Jump to content

"Goodbye, Evernote." -or- How to disregard privacy and security, while losing customers.


rwizard

Recommended Posts

I was a fairly early adopter of Evernote.  But a couple of years ago I became concerned about the lack of proper security and privacy.  Although I stopped adding material at that time, I was hopeful that as people became more attuned to these issues that Evernote would improve, so I left my account open.  Sadly, they haven't improved.  Today I got an email letting me know that my 50% off upgrade offer was about to expire.  I decided that this was my signal to fish or cut bait.  I spent a little time reading the current policies and confirmed what I already suspected.  Evernote doesn't have a clue about privacy or security.

Perhaps one day Evernote will catch up with the rest of the world.  Zero Knowledge cryptography is where they need to be.  Zero Knowledge would mean no more capabilities for Evernote employees to peruse our "private" files. (I know, "our employees wouldn't do that - just trust us.")  It would also mean no more worrying about a web site compromise resulting in your sensitive personal information ending up for sale on Darknet.  Yes, we've heard it all before, "we only read your stuff if we really need to" (or are really bored). And:  "Secure sites like ours are safe from hacking." (Ever read the news?)

The truth is that no system where the custodian of your sensitive data is also the custodian of the keys to that data, is acceptable.  We need a system where we hold our own keys.  We need an open architecture so that we know you are worthy of our trust.  Or, at the very least, ongoing independent audits by respected security experts known to the community.  We need a company whose management understands that there is never a "good reason" for a private company to examine customer data to check for "violations".  Law enforcement, with a warrant, maybe.  But no CEO or designee of that CEO is qualified to assume that extra-judicial role.

So today I have waded through the onerous (and I believe intentionally crippled) process of exporting my data.  Having completed that Herculean labor, I now have deleted everything of mine from the site.  I will wait a day or two for the dust to settle in case I have missed something, and then I will permanently delete my account. 

By the way, I'm not particularly happy about this. 

Evernote had the potential to be something great.  But they have fallen short.  And I note that with a product that is available on hundreds of millions of devices around a fair portion of the globe, Evernote has a mere 250,000 (approximately) customers.  Perhaps that pathetic market showing, for a product that could be ubiquitous in its utility, speaks more eloquently than anything I could ever say about the need for Evernote to respect their customers enough to deploy a truly secure product, and to stop looking at the content of our personal data as something they are free to explore for "a good reason" (like monetization? I know, "trust us".).

If Evernote ever figures out that they are in a security and privacy sensitive service business, not the customer exploitation business, and if they demonstrate their newfound enlightenment by reinventing themselves as a secure privacy aware platform, I'll come back.  In the meantime, its been fun, and its been real, but it hasn't been real fun.  See you all on the 'net.

Link to comment
  • Level 5*
10 minutes ago, jefito said:

I'd be curious to know where you got that number. I'm pretty sure that it's more than that...

Actually "250,000 (approximately) customers" could be right although I thought it was millions of customers
Of course there's also 200+ million non-paying users  
:)

Link to comment
On September 8, 2016 at 4:08 PM, rwizard said:

I was a fairly early adopter of Evernote.  But a couple of years ago I became concerned about the lack of proper security and privacy.  Although I stopped adding material at that time, I was hopeful that as people became more attuned to these issues that Evernote would improve, so I left my account open.  Sadly, they haven't improved.  Today I got an email letting me know that my 50% off upgrade offer was about to expire.  I decided that this was my signal to fish or cut bait.  I spent a little time reading the current policies and confirmed what I already suspected.  Evernote doesn't have a clue about privacy or security.

Perhaps one day Evernote will catch up with the rest of the world.  Zero Knowledge cryptography is where they need to be.  Zero Knowledge would mean no more capabilities for Evernote employees to peruse our "private" files. (I know, "our employees wouldn't do that - just trust us.")  It would also mean no more worrying about a web site compromise resulting in your sensitive personal information ending up for sale on Darknet.  Yes, we've heard it all before, "we only read your stuff if we really need to" (or are really bored). And:  "Secure sites like ours are safe from hacking." (Ever read the news?)

The truth is that no system where the custodian of your sensitive data is also the custodian of the keys to that data, is acceptable.  We need a system where we hold our own keys.  We need an open architecture so that we know you are worthy of our trust.  Or, at the very least, ongoing independent audits by respected security experts known to the community.  We need a company whose management understands that there is never a "good reason" for a private company to examine customer data to check for "violations".  Law enforcement, with a warrant, maybe.  But no CEO or designee of that CEO is qualified to assume that extra-judicial role.

So today I have waded through the onerous (and I believe intentionally crippled) process of exporting my data.  Having completed that Herculean labor, I now have deleted everything of mine from the site.  I will wait a day or two for the dust to settle in case I have missed something, and then I will permanently delete my account. 

By the way, I'm not particularly happy about this. 

Evernote had the potential to be something great.  But they have fallen short.  And I note that with a product that is available on hundreds of millions of devices around a fair portion of the globe, Evernote has a mere 250,000 (approximately) customers.  Perhaps that pathetic market showing, for a product that could be ubiquitous in its utility, speaks more eloquently than anything I could ever say about the need for Evernote to respect their customers enough to deploy a truly secure product, and to stop looking at the content of our personal data as something they are free to explore for "a good reason" (like monetization? I know, "trust us".).

If Evernote ever figures out that they are in a security and privacy sensitive service business, not the customer exploitation business, and if they demonstrate their newfound enlightenment by reinventing themselves as a secure privacy aware platform, I'll come back.  In the meantime, its been fun, and its been real, but it hasn't been real fun.  See you all on the 'net.

I'm sure that with added security takes away from user experience. So there is a trade-off. However,  there are viable solutions that address your concerns. Don't let that stop you from using such a great service. If you're serious about privacy and security, then enable two way verification and install third party app Safe room. Safe room is an amazing app to protect privacy and security. Between those two security measures you have everything you need. Unless you're working with classified information ... Otherwise you'll be adding top tier security to your Evernote account. 

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...