Jump to content

Recommended Posts

It seems that every month, one or more very well-financed company will report that their customers' data was hacked.  Some in the security business say that if a company is a sufficiently attractive target, it's not a question of "will you be hacked?" but "when will you be successfully hacked?"  

 

EN is certainly a very attractive hacking target.  

 

I am feeling less and less comfortable with my personal documents being stored on en.  

 

At one point, I was encrypting all sensitive documents.

However, that process is time-consuming and eliminates one of the major en benefits: quick, comprehensive searches.

 

It seems that en needs to offer another level of protection--a level of protection which would require customers to optionally supply a encryption key to un-encrypt their data; a level of protection such that a hacker would need to un-encrypt each customer's account individually.

 

What do others think on this topic?

 

 

 

Share this post


Link to post

You might find the following of use, as a starting point: Evernote Security Overview. There are some Evernote tech blog articles, some of which are security related here: http://blog.evernote.com/tech/. Otherwise, they've so far resisted storing note data encrypted in your devices and in their servers; some users are ok with that, some aren't; there's plenty of relevant discussion on that topic elsewhere in the forums.

  • Like 1

Share this post


Link to post

It seems that every month, one or more very well-financed company will report that their customers' data was hacked.  Some in the security business say that if a company is a sufficiently attractive target, it's not a question of "will you be hacked?" but "when will you be successfully hacked?"  

 

EN is certainly a very attractive hacking target.  

 

I am feeling less and less comfortable with my personal documents being stored on en.  

 

At one point, I was encrypting all sensitive documents.

However, that process is time-consuming and eliminates one of the major en benefits: quick, comprehensive searches.

 

It seems that en needs to offer another level of protection--a level of protection which would require customers to optionally supply a encryption key to un-encrypt their data; a level of protection such that a hacker would need to un-encrypt each customer's account individually.

 

What do others think on this topic?

 

Since Evernote is NOT a financial institution, and their servers that store our notes do not contain any financial or personal identification data per se, I would think Evernote is unlikely to be the target of hackers -- they have little to benefit from hacking.

 

Having said that, I would not put anything unencrypted into Evernote that I consider sensitive.  I encrypt all my PDFs with at least 128-bit encryption (to allow unlocking/viewing within Evernote apps), and for some I use 256-bit.

 

A number of use have long requested Evernote provide encryption on a per Notebook basis.  Who know if or when Evernote will provide this.

 

This has been discussed for years now.  But I think the more we discuss it, and reaffirm our request, the more likely Evernote will respond.  Certainly all users should be aware of the risks of storing their info in Evernote.

  • Like 1

Share this post


Link to post

×
×
  • Create New...