Jump to content
JaneDoes

ANSWERED Little Snitch: Evernote requesting connection to yinxiang.com

Recommended Posts

I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server.

 

Why? Is this a problem on the VPN side or Evernote's?

 

 

Share this post


Link to post

Hi - what version of Evernote are you using?  Web / Desktop / Mac / Windows... ?

Share this post


Link to post

I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server.

 

Why? Is this a problem on the VPN side or Evernote's?

 

This sounds like a very serious security breach to me, IF you are in the US.

 

I recommend that you Submit a BUG report via an EN Support Ticket. In the Support Form, select "Report a bug, crash, or data lost", and start the Ticket Title with "BUG:  " to make it clear.  Reporting a bug should be available to all users, including Free Account owners.

Share this post


Link to post

Thanks, gazumped and JMichael. I'm submitting a bug report. I was using the Desktop version for Mac (latest); I've also been using it on my iPad, which I'll hold off using until I get more information. I'm in the US and there's no personal or business reason that I should have interaction with the Chinese server.

Share this post


Link to post

Hello JaneDoes, 

 

Can you clarify what you mean by "when I opened Evernote".  Do you mean you were logging into Evernote or you were already logged in and just reopened the app?

Share this post


Link to post

Hi mcheng,

 

I was logging in after I opened the app for the first time today (I don't stay logged in, have just started using Evernote). I was using a US-based VPN service when I got the connection request; I didn't get that request when I was not using the VPN.

Share this post


Link to post

Are you based in China and using the US-based VPN?  Do you have your machine setup with Simplified Chinese by any chance?

Share this post


Link to post

FYI: No word yet. I submitted the bug report as you suggested, JMichael. Will update when I hear back.

  • Like 1

Share this post


Link to post

Hi. Could you tell us which tunnel you were using? Your VPN company might be based in the US, but they connect you to the Internet using tunnels in many countries, and if one of those was in Hong Kong or China, that might have caused a problem.

It seems odd, though, as Yinxiang Biji (to the best of my knowledge) is only accessible to folks who have signed up for it, and there ought to be no interactions otherwise. Perhaps you were using a Chinese tunnel and it was contacting Yinxiang Biji to see if your account was there?

Anyhow, let us know what support says,

Share this post


Link to post

Hi, JaneDoes -

 

Our client applications (e.g. Evernote for iPhone, Evernote for Mac, etc.) are written so they are capable of being used against either the evernote.com service or the yinxiang.com service. Once you're signed in to evernote.com, the application "knows" that you're an Evernote user and should never communicate to the yinxiang.com service.

 

Before you log in (e.g. on a new install), the software reaches out to get some basic configuration information about the different services. This just sends the service a request that says something like "My preferred language is US English". The client gets information about the service, including the correct URL to open Support tickets for that service, whether Twitter posting is enabled, etc.:

https://dev.evernote.com/doc/reference/UserStore.html#Fn_UserStore_getBootstrapInfo

So that doesn't send any personal identifying information or data, it just retrieves the canned configuration information for the service in question based solely on your OS language preference.

 

Under normal circumstances, most clients will just get all of this information from servers on evernote.com unless your OS language is set to "Simplified Chinese". But if your client can't get information about the yinxiang service from evernote.com for some reason, it may go directly to the source to ask about the configuration settings for the China service.

 

You happened to hit this on Thursday morning, when you launched the Mac client (with no account signed in yet) at the same time we were having a 30-minute service interruption (see http://status.evernote.com/).

So your client tried to learn about both services from evernote.com, the servers were unable to reply and the client decided to do a one-time lookup for the yinxiang.com configuration information by asking yinxiang.com servers directly.

 

Now that you've signed in to the client, you should see that the Evernote application never tries to connect to yinxiang.com again. (I've been running Little Snitch on my MacBook for at least a year, and have never seen it.)

 

One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note.

We try to avoid this in our own software by fetching and storing the images at the time of the clipping, but that can occasionally go awry if we don't have permissions to download the image at the time of the clip, or if the HTML snippet is inserted into a note from a third-party application that doesn't do the right gyrations.

 

Thanks,

Dave

  • Like 4

Share this post


Link to post

Thanks for your thorough information, Dave. What an ironic confluence of events. Thanks also for your tip on Little Snitch and web clippings.

Share this post


Link to post

My company recently flagged the Evernote extension for trying to send 19GB of data to some server in China.  Can you explain this?

Share this post


Link to post

My company recently flagged the Evernote extension for trying to send 19GB of data to some server in China.  Can you explain this?

 

There is a Chinese Evernote server that your system may have tried to access - see post #12 - are any of the explanations applicable? 

 

(And user forum here - you may have to wait a while for an Evernote response..)

Share this post


Link to post

Hi Gazumped,

 

The situation in post #12 really was a due to a temporary outage on our international service which forced a failover to our Chinese servers only for the express purpose of determining which service your client should be talking to.  This is not a normal process under stable network conditions and I don't know of any recent outages.

 

In addition, the requests we make are very small.  At most when our clients talk to our bootstrapping servers they send a few bytes of information as described in Dave's post.  19GB of data is definitely something odd and out of place.

 

Crayz

 

When you say the "Evernote extension" are you talking about the web clipper?  Are you sure the issue from your IT department was about the Evernote extension sending data vs requesting data?

 

See this portion of the post above that may be relevant:

 

One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note.

We try to avoid this in our own software by fetching and storing the images at the time of the clipping, but that can occasionally go awry if we don't have permissions to download the image at the time of the clip, or if the HTML snippet is inserted into a note from a third-party application that doesn't do the right gyrations.

 

 

 

Were you clipping something with images or other resources that may have been residing on Chinese servers?

  • Like 1

Share this post


Link to post

Thanks for the comment mcheng - odd how often I write "the devs read these posts" and then feel pleased and surprised when there's such a quick response and clearly,  you do!  ;)

Share this post


Link to post

None of those situations apply to my situation.  I've had to uninstall the Web Clipper from my Chrome account.  It's a crappy situation, and I wish Evernote would address this issue.

Share this post


Link to post

Hi Crayz,

 

I'm sorry you had to uninstall Web Clipper.  However without any additional information, its difficult for us to determine if the problem is in the clipper or some other software on your computer.  As I said before, 19GB is a very large amount of data that should never be transferred to our Chinese servers unless you actually have an account on those servers and are uploading content. 

 

If you are allowed to use the clipper, it would be helpful if you'd use it as you would normally do and then capture the activity log from the clipper and send it to us via a support ticket.

 

Thanks.

Share this post


Link to post
On 2/8/2015 at 8:56 PM, engberg said:

One thing to note about Evernote and Little Snitch ... most of the time, our application only talks to our own servers. But web clips can sometimes throw that off if you manage to clip a web page that includes a reference to the original image on a remote web server instead of copying and storing the image inside your Evernote account itself. In this case, you may see your client go make a network request to that remote web server to retrieve the image when you view the note.

Thanks,

Dave

Well, I see that Evernote on my Mac connects to addresses such as 54.93.148.11 (which according to my investigations belongs to Amazon AWS in Frankfurt, Germany - but it's a little hard for me to see whether this is a valid Evernote server or not - or whether it's some partner of yours - or whether it is even in my interest to allow the connection

Can you please publish the IP ranges that you use for each region.
You may want to take a look at the Network Requirements for Cisco WebEx or VidyoCloud's Firewall Information for Connecting Clients/Endpoints for examples of how this should be done.

 

You could/should also publish which port ranges you use (per tool).

Next, you should publish a list of partners and tools, what they do, how they work, what you share with them (and why)

 

If you are not transparent and open about where you store my data, where you route my data, and who you share my data (and meta-data about me) with, you will run into serious trouble when the European Union's General Data Protection Regulation (GDPR) comes into affect on May 25th 2018 (Yes - it affects Evernote, since you have personal data about EU citizens).

 

Thanks

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×