I did the following:
1. Wrote a simple note with 2 checkboxes, with the text “FirstBox” and “SecondBox”.
2. Opened the database with Notepad++, and looked for these 2 strings. Interestingly enough, these text were all over the place.
3. Encrypt the text “FirstBox”
4. Opened the database again with Notepad++. I can see the “html” portion of the database shows the text is encrypted:

Pha2/hePKsU=

However, the string “FirstBox” is still searchable elsewhere in the database.

What is the point of encrypting the GUI side of it, when the database side of it is not encrypted (granted, the string’s location seems random, but still, it is in plain text. If it were to be a social security number, an intruder can recognize it easily).

I guess the best way is to use it is in USB mode, and put it inside a truecrypt container.

It would be nice if the database itself is encrypted — prevents things like “intruder copying the database file and enjoying the data at home”.

All in all, an interesting program. If it is more secure than this, I will go for the premium and use it extensively.

“To really achieve what you suggest, we wouldn’t even be able to implement incremental synchronization of your account, since this requires visibility at a level of granularity which would give away too much information about the contents of your notes.”

Not so. If the data is structured as an append-only log, synchronization becomes trivial, even if stored as an opaque blob.

I would add that from my perspective (and possibly this goes for most of the folks that have spoken up for encryption), I find quite a bit of value in all of the ways that Evernote is accessible for most of my note data. I do find that there are some types of data (passwords, contacts, and maybe a couple others) that I would gladly forego having all of the features that rely on an un-encrypted back-end; if that meant I could store all the data in the Evernote Application.

Dave has hinted that we can use local notebooks, and indeed, I’ve experimented with that. However, it appears at this moment that it’s an “all-or-nothing” solution: In order to manually sync or backup the local notebooks, I have to essentially bypass the synchronization built in to Evernote and manually copy the .exb file everywhere I want it. One of the only things I have a slight issue with, architecturally, is that while Evernote allows me to choose to have notebooks that are synchronized or not, it keeps them all IN THE SAME FILE. That is one feature that I feel is better handled in Microsoft OneNote. (My apologies: that is the first time I’ve publicly said anything positive about Microsoft, and I promise it won’t soon happen again!). But all comedy aside, with OneNote, each notebook is a separate file. If we implemented this concept in Evernote (even just separating the “Synchronized notebooks” from the “Local notebooks” into two distinct files), then we could easily have a service where we could choose between Encrypted/Local and Un-Encrypted/Synchronized and be able to have the best of both worlds. In fact, this could be an ideal “premium” feature: The Encrypted notebooks could be replicated (in their entirety) via the service for an additional fee, which I think most of us would gladly pay.

One other security related feature request: At least allow us to “lock” the client with a password. This wouldn’t probably be all that traumatic to implement, and I’m not suggesting that we have to be able to login to the server in order to open the application, more like a local login using a cached hash of our online password. This would keep casual “prying eyes” from opening our local Evernote files yet still allow disconnected use.

All things considered, I still think Evernote is an extremely useful and well thought out service/application. I’m just suggesting that adding some of this type of functionality would broaden it’s install base.

There’s always a trade-off between security and functionality, and truly complete encryption of your account (so we can’t see any of the metadata or structure of your notes) just loses far too much of the functionality that you like. At that point, it’s not really “Evernote” any more.

There are a few options for people who don’t want the functionality of Evernote, but just want an encrypted backup of files on their computer. You can, of course, just make notes in Local notebooks and then back up your hard drive with something like Iron Mountain’s encrypted backup service. (There are others, but I’m familiar with this one from a past job.)

So I’ve put my money where my mouth is and have been using Evernote extensively over the last couple of months. (I’ve become a true convert of tagging vs sub-directories for organizing and visualizing my data)

The more I use Evernote, the more uses I find for it, though I still refuse to put sensitive information there – yes I realize I can encrypt bits of a note, but I find that to be way too cumbersome when I have literally a hundred or more notes that I would prefer were encrypted in their entirety. I still maintain that it would become my one true information store if only the back-end were encrypted.

In your response above you stated:
“Unfortunately, if we only stored an opaque encrypted backup of your database file on our server, we couldn’t provide most of the features that our users love.”

How about giving me a choice of all the nifty tools/interfaces/methods OR a secure back-end? That would seem to satisfy almost everyone (of course once you did this, then we’d be clamoring for all the bells and whistles PLUS the back-end encryption!)

If you were to implement a public encryption algorithm such as blowfish (www.schneier.com/blowfish.html) then it could be used on the client to encrypt entire notebooks, and also on the web interface (perhaps via javascript – it’s been done before) then the web interface could still be useful.

I would gladly sacrifice those bells and whistles for the sake of strong (pgp/gpg, et al) encryption on the back-end.

I use Evernote on my Macs, my Windows machines as well as my iPhone; I think it is a great tool that is getting better all the time (Hello, Evernote for iPhone version 3??? Great upgrade there, thanks!) so for me (and I expect that many Evernote users as well) I don’t need all those extra methods for getting info into Evernote; with all the versions I just install it everywhere. What I really want more than anything is security in the cloud.

Please re-consider strong encryption for our data on your servers.

I use Evernote for note-editing on my Mac desktops and my iPhone. That’s all.

I’d be a much heavier user of it and would be more inclined to store work and personal data if the data were encrypted both in transit and server storage.

I don’t use Web clips, video notes, social network integration, or other features that would expose my data to others.

For me, anyone other than me is an unauthorized user of my data. That includes Evernote itself.

Moreover, everyone should be aware that the Stored Communications Act (18 U.S.C. s. 2701) the Government can easily obtain your data from Evernote, and without notifying you. Unless that data is encrypted and Evernote lacks the key, it’s a sitting duck.

What I have been looking for is a single application that provides a rich and pleasant interface on multiple devices for storing and indexing a wide variety of media types.

Evernote seems like just the right thing, except that it’s unusable for anything other than trivia that I’m not happy to be made public.

Channel security in the form of HTTP/TLS is an irrelevant distraction.

It’s a shame — I’d use Evernote all the time, for everything, if it was secure. As it stands the only things I can use it for are things that I don’t particularly care about remembering.

Unfortunately, if we only stored an opaque encrypted backup of your database file on our server, we couldn’t provide most of the features that our users love.

We couldn’t give you any web or mobile interfaces to access your notes. We couldn’t let you add notes via email/phone/Twitter. We couldn’t index your images for text searching. We couldn’t clip web pages via our bookmarklet Web Clipper. We couldn’t offer cool integrations from partners like Eye-Fi, Pelotonics, etc.

Basically, half of the great things you see on this blog would disappear.

I think that what you’re really looking for is just a hard drive backup service for a local application on your computer. You could do this with Evernote if you choose: put all of your notes in “Local” notebooks on your computer and then subscribe to something like Iron Mountain’s secure backup service to store an encrypted copy of your database file.

Thanks for the feedback.

You can EASILY make it so the CLIENT encrypts the note-data LOCALLY, THEN sends it to the server which STORES it encrypted without so much as decrypting it, and whenever the CLIENT requests data, it receives the same ENCRYPTED data (over regular HTTP, remember, so no overhead), and THEN the CLIENT decrypts it.

I only see one reason you didn’t do this: Money.

If you added this one ability (along with SSL by default) I would not only purchase this product but sing its praises far and wide!

Here’s to hoping for an encrypted future!

I’d like to capture bills..etc but they have account numbers..etc so security is very important.

thanks

Privacy and security shouldn’t be premium features, in my view.

Or perhaps you could offer a third, lowest tier
for very light users: for $10/year or something, very low monthly bandwidth (free-level, or 2X free, or…), but automatically secure.

Thanks for the great product, though. While I still go back and forth with OneNote, and while I miss some Evernote 2.2 features big time, Evernote 3 is wonderful, automatic security somewhat aside.

The iPhone app and encryption sealed the deal.

Thanks EverNote!

In the Windows or Mac client, select the portion of a note that you want to encrypt, right click, then chose “encrypt…” from the right-click menu.

You can encrypt any potion of a note (up to and including the entire body). You cannot currently encrypt the title or tags.

Full HTTPS encryption is one of the benefits of an Evernote Premium account. Premium users have all of their data (logins and data transfer) automatically encrypted with HTTPS. Free users get HTTPS for logins but normal HTTP for other data. It’s expensive for us to encrypt all data transfer (especially all the images), so we can only afford to do it for premium users.

I’d also be keen to learn more about the strength of any encryption used. Any chance you could provide more details and perhaps answers to the questions above?

Also, any plans for a LINUX version of Evernote?