Password Protected Notebooks

[EvernoteLover9 159]

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

[BurgersNFries 2,407]

So are we saying that "zero knowledge" encryption is too much to ask from a Premium EverNote offering?

 

Zero Knowledge would mean that EverNote would need a password that only the user knows to decrypt and access the data......essentially the data would be encrypted on the local computer or device before syncing to the cloud......emailing in notes may not be encrypted until later or never at all in this scenerio as the EN servers would handle the processing via email.

 

To re-reiterate & be extremely clear..."zero knowledge" encryption is mutually exclusive from one of Evernote's main draws which is indexing your data.  So although they may add this in the future, it's not their main focus.  If you want total zero knowledge encryption, you should seek out a backup program.  There are several very good ones out there.  Evernote is not a backup program, nor are they striving to be.

 

There really is nothing more I have to add.

[ScottLougheed 1,316]

So are we saying that "zero knowledge" encryption is too much to ask from a Premium EverNote offering?

 

Zero Knowledge would mean that EverNote would need a password that only the user knows to decrypt and access the data......essentially the data would be encrypted on the local computer or device before syncing to the cloud......emailing in notes may not be encrypted until later or never at all in this scenerio as the EN servers would handle the processing via email.

I don't think it is too much to ask. I think this could be very useful. There are a few things to consider though.

1) This would mean any data encrypted this way could not benefit from any server-side processing like OCR, or any of the features that require the server-side indexing. 

2) This would mean, as you have already noted, that data could be relatively easily lost, which could increase support load and require additional support resources. This isn't a reason not to do it, but it is a reason to be careful about how and when it is implimented.

3) I am not terribly knowledgeable about this kind of stuff, but I wonder if de/encrypting might be difficult to implement on all of the mobile platforms that Evernote supports? As such there would have to be careful consideration about how to negotiate this sort of thing and make sure users are aware that, for example, they might not be able to access their encrypted data on the BB10 devices, or whatever. (AGAIN this is my ignorant speculation!).

4) I suspect decrypting would require that the entire note(book) content be downloaded and (temporarily) stored locally on mobile devices in order to be de/encrypted since this cannot be done server-side. This could be challenging for devices with limited space. It also means that anything encrypted would not be searchable on a mobile device unless it was downloaded in its entirety and then decrypted. 

 

Again, none of these are reasons NOT to do it, but the do suggest that there could be some significant complications associated with such a feature, and that less savvy users (and even some savvy users) might encounter some frustrating situations. 

[EvernoteUser78 0]

 

BurgersNFries - Are you saying that my data on the EN servers is only accessible to me? Are you saying that if someone hacked an EN server and grabbed data they would not be able to access the data without first breaking the encryption?

 

I want some level of comfort that the data is safe from all prying eyes but properly authenticated access via username/password. I use complex passwords and am willing to take the risk of someone hacking that password......I just don't know if the data is encrypted "at rest" on the servers, data in transit is encrypted, but what about at rest?

 

If someone grabbed the database from an EN server, would that database require years of computing power to decrypt?

 

These should be simple questions to answer yes or no.....there are many cloud backup providers, some provide users with the ability to use personal encryption password keys to ensure that the data is encrypted at rest......of course if the users forget these passwords, the data is not accessible by the user or the vendor.....this is the type of security we are asking for and willing to pay for.

 

We all love EN and want to put more and more data there, but we need to be sure that the data is properly secured.

 

As we have seen in the last few years, even some of the most robustly secured cloud services are vulnerable when hacking occurs. This is not to excuse Evernote's current state of security, which is not terribly different than a lot of mainstream cloud providers, and could be improved. Rather what I am saying is that ANY cloud is vulnerable when hacking occurs. In most cases, even highly secured cloud storage services will be compromised, it just takes longer. 

 

EDIT (OOPS this time I really did get my posts mixed up!) 

 

Keep in mind that data mining and being hacked are two very different types of events. 

 

You (and others in this thread) might also be interested in this blog post from several years ago:

Evernote's three laws of data protection

 

The three laws of data protection is a great post, I'm not sure if the comment about not knowing or asking for our passwords bring us to a state of "zero knowledge", but it helps bring a bit more comfort.

 

EverNote is not HIPPA compliant, and as you stated, may never be.

 

Clouds are all vulnerable, but when proper security protocols are in place it can be deemed safe, there are plenty of HIPPA compliant SaaS (Cloud) offerings. Hospitals and other medical operators use them, so having a roadmap or strategy to get there would be nice.

 

When organizations look at their tens of thousands of pages (if not hundreds of thousands or even millions), having a premium service like EverNote there to help with cloud storage and  indexing would be fantastic. If it is technical hurdle to allow for "zero knowledge" and still provide indexing, that shouldn't be a hurdle that the brilliant minds at EverNote can't figure out.

 

I have faith, there will be a service like this in the near future. 

[EvernoteUser78 0]

 

So are we saying that "zero knowledge" encryption is too much to ask from a Premium EverNote offering?

 

Zero Knowledge would mean that EverNote would need a password that only the user knows to decrypt and access the data......essentially the data would be encrypted on the local computer or device before syncing to the cloud......emailing in notes may not be encrypted until later or never at all in this scenerio as the EN servers would handle the processing via email.

I don't think it is too much to ask. I think this could be very useful. There are a few things to consider though.

1) This would mean any data encrypted this way could not benefit from any server-side processing like OCR, or any of the features that require the server-side indexing. 

2) This would mean, as you have already noted, that data could be relatively easily lost, which could increase support load and require additional support resources. This isn't a reason not to do it, but it is a reason to be careful about how and when it is implimented.

3) I am not terribly knowledgeable about this kind of stuff, but I wonder if de/encrypting might be difficult to implement on all of the mobile platforms that Evernote supports? As such there would have to be careful consideration about how to negotiate this sort of thing and make sure users are aware that, for example, they might not be able to access their encrypted data on the BB10 devices, or whatever. (AGAIN this is my ignorant speculation!).

4) I suspect decrypting would require that the entire note(book) content be downloaded and (temporarily) stored locally on mobile devices in order to be de/encrypted since this cannot be done server-side. This could be challenging for devices with limited space. It also means that anything encrypted would not be searchable on a mobile device unless it was downloaded in its entirety and then decrypted. 

 

Again, none of these are reasons NOT to do it, but the do suggest that there could be some significant complications associated with such a feature, and that less savvy users (and even some savvy users) might encounter some frustrating situations. 

 

 

In the technology world that we live in, very little is not possible......all of these issues can be worked out if it is an area of interest of the vendor.

 

Encrypted data may have to wait for a local sync to the user's computer before indexed and synced back. Users would have to accept the fact that maybe the data processing would have to take place locally as a 2nd stage encryption password may be envied to provide true "zero knowledge".

 

I think we have beaten this topic up enough. I am not sure who reads these blogs at EverNote, but I may reach out to the CTO and make the suggestion.

[ScottLougheed 1,316]

 

 

So are we saying that "zero knowledge" encryption is too much to ask from a Premium EverNote offering?

 

Zero Knowledge would mean that EverNote would need a password that only the user knows to decrypt and access the data......essentially the data would be encrypted on the local computer or device before syncing to the cloud......emailing in notes may not be encrypted until later or never at all in this scenerio as the EN servers would handle the processing via email.

I don't think it is too much to ask. I think this could be very useful. There are a few things to consider though.

1) This would mean any data encrypted this way could not benefit from any server-side processing like OCR, or any of the features that require the server-side indexing. 

2) This would mean, as you have already noted, that data could be relatively easily lost, which could increase support load and require additional support resources. This isn't a reason not to do it, but it is a reason to be careful about how and when it is implimented.

3) I am not terribly knowledgeable about this kind of stuff, but I wonder if de/encrypting might be difficult to implement on all of the mobile platforms that Evernote supports? As such there would have to be careful consideration about how to negotiate this sort of thing and make sure users are aware that, for example, they might not be able to access their encrypted data on the BB10 devices, or whatever. (AGAIN this is my ignorant speculation!).

4) I suspect decrypting would require that the entire note(book) content be downloaded and (temporarily) stored locally on mobile devices in order to be de/encrypted since this cannot be done server-side. This could be challenging for devices with limited space. It also means that anything encrypted would not be searchable on a mobile device unless it was downloaded in its entirety and then decrypted. 

 

Again, none of these are reasons NOT to do it, but the do suggest that there could be some significant complications associated with such a feature, and that less savvy users (and even some savvy users) might encounter some frustrating situations. 

 

 

In the technology world that we live in, very little is not possible......all of these issues can be worked out if it is an area of interest of the vendor.

 

Encrypted data may have to wait for a local sync to the user's computer before indexed and synced back. Users would have to accept the fact that maybe the data processing would have to take place locally as a 2nd stage encryption password may be envied to provide true "zero knowledge".

 

I think we have beaten this topic up enough. I am not sure who reads these blogs at EverNote, but I may reach out to the CTO and make the suggestion.

 

You are right, on a computer, you can rely on local processing (however, Evernote would have to write this into their desktop client, as currently this is all done server side, so this would be a bit of an undertaking).

 

Getting this to work at all on a mobile device will be considerably more challenging. 

 

Yes it can be done, perhaps it should be done, but if it is going to happen, it isn't going to happen tomorrow. 

[Wordsgood 526]

Sorry, but if I thought for even a second that *any* of my medical (or legal) data was stored on an app like Evernote, I would blow a gasket. If my records were hacked, it would be the doctor (lawyer) I went after.

Stopping here, before I explode.

Evernote, please add full-notebook encryption.

I'm a psychologist and use my iPad for therapy session notes. The law on psychologist-client and HIPAA requires me to keep client information confidential. If there's no encryption, and my notes are in plaintext, I cannot send them to Evernote which is one of three options for exporting notes that my note-taking program allows. This is the case for every medical professional in the US, so until you add full-notebook encryption, using your product for serious work is unacceptable. I realize that many users do not need this option and agree with others that I would be glad to pay an additional fee for encryption at the notebook level. Ideally I would be able to transfer the file to Evernote locally and then add it to an encrypted in Evernote to allow access wherever I am.

Hoping this will be a new feature soon!

[jasondunn 20]

It's not for me to say. But I'd guess if it were premium, it would spawn a whole 'nuther rant theme similar to the one(s) that offline notebooks should not be a premium feature.

 

As someone who really wants to see this feature, and having had interactions with others who are "freebie" Evernote users and feel like the free product is so good they have no need to upgrade, it's important that Evernote continue to add powerful and useful premium features to make it worth the money for people to upgrade.

 

As paying customers, it's not unreasonable for us to ask for features we'd like to see. If the leadership at Evernote wants to outright say "No!" to certain requests, they certainly can, but until they decline the feature request, people are going to keep asking. And I don't think there's anything wrong with that. :-)

[GrumpyMonkey 4,319]

Paying or not, we all have a voice, and we're free to make suggestions here (or elsewhere). That's what the discussion boards are here for, and Evernote staff read all of it.

Personally, I think that encrypted notebooks are critical for Evernote to develop, because even the "average" user has significant needs for encryption (tax stuff, work stuff, bank statements, health records, your kid's report cards, and anything else that isn't anyone else's business). When you deal with other people's confidential information, it is even more important.

Yes, you can encrypt each file or text passage one by one (something I've recommended up until recently), but it is quite a pain when you are talking about hundreds or thousands of instances, and I'd sure like to see something more user friendly. My guess is that Evernote recognizes the necessity and is working hard on providing an elegant solution ("sexy" in their words) to the problem. I just hope that we see it sooner rather than later.

[cwb 225]

Hasn't soon left the barn long ago?

It was a year ago Phil put out the super sexy encryption quote with a tentative rollout years end (half a year ago now).

Something that slips it's timeline by 6 months with a 6 month pre-announcement before that, would seem to be in serious trouble and doubt.

Smaller teams have done a complete ground up product re-write (sometimes a whole OS re-write) in that amount of time.

I stopped holding my breath and expecting it at all the end of February.

In keeping my Evernote expectations lower than the permafrost layer, it's hard for them to do anything but delight...

http://fortune.com/2013/07/02/evernote-is-interested-in-more-than-your-notes/

[GrumpyMonkey 4,319]

Hasn't soon left the barn long ago?

It was a year ago Phil put out the super sexy encryption quote with a tentative rollout years end (half a year ago now).

Something that slips it's timeline by 6 months with a 6 month pre-announcement before that, would seem to be in serious trouble and doubt.

Smaller teams have done a complete ground up product re-write (sometimes a whole OS re-write) in that amount of time.

I stopped holding my breath and expecting it at all the end of February.

In keeping my Evernote expectations lower than the permafrost layer, it's hard for them to do anything but delight... http://fortune.com/2013/07/02/evernote-is-interested-in-more-than-your-notes/

True. "Soon" would have been sometime in 2010 or so for me

We don't know why it hasn't happened yet. Trouble behind the scenes? Maybe. A push to get it right? Probably. A lack of interest? I doubt it. But, we don't know, so the best we can do is to keep pushing for it.

In the meantime, as I often say, adapt to the app that is rather than the one you want it to be. Local notebooks work pretty well for some use cases, using different apps for sensitive materials works for others.

[ben_willett 1]

Looks like a nice opportunity for their competitors. As EN takes their eye off the ball and starts wasting time selling ridiculous backpacks, someone will come in and snatch this untapped market of folks willing to pay for software. Twenty-somethings, I'm talking to you- get busy. You could bang this out in AngularJS, Bootstrap and Firebase by the end of the year.

 

[GrumpyMonkey 4,319]

Looks like a nice opportunity for their competitors. As EN takes their eye off the ball and starts wasting time selling ridiculous backpacks, someone will come in and snatch this untapped market of folks willing to pay for software. Twenty-somethings, I'm talking to you- get busy. You could bang this out in AngularJS, Bootstrap and Firebase by the end of the year.

Fortunately, I doubt the software developers are tasked to design backpacks. In fact, a lot of the work is clearly being done by other companies who are designing and manufacturing the products.

Also, Evernote's competitors are already doing this. Devonthink has wifi sync for its iOS app through iTunes (avoiding the cloud entirely) and it encrypts is database when synced through Dropbox (sync through Dropbox + iOS isn't here yet). Voodoopad also has a fully encrypted database synced through Dropbox. The problem is that neither app on iOS is anywhere near the sophistication of Evernote's. Moreover, they only work on iOS / Mac. I get a lot of use out of them for sensitive materials, because I am primarily in an Apple environment, but I think very few people will be willing to accept the tradeoffs. What Evernote is doing on every platform is pushing into new territory. Rolling out encryption that works, assuming they are trying to do it, is no small task.

This isn't to excuse the delay, which is also extremely frustrating for me (I cannot tell you how many hours I have spent trying to deal with this deficiency), but it might help to explain why there might be one and why no one else has managed (or likely will in the near future) to challenge them in this tech space. The only product I can imagine that is even close would be OneNote, but that app is so anemic on iOS and Mac that even it is unlikely to be a serious contender.

[jacksnack 9]

Let me just say, the backpacks are "cute"....well, sorta...

 

I don't think EN can conitue to expand in this environment without encryption.

 

Google, Apple, Yahoo, and others are adding encryption services in light of new revalations and hacking attempts.

 

Evernote will have to, also.

[GrumpyMonkey 4,319]

Let me just say, the backpacks are "cute"....well, sorta...

I don't think EN can conitue to expand in this environment without encryption.

Google, Apple, Yahoo, and others are adding encryption services in light of new revalations and hacking attempts.

Evernote will have to, also.

They are and they aren't. Google Drive (last I checked) is still unencrypted and mined for data by Google. When there is encryption, who has the encryption keys? In most cases, the service provider, so you still cannot guarantee the security of your data. What's the point of encryption if everyone can still look at it?

If Evernote does encryption, then it ought to get it right with zero-knowledge encryption, and (as far as I can tell) very few competing services are anywhere close to having it. The best ones I know of are relatively small operations restricted to OSX (Voodoopad and DevonThink). If Evernote manages it, then it will be a pioneer -- the first among the major companies to offer cross-platform support.

[Scoob 5]

I'm still hoping some form of encryption is still in the works by the developers.

A zero-knowledge type would be great so I'm adding another post to keep this thread alive and let the powers see that many users find this an important issue.

[GrumpyMonkey 4,319]

I'm still hoping some form of encryption is still in the works by the developers.

A zero-knowledge type would be great so I'm adding another post to keep this thread alive and let the powers see that many users find this an important issue.

Thanks for keeping the thread alive with more than a +1 or a bump.

I'm also crossing my fingers and hoping something is on the way. Strangely, I don't see a whole lot of movement anywhere for zero-knowledge encryption in the marketplace. Sure, there are services like SpiderOak, but it's been around for a while. Where are the newcomers in the note-taking realm? I don't see any multi-platform competitors (devonthink and voodoopad are solid apps with great security features, but lack Windows support). Maybe people are apathetic after all, there just isn't enough demand, and people think the current situation is good enough.

It is true that Evernote has rather strong security features now, but they aren't mining my data, so they have so much less than other companies to lose by offering more encryption options.

[lost_gweedo 73]

I would add my hearty support for this request.  I use evernote because of it's "all in one" idea.  I have one place to put all sorts of stuff, rather than some email, some folders, some etc.  However, I also have things that I don't want anyone else to see when my laptop is displaying on the projector or with co-workers on my desk.  It's not just the note contents, it's also titles and the related notes that show in the different views. 

Even something as simple as a 4 digit PIN to open a notebook, or display it in the related notes, or have the search results show it.  My android phone copy of Evernote offers this in order to open the program, it should be easy on Windows to have that function for a designated notebook.

 

Thanks.

[gazumped 11,652]

I would add my hearty support for this request.  I use evernote because of it's "all in one" idea.  I have one place to put all sorts of stuff, rather than some email, some folders, some etc.  However, I also have things that I don't want anyone else to see when my laptop is displaying on the projector or with co-workers on my desk.  It's not just the note contents, it's also titles and the related notes that show in the different views. 

Even something as simple as a 4 digit PIN to open a notebook, or display it in the related notes, or have the search results show it.  My android phone copy of Evernote offers this in order to open the program, it should be easy on Windows to have that function for a designated notebook.

 

Thanks.

 

You'll note we're not expecting anything soon..  meantime the suggestions above may help.

[jefito 5,589]

My android phone copy of Evernote offers this in order to open the program, it should be easy on Windows to have that function for a designated notebook.

Apples and oranges. Your Android does not offer the functionality that you're actually asking for; PIN-protecting the application is not the same. For one thing, it's not clear that the PIN is anything but local to the Android client, and if not, it's not part handled by the Evernote API. On the other hand, would you expect PINs set in one place to be honored by other clients that you use? If so, then that's got to be handled by the API: the data needs to be stored and synced. And then all of the clients should be updated; otherwise you might set a PIN on a notebook on one device, but if the client on another device doesn't have the changes, then it's probably not going to need a PIN to open a protected notebook. At a guess, this is not so easy as it may seem...

 

If you have really private stuff, you could look into opening up a separate account, and really keeping it private.

[RandomRaccoondog 0]

I made an account specifically just to add one more vote for the lockable notebook proposal. I've been using Evernote for at least two years now and I have one or two notebooks that I'd like to have a lock. Information leakage isn't really a worry for me as I don't share a laptop or tablet with anyone but I'd like the feeling of added security for having a different passcode for notebooks with more confidential information.

[Kraaijendonk 12]

Hi,

I love evernote, but i'd also love to have the feature of a simple password protection on notebooks so i can lock semi-sensitive stuff like a diary and fiction writing. I'm not asking for full on unbreakable encryption, just for a simple way to lock out people who may otherwise click on things out of curiosity.

I believe this has been asked for before but as far as i can see the previous topic was locked because of some flaming had started or something. I cant be bothered to investigate. 

Just adding my voice to the pool of those who would like to see this feature added. 

 

Cheers

[mapjr 28]

I have been an EN user since Beta, and became a Premium user as soon as it was offered. I, too, would like the ability to encrypt an entire notebook. This really should be as easy as a Right-Click or selection in properties for a Notebook. 

 

I saw above where it says a user can already encrypt an entire note. The only was I can see to do that is to select all of the text/images in the note and then encrypt. IS there a simple one step alternative?

 

As with others above, I would be willing to pay a few bucks extra a year for this additional encryption ability. Seems this should be a no-brainier for EN, both as a tech matter and as a business/profit matter.

[s2sailor 2,181]

This really should be as easy as a Right-Click or selection in properties for a Notebook.

 

With all due respect you are confusing the effort to add a UI control with the effort in creating the underlying code required to carry out the function.  Changes would be required for each client that EN supports as well as server side changes to the service.  Notebook encryption would also require some user behavior education since encrypted notebooks would no longer be indexed by the service and users would need to understand how this may change their search behavior.

 

Long story short, this is nontrivial but would be a welcome addition to the EN service.

[BurgersNFries 2,407]

I, too, would like the ability to encrypt an entire notebook. This really should be as easy as a Right-Click or selection in properties for a Notebook.

You have GOT to be kidding?!?!?!! As s2sailor said, you are confusing UI with actual "programming".  It's kind of like me telling the guy at Discount Tire to change my tires vs the work actually involved in changing my tires.

 

 

@gazumped, but EN does provide encryption. It's just cumbersome in that one needs to select the text in a note and then right-click to encrypt. So it seems that making it easier to encrypt an entire note or notebook would not add to any issues as re cross-platform use. IMHO

It's pretty easy to arm chair quarterback. Yes, EN currently provides encryption...for text only. Simply b/c text encryption exists doesn't mean that can easily be applied to an entire notebook (or even just a note) that may contain images, PDFs, MP4s, etc. and sync & work well across multiple platforms.

 

[jasondunn 20]

With all due respect you are confusing the effort to add a UI control with the effort in creating the underlying code required to carry out the function.  Changes would be required for each client that EN supports as well as server side changes to the service.  Notebook encryption would also require some user behavior education since encrypted notebooks would no longer be indexed by the service and users would need to understand how this may change their search behavior.

 

And you're confusing his request for how he'd like it to be used with a statement about how easy it would be to implement. I mean, come on...you can't honestly think that's what he meant, do you? You and BurgersNFries immediately pounce on people asking for this feature and defend Evernote's programmers as if they are gentle flowers that can't possibly cope with customer requests.

 

I've been involved in enough communities to know that you both see yourselves as being helpful (and I'm sure you answer a lot of questions elsewhere here), but honestly, from an outsider's perspective, you both come across as kind of hostile here to anyone who's raising their hand and asking for this feature. This thread is a bit painful to read. :-(

 

It's not your job to tell other Evernote customers why we shouldn't be asking for this feature. There's clearly a good number of people that really would like to have it.

[CalS 5,280]

Perhaps @mapjr could clear the air as to the intent of his statement? Problem with the written word is that" I would like to see..." and "It should be as easy as..." don't mean the same thing to all people. Might be best to question the intent before jumping as well, I suppose.

[s2sailor 2,181]

Am I confusing his request?  Maybe.  I don't know mapjr and can only respond to how he worded his comment and yes (surprisingly) some people do think it is that easy.

 

If you read the last line in my post I was agreeing that it would be a welcome addition.  I wasn't discouraging the request at all.  Encrypted notebooks is high on my want list too.

[BurgersNFries 2,407]

 

With all due respect you are confusing the effort to add a UI control with the effort in creating the underlying code required to carry out the function.  Changes would be required for each client that EN supports as well as server side changes to the service.  Notebook encryption would also require some user behavior education since encrypted notebooks would no longer be indexed by the service and users would need to understand how this may change their search behavior.

 

And you're confusing his request for how he'd like it to be used with a statement about how easy it would be to implement. I mean, come on...you can't honestly think that's what he meant, do you? You and BurgersNFries immediately pounce on people asking for this feature and defend Evernote's programmers as if they are gentle flowers that can't possibly cope with customer requests.

 

I've been involved in enough communities to know that you both see yourselves as being helpful (and I'm sure you answer a lot of questions elsewhere here), but honestly, from an outsider's perspective, you both come across as pretty hostile here to anyone who's raising their hand and asking for this feature.

 

It's not your job to tell other Evernote customers why we shouldn't be asking for this feature.

 

 

Ok, please point out where ANYONE has said people should not ask for this feature.  I'm pretty sure you can't b/c I'm pretty sure no one has said that. 

 

You say we are "confusing his request".  Well, all we have to go on is his words.   And yeah, from his words, it seems he thinks this is simple. 

[GrumpyMonkey 4,319]

i think it is safe to say that implementing this change is a significant challenge. all things being equal, why not have encryption, right? the fact that only one or two services are able to make this work on mobile (voodoopad and filemaker?) suggests that it's not easy, but it is possible. microsoft onenote and google keep certainly haven't managed it, so i wouldn't say evernote is behind. yet.

i hope they burn the midnight oil and get this thing done sooner rather than later. a simple ui (as suggested) and powerful features sounds like evernote's mo to me!

[JMichaelTX 4,117]

the fact that only one or two services are able to make this work on mobile (voodoopad and filemaker?) suggests that it's not easy, but it is possible. microsoft onenote and google keep certainly haven't managed it, so i wouldn't say evernote is behind. yet.

i hope they burn the midnight oil and get this thing done sooner rather than later. a simple ui (as suggested) and powerful features sounds like evernote's mo to me!

 

Wuala has mobile apps.

 

I'm with you on the midnight (and noon) oil !

[jasondunn 20]

i think it is safe to say that implementing this change is a significant challenge. all things being equal, why not have encryption, right? the fact that only one or two services are able to make this work on mobile (voodoopad and filemaker?) suggests that it's not easy, but it is possible. microsoft onenote and google keep certainly haven't managed it, so i wouldn't say evernote is behind. yet. i hope they burn the midnight oil and get this thing done sooner rather than later. a simple ui (as suggested) and powerful features sounds like evernote's mo to me!

 

Absolutely, I get that it's not easy - and there would be some sacrifices (like encrypted notebooks not being searchable, or maybe they're only searchable after the passphrase is entered) - but it would be worth it. I'm truly a little scared of how much critical data I've put into Evernote and I'm relying solely on their security to keep it safe vs. real encryption. The benefits outweigh the risks for me right now though because it's so tremendously useful to have that data everywhere I go...I just hope I don't regret it. :-)

[CalS 5,280]

I don't know mapjr and can only respond to how he worded his comment and yes (surprisingly) some people do think it is that easy.

With you 100%.

To go off topic, if it were me, I'd ask for note level encryption. Better personal use case and I can only imagine the hair on notebook level encryption when you start moving and sharing notes.

[GrumpyMonkey 4,319]

@ jm

wuala is neither an information manager nor a notetaking app. spideroak has a mobile app, too. heck, we could also include lastpass, etc. if we are just talking about a bit of encrypted text. the trick is to have a notetaking app that handles lots of notes, is secure, and is available everywhere.

on ios and osx (certainly, this is not everywhere), i think that comes down to voodoopad, devonthink, and filemaker. if there are more, let me know. the first two are ancient by ios standards and unreliable. filemaker? it is a beast, in my opinion, and i haven't been able to work efficiently with it yet on mobile.

@ csihilling

why not both? i see no headaches with notebook level encryption. just have sharing removed if it goes into an encrypted notebook, just as it's removed when it goes into a local one. you could make it more complicated by keeping the sharing, but that seems unnecessary for me, and there is already a model of behavior for evernote to work with here (local notebooks).

[JMichaelTX 4,117]

@ jm

wuala is neither an information manager nor a notetaking app. spideroak has a mobile app, too. heck, we could also include lastpass, etc. if we are just talking about a bit of encrypted text. the trick is to have a notetaking app that handles lots of notes, is secure, and is available everywhere.

 

As I think you know, I'm fully aware that Wuala is not a PIM.  My only point is that their mobile app is an example of implementing high security using zero knowledge keys.  The point is that it can be done.  Whether it is encrypting Note text or a file, the principle is the same.

 

Evernote could encrypt the Note body while leaving the Note metadata unencrypted.  This would permit good searching.

[GrumpyMonkey 4,319]

@ jm

wuala is neither an information manager nor a notetaking app. spideroak has a mobile app, too. heck, we could also include lastpass, etc. if we are just talking about a bit of encrypted text. the trick is to have a notetaking app that handles lots of notes, is secure, and is available everywhere.

 

As I think you know, I'm fully aware that Wuala is not a PIM.  My only point is that their mobile app is an example of implementing high security using zero knowledge keys.  The point is that it can be done.  Whether it is encrypting Note text or a file, the principle is the same.

 

evernote could encrypt the Note body while leaving the Note metadata unencrypted.  This would permit good searching.

i see where you are headed. i don't think the challenge is encryption itself, which has been done by several apps. gus (maker of voodoopad) is an indie developer and he managed it years ago. getting it to work with existing functionality, the api, and the sync might be more of a challenge, i guess. honestly, i am completely out of my league here, and have no firsthand knowledge of encryption, but if an indie developer can do it, then why can't ms, google, and en do it? it's kind of weird, as if they don't see encryption as a critical feature. maybe they don't get the guardian or other newspapers there and they are living in a pre-snowden bubble

just kidding, they know more about encryption than most of us. however, they do seem strangely uninterested, despite their security backgrounds. maybe their former work was traumatizing or something, because en's encryption has never been ahead of the curve, and they always seem loathe to stick their hands into improving it.

[CalS 5,280]

@GM

Both would not only be fine, but maybe required, IMO. Theoretically, what do you do when you take a note out of an encrypted notebook? Wouldn't that note have been encrypted while in the encrypted notebook?

I'm just saying if it is easier to implement note level encryption (relative term and I would guess it is) then a Ctrl-A and a right click menu as a part of the process gets you there, with note level integrity. FWIW.

Full disclosure - I don't use a lot of notebooks which influences my view of the universe.

[jasondunn 20]

...but if an indie developer can do it, then why can't ms, google, and en do it? it's kind of weird, as if they don't see encryption as a critical feature. maybe they don't get the guardian or other newspapers there and they are living in a pre-snowden bubble

 

A lot of "the big guys" don't implement security until they're forced to - most big companies are not proactive. Look how long it took Facebook, Yahoo, Google, etc. to make SSL the default experience on some of their services. To a certain degree, you can understand it because it adds cost and complication on a massive scale. That's why smaller companies can usually take the lead on features and do things the "right" way. Then the big guys catch up eventually.

[GrumpyMonkey 4,319]

@GM

Both would not only be fine, but maybe required, IMO. Theoretically, what do you do when you take a note out of an encrypted notebook? Wouldn't that note have been encrypted while in the encrypted notebook?

I'm just saying if it is easier to implement note level encryption (relative term and I would guess it is) then a Ctrl-A and a right click menu as a part of the process gets you there, with note level integrity. FWIW.

Full disclosure - I don't use a lot of notebooks which influences my view of the universe.

 

i don't want to get technical (because i can't!), but the model for it can be found with local notebooks. when you move a note from a local to a regular notebook, it gets a guid (i believe) and goes over without any problems. perhaps the developers are banging their heads on their desks reading this. frankly, i don't design encryption software, so i can't say exactly how it is done. however, other apps manage to do it just fine, so i think evernote can call those guys up and ask if they have questions

[jefito 5,589]

Random thoughts in the notion of encrypted notebooks:

 

Notes exist on their own as atomic objects, not as part of a notebook. In other words, notebooks don't really contain notes except in a metaphorical way; instead, notes refer to their notebook via its GUID, so a notebook is really the collection of notes that have the notebook's GUID in their notebookGUID field (see https://dev.evernote.com/doc/reference/Types.html#Struct_Notebook). An encrypted notebook would require some rule such that all notes in the notebook were stored as encrypted.

 

An encrypted note would presumably have the following parts of its content encrypted:

* The note contents itself

* The note's resources (attachments)

* At least some of its attributes (tags? location? sourceURL? date fields?) There's a pretty good gang of them.

* Its recognition text (text produced via OCR)

 

Anything else? Refer to https://dev.evernote.com/doc/reference/Types.html#Struct_Note for more candidates...

 

So what happens when you move a note into an encrypted notebook? OK, so the note becomes encrypted, whatever that means. How about the backups that Evernote stores? Presumably they are not encrypted, so would Evernote then be required to seek them out and encrypt them? It's one thing to preserve old edited versions of a note, but if it's an encrypted note, you don't want those old versions laying around in plain text, right? Then once it's encrypted on the server, it splays out to any syncing device.

 

Presumably, when you move a note out of an encrypted notebook, the reverse happens.

 

You might also what happens if you change a shared notebook to encrypted. Good times.

 

Oh, OK, so you have your encrypted notebook, and now you want to work with it. So you unlock it on your device, and now the local device needs to run around and decrypt every part of it that gets encrypted, so you can search, filter, and all of the normal stuff. Of course, if you make changes, you have to encrypt everything before syncing up to Big Brother the Evernote servers in the sky...

 

What did I miss?

[JMichaelTX 4,117]

 

An encrypted note would presumably have the following parts of its content encrypted:

* The note contents itself

* The note's resources (attachments)

* At least some of its attributes (tags? location? sourceURL? date fields?) There's a pretty good gang of them.

* Its recognition text (text produced via OCR)

 

 

 

I wouldn't want to encrypt the metadata, what you call "attributes".  That way they could still be used in searches.

 

My thought is that it would work just like the current text encryption.  Everything is always encrypted on the Evernote Cloud.

When you select a Notebook you would have an option to unencrypt -- perhaps by a button or right-click.

You would enter the password for that Notebook, and when you select a Note in that NB, EN would unencrypt it, and it would stay unencrypted as long as your have EN open, or until you press a button.  Could be the same button that acts like a toggle switch.

 

When you sync, the EN client would encrypt the changed Notes before sending to the Cloud.

 

The UI for this is clearly something that needs to be carefully thought through, tested internally, and tested with users for feedback before it is locked down.

[ScottLougheed 1,316]

 

 

An encrypted note would presumably have the following parts of its content encrypted:

* The note contents itself

* The note's resources (attachments)

* At least some of its attributes (tags? location? sourceURL? date fields?) There's a pretty good gang of them.

* Its recognition text (text produced via OCR)

 

 

This is a tricky one. Technically any note encrypted from the get-go could never be OCR'd because that's completed server-side. A properly (effectively) encrypted note should not be accessible to the servers. 

What this means is that some notes will be created without encryption, OCR'd, then encrypted.... which means you'd have OCR data to potentially encrypt. But then you'd have a new class of notes, those which were encrypted upon creation which could never be OCR'd and would have no OCR data to encrypt. 

Maybe this isn't a big deal at all but it does add to the complexity, and of course, may be infuriating to users as they try and figure out why text in some images don't return results while others do.

 

Again, I'm all for this. I have a lot of data I do not store in Evernote because of the limited encryption. I'd welcome great, note- or notebook-level encryption with open arms. I think Evernote should work VERY hard to make this happen. That being said, on the face of it it seems immensely challenging. 

[Murky 1]

I would definitely support a feature that gave you the option of creating password-protected notebooks in Evernote.  It might even persuade me to upgrade to Premium.

[VZh 0]

+1

 

I have similar situation with my private journal. I tried using some other journal apps, but using already established tag system and linking journal's articles to notes makes me consider Evernote as my journal app again.

 

I don't understand why Evernote team doesn't consider implementing two levels of notebook password protection:

1. Protection from unathorized access in already open Evernote app, with possibity to search in protected notebooks

2. Encryption without possiblity to search in encrypted notebooks/notes.

 

I believe these features will make happy a big number of already existing Evernote users, and make Evernote more attractive for potential users. 

 

Regards

[FineArt 3]

+1 for zero knowledge notebook level bla bla bla...

 

obviously there is more than adequate demand for this feature to be supported, since it's not implemented yet we have to look for reasons why... 

 

1. it's hard... well yeah... it is, but time+available resources bla bla bla... it would have be done by now anyhow... so it's not that

2. they don't want to, because it would compromise the indexing... not a real reason... they are not indexing any data which is not on servers now, are they?

3. outside pressure... this one seems the only realistic one to me, if legally they are given only the option to implement inherently compromised encryption solution they face the hard choice... either do it the way they don't want to either not to do it at all... if this is the case it becomes apparent why this matter still is not addressed. 

 

P.S.

it's clear that many people have expressed their urge, and it has been heard, and little has been done... there is an obvious business potential and as soon as (and if) adequate means will be available the service will be provided, as to what can be done... I think to average user it remains only to wait... maybe occasional cry on the forum so the issue is not forgotten...

 

all this obviously is fan fiction... I in no way am involved in the matter, I'm a mere user who wandered in here from google investigating if notes can be encrypted. 

[BurgersNFries 2,407]

since it's not implemented yet we have to look for reasons why...

Um, no we don't.  We don't because it doesn't matter why.  The bottom line is it is not.  So what the user needs to do is decide what they need to do.  Use EN for non sensitive info?  Use local notebooks for sensitive into?  Use another app? 

[JMichaelTX 4,117]

+1 for zero knowledge notebook level bla bla bla...

 

obviously there is more than adequate demand for this feature to be supported, since it's not implemented yet we have to look for reasons why... 

 

P.S.

it's clear that many people have expressed their urge, and it has been heard, and little has been done... there is an obvious business potential and as soon as (and if) adequate means will be available the service will be provided, as to what can be done... I think to average user it remains only to wait... maybe occasional cry on the forum so the issue is not forgotten...

 

all this obviously is fan fiction... I in no way am involved in the matter, I'm a mere user who wandered in here from google investigating if notes can be encrypted. 

 

Good point FineArt.

 

While we may not ever be able to truly understand why Evernote makes certain decision, a lot can be gleamed from their public statements and interviews.

 

If the "why" means that Evernote is moving away from its core service, and no longer sees a need to support and/or improve on it, then we may need to look for other options.

[GrumpyMonkey 4,319]

My impression is that, for some reason, Evernote isn't terribly interested in encryption and doesn't think the privacy / security issues raised over the last few years are ones they need to try and tackle.

I think Phil Libin (Evernote CEO) recognizes the problems that exist. He has said: "I think the Internet has come a ridiculously long way given the fact that it’s insecure and broken.... but the recent loss of trust has been exponential and is really threatening to undermine a lot of the progress that we have made.... [some company is going to end up making the Internet more secure, and that company is going to ultimately] be worth a billion dollars and rule the world.”

However, I don't think he wants to step into that space. For example, Phil recently said: "We don’t own anyone’s data and are one of the few companies that explicitly says that. Everything you put into Evernote is private by default. I am a believer that the issue of government surveillance is a completely solvable problem. We as a society just need to get together and decide how do we want our governments to act." I'm glad that he is so optimistic, but I think I'd rather be given tools to protect my data from unauthorized access (private or state-sponsored).

Anyhow, with the new emphasis on collaboration, surfacing your data, and presentations I don't think encryption is going to figure prominently in this new vision of Evernote either.

[JMichaelTX 4,117]

Anyhow, with the new emphasis on collaboration, surfacing your data, and presentations I don't think encryption is going to figure prominently in this new vision of Evernote either.

 

I'm not so sure.  Corporate owners/users are probably more concerned about security than individuals, not just from hackers and the government, but also from crusaders and competitors.

[GrumpyMonkey 4,319]

Anyhow, with the new emphasis on collaboration, surfacing your data, and presentations I don't think encryption is going to figure prominently in this new vision of Evernote either.

 

I'm not so sure.  Corporate owners/users are probably more concerned about security than individuals, not just from hackers and the government, but also from crusaders and competitors.

How long has Business been around? How much has encryption improved? I think the comments we have seen from Phil on encryption in recent years don't suggest much interest in encryption for Evernote beyond the sexy thing that was promised more than a year ago. Perhaps they are working on something behind the scenes. I don't know, but I don't think pressure from business clients is likely to sway them. In my experience, many businesses, especially the smaller ones that Evernote Business targets, don't have much interest in encryption, so Phil might well be making a wise choice by deferring development on encryption.

[RAK2 0]

MY vote is for encrypt encryption of the notebook feature...

[iamtheduff 0]

+1 for this. I'm transitioning to a paperless system and feel this would be great to individually lock out the notebook(s) I would use to keep scanned documents.

[HerbyDE 101]

+1

[mg10 1]

+1

 

Is there any workaround / best practice to try to implement something like this now?

[cevikarda 0]

+1

I need this feature. When I leave my app open on my iPad, and on my Windows pc, I want to access some notebooks frictionless. But I also want to access some "private" or "protected" notebooks, via typing a password.

[Daniel França 0]

+1 Needed feature!

[Seblirium 2]

+1 

I've gradually been increasing my Evernote usage, and recently started using it for a journal. Please!

[udokotela 0]

+1

I'm amazed this isn't available.

[Maxibe 0]

+1 

[andersph 1]

+1

 

 

I also love Evernote and use it for everything just as it says on the tin. "Everything" includes some stuff that really shouldn't be read by someone else. People have been asking for this for YEARS and to STILL not having implemented this seemingly simple feature is a MAJOR fail and could very well be a deal breaker for me.

 

Anyone has a solid tip for another app that can do this?

[Metrodon 2,184]

It's not a fail, it's a clearly thought out business decision.

 

It's pretty clear that Evernote's vision is try to become more than just a dumb space that users add data to. Context, Related Notes, the AI investment and Libin's recent comments all point towards an idea that Evernote will help to make you better at doing things.

 

Siloing data into encrypted containers would break this paradigm.

 

So it's nothing to do with being simple or not and it's obviously not a major fail. It's probably just not the app that you need in order to prevent your deal from breaking.

[andersph 1]

You make really good points and I understand that is the thinking behind this. You are right.

 

However I can't help thinking that the fact that it is a conscious decision doesn't automatically mean that it is not a fail. Plenty of fails are badly made decisions rather than mistakes... My point is that for all the clever ai in the world I still cannot use Evernote as the business tool it is claiming to be if I cannot store sensitive data.

 

I am open to the possibility that I am doing something wrong here and just don't understand how to use the product properly, If so, please enlighten me. Is there a good way of, for example, hiding notebooks?

[Metrodon 2,184]

No, you are simply using the wrong tool for your requirements and that's fine.

 

I'm often amazed at how people are trying to squeeze their whole business and private lives into one application. Evernote is a pretty decent general application that allows lots of people to do lots of useful things. But, it's not particularly good at anything and it's never going to be because if they concentrate on a smaller subset of use cases they will undoubtably reduce the general usefulness.

 

I use Evernote I don't know how many times a day, on different devices and in different places, I find it incredibly useful. I also use a bunch of other apps that are far better  at doing specific tasks than Evernote will ever be.

 

It sounds like you have a requirement to encrypt the data you store in the cloud. My first thought would be to find an app that does this immediately, rather than finding one that doesn't and then deciding that not having a function that it's never had, never promised to have and might never have is a 'deal-breaker' for you.

[andersph 1]

I am not really talking about a specialist solution or a way to encrypt anything. All I want is a checkbox on the notebook settings that requires me to enter my password again for example.

[andersph 1]

This is not a niche use case. Anyone using Evernote a lot could benefit from keeping the kids out of the Gift Ideas notebook or nosey clients out of other client's presentation notebooks...

[Metrodon 2,184]

If that's all you want, well why not just password protect your machine? It's easy and available on every operating system already.

[Seblirium 2]

I'm often amazed at how people are trying to squeeze their whole business and private lives into one application. 

 

To be fair, Evernote themselves do quite a good job at promoting themselves around this idea. Personally, I don't think it's unreasonable for users to at least attempt to do this. 

 

From Evernote.com: "Your life’s work - For everything you’ll do, Evernote is the workspace to get it done." In addition to how features and other products have been promoted around the idea of going 'paperless' by scanning important documents into Evernote; bank statement, tax returns etc, there ought to be a sense of responsibility in the way the data is secured.

 

Data synced to servers is encrypted, excellent, and as it should be. The functionality to encrypt the individual contents of notes is there for all to use; many people are wondering why this either has not, or cannot, be extended to encrypt notebooks as a whole (how Evernote were to technically achieve this is another matter).

 

As for password protecting machines; that doesn't solve this particular security gap. Looking at it from a couple of scenarios such as poor user security habits (not locking systems when stepping away), to providing access to other users, security vulnerabilities within the operating system, malware etc, mean it's not a viable 'solution'.

 

A really quick example, if a Windows vulnerability provided access to the user account, with Evernote having notebooks without some form of password protection, where would the buck fall for an Evernote user? Microsoft for having vulnerabilities in the Windows code, or Evernote for not doing everything it can to protect the data that they claim to be the place to store; it would likely be both sides. So while there is currently the option to encrypt individual note contents, why limit it to such a small area of their service functionality?

[Metrodon 2,184]

If you believe Evernote marketing any more than you believe wearing Hugo Boss aftershave is going to make you irresistible to the world's super models then I can't help much.

 

Are you saying that users who have poor security habits and don't remember to lock their machine are going to remember to lock an Evernote notebook they are working in? Seems unlikely.

 

All of the OS' security vulnerabilities will apply equally to Evernote as any other file on the system whether the application has a notebook password or not. The only way to protect the data is to encrypt it and only have the user have the key to this encryption. On a larger scale I really don't think this is going to happen with Evernote. The small scale and clunky encryption was I think added to check a box so they could say that they have encryption not because they are in any way serious about it.

 

Finally, if you think that Microsoft or Evernote are ever going to take responsibility for your data then I believe you are 100% wrong. It's your data and it's your responsibility to ensure it's backed up, to ensure it's secure and to ensure that you can get to it when you need it.

[andersph 1]

Bankrobber, I'm really not sure why you are complicating and defending this so much.

 

The devices we use are very rarely used by us exclusively and all we want is a mechanism to stop someone handling one of your devices from just opening any notebook in case there is something we don't want them to see. Not to protect us from cyber warfare.

[Metrodon 2,184]

I'm not complicating or defending, I'm explaining. 

 

If you are a premium user you can PIN protect your mobile device, this makes sense as mobile devices really don't support multi-user environments.

 

If you share your user account on your PC or Mac then I would have thought that you are leaving all kinds of data as well as Evernote open to prying eyes. Anyone with any real care for their security will lock their machine when they are away from it and will use a guest account for other people who need to access the machine.

 

Either way, I'll be hugely surprised if this request is ever implemented by Evernote.

[Kent H 0]

I would also support lockable notebooks.  I keep a lot of notes on different jobs which isn't part of the problem but I am on our school board and like to keep my notes from our meetings in evernote.  Some of these notes would be better not read by my children and employees who use my computer from time to time. The problem is I have evernote running on my computer which is handy but also anybody who happens by my desk can open it up and read it.

[jefito 5,589]

In the scenario you present, anyone who happens by your desk can also start spelunking in your documents as well, or any other location on your computer as well. Locking notebooks in Evernote isn't a solution for this. You can:

 

* Sign out of Evernote when you're not using it, or... 

 

* Learn to lock your computer when you leave it, or...

 

* Add a guest account if other people need to use your computer, and if you're on Windows, employ Switch User functionality to that account for other users

[Kent H 0]

   I don't know if you work for evernote or not but let me tell you something about customers.  I own a business and when a customer has a suggestion, especially when several of them have one I at least listen to them. 

 

   If I have a word document or exel file I can lock them.  I understand all the things you are saying I can do but they are not what I choose to do for my own reasons.  I'm just saying I would like the option to lock a notebook.  If that's not possible then that's just the way it is. 

   I do like Evernote, I've used it for several years and subscribe to the premium.  I use it quite a lot to make notes on potential jobs before I go back to the office and make out a quote.

[Metrodon 2,184]

It's not possible at the moment and Evernote's response to this request has been that there are better ways of securing your data (as outlined by wise Jeff)

[jefito 5,589]

   I don't know if you work for evernote or not but let me tell you something about customers.  I own a business and when a customer has a suggestion, especially when several of them have one I at least listen to them. 

 

   If I have a word document or exel file I can lock them.  I understand all the things you are saying I can do but they are not what I choose to do for my own reasons.  I'm just saying I would like the option to lock a notebook.  If that's not possible then that's just the way it is. 

   I do like Evernote, I've used it for several years and subscribe to the premium.  I use it quite a lot to make notes on potential jobs before I go back to the office and make out a quote.

I don't work for Evernote, I am a fellow user, just like you are. Evernote does read all of the posts in the forums, and will have taken this as a feature request already. Speaking for myself, I read your suggestion, and I just don't see this as an Evernote problem. But I don't claim to speak for them. And it isn't possible in any of the desktop clients that I know of, which is one of the reasons I tried to steer you towards using your native OS's capabilities.

 

I do understand about customers, and deal with them, personally, where I work (also software development). We try really hard to accommodate customer requests, but not everything that's suggested makes sense for our products, for various reasons, and when that happens, we try to convey that to them. Listening is one thing, but implementing is entirely another.

[lost_gweedo 73]

(edited to remove topic possibly misunderstood)

I realize that there may be valid reasons for EN to not provide a locking or private option for notes or notebooks, but I come back to my reason for supporting the request.  EN is my 'one-stop-shop", where I also keep employee notes, etc.  Yes my PC is locked when not in use, however some of my use is on a projector with others viewing.  I can't use EN in this mode, because of the related content and notebook/note names that can be seen by other employees.  A simple 'private' setting or pin to prevent those notes and their content from being accidentally displayed would suffice.  Not trying to project against a password attack, just inadvertent viewing of private data.

EN does a good job of providing stability updates.  As a premium user, it is money well spent for me.  However, this is a big hole in my mind.  Maybe they can put some of that money gained from selling desktop organizers and backpacks into a few software features? 

[Etherialgirl 1]

I have the problem that I'm constantly doing screen sharing and taking notes for clients. When it opens to my All Notes list and the second note (in a Personal folder I'd love to have PW protected) shows the 3rd title title down the list as something like "Cancer Test Results," I really don't want the person viewing my screen to notice that. Of course I lock my computer and I lock my phone, but it's all the collaboration work I do that is causing me stress here.

 

Or another example, let's say I'm working with two competing companies. I don't want them to see a recent note headline about their competitor when I open Evernote. 

 

Evernote simply doesn't work well in a world where collaboration AND confidentiality are both important. That's a shame because if it had this one feature, it would be a killer app. 

 

I guess some attorney will have to find a loophole from which they can sue Evernote for being grossly negligent when it comes to security. It would be a shame to see it come to that. But I'm guessing one day, it will.

 

In theory, the lack of this feature could help facilitate criminal activity. It's a great cover for "plausible deniability." Imagine a person leaking insider trading info just happening to have a note headline about the inside information in All Notes, and then doing screen sharing to take notes with whomever they're talking to who wanted to know that info. Of course they could reasonably say they had no intent to share the info. And since Evernote doesn't allow note-level protection, they're innocent by way of plausible deniability. 

 

Hmmm. Maybe Evernote should keep it the way it is currently. I'm sure some criminals would be upset if it changed. 

[andersph 1]

Thank you Etherialgirl!

You provided a very good example of exactly the kind of situation where this feature is indispensable!

[LKMweb 0]

Quoting geoloser:

"…pin to prevent those notes and their content from being accidentally displayed would suffice…"

 

 

I'm a Premium user for professional and personal use. I have shared individual notes with different people who have their own accounts and later discovered a note was unintentionally deleted by one of those users. To date, I was able to find the deleted note in the Trash, but it would be a great service if we could mark individual notes in any manner: a lock, a pin, a color. 

 

Any of these features currently available across computer operating systems and software would help keep important notes from disappearing or being modified unintentionally. If there is a way to do this already, please share it.

[gazumped 11,652]

I experimented with ways to avoid 'accidental' erasures for a while.  The easiest and most effective was to give 'view only' rights so notes couldn't be changed.  There's also a backup copy of the entire database and/ or shared notes or notebooks.  Another option was to keep a special notebook for each person or group in the share,  and to copy files into that as necessary.  I always had an original.  Or you could keep the content of the file in a passworded PDF file in the same note as a ride-along backup.  Or use a premium subscribers 'step back' into the note history to recover from changes.  

 

Some of those don't prevent notes from being deleted completely however - and if they're not in Trash and you don't have a backup,  you do have a problem

[FelixKramer 1]

Users have made many good points here, both pro and con. I agree it's unreasonable to expect Evernote to meet high-security needs. But the top of my wish list is some mechanism to make access a little hard for a family member or someone else who for any reason happens to get access to my computer or mobile device. Password-protected notes or notebooks would be ideal for me.

I've seen some posters saying that just as they began to move more and more of their lives onto Evernote, this issue let them to stop using it!

I haven't seen anyone from Evernote weigh in here. I've looked briefly online and don't see any company responses in news/event/reviews coverage. I'd love to hear about the thinking inside the company.

[JMichaelTX 4,117]

I have the problem that I'm constantly doing screen sharing and taking notes for clients. When it opens to my All Notes list and the second note (in a Personal folder I'd love to have PW protected) shows the 3rd title title down the list as something like "Cancer Test Results," I really don't want the person viewing my screen to notice that. Of course I lock my computer and I lock my phone, but it's all the collaboration work I do that is causing me stress here.

 

Until/IF Evernote provides the feature you're asking for, a work-around is to make good use of Notebooks.

If you have all your personal stuff in a "Personal" Notebook, then just select some other Notebook so that the Note list shows only notes from that Notebook.  Before you enter a screen-sharing meeting, just choose the appropriate Notebook.

[Nadimm 2]

+1 to the feature request

[sam handwich 0]

This feature would get me to pay for a premium account.

[Insanity540 0]

+1

 

I really think that Evernote should look into implementing this. I would personally like to apply a simple way of securing a notebook/notes for my Journal.

 

Not to start this game - but OneNote have have password-protection for a long time... but to honest, I'm a huge evernote fan. It'd just be nice to have this feature.

 

Keep up the great work guys!

[smw2 0]

Just popping in here - and first joining the forum community - to agree with the need to password-protect or encrypt whole notebooks, and also to suggest one work-around to my fellow frustrated users.

The greatest issue I've faced is at work. I use Evernote for work stuff, but am afraid of someone pulling up my journal and other private info, which could easily be done by accident by someone who is unfamiliar with EN. This has restricted my full use of EN at work - yet it's crucial to EN's long-term viability to be inclusive of all, or at least most, spheres of my life.

 

As a simple work-around, I just merged all the old entries in my journal into a single note, and encrypted it all together. This was a little harder than I thought it would be - I had to eliminate images and, surprisingly, lists with checkboxes, in order to encrypt everything. That wasn't a huge loss, since I had only a few images, and checkboxes aren't exactly a critical feature. However, this work-around wouldn't fly for stuff that really needs to remain in separate notes.

[CDB 0]

+1 for me, too. 

 

Just need somewhere that I can put one more level between me any any other "wandering" eyes. 

 

Please give us a "password" option in the notebook settings. 

[lesser_known 0]

This is a great request - please make this happen! 

 

I would like to use evernote as a repository for my account passwords 

[Thorz 52]

I have EN installed at home and my office. What freaks me out is that someone at work can easily dismount the hard drive, attach it to another PC and just copy the whole EN database, or just reboot the machine from a USB stick and copy all the EN data.

 

I could maybe use something like bitlocker or other hard drive encryption but in reality this would be overkill. Most of the time it is also impossible to use hard drive encryption due to work policy where you don't have authorization or control over these kind of changes.

 

An option to encrypt a notebook would be extremely welcome in this cases. LastPass encrypts the whole local database and is also fully searchable so I really don't understand why cannot Evernote do something like this. I will gladly pay for premium access just for this feature.

 

I will be contacting support for letting them know. There are many users that want this.

 

EDIT: Well, it looks like it is not possible to contact them directly if you are not a premium customer. The only option I had on the support pages was "Ask the community". Ridiculous that it is not possible to give them feedback. I wonder how much the EN official employers monitor this forum.

[GrumpyMonkey 4,319]

I have EN installed at home and my office. What freaks me out is that someone at work can easily dismount the hard drive, attach it to another PC and just copy the whole EN database, or just reboot the machine from a USB stick and copy all the EN data.

 

I could maybe use something like bitlocker or other hard drive encryption but in reality this would be overkill. Most of the time it is also impossible to use hard drive encryption due to work policy where you don't have authorization or control over these kind of changes.

 

An option to encrypt a notebook would be extremely welcome in this cases. LastPass encrypts the whole local database and is also fully searchable so I really don't understand why cannot Evernote do something like this. I will gladly pay for premium access just for this feature.

 

I will be contacting support for letting them know. There are many users that want this.

 

There is a third-party application that should be available soon to help alleviate the problem.

https://discussion.evernote.com/topic/81336-saferoom-zero-knowledge-encryption-for-evernote-and-more/

[ScottLougheed 1,316]

 

I have EN installed at home and my office. What freaks me out is that someone at work can easily dismount the hard drive, attach it to another PC and just copy the whole EN database, or just reboot the machine from a USB stick and copy all the EN data.

 

I could maybe use something like bitlocker or other hard drive encryption but in reality this would be overkill. Most of the time it is also impossible to use hard drive encryption due to work policy where you don't have authorization or control over these kind of changes.

 

An option to encrypt a notebook would be extremely welcome in this cases. LastPass encrypts the whole local database and is also fully searchable so I really don't understand why cannot Evernote do something like this. I will gladly pay for premium access just for this feature.

 

I will be contacting support for letting them know. There are many users that want this.

 

There is a third-party application that should be available soon to help alleviate the problem.

https://discussion.evernote.com/topic/81336-saferoom-zero-knowledge-encryption-for-evernote-and-more/

 

 

I've been beta-testing Saferoom for Mac and iOS, and it seems to do an admirable job of encrypting, though it comes with some MASSIVE trade-offs, and it is not exactly a simple application to use. 

The trade-offs largely are a result not of Saferoom's shortcomings, but because Evernote was simply not designed to have fully zero-knowledge-encrypted data within it. 

That being said, for people who desperately need to store confidential information in Evernote and are unable to use other options that exist because of finances or workflow constraints, Saferoom is deficiently a great option. 

 

I store my confidential information (well, its actually other people's confidential information), in a different program, Everything I store in Evernote is largely inconsequential if it leaks, so I'm not sure if I will have to rely on Saferoom a great deal, but it has definitely been fun to beta test. 

[JMichaelTX 4,117]

@Scott:

 

Thanks for sharing your use of Saferoom.

How would you compare using Saferoom to using encrypted PDFs in Evernote?

[Rocket J. Squirrel 43]

Another yes from me.  I had taken all my high security, high value notes and put them in a local notebook.  They aren't notes I need to access often (e.g. letters exchanged in an on-going lawsuit might not be accessed more than once every two years, but when you need them they are critical).  I put them in a local notebook because I didn't want them getting hacked on the cloud, and Evernote has had security failures in the past.

 

To make a very long story short, in one of the Evernote upgrades, Evernote's own software wiped out my local notebooks.  I had them all backed up, but since I didn't know what upgrade wiped them out I didn't know what restore to use from the timeline of past backups.  I think it took about two weeks to get back most of what I lost (but I didn't get back a lot of it).

 

Anyway, the Evernote support guy told me he recommends never using local notebooks for this reason (and that's something when Evernote's own employees are telling you to stay away from a feature).  He told me to store everything online.  And then I asked about encryption, and then...well that's where this thread started.

[tavor 668]

Anyway, the Evernote support guy told me he recommends never using local notebooks for this reason (and that's something when Evernote's own employees are telling you to stay away from a feature).

That's scary for those of us who have local notebooks!

[ScottLougheed 1,316]

@Scott:

 

Thanks for sharing your use of Saferoom.

How would you compare using Saferoom to using encrypted PDFs in Evernote?

Vastly different solutions to very different problems. Saferoom is capable of encrypting the entire contents of a note, both the text you write and the attachments you add. This means you could have a reasonably active note that you are modifying fairly regularly that is also zero-knowledge encrypted. Saferoom also works on iOS and Mac and Windows (perhaps Android?). You can access your encrypted content on any of those devices. 

 

Encrypted PDFs work well for, well, safeguarding PDF content. This content, however, is not easily modifiable, so this solution applies primarily to content you are not actively editing. Encrypted PDFs can also trip up some mobile devices, or some apps on some mobile devices, which makes it potentially a bit unreliable for ensuring you have access on all of your devices. 

 

 

It really depends on your needs. Encrypted PDFs are pretty easy to create and solve a very specific problem well. Saferoom works well for encrypting totally arbitrary content that you may be actively modifying, but it is a bit clunky. 

[JMichaelTX 4,117]

@Scott:

 

OK, thanks.  Most, if not all, of the info I need encrypted is static information, and usually in a PDF.

If it is NOT in a PDF, I can easily create the PDF from Word, Excel, etc.

So, for me, Saferoom does not offer that much of an advantage over encrypted PDFs.

 

What would be most useful to me is the exact subject of this thread:  Encrypt an entire Notebook.

That way I could just throw all my sensitive PDFs (or other data) into that Notebook and not have to bother with encrypting each and every PDF.

[tavor 668]

What would be most useful to me is the exact subject of this thread:  Encrypt an entire Notebook.

That way I could just throw all my sensitive PDFs (or other data) into that Notebook and not have to bother with encrypting each and every PDF.

Agreed. Ability to access content everywhere + real security would be a boost over local notebooks, particularly if EN support is advising users to avoid local notebooks due to data integrity issues.

[Scoob 5]

I appreciate Saferoom's efforts to bring us something that EN is not providing but it does seem a little cumbersome at the moment.

After 2 years of discussion, I was hoping the EN developers would look at this thread and see the need and demand for such encryption. I am totally fine with not being able to index/search contents of encrypted notes if the contents are encrypted. That just makes sense to me as well.

Still keeping fingers cross this will one day happen.

[KingdomZero 0]

I would love to see this feature implemented. I have been using evernote for a while now and I'm finally getting comfortable with it. I would really love for this feature to be enabled, contrary to what others may think,

 

I think this feature would be more helpful than a second account. Not a lot of people want to go through the hassle of relogging just to check a reminder or whatnot. We love your "All-in-One Place" feeling to the app, I think this would definitely help make evernote a personal experience.

[elgrayso 3]

This is the one basic feature ive been waiting for since the beginning. Every year or so I look into it to see if they've added it yet. 

 

Password Encrypt certain notes. 

 

A lot of us keep our Evernote logged in on our "safe" personal computers (home and office). So anyone that sits down has full access to everything. Not to mention logging into evernote in a public place and having personal info pop up on the screen because it was the last note you made (as opposed to that note not displaying until you type in it's password). 

 

 

do we still not have this feature? just checking. 

 

[i am a pie 1]

you are aware of course that you can encrypt the text of any part of a note or all of the text of a note?

is that not enough for you?

or maybe you have too many secrets?