Feature request: Cloud storage in Europe

[GambaJo 17]

I want to make a proposal.

I would appreciate, if EN would store the data of citizens of the EU in the EU.

I know all the standard bla bla, how safe the data is. In fact it's not. Safe Harbor is over and we have now the Privacy Shield. But this is more or less the same, only with an other name. So as a non US citizen I don't have the control over my data. EN is holding the encryption keys and with the Patriot Act and FISA many people can have access to my data. And En can even be forced to keep the access secret.

Some US companies even get money from the NSA for the access to the personal data of the customers. Legal backdoors. I don't know, if EN get also money for this, but after the last price "adjustment" I can imagine, that EN need badly money.

 

Microsoft started to solve this problem by offering cloud services in the EU. This would be a feature that would be worth the price "adjustment".

[gazumped 11,652]

Hi.  Don't know if any of these will help -

• Security Overview
• Business Security Features
• Customer Security Tips
• Report a Security Issue
• Evernote Product Security Updates

Evernote might be looking into data storage in the UK - we're pretty cheap neighbours just after the Brexit vote;  they may already have some European storage - locations are not the kind of information they share publicly. 

If you are planning World Domination it might be best to invest in a private cloud rather than put your dastardly schemes online - if you think GCHQ has any less access to your online data than NSA -and doesn't share freely with them- you may be in for a rude awakening.

[GambaJo 17]

21 hours ago, gazumped said:

Hi.  Don't know if any of these will help -

• Security Overview
• Business Security Features
• Customer Security Tips
• Report a Security Issue
• Evernote Product Security Updates

Evernote might be looking into data storage in the UK - we're pretty cheap neighbours just after the Brexit vote;  they may already have some European storage - locations are not the kind of information they share publicly. 

If you are planning World Domination it might be best to invest in a private cloud rather than put your dastardly schemes online - if you think GCHQ has any less access to your online data than NSA -and doesn't share freely with them- you may be in for a rude awakening.

No, this doesn't help.

 

Why are these informations EN don't want to share publicly. I don't want the whole address, only the country. This would be transparent.

No, I don't plan World Domination, therefore it's not necessary to observe me or my data. Not by the NSA, not by GCHQ, not by Santa Claus or whoever.

Maybe I'm not important enough, but if I were a company which is using EN for business, I would have worries about economic espionage. It would not be the first time that intelligence agencys does that (just search for "NSA ESA Airbus").

 

Maybe Trump will be the next president of the USA. I wonder, what will happen with all the private data. Even now intelligence agencys can do whatever they want without any control. Maybe you don't see that critical, but there are several terrible examples what can happen, when a government knows everything about their citizens. So this i only digital self-defense.

[gazumped 11,652]

2 minutes ago, GambaJo said:

Why are these informations EN don't want to share publicly

There's no conspiracy of silence here - 1) they've probably never been explicitly asked this question before,  and 2) the number and locations of their server farm(s) might be commercially sensitive information as well as not the sort of thing (as in: anything about security) you post in a public forum.

One of those links above included details of Evernote's privacy policy which includes specific contact details for Evernote on security issues - try reaching out to them direct.

(In case you hadn't gathered this is a user-supported forum so we don't have access to that sort of stuff either...)

[DTLow 5,736]

On July 25, 2016 at 1:53 AM, GambaJo said:

I want to make a proposal.

I would appreciate, if EN would store the data of citizens of the EU in the EU.

.....

I guess every non-US citizen could make similar a similar request.
I'm a Canadian, but can't get too excited that my Evernote data is stored in the US.
I just assume anything on the internet is being read by the NSA/Chinese/Google agents.
If I want something private, I encrypt it.

[GambaJo 17]

@gazumped: I don't see a security issue, when it's public in which country EN stores the data. Because now I already know the current country. And even Microsoft says, that they are building their cloud services also in Germany.

I asked EN months ago about this, but their answer was like "accept it or leave". I accepted, because I was a basic user. But now I'm forced to upgrade. If I pay, I just want my data be save as possible. And the fact is, that my data isn't save in the USA.

 

@DTLow: I can't speak for other non-US citicens, but I think, you're right. But this is not an argument and not a solution.

How can I ecrypt notes in Evernote, if I only use Linux and Android? How can I encrypt the chat? How can I encrypt every note by default (I don't want to do it everytime manually).

And not only the data itself is a privacy problem. The meta data can show many details about you and your life.

[s2sailor 2,181]

3 hours ago, GambaJo said:

if I were a company which is using EN for business, I would have worries about economic espionage

I agree but I don't think the answer is where the servers are located, I feel the solution is encryption.  I'm surprised that any company would use EN (or any cloud based app) for business without zero knowledge encryption.  If you peruse the forums you will see that users have been clamoring for notebook level encryption since the beginning.  A few years back the prior CEO made a comment about "sexy encryption" coming.  Instead, it appears we got work chat.  It is a puzzle to me that any company that wants to position their product for business / professional use would not have encryption at the top of their feature to do list.

[GambaJo 17]

Ok, so what I understeand now is, if privacy is important to you, don't put important or business data in EN. Even if you pay.

[s2sailor 2,181]

4 hours ago, GambaJo said:

Ok, so what I understeand now is, if privacy is important to you, don't put important or business data in EN. Even if you pay.

I would change that to: if privacy is important to you, don't put important or business data in any cloud based app.   The next step down is to first encrypt your important data before putting it online.  For text based notes I use the built in EN encryption.  For everything else I use encrypted pdfs.  Notebook level zero knowledge encryption would, IMO, be the best solution and I hope that someday EN chooses to impliment it.  It would go a long way in helping the recent Premium price increase be more palpable.

[zambanini 0]

many companies can not and do not use EN because of the US storage only concept 

[GambaJo 17]

Sorry guys, I don't care anymore. I'm corrently running a Nextcloud instance on my Raspberry Pi 4 with a note app. And if it doesn't fit my requirements, I will try joplin. I'm done with EN.

[PinkElephant 8,071]

EN is compliant with the GDPR of the European Union, so it is safe to store data with privacy content there, even as a commercial user. Part of it is based on the Safe-Harbour-Agreement, and everybody may decide based on this facts. They are not hidden, nor is the fact that EN uses a distributed server structure.

Servers are located worldwide, hosted by Goggle in its data centers, and the data of any user is located in several data centers, with one copy close to the usual point of entry, and other copies distributed as disaster precaution, and for availability during maintenance. See the video about the recent improvements, it becomes pretty clear that they invested a lot to really boost the machines that run the show.

It is a very unrealistic approach that in todays cloud services any „bit“ of personal information would be located in a specified server in a given place. This is different if a company hosts say the SAP database with a cloud company, but the general cloud services distribute copies of data.

So if you feel better, go and host your own stuff. Hope you are a good admin, keep the server up to date at any moment and run a solid firewall plus frequent backups. It can be a nice hobby (I am running my own Synology based server, so I know what I am talking about), but pretty time consuming and by all means less safe than cloud hosting.

[GambaJo 17]

This is the usual PR stuff. With the CLOUD Act the USA gives itself the permission to access data even if it's stored in the EU, when the data is stored by an US company. They don't care about GDPR.

Yes, Google servers are located worldwide, but in many countries there are local companies with local datacenters. Once Microsoft had a cloud with servers located only in Germany.

Yes, I feel better with hosting my stuff. It's not rocket science anymore. Most of the tasks can be autmated.  I'm just a small target with a small value for hackers. But EN with all the data from thousends of users is a more valuable target. And I'm independent from ENs pricing surprise like in 2016.

[PinkElephant 8,071]

The difference with complying to GDPR for companies / professional use is primary a legal aspect. One has to make it compliant, otherwise there is a legal risk for not taking care. If you use a service with a professional background, you better take care of that.

About the rest we do not need to discuss. One may say „I wonder whether I am paranoid ?“. And the other answers „I wonder that as well, but am I paranoid enough?“. So it is not a discussion about how cloud services work, but it is about what you (or I) believe about their privacy.

So have fun with your newly won freedom to look after your data yourself.