nor a lack of ability.

I think you are quoting me here, right?

Indeed. I think the Evernote developers (at least, in my experience) are extremely competent. I wouldn't be surprised if they are among some of the best in their respective fields. This doesn't mean they will make the "right" decisions (amazingly, they have not implemented all of my suggested changes). It does mean, though, that they have probably thought through all of this a lot more deeply than we have :)

Ahhhh...yes, I am quoting you. Sorry. I will correct this.

Share this post


Link to post
  • 0

 

I've read the posts.  I've been here much longer than you have

 

 

 

 

So I was wondering, because you are here MUCH longer than others, what does make you think that you are better than others?

Share this post


Link to post
  • 0

 

 

I've read the posts.  I've been here much longer than you have

 

 

 

 

So I was wondering, because you are here MUCH longer than others, what does make you think that you are better than others?

 

 

 

I don't & I don't know why you think that.  I do think I know what Evernote is about more than others. 

Share this post


Link to post
  • 0

 

 

 

I've read the posts.  I've been here much longer than you have

 

 

 

 

So I was wondering, because you are here MUCH longer than others, what does make you think that you are better than others?

 

 

 

I don't & I don't know why you think that.  I do think I know what Evernote is about more than others. 

 

So you work for Evernote?

If not, you have a couple of friends that tell you about stuff in this company?

Or you just assume that your postings count makes you know it better?

Share this post


Link to post
  • 0

So you work for Evernote?

If not, you have a couple of friends that tell you about stuff in this company?

Or you just assume that your postings count makes you know it better?

Jealous much?  That's the only reason I can think of why you'd post such silly comments that have no relevance. 

 

But thanks for playing.

Share this post


Link to post
  • 0

OK, kids. This has veered way off-topic. Let's trying to stop arguing about credentials, and get back to the actual topic, if there's anything more to add to the existing conversation.

Share this post


Link to post
  • 0

 

So you work for Evernote?

If not, you have a couple of friends that tell you about stuff in this company?

Or you just assume that your postings count makes you know it better?

Jealous much?  That's the only reason I can think of why you'd post such silly comments that have no relevance. 

 

But thanks for playing.

 

Sorry cutiepie, I could care less about someone like you that thinks his postings count makes him a better person.

I am not here to get a high postings count and like you I don't spend my life in an Evernote forum.

Share this post


Link to post
  • 0

I agree completely.

 

Barging in here spewing stuff like "I have been here longer than you" and "Perhaps Evernote considered the feature and decided against it" is completely self-aggrandizing nonsense and is ignorant of the fact that the CEO already announced they were working on these features.

 

As the person responsible for information security in a 200+ person company I am currently the one holding back a decision to implement Evernote for project management and I'm looking forward to seeing what cipher stacks and design principles regarding client side encryption will be put in place for the upcoming release of an "enterprise ready" EverNote.

  • Like 1

Share this post


Link to post
  • 0

OK, folks. Thus is a reasonable topic, but since you're not interested in discussing it here, you'll need to revisit it in a different thread. Locking this one.

  • Like 1

Share this post


Link to post
  • 0

Especially with the s ScanSnap scanner option and desire to go paperless it is very important to have a place for secure document storage.  Evernote should keep their solutions cohesive.

Share this post


Link to post
  • 0

Especially with the s ScanSnap scanner option and desire to go paperless it is very important to have a place for secure document storage.  Evernote should keep their solutions cohesive.

I think that is a great feature suggestion. The solutions are cohesive, in my opinion, but require you to use the local notebooks or encrypt each PDF individually. Personally, I file confidential notes in a local notebook. This way, I avoid any issues with security on the cloud. Ideally, of course, we'd have encrypted notebooks, but until that time, you actually do have some options.

Share this post


Link to post
  • 0

 

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I didn't know there was a way to encrypt a single note, I know that I can encrypt selected text but not a complete note. I am going to go and look for that feature.

 

I don't believe that there is. You can encrypt a note's text content, but not a whole note, as far as I know.

 

 

Some 14 score days ago, it was written ^^^

 

Veering back in the neighborhood.

 

So long as there are no attachments

The nearest solution is whole note via:

 

Control-A

Control Shift X

(enter password)

 

You can seemingly have any manner of rich markup (including tables) except a checkbox.

For my client, having a checkbox prevents encryption.

But once the whole item is encrypted, you can go back and add in checkboxes, and they'll be stored.

Share this post


Link to post
  • 0

I am just going to +1 this topic.  

 

Given how awesome Evernote is otherwise and given that it is my defacto cloud-based-brain, I really need to be able to encrypt entire notes or notebooks.  Encrypting just the text is not enough, there's too much sensitive information stored in non-text formats these days.

 

I hope when they do release it that it's a standard feature, but if it was a premium feature, it would probably be a tipping point for me to go premium.

 

Any word on their progress with launching this feature?

  • Like 3

Share this post


Link to post
  • 0

I am just going to +1 this topic.  

 

Given how awesome Evernote is otherwise and given that it is my defacto cloud-based-brain, I really need to be able to encrypt entire notes or notebooks.  Encrypting just the text is not enough, there's too much sensitive information stored in non-text formats these days.

 

I hope when they do release it that it's a standard feature, but if it was a premium feature, it would probably be a tipping point for me to go premium.

 

Any word on their progress with launching this feature?

No word, yet. My opinion is that this ought to be standard (it is with other note-taking apps on the Mac like DevonThink, nvALT, and VoodooPad). However, if it was a Premium feature, that would be fine with me as well.

Share this post


Link to post
  • 0

No word, yet. My opinion is that this ought to be standard (it is with other note-taking apps on the Mac like DevonThink, nvALT, and VoodooPad). However, if it was a Premium feature, that would be fine with me as well.

It's not for me to say. But I'd guess if it were premium, it would spawn a whole 'nuther rant theme similar to the one(s) that offline notebooks should not be a premium feature.

Share this post


Link to post
  • 0

No word, yet. My opinion is that this ought to be standard (it is with other note-taking apps on the Mac like DevonThink, nvALT, and VoodooPad). However, if it was a Premium feature, that would be fine with me as well.

It's not for me to say. But I'd guess if it were premium, it would spawn a whole 'nuther rant theme similar to the one(s) that offline notebooks should not be a premium feature.

True. I don't envy Evernote's task of deciding what goes with Premium and what doesn't. Their notebook sharing policy might give a clue, though. Free=encrypt one notebook. Premium=encrypt up to 250?

  • Like 1

Share this post


Link to post
  • 0

EN needs to give the option of encryption for notebook level at least.  If not people are not going to be able to trust the integrity of their notes.  I really don't want to start using another tool but the reasons for encryption seem to be growing.

Share this post


Link to post
  • 0

EN needs to give the option of encryption for notebook level at least.  If not people are not going to be able to trust the integrity of their notes.  I really don't want to start using another tool but the reasons for encryption seem to be growing.

 

I agree. At the moment, I've split my notes up into confidential (VoodooPad) / non-confidential (Evernote) because I need secure access to my notes on iOS. It works pretty smoothly, and it isn't a big deal (especially with my workflow), but I think the more options the better for everyone.

http://www.christopher-mayo.com/?p=1605

 

If you are only using a single desktop, of course, Evernote's local notebooks are a secure solution, because they do not sync to the cloud. I used this solution for a long time and accessed these notes through a remote login, but (as I talk about on the post above), this is no longer an appealing option for me. 

 

Looking forward to Evernote's "sexy" encryption solution :)

  • Like 1

Share this post


Link to post
  • 0

+1 for encrypting entire notebooks. This feature would be so useful, especially when considering EverNote for business. I'm currently not a paying customer. I would consider becoming one for this feature alone, if it was done right (i.e. encrypted on the client side, and no, I don't want you to be able to recover my content if I forget the key). With this feature, I'm sure more business user would consider paying for this product.

  • Like 1

Share this post


Link to post
  • 0

+1 for encrypting entire notebooks. This feature would be so useful, especially when considering EverNote for business. I'm currently not a paying customer. I would consider becoming one for this feature alone, if it was done right (i.e. encrypted on the client side, and no, I don't want you to be able to recover my content if I forget the key). With this feature, I'm sure more business user would consider paying for this product.

 

I agree. Encryption on the client side, zero-knowledge (only I have the key and can un-encrypt it), and at the notebook level (one text passage at a time won't cut it) would be perfect for my needs. I think it is a pretty critical feature to have these days -- it's been a year since the Snowden leaks and I am sure some people are wondering why Evernote hasn't done it yet. Then again, hardly anyone else has either! My guess is that this is easier said than done. Still, it is worth the effort, and I sure hope we get the encryption soon.

  • Like 2

Share this post


Link to post
  • 0

I honeslty can't image how EN expects to capitalize on the business sector without encryption...

Share this post


Link to post
  • 0

+1

Evernote, please add full-notebook encryption. 

 

I'm a lawyer.  The law on attorney-client and work product privilege requires me to keep client information confidential.  If there's no encryption, and my notes are in plaintext, I can't guarantee that doesn't break privilege.  This is the case for every lawyer in the US, so until you add full-notebook encryption, using your product for serious work puts us and our clients at risk.  The limited encryption you do offer is cumbersome and it breaks search--sufficiently crippled so as to make the whole product not worth it.

 

More broadly, the lack of practical encryption also calls into question whether stuff saved to evernote qualifies for trade secret protection. That's because trade secret law requires you keep your trade secrets, well, secret.  No encryption = no confidentiality = good bye trade secret.

 

I suppose you could have Chris Dahl issue an opinion letter stating that your product doesn't break privilege or waive trade secret protection, with an offer to indemnify your users in the event that turns out to not be true.  But I suspect he wouldn't be ok with that...

Share this post


Link to post
  • 0

+1

Evernote, please add full-notebook encryption. 

 

I'm a lawyer.  The law on attorney-client and work product privilege requires me to keep client information confidential.  If there's no encryption, and my notes are in plaintext, I can't guarantee that doesn't break privilege.  This is the case for every lawyer in the US, so until you add full-notebook encryption, using your product for serious work puts us and our clients at risk.  The limited encryption you do offer is cumbersome and it breaks search--sufficiently crippled so as to make the whole product not worth it.

 

While I agree with and support your request as a fellow user who also handles confidential data, it is not Evernote that is putting your clients at risk, it is you who is putting your clients at risk by using Evernote. For data that is this sensitive, there are other alternatives. 

  • Like 1

Share this post


Link to post
  • 0

+1

Evernote, please add full-notebook encryption. 

 

I'm a lawyer.  The law on attorney-client and work product privilege requires me to keep client information confidential.  If there's no encryption, and my notes are in plaintext, I can't guarantee that doesn't break privilege.  This is the case for every lawyer in the US, so until you add full-notebook encryption, using your product for serious work puts us and our clients at risk.  The limited encryption you do offer is cumbersome and it breaks search--sufficiently crippled so as to make the whole product not worth it.

 

More broadly, the lack of practical encryption also calls into question whether stuff saved to evernote qualifies for trade secret protection. That's because trade secret law requires you keep your trade secrets, well, secret.  No encryption = no confidentiality = good bye trade secret.

 

I suppose you could have Chris Dahl issue an opinion letter stating that your product doesn't break privilege or waive trade secret protection, with an offer to indemnify your users in the event that turns out to not be true.  But I suspect he wouldn't be ok with that...

 

Hi. Welcome to the forums!

 

To follow up on what Scott said, I recommend you consider some of the powerful tools you have available at the moment to ensure you are fulfilling your obligations.

 

1. Local notebooks in Evernote

http://www.christopher-mayo.com/?p=425

 

2. Alternative apps for sensitive information on mobile

http://www.christopher-mayo.com/?p=1605

 

I very much want to see Evernote implement encryption (zero-knowledge at the notebook level), but they don't right now, and they make it clear in their terms of service what the current limits are for the service. As users, we have to make sure we have chosen the best app for our use cases. 

Share this post


Link to post
  • 0

 

To follow up on what Scott said, I recommend you consider some of the powerful tools you have available at the moment to ensure you are fulfilling your obligations.

 

1. Local notebooks in Evernote

http://www.christopher-mayo.com/?p=425

 

2. Alternative apps for sensitive information on mobile

http://www.christopher-mayo.com/?p=1605

 

I very much want to see Evernote implement encryption (zero-knowledge at the notebook level), but they don't right now, and they make it clear in their terms of service what the current limits are for the service. As users, we have to make sure we have chosen the best app for our use cases. 

 

 

Thanks Christopher, this is very helpful!

Share this post


Link to post
  • 0

 

 

To follow up on what Scott said, I recommend you consider some of the powerful tools you have available at the moment to ensure you are fulfilling your obligations.

 

1. Local notebooks in Evernote

http://www.christopher-mayo.com/?p=425

 

2. Alternative apps for sensitive information on mobile

http://www.christopher-mayo.com/?p=1605

 

I very much want to see Evernote implement encryption (zero-knowledge at the notebook level), but they don't right now, and they make it clear in their terms of service what the current limits are for the service. As users, we have to make sure we have chosen the best app for our use cases. 

 

 

Thanks Christopher, this is very helpful!

 

 

Thanks for these tips!  Local notebooks are ok, but I really want it on my phone too... Looks like both Voodoo and Devon are iOS only, any recommendations for Android?  Maybe local notebooks + BoxCryptor?

 

Scott--your point is well taken, and for that reason I *can't* use evernote for any sensitive material, despite all indications being that the efficiency boost might be life-changing.  But having lurked on the sidelines for years over this issue, I thought I'd speak up with a couple of specific user stories on why full-notebook encryption should be moved up in EN's development backlog.  In the meantime, I will continue watching and waiting...

  • Like 2

Share this post


Link to post
  • 0

To follow up on what Scott said, I recommend you consider some of the powerful tools you have available at the moment to ensure you are fulfilling your obligations.

1. Local notebooks in Evernote

http://www.christopher-mayo.com/?p=425

2. Alternative apps for sensitive information on mobile

http://www.christopher-mayo.com/?p=1605

I very much want to see Evernote implement encryption (zero-knowledge at the notebook level), but they don't right now, and they make it clear in their terms of service what the current limits are for the service. As users, we have to make sure we have chosen the best app for our use cases.

Thanks Christopher, this is very helpful!

Thanks for these tips! Local notebooks are ok, but I really want it on my phone too... Looks like both Voodoo and Devon are iOS only, any recommendations for Android? Maybe local notebooks + BoxCryptor?

Scott--your point is well taken, and for that reason I *can't* use evernote for any sensitive material, despite all indications being that the efficiency boost might be life-changing. But having lurked on the sidelines for years over this issue, I thought I'd speak up with a couple of specific user stories on why full-notebook encryption should be moved up in EN's development backlog. In the meantime, I will continue watching and waiting...

Thanks for speaking up! I have no answers for Android. Sorry. My Samsung phone is not getting a whole lot of note-taking use because there doesn't appear to be anything wih convenient encryption (I assume a handful of notes is doable on an app somewhere, but I see nothing remotely able of handling hundreds or thousands of notes,). It's too bad, but it looks like this market (note-taking across platforms with encryption) is extremely under-developed at the moment. Even if I had an iPhone, the options are shockingly limited with hundreds of thousands of apps in the stores :(

If Evernote can nail this, I think it will be a huge mark in their favor when people are comparing apps and considering which one they want to use.

  • Like 1

Share this post


Link to post
  • 0

Evernote IS the best at what it does.  Nothing else comes close...trust me, I have searched.

 

Third party app integration is excellent.  Sync works great.  It's available for almost every platform.

 

So instead of waiting on the encryption, I have started using Local Notebooks more...and not sending docs to EN via File This Fetch. (Use the Mac instead.)

 

Still hoping...

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×