Jump to content

Evernote’s future is in the cloud


benmc

Recommended Posts

  • Level 5*
35 minutes ago, DTLow said:

My understanding is the Note History gets deleted when the notes are deleted
 

... but if I read the post correctly,  these aren't being deleted,  just moved.  They'll have history (IIRC) in the new local notebook,  but you're right - the 'old' online history will be gone from the 'live' copy of the account on the server.  Evernote keeps archival backups though (I believe) for a period - so there will be several other copies of the historical backups stored offline,  to be overwritten over a period as new backups are stored.  It won't be immediate,  but the history will be completely gone.

Link to comment
  • Replies 464
  • Created
  • Last Reply

I am not sure why there is so much angst concerning this decision.  They are moving from their servers to Google's data center.  It could be that Google can protect your data better than Evernote can.  And, it is wise not to put sensitive data in the cloud--no matter whose server it is on!

Link to comment
  • Level 5*

Actually, as I recall, deleting data on Evernote will get rid of it and your note histories so that you cannot access it. However, it takes a few months for it all to get cycled out of the system. There are backups and so forth. I'm not sure if those are going over to Google or not. You might want to start a support ticket and ask them directly.

I am probably a little more paranoid or security conscious than I need to be, but I do think we ought to be taking people's concerns seriously in this thread. We may not agree with them, but we should also respect them. I think there are reasons why people are leery of Google -- a company that has pioneered surveillance capitalism. Besides its regular policy of mining our data (many folks are thinking of that when they see Evernote's plan), which I think we all agree is against the rules in the case of hosting our data on its servers, Google's been hacked by a couple of governments (China and the US), it's handed over a lot of data to the US government (it complies something like 95% of the time -- the percentage is much less for Apple), and it's broken laws (German data protection laws). These are just the systemic, large-scale problems. They've had at least one employee abuse his access to user data to stalk kids. And, their CEO has infamously said about privacy that if you don't want people to know something, don't do it.  These are facts. Some people look at them and draw the conclusion that Google is evil. I don't. I look at it and I see yet another company putting many, many things ahead of user privacy. Privacy isn't their first priority and the CEO does not value it as much as I would like. But, the truth is that there are all kinds of companies who have much worse track records. In fact, I think the hack of Evernote a couple years back was an especially bad one, even if it didn't ultimately result in the kind of damage we have seen with other companies. Evernote has the right attitude, most of the time, but that isn't enough. So, I'd say it is fair to at least be concerned about how your data is being handled by Evernote and Google, and I wouldn't dismiss the concerns of fellow users so quickly as tin-foil hat conspiracy theory nuttiness. After Snowden, I think we all realized that the reality is even worse than many of us imagined when it comes to how vulnerable we are.

After the comments from Ben in this thread (I encourage people to read through them), I'm actually inclined to give them both the benefit of the doubt here, as I think Google has a lot riding on getting security / privacy right here, and Evernote has fully committed to its three laws. I still have my reservations, and I've taken appropriate steps with my own account just in case (erased much of the data, because it was of a semi-confidential nature), but I also don't plan on leaving Evernote anytime soon. It still has its uses -- I just want to keep less sensitive data in it from now on. Is this the paranoid ravings of a lunatic? After reading the stuff above, I hope no one thinks so, but for my use case, I'm just not ready to rely on "trust." I prefer zero-knowledge encryption and then "trust" :) 

 

Link to comment
46 minutes ago, tony10000 said:

I am not sure why there is so much angst concerning this decision.  They are moving from their servers to Google's data center.  It could be that Google can protect your data better than Evernote can.  And, it is wise not to put sensitive data in the cloud--no matter whose server it is on!

I think most users can not make the distinction between google search and google cloud services.  Using google's data center is totally different than the search service.  For one, evernote rents the server space and traffic.  They own the data on those servers, not google.  This is equivalent to using Amazon Web Services.  Spotify uses google cloud, dominos, best buy...,slack# uses AWS, so does Netflix and a ton of other companies you use every day.  Google cloud is new and trying to compete with AWS...this has nothing to do with google search.  

BTW, from using AWS, one of the advantages for users is that servers can be added automatically as your traffic spikes. So you don't get downtime as often, it's not slow during heavy traffic period, updates can be implemented without downtime.  Evernote can always have the newest, fastest and most secure servers to keep your data safe. Hopefully google cloud has very similar functionality to AWS.

Link to comment
20 minutes ago, GrumpyMonkey said:

Actually, as I recall, deleting data on Evernote will get rid of it and your note histories so that you cannot access it. However, it takes a few months for it all to get cycled out of the system. There are backups and so forth. I'm not sure if those are going over to Google or not. You might want to start a support ticket and ask them directly.

I am probably a little more paranoid or security conscious than I need to be, but I do think we ought to be taking people's concerns seriously in this thread. We may not agree with them, but we should also respect them. I think there are reasons why people are leery of Google -- a company that has pioneered surveillance capitalism. Besides its regular policy of mining our data (many folks are thinking of that when they see Evernote's plan), which I think we all agree is against the rules in the case of hosting our data on its servers, Google's been hacked by a couple of governments (China and the US), it's handed over a lot of data to the US government (it complies something like 95% of the time -- the percentage is much less for Apple), and it's broken laws (German data protection laws). These are just the systemic, large-scale problems. They've had at least one employee abuse his access to user data to stalk kids. And, their CEO has infamously said about privacy that if you don't want people to know something, don't do it.  These are facts. Some people look at them and draw the conclusion that Google is evil. I don't. I look at it and I see yet another company putting many, many things ahead of user privacy. Privacy isn't their first priority and the CEO does not value it as much as I would like. But, the truth is that there are all kinds of companies who have much worse track records. In fact, I think the hack of Evernote a couple years back was an especially bad one, even if it didn't ultimately result in the kind of damage we have seen with other companies. Evernote has the right attitude, most of the time, but that isn't enough. So, I'd say it is fair to at least be concerned about how your data is being handled by Evernote and Google, and I wouldn't dismiss the concerns of fellow users so quickly as tin-foil hat conspiracy theory nuttiness. After Snowden, I think we all realized that the reality is even worse than many of us imagined when it comes to how vulnerable we are.

After the comments from Ben in this thread (I encourage people to read through them), I'm actually inclined to give them both the benefit of the doubt here, as I think Google has a lot riding on getting security / privacy right here, and Evernote has fully committed to its three laws. I still have my reservations, and I've taken appropriate steps with my own account just in case (erased much of the data, because it was of a semi-confidential nature), but I also don't plan on leaving Evernote anytime soon. It still has its uses -- I just want to keep less sensitive data in it from now on. Is this the paranoid ravings of a lunatic? After reading the stuff above, I hope no one thinks so, but for my use case, I'm just not ready to rely on "trust." I prefer zero-knowledge encryption and then "trust" :) 

 

Very well said!

Link to comment
  • Level 5*
18 minutes ago, zotje said:

I think most users can not make the distinction between google search and google cloud services.  Using google's data center is totally different than the search service.  For one, evernote rents the server space and traffic.  They own the data on those servers, not google.  This is equivalent to using Amazon Web Services.  Spotify uses google cloud, dominos, best buy...,slack# uses AWS, so does Netflix and a ton of other companies you use every day.  Google cloud is new and trying to compete with AWS...this has nothing to do with google search.  

BTW, from using AWS, one of the advantages for users is that servers can be added automatically as your traffic spikes. So you don't get downtime as often, it's not slow during heavy traffic period, updates can be implemented without downtime.  Evernote can always have the newest, fastest and most secure servers to keep your data safe. Hopefully google cloud has very similar functionality to AWS.

I do think that is an important distinction to make, and that is one of the reasons I am hopeful that this will all work out well for everyone involved. However, cloud services is still part of the same organization, and it is affected by company culture and policies -- this can be both good and bad. Google's attitudes towards privacy in the past could be a problem if they are still percolating about internally. I hope that is not the case. It's worth mentioning that after Snowden's leaks, Google was extremely aggressive at responding to its vulnerabilties and, in many ways, pulling ahead of others with security, so that aspect of Google's culture might well have changed.

AWS or Google aren't sufficient on their own to protect us. Interestingly, moving to the cloud sometimes invites some truly terrible data breaches, as residents of AWS have found. As far as I know, Amazon has not been directly implicated in them. Instead, errors made by staff in companies are apparently to blame. Still, the point is that it isn't easy being a steward of someone's data, and you want someone handling it who is trained, professional, and careful. Evernote and Google seem to have this mindset, so fingers crossed.

Link to comment
  • Level 5*
1 hour ago, GrumpyMonkey said:

 I prefer zero-knowledge encryption and then "trust" :) 

I also protect my private data with encryption, and I'm free from fear of snooping by evil governments, Google, Spouse etc

There are existing requests for encrypted notebooks and they might get implemented someday.

Until then, I make use of Evernote's text encryption for non-static stuff.  Mostly, I use encrypted pdfs

Link to comment
  • Level 5*

One of the reasons I have been advocating for an encrypted notebook of some kind (zero-knowledge, of course, not this plan of handing the encryption keys over to Google that we have for our data at rest) is that it removes "trust" from the equation and allows users to control the amount of privacy they want / need. That way, we can really keep everything in Evernote, and do it without hassle. Encrypting everything before putting it onto the cloud is a bit of a pain, to be honest, especially when we are talking about thousands of files. But, Evernote has nixed that idea (earlier in this thread), so the best option, for now, is to encrypt it yourself or use a third-party service like Saferoom (Evernote integration).

In hacking news today, Yahoo! just announced the biggest hack in history. To me, that seems like another reason to push again for better encryption options. Actually, I barely need even the flimsiest of excuses to push for this :)  I am not so much concerned about the physical security of Google's servers, to be honest (I am, but that scenario is a little less likely, and would probably involve a government seizure of some kind like the one we saw with Dot Com). In an ideal world, we would pay Evernote and Google to do some really cool stuff, but also keep the encryption keys in our hands. This would require more client-side processor work, but I'm OK with that. It won't happen, I know, but that is what I think would be ideal. As long as companies can access our data, so can hackers (state-supported or private).

 

 

Link to comment

Google lives to grab information. That is the sole purpose of Google, to get as much information as they can about you so they can flog their advertising. If they have all this data becoming available they would be stupid not to take advantage of it. I trust Evernote, I don't trust Google. I don't have anything that would require encryption when taken alone, but I still don't like the idea of giving even totally innocuous data to Google. A bit found here added to a bit found there and the overall picture can often be seen and often misinterpreted. That's why Google is so successful. I'm just uneasy with giving Google access to my data, and if it's on their servers, they have access. Period.

Link to comment

My critical data is unhackable. It written on legal pad  pages and sits in a manila folder on my desk. The stuff I put into Evernote could end up on the front page of the New York Times and I wouldn't care. If it's online it's vulnerable no matter if it's on Evernote's servers or Google's. 

 

Link to comment
On 9/20/2016 at 3:18 PM, Krunoslav said:

All this sounds a bit to much like "Good all boy" network. I would not be surprised if this is ground work for Google take over and in few years Evernote will be GoogleNote. Something just smells bad. What do you guys think.

It seems inevitable that Google will acquire Evernote. I'm sad about this, because I use a lot of different devices and I like Evernote being independent. But my main concern is security. I would rather my notes be secured by Google than by a company that's struggling.

Link to comment
  • Level 5*
50 minutes ago, mprogram said:

It seems inevitable that Google will acquire Evernote.

This doesn't sound like a Google enterprise.  They seem to prefer offering free services and advertise to the users; for example the Keep service

edited: thanks for reminding me about Google Apps for Work.  I forgot about that side of the business

Link to comment

It makes sense as part of their paid service, Google Apps for Work. Even the description on the website for the new Google Drive integration with Evernote hints at this "Evernote and Google Drive: A smarter way to work - No more switching between apps. Now ideas can flow effortlessly.".

Link to comment
8 hours ago, OrbWeaver said:

Google lives to grab information. That is the sole purpose of Google, to get as much information as they can about you so they can flog their advertising. If they have all this data becoming available they would be stupid not to take advantage of it.

Yes, it would be stupid and illegal to do that. But as you have said, you don't trust them, so no fact will change your opinion

Link to comment
  • Level 5*
13 hours ago, OrbWeaver said:

Google lives to grab information. That is the sole purpose of Google, to get as much information as they can about you so they can flog their advertising.

There are some divisions of Google where that is true, for example Search
There are other division of Google where that is not true. for example Cloud Platform

Can you comprehend the difference 

 

Link to comment

I finally got a direct response on this matter concerning China:   If I do not get a refund I'll be contacting the attorney general    Yinxiang is the Chinese version of Evernote but I would have to get a new account and pay again to use it  Also, it is in Chinese.  I am not Chinese.  I am an American living and doing business in China.  I'm sure I am not the only American in this country of over one BILLION people who uses Evernote.  Many of my colleagues here also do.  

 

Quote

Tyler N. (Evernote Help and Learning)

Sep 23, 09:17 PDT 

Hi there,

My name is Tyler, and I'll be the agent working with you.

I understand that you are concerned about accessing your Evernote account in China after our migration to Google Cloud. I would be happy to help.

Since the Chinese government blocks Google, this would prevent you from accessing Evernote when the migration occurs. However, if you have access to a VPN then you will be able to continue accessing Evernote and Google. We have already experienced issues with our servers working well in China and we actually have a specific app for your country called Jinxing. You can sign up and find more information here: https://www.yinxiang.com

As far as a refund is concerned, I won't be able to offer a refund since the date of your purchase is beyond our 30 day return policy and our system is unable to process refund beyond that date. If you would like to cancel you account going forward though, this can be done in your Evernote Account Settings.

Thanks for contacting Evernote Support, please let me know if you have any additional questions or concerns.

Regards,
Tyler N.

 

Link to comment
  • Level 5*
1 hour ago, Rick Conners said:

I finally got a direct response on this matter concerning China:   If I do not get a refund I'll be contacting the attorney general    Yinxiang is the Chinese version of Evernote but I would have to get a new account and pay again to use it  Also, it is in Chinese.  I am not Chinese.  I am an American living and doing business in China.  I'm sure I am not the only American in this country of over one BILLION people who uses Evernote.  Many of my colleagues here also do.  

 

 

Hmmm ... Evernote changes their service rendering it unusable by you.  I have to believe that, at a minimum, they should offer you a prorated refund based on the time you were able to use the service.  Hopefully you will see a different response down the line.  This may be a situation they have not thought through yet.  Good luck.

Link to comment
  • Level 5*
11 minutes ago, Rich Tener said:

We are not changing our refund policy for this announcement. Please visit this page for information on refunds: https://help.evernote.com/hc/en-us/articles/208314118

I'd agree the "I hate Google" people don't have a case for refund,

but I think you should reconsider for the China group if they are truly no longer able to use your service

Link to comment
On 9/22/2016 at 3:39 AM, Cherice B said:

Ben,

I have one very important question for you.  I plan to move the bulk of my notes offline to a local folder.  However, I know that Evernote keeps history of each note (so we can go back to a previous version of that note).  Does that mean that even if I take my notes offline before 10/10, the history of said notes will still be transferred to Google's cloud platform?  Please advise...

Thanks, Cherice

Hi @Cherice B, If you move a note into a local notebook, it makes a copy of the note to that notebook and moves the original note to your Trash. If you want to delete that note, you'll need to empty your trash. See this link for more information on how to do that: https://evernote.com/contact/support/kb/#!/article/23176542.

As @gazumped mentioned, we do maintain backups, so you should refer to section IV of our privacy policy for more information about that: https://evernote.com/legal/privacy.php.

Link to comment
12 minutes ago, DTLow said:

I'd agree the "I hate Google" people don't have a case for refund,

but I think you should reconsider for the China group if they are truly no longer able to use your service

Yes if they are unable to use the service, without doing something illegal, then the remainder of their subscription should be refunded. Its not like they are asking for their money back because they don't like the move to Google cloud.

Link to comment
  • Level 5*
8 hours ago, Rick Conners said:

Notice they also recommended I commit an illegal act in China by using a VPN. 

Is that true, using a vpn is illegal in China?

This topic is full of people making up stuff and posting as fact.  Can you point to a source as to the legality?

I had understood the China govt was working on blocking vpns, but using them wasn't illegal.

Link to comment
15 minutes ago, CGray said:

Yes if they are unable to use the service, without doing something illegal, then the remainder of their subscription should be refunded. Its not like they are asking for their money back because they don't like the move to Google cloud.

So would they refund money based on people saying they are moving to China or should they require proof? What if I spend 6 weeks in China and come back? Would I get a partial prorated refund during the period it's unavailable to me? The refund for going to China suggestion seems  pretty impractical.

 

Link to comment

@Rick Conners

The reply you received from our agent was not an official response, and we have taken steps to educate the team. We haven’t begun the migration, which begins October 10th and will take a period of weeks to complete. At this time we can’t say with any certainty how this migration will impact your ability to access the Evernote service from China. 

As we note in our Terms of Service (under the "Right to Modify the Service” section), from time to time you may not be able to access your Evernote content. However, we will try to remedy the situation if you are paid subscriber. If you find that your ability to access the service from China is adversely impacted, please contact customer support.  

Link to comment
  • Level 5*
15 minutes ago, JH2 said:

What assurances do I have that Google will not "aggregate" my data and use it for their purposes?  I don't want Google accessing / using my data at all.

Have you read the Evernote postings in this discussion? They have provide assurances, and a TOS contract.

Link to comment
  • Level 5*
12 minutes ago, Billy W said:

I don' mind the cloud...I think that's a good idea. But what I would REALLY like is for a calendar t be added.

Not cool to hijack this discussion with feature requests

You might want to check out this discussion

https://discussion.evernote.com/topic/98764-2017-calendar/?do=findComment&comment=424759

 

Link to comment
  • Level 5*
8 minutes ago, dudeman313 said:

 

Thank you all for being so gracious in answering our questions and concerns. 

Can I ask for clarification?

What does Google do with data generated about our notes? (aka metadata)

For example, after an image in my note goes thru the Google API is the metadata generated stored? How is it used?

Did I miss something - there might be future potential but I didn't think there are any current plans for processing of our data by Google's API

Link to comment
On 9/15/2016 at 9:10 PM, benmc said:

It's probably a good idea that we think about an example.

If someone decides to use the Google Cloud Vision API, it would allow them to analyze and classify images.

Details of this service are here https://cloud.google.com/vision/

Now in order to use this service they would need to pass to Google via an API a copy of their image and what they would get in return is classification details about that image.

So the obvious question now is 'What do Google do with the image you send them? Do they use it for other purposes?'

Now if you dig into the Terms of Service (https://cloud.google.com/terms/) you will find the following

'5.2 Use of Customer Data. Google will not access or use Customer Data, except as necessary to provide the Services to Customer.'

This means that Google has no right to use or access that image for any other purpose other than to provide to you the classification of that image via the API.

 

We hope this provides some clarity to the question.

Ben

 

@DTLow

So while I understand that Google doesn't do anything with my image... what happens to data created about my image resulting from the API?

Link to comment
On 9/21/2016 at 11:44 AM, DCDawg said:

I asked a cogent question about security and privacy based on their and Google's claims yet I have not heard anything from them.

Let's see if Evernote responds to the following:

  1. Having been involved in a review Google's FedRAMP certification, it is difficult to trust Google's assertions of their security. The other certifications they mention are known to be less rigorous (ISO 27000 is close but the requirements are less than FedRAMP and PCI-DSS is far less than FedRAMP). This is NOT conspiracy theory. This is a serious review of Google's security assertions.[*] However, this would only be effective for the IaaS portion of the service. What changes for Evernote's security? Will Evernote undergo certification? 
  2. While Google and their contract might say that your data is private, there is a risk of data at rest within a cloud infrastructure. Aside from the conspiracy theories of what Google will do, how can we know that Evernote is mitigating the risks to our data at rest?

[*] Before someone says that their documentation is FedRAMP compliant, please read their words again. Their application engine has a few agency certifications. Their IaaS and services are NOT FedRAMP certified. Moreover, the application engine is distinct from their infrastructure which is not certified.

Yes, I do this government infosec stuff for a living. 

Hi @DCDawg, happy to respond.

1. We aren’t FedRAMP compliant today, so meeting all the requirements for a FedRAMP certification wasn’t a requirement for us. As part of our security review process, we reviewed their audit reports and asked a lot of questions. My goal is to protect your data (and mine) and ensure that our service providers have reasonable security protections in place. Google does. We aren’t planning to pursue any additional certifications for ourselves right now, but moving into Google Cloud Platform does help with built-in capabilities like encryption at rest.

2. Do you have a specific threat scenario you are concerned about? We have protective capabilities in our data centers that we are implementing in GCP using their native features, plus some additional ones we are engineering. I’d like to save a lot of the detail for a future blog post, but happy to let you know how we address a particular risk that you are concerned about.

Link to comment
5 hours ago, gbarry said:

@Rick Conners

The reply you received from our agent was not an official response, and we have taken steps to educate the team. We haven’t begun the migration, which begins October 10th and will take a period of weeks to complete. At this time we can’t say with any certainty how this migration will impact your ability to access the Evernote service from China. 

As we note in our Terms of Service (under the "Right to Modify the Service” section), from time to time you may not be able to access your Evernote content. However, we will try to remedy the situation if you are paid subscriber. If you find that your ability to access the service from China is adversely impacted, please contact customer support.  

I don't think Evernote knowingly disallowing millions of users to not access the service falls under "from time to time."  This is Evernote knowing users won't be able to access the service if Evernote does x, but willingly does x anyway.  I want Evernote to NOT do this migration.  I have used the service for 7 years and I have a lot of data which I need access to.  This is not a temporary lack of service because of a power outage.  I don't understand why Evernote wants to lose over a billion potential clients.

Link to comment
On 9/21/2016 at 5:01 PM, mz123 said:

Here's something I haven't seen discussed here. Evernote touts that their (our) data will be encrypted at rest after moving to Google. But why must Google have the keys? Why can't only Evernote retain those keys? If Google disallows that for some technical reason, why can't Evernote encrypt just the subset of the server data that holds our data? It seems to me that would be a much better way to secure the data, and also people's worries!

Putting it another way.... People are understandably worried that their valuables will be exploited when changing landlords (who can enter the building at will). Why can't Evernote move safes into the building that contain those valuables, rather than move the valuables in plain sight?

It seems to me this would confer great advantages, confer trust, and maintain the cost and scalability benefits Evernote desires. If the answer is "no", then I'd like to understand why Evernote (or Google) insist that the data must be shared with Google.

Can Evernote reply to this? Why not solve 90% of the concerns here with by simply keeping the encryption keys away from Google?

Link to comment
7 hours ago, DTLow said:

Is that true, using a vpn is illegal in China?

This topic is full of people making up stuff and posting as fact.  Can you point to a source as to the legality?

I had understood the China govt was working on blocking vans, but using them wasn't illegal.

Why would they try to block VPNs if they were not illegal?  What is the point of blocking websites then allowing everyone to access them with VPNs?

Link to comment
7 hours ago, DTLow said:

Is that true, using a vpn is illegal in China?

This topic is full of people making up stuff and posting as fact.  Can you point to a source as to the legality?

I had understood the China govt was working on blocking vans, but using them wasn't illegal.

Also, hundreds of students at my school use Evernote in the classroom.  They will not be able to do their classwork.  Entire teaching plans will have to be redesigned.  I'm sure I am not the only teacher in China using Evernote in the classroom.  Not even considering the financial aspect, Evernote is ignoring millions of users who will no longer be able to use the service for education.  Why isn't this being addressed?

Link to comment
  • Level 5*
3 hours ago, Rick Conners said:

I don't think Evernote knowingly disallowing millions of users to not access the service falls under "from time to time." 

 

3 hours ago, Rick Conners said:

Also, hundreds of students at my school use Evernote in the classroom. 

Do we know this for a fact.

Could we wait until the servers are switched and deal with the problem then.

However, I would make preparations in case there is no access.

Link to comment
6 hours ago, Rick Conners said:

Also, hundreds of students at my school use Evernote in the classroom.  They will not be able to do their classwork.  Entire teaching plans will have to be redesigned.  I'm sure I am not the only teacher in China using Evernote in the classroom.  Not even considering the financial aspect, Evernote is ignoring millions of users who will no longer be able to use the service for education.  Why isn't this being addressed?

Can you use Spotify?

Link to comment
1 minute ago, Rick Conners said:

No.  I use Apple Music though.  I don't think Spotify is blocked by the government.  It's just not available outside the US. 

 

Spotify is available in almost worldwide. If Spotify is not blocked in Chinese government, then Evernote should not be blocked by Chines government.

 

You're confusing Google company with companies using Google cloud offerings

Link to comment
On 9/22/2016 at 9:03 AM, DTLow said:

My understanding is the Note History gets deleted when the notes are deleted

But for those with trust issues, can you believe anything they tell you :mellow:
And there's also the copies being kept by the US Govt:mellow:

The only "trust issue" is whether you actually trust Google, a company that has been pissing on privacy rights for 25 years. 

Link to comment
  • Level 5*
2 hours ago, jbrady0986 said:

The only "trust issue" is whether you actually trust Google, a company that has been pissing on privacy rights for 25 years. 

Wow - do you have any examples
I use Google and I know when using add supported applications, the data is mined; for example Search

I do trust the services which are contracted as secure; I just don't have the "hater" mentality

Link to comment
6 hours ago, jbrady0986 said:

The only "trust issue" is whether you actually trust Google, a company that has been pissing on privacy rights for 25 years. 

For anyone similarly concerned that they might do business with a company using Google's Cloud platform, here's a partial list. Domino's (the whole world could learn our topping preferences), Evite (Going to a party this weekend? Google might know where!), Khan Academy (Could report you to the NSA for taking classes useful to hackers), Stanford University’s Center of Genomics and Personalized Medicine (the privacy pitfalls are endless) . The list goes on. https://cloud.google.com/customers/ 

Link to comment
19 hours ago, Rich Tener said:

Hi @DCDawg, happy to respond.

1. We aren’t FedRAMP compliant today, so meeting all the requirements for a FedRAMP certification wasn’t a requirement for us. As part of our security review process, we reviewed their audit reports and asked a lot of questions. My goal is to protect your data (and mine) and ensure that our service providers have reasonable security protections in place. Google does. We aren’t planning to pursue any additional certifications for ourselves right now, but moving into Google Cloud Platform does help with built-in capabilities like encryption at rest.

2. Do you have a specific threat scenario you are concerned about? We have protective capabilities in our data centers that we are implementing in GCP using their native features, plus some additional ones we are engineering. I’d like to save a lot of the detail for a future blog post, but happy to let you know how we address a particular risk that you are concerned about.

1. The FedRAMP question was not one of being compliant but of being a reviewer of their attempt at being FedRAMP compliant and finding issues that I would want address before any testing. I don't know what Evernote's "security review process" consists of, but I have questions about their abilities to meet basic requirements.

Your last sentence in #1: "... but moving into Google Cloud Platform does help with built-in capabilities like encryption at rest." Are you saying that you will be using encryption for data at rest? If so, I remember reviewing their documents and was concerned about their key management process. Key management is difficult and I have seen very few do it right. I am not sure that Google is doing it right based on what I have seen. Maybe Evernote should be looking at alternate key management capabilities because I think that the risk to users may be leaving you open.

2. Many services have had the "oops, I'm sorry" moment regardless of their SLAs and TOS. Google has an aggressive reputation for data mining. If the encryption keys are being managed by Google and Google's services, what assurances do we have that there will not be an "oops, I'm sorry" moment? As part of the privacy of the user's data, will the notes be encrypted point-to-point. This means that the note encrypted on the user's computer or device, transmitted to Google encrypted, never decrypted but stored on their servers? This means Evernote's services cannot read them and all processing is being performed on the client.

In that regard, what is Evernote doing to protect the browser users against browser hijacks? I am assuming Evernote is using Google as an IaaS and PaaS service. This means that the protection of the data falls on Evernote's programs. Would this mean that Evernote manages its own API for creating interfaces or will the clients be using Google's APIs to interact with our data?

In case you were wondering: yes, I do this information security stuff for a living and have been doing so for over 30 years and the last 20 years in the federal government. I know this stuff is hard which is why I am asking!

Link to comment
20 hours ago, DCDawg said:

Your last sentence in #1: "... but moving into Google Cloud Platform does help with built-in capabilities like encryption at rest." Are you saying that you will be using encryption for data at rest? If so, I remember reviewing their documents and was concerned about their key management process. Key management is difficult and I have seen very few do it right. I am not sure that Google is doing it right based on what I have seen. Maybe Evernote should be looking at alternate key management capabilities because I think that the risk to users may be leaving you open.

We will be using Google’s built-in encryption-at-rest features, which they describe here and here. This only addresses the risks associated with physically stealing a storage device or a failure in their drive disposal process. We did discuss key management practices with Google and had no concerns about their ability to address those risks.

20 hours ago, DCDawg said:

2. Many services have had the "oops, I'm sorry" moment regardless of their SLAs and TOS. Google has an aggressive reputation for data mining. If the encryption keys are being managed by Google and Google's services, what assurances do we have that there will not be an "oops, I'm sorry" moment? As part of the privacy of the user's data, will the notes be encrypted point-to-point. This means that the note encrypted on the user's computer or device, transmitted to Google encrypted, never decrypted but stored on their servers? This means Evernote's services cannot read them and all processing is being performed on the client.

We are relying on the strength of our contract with Google and not introducing any new encryption methods to enforce it. We are not developing any new end-to-end encryption features at this time. I appreciate that some of our users want this in the form of password protected notes, notebooks, and entire accounts. We have a fairly long-running thread on that topic.

20 hours ago, DCDawg said:

In that regard, what is Evernote doing to protect the browser users against browser hijacks? I am assuming Evernote is using Google as an IaaS and PaaS service. This means that the protection of the data falls on Evernote's programs. Would this mean that Evernote manages its own API for creating interfaces or will the clients be using Google's APIs to interact with our data?

We are going to use Google as IaaS and PaaS on the backend. Our clients will continue to interact with our service using the Evernote API. We don't have any plans to change that as part of this migration. We have an application security program and dedicated staff that focus on securing our API, web client, and native clients. Addressing browser attacks is one part of that program.

20 hours ago, DCDawg said:

In case you were wondering: yes, I do this information security stuff for a living and have been doing so for over 30 years and the last 20 years in the federal government. I know this stuff is hard which is why I am asking!

That's great to hear. We appreciate feedback from the security community. People like you help us to make Evernote more secure and if you find a security issue, don't hesitate to engage with our security team: https://evernote.com/security/report-issue/

Link to comment

Ugh, the amount of tinfoil consumption in this thread is disheartening.

I'm glad that Evernote is moving to a dedicated cloud provider.  Doing cloud security (or any kind of internet security) is very difficult.  Companies like Google have top-notch security practices.  I also gladly pay the yearly fee to Evernote Premium; I like supporting projects and companies that help me be more productive.

As for the "oh no, I hate Google":  Note that it is far more dangerous if a nefarious entity (private or government sponsored) cracked into Evernote's servers to target individuals than any "data mining" that Google would do for advertising purposes.  I trust Google when they say they aren't mining Google Cloud data under contract.  

And I'm perfectly happy with the way in which Google mines my GMail in exchange for a fast multi-device email experience.  I know others don't want any data mining and I understand and respect their desires.  For instance, I run ad blocker primarily due to the obnoxious flashing ads (I hate motion near text I'm reading) and the high chance of getting malware via malicious ads.  

The level of connectedness in today's world makes it virtually impossible to not be traced.  The fact that you folks worried about data mining are using an internet-connected device and likely a smartphone means you are being traced, tracked and targeted by multiple entities.  If you want to learn more about real security threats on PC, cloud, browser, mobile, phones, malicious adware, etc. start listening to the podcast Security Now (https://www.grc.com/securitynow.htm).  After a few months to a year of listening to those podcasts, you'll realize that targeted ads by companies are the least of your concerns.

Link to comment

Anyone who deals in creative content should be very wary of Google, if nothing else this is in very poor taste.  One of the many issues with google:

http://wherewestand.gettyimages.com/advocacy/?esource=2016_09_21_google_SEG&elqTrackId=862BB4F2CDD0B186A9CCDD8A5839F6F0&elq=e78ce28691db485ea1c909efcf5df439&elqaid=7512&elqat=1&elqCampaignId=3499

 

I am migrating to Apple notes, I know its not as good but I can make it work for me, rather than work with google.

 

 

Link to comment
1 hour ago, pd826 said:

Anyone who deals in creative content should be very wary of Google, if nothing else this is in very poor taste.  One of the many issues with google:

http://wherewestand.gettyimages.com/advocacy/?esource=2016_09_21_google_SEG&elqTrackId=862BB4F2CDD0B186A9CCDD8A5839F6F0&elq=e78ce28691db485ea1c909efcf5df439&elqaid=7512&elqat=1&elqCampaignId=3499

 

I am migrating to Apple notes, I know its not as good but I can make it work for me, rather than work with google.

 

 

And this has nothing to do with Evernote's leasing of Google-owned servers to hold their data.

Link to comment
1 hour ago, pd826 said:

Anyone who deals in creative content should be very wary of Google, if nothing else this is in very poor taste.  One of the many issues with google:

http://wherewestand.gettyimages.com/advocacy/?esource=2016_09_21_google_SEG&elqTrackId=862BB4F2CDD0B186A9CCDD8A5839F6F0&elq=e78ce28691db485ea1c909efcf5df439&elqaid=7512&elqat=1&elqCampaignId=3499

 

I am migrating to Apple notes, I know its not as good but I can make it work for me, rather than work with google.

 

 

Are you talking about the same Getty images that is being sued for selling 18.000 pictures from a photographer that gave them to the Library of Congress?

The same Getty images that is regarded by photographers as a copyright troll?

The same Getty Images that can put a robots.txt if they don't want their images to be indexed?

Cry me a river

Do you people know the difference between Google Cloud Service, Amazon EC2 or Microsoft Azure and the other part of those companies or are you just spreading FUD without any real knowledge of the things?

Link to comment
21 minutes ago, Oletros said:

Are you talking about the same Getty images that is being sued for selling 18.000 pictures from a photographer that gave them to the Library of Congress?

The same Getty images that is regarded by photographers as a copyright troll?

The same Getty Images that can put a robots.txt if they don't want their images to be indexed?

Cry me a river

Do you people know the difference between Google Cloud Service, Amazon EC2 or Microsoft Azure and the other part of those companies or are you just spreading FUD without any real knowledge of the things?

http://www.forbes.com/sites/legalentertainment/2016/08/03/pay-up-getty-sends-trolling-letter-to-photographer-highsmith-demanding-money-for-her-own-photos/#16b613a02c2b

Link to comment

A number of years ago, not long after Google launched "Google Images", I did a little test. Not testing Google mind you, they just report where an image was found, not claiming it or anything.

Anyway, I submitted a rather famous image, a photo of the Earth taken by NASA astronauts as they orbited the moon. Google found it in a few places, one of which was a Chinese website that was claiming it as an image China had taken. I wasn't aware that China had beaten them to the moon.

I hope this lady photographer wins against Getty Images. It has nothing to do with Google but Google was built on grabbing any data they could get their bots to. If your Evernote images end up on display, even if you are credited, you'll have every right to be upset.

Although, a previous post advised that doing that would be illegal, and everybody knows that illegality on its own is enough to make sure it doesn't happen. So be happy, it would be illegal so it can't possibly happen. Ever.

I too have pulled all my notes into local notebooks. This will give me a few months to decide where to put them, but I won't be putting them anywhere Google would have even the slightest opportunity to "mine" them. When my Premium subscription runs out I'm done.

As far as putting stuff into a manila folder for safekeeping, it's probably easier to break into your office safe than to break into a secure server. And it sure helps both jobs if you have the keys as Google will.

 

Link to comment
21 minutes ago, OrbWeaver said:

Although, a previous post advised that doing that would be illegal, and everybody knows that illegality on its own is enough to make sure it doesn't happen. So be happy, it would be illegal so it can't possibly happen. Ever.

 

 

 

And more irrational FUD

 

 

Link to comment

OrbWeaver wrote: " As far as putting stuff into a manila folder for safekeeping, it's probably easier to break into your office safe than to break into a secure server."

I made the comment about putting my most sensitive information in a manila folder on my desk but I'm not especially mistrustful of Google. The point was that anything online is technically hackable if only because it's accessible. While it's true that it's easier to break into my office than into a secure server, it's much harder to find and in any case, a much further trip than any hacker is willing to fly and drive. It's easier to tap on a keyboard than travel long distances.

Trust as a security measure makes no sense anyway. Why trust Evernote but not Google? They're just name brands with employees, some good and some probably not-so-good. 

Link to comment
  • Level 5*
3 hours ago, OrbWeaver said:

It has nothing to do with Google but Google was built on grabbing any data they could get their bots to. If your Evernote images end up on display, even if you are credited, you'll have every right to be upset.

Although, a previous post advised that doing that would be illegal, and everybody knows that illegality on its own is enough to make sure it doesn't happen. So be happy, it would be illegal so it can't possibly happen. Ever.

I too have pulled all my notes into local notebooks. This will give me a few months to decide where to put them, but I won't be putting them anywhere Google would have even the slightest opportunity to "mine" them. When my Premium subscription runs out I'm done.

You don't think Google has already mined your data?  

I heard "Google was built on grabbing any data they could get their bots to" so they probably already broke onto Evernote.

They probably already broke into your personal computer.

They probably broke into your brain.

Link to comment

Makes total sense to me. Economies of scale are such that maintaining your own cloud (servers) vs. outsourcing to Google, Amazon or Microsoft is a very high cost way to go. Long term Evernote will be bought by someone. VCs and large shareholders will want to cash out. When that happens for me Google is the least worst option. 

Link to comment

I don't think Evernote is going to change their minds because a handful of people are complaining about "Perceived" security issues. If their subscriptions begin to fall dramatically then they may listen to the vocal minority, but until then its all going to happen. Most companies go through some of this type of change. Some people will switch services, most will not. Evernote will continue until someone buys them up. And it is very likely to be a company like Google to do it.

Link to comment
19 hours ago, Oletros said:

 

 

And more irrational FUD

 

 

With all due respect, it's not all FUD. There are three threats mentioned in these pages:

  1. Threat from Google "using" the data, or at least the metadata. Note that the metadata is almost as good as the data, in many cases.
  2. Outsider ("hacker") threat due to weak security protections in place.
  3. Outsider (govt) threat due to weak privacy laws or interpretations of them.

There have been numerous examples of each of these threats over the past few years making front-page news headlines, with real damage to real people. I assume you will acknowledge this and we can discuss concrete remediations? Here are some thoughts on each, using the same numbering:

  1. There's some concern here, though I do agree there are some legal protections and profit motive protections. However, companies can change. Data, once released, cannot be "taken back". You are, to a great degree, entrusting the Google of today and the Google of tomorrow, to honor their promises. Companies change, as do contracts. Will Evernote come to the forums in a year to announce that their contract with Google has changed, and that the data mining stipulations of old are no longer valid? Will Evernote enable features that use Google's APIs and leak a tremendous amount of sensitive content, while disclosing that leakage in every case? No, the intermixing of data with Google is a valid concern, even given a contract that specifies specific protection within a narrowly defined scope at one particular point in time. What's most interesting here is that the concerns can be completely addressed by Evernote by encrypting the data at rest using its own keys, and specifying under what conditions that data will be passed to Google. This can be done proactively to reassure users. Why isn't that being done?
  2. Even companies like Google and Yahoo are susceptible to massive attacks. Why not add a layer of security as described in #1 above? Any good reason not to? I realize that moving to Google may improve security overall, but we don't know that for sure. Although Google may have better security practices than Evernote does currently, that's not guaranteed. What is guaranteed, is that they are a bigger target, and add complexity to the security attack surface because of a multi-tenant environment and hundreds / thousands of additional employees that might be able to access it.
  3. Google is a one-stop shopping target in this case. I don't like that, and again, the solution in #1 would help in this regard. Adding client-side encryption of whole notebooks would be another great improvement. I could use that today, Google or not. If this isn't a priority for Evernote now, I suspect it will become one if Evernote doesn't want to become a relic. I mean heck, even Whatsapp is now doing end-to-end encryption. What's the security value of text messages versus "my second brain"?

One things that makes massive cyberattacks and privacy violations possible, is the hand waving we see all too often when people raise valid concerns. Granted, some of the concerns may seem overly paranoid or extreme, but a "irrational FUD" type response, or giving a free pass to Evernote when viable solutions exist, is the other extreme - a negligent standard of care.

I don't think we need to stoop that low. 

 

Link to comment
5 minutes ago, mz123 said:

With all due respect, it's not all FUD. There are three threats mentioned in these pages:

  1. Threat from Google "using" the data, or at least the metadata. Note that the metadata is almost as good as the data, in many cases.
  2. Outsider ("hacker") threat due to weak security protections in place.
  3. Outsider (govt) threat due to weak privacy laws or interpretations of them.

There have been numerous examples of each of these threats over the past few years making front-page news headlines, with real damage to real people. I assume you will acknowledge this and we can discuss concrete remediations? Here are some thoughts on each, using the same numbering:

  1. There's some concern here, though I do agree there are some legal protections and profit motive protections. However, companies can change. Data, once released, cannot be "taken back". You are, to a great degree, entrusting the Google of today and the Google of tomorrow, to honor their promises. Companies change, as do contracts. Will Evernote come to the forums in a year to announce that their contract with Google has changed, and that the data mining stipulations of old are no longer valid? Will Evernote enable features that use Google's APIs and leak a tremendous amount of sensitive content, while disclosing that leakage in every case? No, the intermixing of data with Google is a valid concern, even given a contract that specifies specific protection within a narrowly defined scope at one particular point in time. What's most interesting here is that the concerns can be completely addressed by Evernote by encrypting the data at rest using its own keys, and specifying under what conditions that data will be passed to Google. This can be done proactively to reassure users. Why isn't that being done?
  2. Even companies like Google and Yahoo are susceptible to massive attacks. Why not add a layer of security as described in #1 above? Any good reason not to? I realize that moving to Google may improve security overall, but we don't know that for sure. Although Google may have better security practices than Evernote does currently, that's not guaranteed. What is guaranteed, is that they are a bigger target, and add complexity to the security attack surface because of a multi-tenant environment and hundreds / thousands of additional employees that might be able to access it.
  3. Google is a one-stop shopping target in this case. I don't like that, and again, the solution in #1 would help in this regard. Adding client-side encryption of whole notebooks would be another great improvement. I could use that today, Google or not. If this isn't a priority for Evernote now, I suspect it will become one if Evernote doesn't want to become a relic. I mean heck, even Whatsapp is now doing end-to-end encryption. What's the security value of text messages versus "my second brain"?

One things that makes massive cyberattacks and privacy violations possible, is the hand waving we see all too often when people raise valid concerns. Granted, some of the concerns may seem overly paranoid or extreme, but a "irrational FUD" type response, or giving a free pass to Evernote when viable solutions exist, is the other extreme - a negligent standard of care.

I don't think we need to stoop that low. 

 

Apart that the original post implied that Google themselves would illegally mine and steal the data, the points 2 and 3 of your post already apply to Evernote. And I would bet that security in Evernote or other small company are worse than the big boys of cloud computing like Amazon, Microsoft or Google.

 

And regarding the first point, you're talking about an hypothetical future. A future that also can happen with Evernote themselves.

So yes, the post I was answering was just irrational FUD

Link to comment
  • Level 5*
17 minutes ago, mz123 said:

With all due respect, it's not all FUD. There are three threats mentioned in these pages:

  1. Threat from Google "using" the data, or at least the metadata. Note that the metadata is almost as good as the data, in many cases.
  2. Outsider ("hacker") threat due to weak security protections in place.
  3. Outsider (govt) threat due to weak privacy laws or interpretations of them.

Isn't this a concern with the current environment

  1. Threat from Evernote "using" the data, or at least the metadata. 
  2. Outsider ("hacker") threat due to weak security protections in place.
  3. Outsider (govt) threat due to weak privacy laws or interpretations of them.

>>Will Evernote come to the forums in a year to announce that their contract with Google has changed, and that the data mining stipulations of old are no longer valid?

I have always trusted Evernote to inform us if the TOS has changed

>>the intermixing of data with Google is a valid concern

My understanding is that the Evernote data is not being "intermixed"

>>Even companies like Google and Yahoo are susceptible to massive attacks.

As are comanies like Evernote.  My understanding is the new data storage adds a level of security with encryption at rest.

 

 

 

Link to comment
11 minutes ago, Oletros said:

Apart that the original post implied that Google themselves would illegally mine and steal the data, the points 2 and 3 of your post already apply to Evernote. And I would bet that security in Evernote or other small company are worse than the big boys of cloud computing like Amazon, Microsoft or Google.

 

And regarding the first point, you're talking about an hypothetical future. A future that also can happen with Evernote themselves.

So yes, the post I was answering was just irrational FUD

 

7 minutes ago, DTLow said:

Isn't this a concern with the current environment

  1. Threat from Evernote "using" the data, or at least the metadata. 
  2. Outsider ("hacker") threat due to weak security protections in place.
  3. Outsider (govt) threat due to weak privacy laws or interpretations of them.

>>Will Evernote come to the forums in a year to announce that their contract with Google has changed, and that the data mining stipulations of old are no longer valid?

I have always trusted Evernote to inform us if the TOS has changed

>>the intermixing of data with Google is a valid concern

My understanding is that the Evernote data is not being "intermixed"

>>Even companies like Google and Yahoo are susceptible to massive attacks.

As are comanies like Evernote.  My understanding is the new data storage adds a level of security with encryption at rest.

 

 

 

The law is rarely black and white. And when it is, someone will inevitably interpret it as gray. Facebook and Google already push boundaries in this respect. My point is only that this introduces risk, and a risk that's entirely avoidable. Why not avoid it as I suggested? Why simply blow it off? Nonetheless, this part of the TOS doesn't give me any confidence that Evernote has a legal obligation to hold Google accountable:

If the third party service or application you elect to use would access or extract Content, you grant Evernote the right and license to enable third party access to and extraction of your Content. Evernote does not assume any responsibility for, or liability on account of, the actions or omissions of such third party applications or service providers.

It seems to me the TOS doesn't need to change in any way if Google decides to "use" the data. Again, I know Evernote has a contract with Google. My point is that the contract can change, and Evernote is under no responsibility to amend its TOS. Furthermore, I can't find anything else in the TOS or Privacy Policy that in any way obligates Evernote to do anything to prevent Google from using the data. I literally can't find anything suggesting that Evernote must safeguard the data in the TOS. If anyone else can, I'd appreciate you pointing it out.

In my points 2 and 3, I highlighted specific ways in which those concerns do not already apply to Evernote, or apply with a different magnitude. And the bottom line is that now there are two companies to trust, not one. That's not meaningless.

Why not simply solve all this with encryption (at rest, with Evernote's keys, to safeguard data from disclosure to other parties, whether intentional or not)? Why not add another layer to assure users in cases where they are willing to encrypt the notebooks client-side and forgo online features? The first suggestion above is technically easy and requires little new development. It would solve all Google trust concerns. The second one would solve the remaining concerns. I've heard a lot of excuses for Evernote's use of Google services, but not one good explanation why this encryption can't be done. Why not?

 

Link to comment
  • Level 5*
12 minutes ago, mz123 said:

Nonetheless, this part of the TOS doesn't give me any confidence that Evernote has a legal obligation to hold Google accountable:

If the third party service or application you elect to use would access or extract Content, you grant Evernote the right and license to enable third party access to and extraction of your Content. Evernote does not assume any responsibility for, or liability on account of, the actions or omissions of such third party applications or service providers.

I don't see how this applies to the back end data servers.  The users are not electing Google to access or extract Content

Your ideas on encryption are good.  Until Evernote implements this feature, I encrypt my sensitive data

Link to comment
1 minute ago, mz123 said:

 

The law is rarely black and white. And when it is, someone will inevitably interpret it as gray. Facebook and Google already push boundaries in this respect. My point is only that this introduces risk, and a risk that's entirely avoidable. Why not avoid it as I suggested? Why simply blow it off? Nonetheless, this part of the TOS doesn't give me any confidence that Evernote has a legal obligation to hold Google accountable:

If the third party service or application you elect to use would access or extract Content, you grant Evernote the right and license to enable third party access to and extraction of your Content. Evernote does not assume any responsibility for, or liability on account of, the actions or omissions of such third party applications or service providers.

It seems to me the TOS doesn't need to change in any way if Google decides to "use" the data. Again, I know Evernote has a contract with Google. My point is that the contract can change, and Evernote is under no responsibility to amend its TOS. Furthermore, I can't find anything else in the TOS or Privacy Policy that in any way obligates Evernote to do anything to prevent Google from using the data. I literally can't find anything suggesting that Evernote must safeguard the data in the TOS. If anyone else can, I'd appreciate you pointing it out.

In my points 2 and 3, I highlighted specific ways in which those concerns do not already apply to Evernote, or apply with a different magnitude. And the bottom line is that now there are two companies to trust, not one. That's not meaningless.

Why not simply solve all this with encryption (at rest, with Evernote's keys, to safeguard data from disclosure to other parties, whether intentional or not)? Why not add another layer to assure users in cases where they are willing to encrypt the notebooks client-side and forgo online features? The first suggestion above is technically easy and requires little new development. It would solve all Google trust concerns. The second one would solve the remaining concerns. I've heard a lot of excuses for Evernote's use of Google services, but not one good explanation why this encryption can't be done. Why not?

 

No, sorry, the law is black and white. Google can't access Evernote data.

Can you give just one example of Google pushing boundaries in Google Cloud Compute? Please, I would be glad to know examples of that

And you're wrong, the TOS doesn't allow Google to access Evernote data if they decide to do so. The TOS allows Evernote to grant access to the data to everyone they want.

In your points 2 and 3 you didn't highlighted anythiong that is worse with Google than with Evernote. In fact, Google/Microsoft are ways better at handling security than an small company like Evernote. And, in fact, Google has been fighting government's data access since the beginning. Can you point to the Transparency Report for Evernote?

And please, what has to do encryption at rest with going with Google? It has nothing to do, and until now, Evernote doesn't have encryption at rest, Google has. So, it is irrelevant about going Google/Microsoft/Amazon with encryption at rest for Evernote. They don't have it and they didn't have any plan to implement it

 

 

Link to comment
5 minutes ago, DTLow said:

I don't see how this applies to the back end data servers.  The users are not electing Google to access or extract Content

Your ideas on encryption are good.  Until Evernote implements this feature, I encrypt my sensitive data

I can see your interpretation of how this does not apply in the Google backend case. However, I cannot see anything in the TOS that protects the data in any way, at least not with any legal force.

 

Link to comment
9 minutes ago, mz123 said:

I can see your interpretation of how this does not apply in the Google backend case. However, I cannot see anything in the TOS that protects the data in any way, at least not with any legal force.

 

https://cloud.google.com/terms/

1.7 Modifications.

a. To the Services. Google may make commercially reasonable updates to the Services from time to time. If Google makes a material change to the Services, Google will inform Customer, provided that Customer has subscribed with Google to be informed about such change.

b. To the Agreement. Google may make changes to this Agreement, including pricing (and any linked documents) from time to time. Unless otherwise noted by Google, material changes to the Agreement will become effective 30 days after they are posted, except if the changes apply to new functionality in which case they will be effective immediately. If Customer does not agree to the revised Agreement, please stop using the Services. Google will post any modification to this Agreement to the Terms URL.

c. To the Data Processing and Security Terms. Google may only change the Data Processing and Security Terms where such change is required to comply with applicable law, applicable regulation, court order, or guidance issued by a governmental regulator or agency, where such change is expressly permitted by the Data Processing and Security Terms, or where such change:

(i) is commercially reasonable;

(ii) does not result in a degradation of the overall security of the Services;

(iii) does not expand the scope of or remove any restrictions on Google’s processing of Customer Personal Data, as described in Section 5.2 (Scope of Processing) of the Data Processing and Security Terms; and

5.2 Use of Customer Data. Google will not access or use Customer Data, except as necessary to provide the Services to Customer.

 

https://cloud.google.com/terms/data-processing-terms

5. Processing of Customer Personal Data

5.1 Controller and Processor. If the Data Protection Legislation applies to the processing of Customer Personal Data, then as between the parties, the parties acknowledge and agree that: (a) Customer is the controller of Customer Personal Data under the Agreement; (b) Google is a processor of such data; (c) Customer will comply with its obligations as a controller under the Data Protection Legislation; and (d) Google will comply with its obligations as a processor under the Agreement. If under the Data Protection Legislation a Customer Affiliate is considered the controller (either alone or jointly with the Customer) with respect to certain Customer Personal Data, Customer represents and warrants to Google that Customer is authorized: (i) to give the Instructions to Google and otherwise act on behalf of such Customer Affiliate in relation to such Customer Personal Data as described in these Terms, and (ii) to bind the Customer Affiliate to these Terms. Appendix 1 sets out a description of the categories of data that may fall within Customer Personal Data and of the categories of data subjects to which that data may relate.

5.2 Scope of Processing.Google will only process Customer Personal Data in accordance with the Instructions, and will not process Customer Personal Data for any other purpose.

30 seconds of search, 

 

Google CAN'T access Evernote data

 

And, by the way, in your quote you forgot the start "If you elect to use any third party service or application that is integrated with Evernote, you also agree that the licenses granted to Evernote in the preceding paragraph shall apply to Content that is submitted or uploaded through such third party service or application."

So no, the TOS doesn't allow anything to Google. That part says that IF YOU ALLOW a third party integrate with YOUR Evernote account, that third party will have access to YOUR Evernote data.

Link to comment
  • Level 5*
8 minutes ago, mz123 said:

I can see your interpretation of how this does not apply in the Google backend case. However, I cannot see anything in the TOS that protects the data in any way, at least not with any legal force.

 

I suppose the TOS could be changed.  What wording would satisfy your concerns?

I thought it was very clear regarding ownership of my data.

Link to comment
5 minutes ago, Oletros said:

No, sorry, the law is black and white. Google can't access Evernote data.

Can you give just one example of Google pushing boundaries in Google Cloud Compute? Please, I would be glad to know examples of that

And you're wrong, the TOS doesn't allow Google to access Evernote data if they decide to do so. The TOS allows Evernote to grant access to the data to everyone they want.

In your points 2 and 3 you didn't highlighted anythiong that is worse with Google than with Evernote. In fact, Google/Microsoft are ways better at handling security than an small company like Evernote. And, in fact, Google has been fighting government's data access since the beginning. Can you point to the Transparency Report for Evernote?

And please, what has to do encryption at rest with going with Google? It has nothing to do, and until now, Evernote doesn't have encryption at rest, Google has. So, it is irrelevant about going Google/Microsoft/Amazon with encryption at rest for Evernote. They don't have it and they didn't have any plan to implement it

 

 

Please point to the law in black and white that ensures Google can't access Evernote data. It seems to me quite explicit that they are accessing Evernote data, and the discussion comes down to whether they can do anything "nefarious" with it.

I'm not going to research Google articles for you. However, if you acknowledge that Google has pushed boundaries in some of its divisions, I'll just point out that executive management is allowed to step in and push those boundaries within one of their divisions. There is no impenetrable wall between Google divisions.

Did you mean to write "The TOS allows Evernote to grant access to the data to everyone they want."? If so, I'm quite confused by your reasoning.

Please re-read my points 2 and 3 again. Note this part: "...are a bigger target, and add complexity to the security attack surface because of a multi-tenant environment and hundreds / thousands of additional employees that might be able to access it." Note also my later clarification: "And the bottom line is that now there are two companies to trust, not one." As you missed those, I suspect quite strongly that you do not have a background in computer security? Am I right? By the way, I don't think there's a great correlation in security capability vs company size, at least between a "small" company like Evernote and a "big" one like Google Cloud Compute. You shouldn't make that assumption if you don't know it to be true. There are plenty of reasons why a large company would be less capable. As for the government, we can't say for sure. However, we do know from Snowden that Google data was intercepted. We do not know that Evernote's was. Transparency is fine, though the transparency report does not provide any comfort whatsoever. 

I am surprised my suggestion on encryption is so difficult to understand. Encryption can prevent Google from reading the data better than a piece of paper written by lawyers can. I am suggesting Evernote implement it. The value of implementing it goes up after going to Google. If you have valuables in your house, they are better off in a safe. If you are moving them to your neighbor's house, the need for a safe increases. This is all true, despite the fact that stealing valuables is illegal and always has been.

Link to comment
21 minutes ago, Oletros said:

https://cloud.google.com/terms/

1.7 Modifications.

a. To the Services. Google may make commercially reasonable updates to the Services from time to time. If Google makes a material change to the Services, Google will inform Customer, provided that Customer has subscribed with Google to be informed about such change.

b. To the Agreement. Google may make changes to this Agreement, including pricing (and any linked documents) from time to time. Unless otherwise noted by Google, material changes to the Agreement will become effective 30 days after they are posted, except if the changes apply to new functionality in which case they will be effective immediately. If Customer does not agree to the revised Agreement, please stop using the Services. Google will post any modification to this Agreement to the Terms URL.

c. To the Data Processing and Security Terms. Google may only change the Data Processing and Security Terms where such change is required to comply with applicable law, applicable regulation, court order, or guidance issued by a governmental regulator or agency, where such change is expressly permitted by the Data Processing and Security Terms, or where such change:

(i) is commercially reasonable;

(ii) does not result in a degradation of the overall security of the Services;

(iii) does not expand the scope of or remove any restrictions on Google’s processing of Customer Personal Data, as described in Section 5.2 (Scope of Processing) of the Data Processing and Security Terms; and

5.2 Use of Customer Data. Google will not access or use Customer Data, except as necessary to provide the Services to Customer.

 

https://cloud.google.com/terms/data-processing-terms

5. Processing of Customer Personal Data

5.1 Controller and Processor. If the Data Protection Legislation applies to the processing of Customer Personal Data, then as between the parties, the parties acknowledge and agree that: (a) Customer is the controller of Customer Personal Data under the Agreement; (b) Google is a processor of such data; (c) Customer will comply with its obligations as a controller under the Data Protection Legislation; and (d) Google will comply with its obligations as a processor under the Agreement. If under the Data Protection Legislation a Customer Affiliate is considered the controller (either alone or jointly with the Customer) with respect to certain Customer Personal Data, Customer represents and warrants to Google that Customer is authorized: (i) to give the Instructions to Google and otherwise act on behalf of such Customer Affiliate in relation to such Customer Personal Data as described in these Terms, and (ii) to bind the Customer Affiliate to these Terms. Appendix 1 sets out a description of the categories of data that may fall within Customer Personal Data and of the categories of data subjects to which that data may relate.

5.2 Scope of Processing.Google will only process Customer Personal Data in accordance with the Instructions, and will not process Customer Personal Data for any other purpose.

30 seconds of search, 

 

Google CAN'T access Evernote data

 

And, by the way, in your quote you forgot the start "If you elect to use any third party service or application that is integrated with Evernote, you also agree that the licenses granted to Evernote in the preceding paragraph shall apply to Content that is submitted or uploaded through such third party service or application."

So no, the TOS doesn't allow anything to Google. That part says that IF YOU ALLOW a third party integrate with YOUR Evernote account, that third party will have access to YOUR Evernote data.

These are terms for the EU, or parts of it. Completely irrelevant to the US, it appears. Perhaps we need more than 30 seconds of search. :-) And regardless what you find, they can be changed. And even if they aren't, nothing here precludes Evernote from providing data to Google to execute a service.

As for the Evernote TOS, as I mentioned earlier, I can't find any data protection obligation. Statement of concern about our data, yes, but not legal protection (except copyright). Can you?

 

Link to comment
  • Level 5*
5 minutes ago, mz123 said:

Please point to the law in black and white that ensures Google can't access Evernote data. 

I can show you the contract I have with Evernote.

I don't have access to the Evernote-Google contracts but I know they can't violate my contract

>>It seems to me quite explicit that they are accessing Evernote data, and the discussion comes down to whether they can do anything "nefarious" with it.

This seems to be a constant theme by the Google haters.  I've seen nothing explicit

Link to comment
24 minutes ago, DTLow said:

I suppose the TOS could be changed.  What wording would satisfy your concerns?

I thought it was very clear regarding ownership of my data.

I don't want to draft legal language. :-) However, something along the lines of "Evernote will not access your data or allow access to data except for the purposes of delivering features subscribed to by you, system troubleshooting, etc. Even better would be the encryption though, because it removes all doubt and debate.

 

Link to comment
3 minutes ago, mz123 said:

These are terms for the EU, or parts of it. Completely irrelevant to the US, it appears. Perhaps we need more than 30 seconds of search. :-) And regardless what you find, they can be changed. And even if they aren't, nothing here precludes Evernote from providing data to Google to execute a service.

As for the Evernote TOS, as I mentioned earlier, I can't find any data protection obligation. Statement of concern about our data, yes, but not legal protection (except copyright). Can you?

 

MY mistake - these are not EU terms, sorry. My other points apply.

 

Link to comment
3 minutes ago, DTLow said:

I can show you the contract I have with Evernote.

I don't have access to the Evernote-Google contracts but I know they can't violate my contract

>>It seems to me quite explicit that they are accessing Evernote data, and the discussion comes down to whether they can do anything "nefarious" with it.

This seems to be a constant theme by the Google haters.  I've seen nothing explicit

Can you please point to the relevant language in the Evernote TOS that applies to protecting your data? This is all I can find, but it doesn't offer any protection whatsoever:

You agree that these rights and licenses are royalty free, worldwide and irrevocable (for so long as your Content is stored with us), and include a right for Evernote to make such Content available to, and pass these rights along to, others with whom Evernote has contractual relationships related to the provision of the Evernote service, solely for the purpose of providing such services, and to otherwise permit access to or disclose your Content to third parties if Evernote determines such access is necessary to comply with its legal obligations.

Link to comment
8 minutes ago, DTLow said:

 

>>It seems to me quite explicit that they are accessing Evernote data, and the discussion comes down to whether they can do anything "nefarious" with it.

This seems to be a constant theme by the Google haters.  I've seen nothing explicit

Didn't we have posts in this thread, from Evernote employees, clarifying that Google has the keys to the data on their servers, which implies Evernote user data? That was what spurred my suggestion for Evernote to encrypt it with their own keys.

 

Link to comment
  • Level 5*

Evernote’s Data Protection Laws Say My Data Is Mine – What Does That Mean?

You retain copyright and any other rights you already held in your Content before you submitted, posted or displayed it on or through the Service. But you do have to grant Evernote a limited license, as described below, so we can make your data accessible and usable on the Service. Other than this limited license and other rights you grant in these Terms, Evernote acknowledges and agrees that we do not obtain any right, title or interest from you under these Terms in any of your Content.

 

Link to comment
1 minute ago, DTLow said:

Evernote’s Data Protection Laws Say My Data Is Mine – What Does That Mean?

You retain copyright and any other rights you already held in your Content before you submitted, posted or displayed it on or through the Service. But you do have to grant Evernote a limited license, as described below, so we can make your data accessible and usable on the Service. Other than this limited license and other rights you grant in these Terms, Evernote acknowledges and agrees that we do not obtain any right, title or interest from you under these Terms in any of your Content.

 

All that means is that they don't own the data for purposes of commercial copyright law. Then they carve out a limited license, which I quoted in my previous post. That carve out is extremely broad, and in my interpretation offers no protection whatsoever. And why would they, really? This is a consumer service TOS, written by their lawyers. They don't want any unnecessary obligations.

Encryption is the answer, especially as we add more parties with hands on the data. I'm not a Google hater, but I have respect for how the world works, and how the best intentions can break down. Evernote has increased our rates, while implementing this move to cut its costs. It's about time they allowed a way to keep our "second brain" truly private.

 

Link to comment
1 hour ago, mz123 said:

Please point to the law in black and white that ensures Google can't access Evernote data. It seems to me quite explicit that they are accessing Evernote data, and the discussion comes down to whether they can do anything "nefarious" with it.

 

Not only you're wrong, not only it is clear that you don't know about what Google Cloud platform is. It ois clear that you don't want to understand the terms of TOS, it is clear that you don't want to read what other people is telling you.

This has a name, you're just trolling, posting FUD and plainly lying.

Time to put in the "ignore list"

Link to comment
2 minutes ago, Oletros said:

 

Not only you're wrong, not only it is clear that you don't know about what Google Cloud platform is. It ois clear that you don't want to understand the terms of TOS, it is clear that you don't want to read what other people is telling you.

This has a name, you're just trolling, posting FUD and plainly lying.

Time to put in the "ignore list"

Haha. Sorry to hurt your feelings! I understand quite well what is written in the TOS. As a matter of course, I don't just accept what "people" are telling me. For starters, I would have a hard time knowing which people to listen to, if I couldn't evaluate things for myself.

I know quite well what Google Cloud platform is, but I'm not going to bother trying to justify myself to you. I'm trying to make a case for Evernote to improve their service. I wasn't posting personal attacks. I'll just let others, including Evernote staff, conclude what they will from what has been posted.

 

Link to comment
  • Level 5*
5 minutes ago, Cherice B said:

Funny Olestros, I put you on my ignore list. WHY ISNT IT WORKING???

Are you seeing their actual posts? You shouldn't be.

Are you seeing their quotes in other people's posts? Ignore doesn't make those go away.

Link to comment
6 minutes ago, jefito said:

Are you seeing their actual posts? You shouldn't be.

Are you seeing their quotes in other people's posts? Ignore doesn't make those go away.

Ahhh, that's the problem. Thanks for clarifying Jeff :)  Time to stop following the thread. 

Link to comment
54 minutes ago, mz123 said:

Haha. Sorry to hurt your feelings! I understand quite well what is written in the TOS. As a matter of course, I don't just accept what "people" are telling me. For starters, I would have a hard time knowing which people to listen to, if I couldn't evaluate things for myself.

I know quite well what Google Cloud platform is, but I'm not going to bother trying to justify myself to you. I'm trying to make a case for Evernote to improve their service. I wasn't posting personal attacks. I'll just let others, including Evernote staff, conclude what they will from what has been posted.

 

Dude, stop using cloud-anything.  You have a hard-on for anti-Google but ANY time you place your data in the cloud, place it on a device that connects to the internet, or place data on ANY media (hard drive, USB stick, etc.), SOMEONE SOMEWHERE has the possibility of gaining access to it.  As I stated quite clearly a few pages back: Your biggest concern should not be Google mining your data; Look to the nefarious (insert country of the day) hackers or any state-level security organization to be a far bigger danger to a lot more than the thousands of notes in Evernote.

Link to comment
3 minutes ago, Silicon Ghost said:

Dude, stop using cloud-anything.  You have a hard-on for anti-Google but ANY time you place your data in the cloud, place it on a device that connects to the internet, or place data on ANY media (hard drive, USB stick, etc.), SOMEONE SOMEWHERE has the possibility of gaining access to it.  As I stated quite clearly a few pages back: Your biggest concern should not be Google mining your data; Look to the nefarious (insert country of the day) hackers or any state-level security organization to be a far bigger danger to a lot more than the thousands of notes in Evernote.

I think you have be confused with someone else. I'm actually not too concerned about Google's intentions as a company. I know others are though. I'm trying to suggest a couple of technical solutions that can solve 95% of the worries on this thread, whether Google-specific or not. I agree with you about the sources of the biggest threats. 

Link to comment

I use both Evernote Premium and Google Drive, synched across a Lenovo Yoga 2 Pro, a Dell XPS (both running Chrome and Windows 10) and a Samsung tablet, subsisting on some sticky confectionery. I have been very happy with the performance of both Evernote Premium and the Google tools. So far. While I pay significant hard-earned dosh for the Evernote (and there's an off-putting price increase imminent), the cost of the Google tools is their excavation and processing of my, and billions of other people's, data. If Google's excavation and processing remains a dragnet scooping vast shoals of fish, I am existentially content as one anonymous sardine, but the instant some bonus-hunting technoberk fixes a hook on a line and targets me with an advert, I shall be off faster than a sailfish.

It's the Windows 10 that is the most annoyingly intrusive and of which I am highly suspicious. But Apple, for me at least, was an extremely expensive and never to be repeated blunder. Stuck with 10. So far.

Google is 18 today. If the guys (where are the gals?) at Evernote exploit the economies of scale and programming expertise that being acquired by Google should fetch, and pass that onto their paying customers in the shape of a better, more cost-effective product, I for one welcome it.  

 

Link to comment

I think I have potentially found a solution... 

This whole week I've been trying to figure out a way to still keep my beloved Evernote but protect myself from the big scary public cloud...

Answer... Saferoom

Saferoom is an app designed specifically for Evernote. It encrypts your notes using 256 AES and can be easily decrypted on your desktop or mobile device using the Saferoom application.

 

You can find more information in the Evernote App Center https://appcenter.evernote.com/app/saferoom/mac

Saferoom Website

http://getsaferoom.com

 

I am migrating all my notes to an offline notebook now so that I can encrypt them. Going forward I will use the Saferoom app to view my notes and create new encrypted notes. It's a small extra step but I will feel safe knowing that my most precious notes are encrypted and can be easily decrypted with the master key that only I know.

Also, it works for OneNote just in case you wanted to dabble.

Screen Shot 2016-09-28 at 12.32.40 AM.png

Link to comment
  • Level 5*
5 hours ago, dudeman313 said:

I think I have potentially found a solution... 

This whole week I've been trying to figure out a way to still keep my beloved Evernote but protect myself from the big scary public cloud...

Answer... Saferoom

I also use encryption to protect my data - my solution was pdfs

I already convert my static notes to pdf, and its an easy step to encrypt the pdf
In my note, I show the data as an attachment, so its a nice compact image.
I also include some metadata so the note can be retrieved in searches.

For data that changes often; I use the built in text encryption feature

Link to comment
  • Level 5*
1 hour ago, shokutaku said:

Yahoo, Wells Fargo... the list goes on. Why do you think you can hide behind smug assurances?

You are in Denialand.

Been with you from the beginning and bought all your toys (ScanSnap!) to keep you going. I am now looking for an exit.

Not sure what your point is, but in regards to an exit, Evernote has always made it easy, at least on the Window/Mac platforms.

Simply select your notes; File > Export

Link to comment

I too was sickened to hear that Google is the service provider given their reputation. But I’m not a business with secrets to protect and Google is presumably adept at thwarting  hackers. I suspect Google’s servers will be more secure and reliable than Evernote’s in the long term.  I’m just relieved that Yahoo isn’t the service provider.

Link to comment

I'm not thrilled with the switch to Google myself, but I don't really have anything truly sensitive in Evernote. Truly sensitive info doesn't belong in the cloud. What is really irritating me is that NOTHING Evernote has announced since the news of the price increase is an actual user-facing benefit. This is a fantastic cost-cutting move for the company. Great. Pat yourselves on the back. It's gonna be work for you this Fall, but that work make the lives of backend staff easier. Great. Have a cookie. But what are you doing for me, the premium customer, who is going to pay almost twice as much for the same service (starting this month)? Someone in marketing really needs to get a grip on the situation and tell customers what they want to know and need to know. Don't you think you should announce something that customers can actually benefit from or can look forward to?

Here's what I wanted to read, but didn't.

Evernote celebrates 8th Anniversary with sneak peak of Evernote 8

Today Evernote marked its 8th anniversary by giving customers a sneak peak of the next version of its note-taking software. The company announced 8 new features that customers anticipate in the next update of its platform, including a brand new interface, automatic reference creation, a predicitive note linking,...

"We've rethought the entire interface, scouring every pixel and analyzing every interaction, to make Evernote faster, easier and more powerful to use. We are truly taking our platform to the next level. We think that customers are going to be blown away by what they find," says Slick Talker, head of marketing.

...

All of these features will be powered by the company's Fall move to Google Cloud Platform. Beginning in October, Evernote will move to the services...

"For years, we've been relying on our own servers to do the job, but efforts to maintain and improve the services built on these systems were slow, taking weeks, months or more to implement. By switching to Google Cloud, we can rollout updates, upgrades, and new features in a matter of days, all while maintaining the security that our customers love. We couldn't introduce Evernote 8 without it," says Some Guy, VP of Core Services.   

 

What I got is:

Evernote is thrilled to move its infrastructure to new servers at Google. This will help them save a ton of support costs. 

 

I know that Evernote is a business that provides a service, but it didn't always feel that way. It felt like a service that customers would be happy to support. By putting yourselves first in all of your messaging, you are breaking a core part of the customer relationship (make the customer happy). Whether Evernote HQ sees it this way or not, it feels like you are making yourselves happy, making $(higher fees) and saving $(switch to Google) at your customer's expense. Just ask yourself this simple question. What have you announced or done in the last 6 months to truly excite and make your customers happy? (If you think these announcements are it, then you are clearly missing something.)

Link to comment

Here's the original announcement: "With Google Cloud Platform, Evernote will gain significant improvements in performance, security, efficiency, and scalability. " Those sound like benefits to me.

3 hours ago, cfasca said:

"Don't you think you should announce something that customers can actually benefit from or can look forward to? "

 

Link to comment
11 minutes ago, Ares said:

Here's the original announcement: "With Google Cloud Platform, Evernote will gain significant improvements in performance, security, efficiency, and scalability. " Those sound like benefits to me.

 

Perhaps you haven't been around these parts (forum) for very long. Evernote has an embarrassing history of empty promises and abandoned projects. But most of all, we have seen increase in price, reduction in features and no countervalue from Evernote. And knowing how many promises they didn't keep and how many times they ignored user requests, what they say means little in actual value. What is that Chinese proverb "Talk Dosen't Cook Rice."

If you stick around long enough you will see why their words have little weight around these parts.

Link to comment
10 minutes ago, Krunoslav said:

Perhaps you haven't been around these parts (forum) for very long. Evernote has an embarrassing history of empty promises and abandoned projects.

I wasn't addressing the trustworthiness of Evernote, only that he said that he wanted to see Evernote post a user benefit. They did. To be frank, I'm mostly following this thread with fascination watching how much people are putting into this discussion. If I wasn't happy with Evernote, I'd just delete it and move on, but that's just me.

 

Link to comment
11 minutes ago, Ares said:

Here's the original announcement: "With Google Cloud Platform, Evernote will gain significant improvements in performance, security, efficiency, and scalability. " Those sound like benefits to me.

 

 

Actually I respectfully disagree. Those don't sound like benefits to me. It's not the best analogy, but phone manufacturers sometimes promote the chip's speed or the amount of ram on the device, but fail to deliver the software that makes us of that speed or ram. Maybe you love what Evernote is doing under the hood, but I'm concerned that the car itself doesn't look or feel much different. To put it another way, this announcement doesn't prompt me to fire up Evernote or encourage me to wait in anticipate for the Fall. I'm not going to time the service in the Fall and exclaim, "Wow that new Google Cloud backend sure is wicked fast" or "Whoa, suddenly I feel so much more secure and I like it." Evernote could really learn something from 1password, which does a marvelous job of mixing improvements that users love with architectural changes that somehow users also love. I feel the value in every move they make. I'm not feeling it here.  

Link to comment
9 minutes ago, Ares said:

I wasn't addressing the trustworthiness of Evernote, only that he said that he wanted to see Evernote post a user benefit. They did. To be frank, I'm mostly following this thread with fascination watching how much people are putting into this discussion. If I wasn't happy with Evernote, I'd just delete it and move on, but that's just me.

 

But trustworthiness is directly linked in trusting them to deliver future benefits. And since we are not seeing them right now, all we have to go on is their unreliable announcement, which is not what I qualify as benefit. Meanwhile price increase is very much real. If you are happy with Evernote that is great, I personally am pretty satisfited but I don't trust them, (not the Google cloud stuff but their relationship with users which is very much one sided in many occasions) and that makes me hesitant to invest even more than I already did in their platform.

Link to comment
6 minutes ago, Ares said:

If I wasn't happy with Evernote, I'd just delete it and move on, but that's just me.

First, Ares, I think you may be on to something. I've been thinking about it the wrong way. I've been thinking that I've got tens of thousands of notes in Evernote. It's usefl, but I don't feel it is really living up to its price anymore. I've been clinging to a hope that it will improve (strung along by announcements like this). Perhaps more significantly, I've dreaded extricating myself from Evernote. I've used it for years. There's so much in Evernote, what will I do. I use it for my debate team, so I have 25 students using it. I'm deeply invested. When I tried OneNote, I couldn't get comfortable because it wasn't Evernote, so I had resigned myself to whatever Evernote does (and doesn't do). But you have provided me with a ray of light. Just start over. Export my notes, dump Evernote, and start over. Of course, it would be painful. But like changing jobs, you just have to move on. Thanks!  

Link to comment
4 minutes ago, Krunoslav said:

But trustworthiness is directly linked in trusting them to deliver future benefits. And since we are not seeing them right now, all we have to go on is their unreliable announcement, which is not what I qualify as benefit. Meanwhile price increase is very much real. If you are happy with Evernote that is great, I personally am pretty satisfited but I don't trust them, (not the Google cloud stuff but their relationship with users which is very much one sided in many occasions) and that makes me hesitant to invest even more than I already did in their platform.

I see no reason to trust anyone I don't know personally so that doesn't enter into it. I assume everyone is untrustworthy and behave accordingly. 

Link to comment

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...