News

Evernote Privacy and Security

Evernote Privacy and Security

Posted by Dave Engberg on 15 Apr 2008

Posted by Dave Engberg on 15 Apr 2008

Security and privacy are extremely important topics for Evernote users, and for good reason. Evernote would like to provide a single service to manage your memories for many years. To achieve this, we must provide a very high level of system and data security while offering users a variety of choices to manage their own privacy requirements. Here is a high-level overview of some of the ways in which your data is protected by Evernote.

When you add a note to the service, it is secured like your email would be at a high-end email provider. This means that your notes are stored in a private, locked cage at a guarded data center that can only be accessed by a small number of Evernote operations personnel. Administrative maintenance on these servers can only be performed through secure, encrypted communications by the same set of people. All network access to these servers is similarly protected by a set of firewalls and hardened servers. Your data is only transmitted to the servers in encrypted form over SSL, and your passwords are not directly stored on any of our systems.

We also offer enhanced privacy options that would not be available from services like email:

If you have sensitive text that you would like to remember (passwords, PINs, credit card numbers), you can encrypt that text in our Windows and Mac clients using a passphrase that is never transmitted to Evernote. This encrypted text can only be decrypted and read on one of your computers after you’ve re-entered the encryption passphrase. The sensitive text is not readable on our servers or on your computer by anyone who does not know the passphrase.

If you have some notes that you only want to access from a single computer, you can place these into a “Local Notebook” on our Windows or Mac client. Notes in a Local Notebook are never transmitted to our service, so they aren’t accessible from the web, or from your other computers. This may allow a greater level of privacy for some notes, at the expense of the accessibility and reliability you would get from a private note on the service.

Evernote recognizes that user choice is an important component of privacy and security. We believe that no single option is going to meet the needs of all users, so we aim to offer a set of tools that let people balance their needs for accessibility, privacy and control.

Update: How to encrypt and decrypt text in Evernote

Premium

Evernote Premium

Upgrade for features to help you live and work smarter.

Go Premium
View more stories in 'News'

36 Comments RSS

  • Jake

    About the “Local Notebook” option:

    This seems like a good choice but from what I understand, images have to be sent to the server for text in the image to be searchable. Is this going to continue to be a limitation of the “Local Notebook” or is this something that the company is working on?

  • Dave Engberg

    The Windows desktop client includes local image processing capabilities, so you can process text in images in Local Notebooks on Windows.

    The Mac client does not yet have local image recognition, so text in images on the Mac would not be recognized in Local Notebooks, although you could still organize and find these images through other features (tags, dates, contents, origin, etc.)

  • Shawn

    Off topic question: Any chance we’ll see Evernote for the Blackberry?

  • Kevin Frey

    Will be anxiously awaiting encryption for the mac client. I have been looking for a replacement for my current password protected spreadsheet system that feels very 1998.

  • Dave Engberg

    Shawn – Blackberry is currently supported via: mobile web browser + email in to Evernote (with image attachments). We plan to improve this via IMAP/POP3 support in the near term. Longer term, Blackberry is important to us, but software distribution for the Blackberry is a bit tricky due to carrier restrictions, etc.

    Kevin – the build with text encryption is in QA right now, hope to release it late next week. I’ve been using the encryption on my MacBook for a couple of weeks, and I think you’ll like it.

    Thanks

  • Brad Bice

    Can I choose which notebooks are synced on your server. Some of my information is proprietary to my employer so I could not use the service for that. I would like to be able to segregate that and keep it local, while syncing my none proprietary information. Is this possible?
    Thanks,

  • scotty

    Hi. I like Evernote so far, but am trying to decide on my final product. I like your workflow and applicaiton the best, but I don’t like the fact that my data store is not encrypted, from what I can tell. Any plans to support encrypted notebooks? Thanks!

  • Luke

    Has the build with text encryption passed QA?

  • internet eraser

    What about agile development? Scrum, XP, FDD?

  • Andi

    Hi,

    when will there encryption available for Mac?

    I’ve downloaded the latest version and can’t see any support for this.

    By the way, do you plan to implement smart notebooks for grouping tags?

    Best regards,

    Andi

  • florian

    what about the text encryption? i cant do it? where do i find it?

  • Will

    Hi folks,

    I’d also be keen to learn more about the strength of any encryption used. Any chance you could provide more details and perhaps answers to the questions above?

    Also, any plans for a LINUX version of Evernote?

  • Carl Schulz

    Note clearly says that encryption is available on the Windows client. I can not find it anywhere. Please let me know how I can encrypt select notes.

  • Paul Hoffman

    I am a bit concerned about synching from my local client to the Evernote server. I understand that the login is encrypted with HTTPS, but is the data transfer itself? If not, why not?

  • Phil Libin

    Paul,

    Full HTTPS encryption is one of the benefits of an Evernote Premium account. Premium users have all of their data (logins and data transfer) automatically encrypted with HTTPS. Free users get HTTPS for logins but normal HTTP for other data. It’s expensive for us to encrypt all data transfer (especially all the images), so we can only afford to do it for premium users.

  • Phil Libin

    Carl,

    In the Windows or Mac client, select the portion of a note that you want to encrypt, right click, then chose “encrypt…” from the right-click menu.

    You can encrypt any potion of a note (up to and including the entire body). You cannot currently encrypt the title or tags.

  • jimpa

    Encrypted notes? I am sold. Switching to EverNote now and upgrading to Premium.

    The iPhone app and encryption sealed the deal.

    Thanks EverNote!

  • John

    I hope you reconsider universal SSL/HTTPS for syncing. The initial key-pair generation is very CPU intensive, I agree, but the actual data encryption is pretty lightweight. I’m not Net Engineer by any stretch of the imagination, but it’s my understanding that you can set the initial key pair to last for a very long time.

    Privacy and security shouldn’t be premium features, in my view.

    Or perhaps you could offer a third, lowest tier
    for very light users: for $10/year or something, very low monthly bandwidth (free-level, or 2X free, or…), but automatically secure.

    Thanks for the great product, though. While I still go back and forth with OneNote, and while I miss some Evernote 2.2 features big time, Evernote 3 is wonderful, automatic security somewhat aside.

  • John

    Another option for offering free users security is to have Evernote 3 compress and then encrypt sync changes using lightweight encryption–64-bit Blowfish or Twofish, e.g. Not the highest security, but WAY better than nothing, completely preventing casual sniffing and snooping at a coffee shop or in a hotel. Assuming your servers are 64-bit, this should be easy indeed for them to do speedily.

  • deparko

    any consideration with having an option for encrypting the actual data stored at your service? Make it a premium option.

    I’d like to capture bills..etc but they have account numbers..etc so security is very important.

    thanks

  • Zeid

    yes please encrypt the local database. I always assumed it was, and was shocked to see that it was not. Or at least enable the option to require the login password before opening it…

  • Jeff

    The only thing holding me back from using Evernote on my Mac, my PC and my iPhone and purchasing the premium version is the inability for me to encrypt the remote files with my PGP key. (or GnuPG key as it were).

    If you added this one ability (along with SSL by default) I would not only purchase this product but sing its praises far and wide!

    Here’s to hoping for an encrypted future!

  • Mike

    I second Jeff! GnuPG (or similar, that works cross-platform, including iPhone) is a must-have feature for me too.

  • Sam

    Any update on a BB version?

  • Privacy

    Doesn’t seem like you care about privacy other than for the premium users, as an incentive to upgrade.

    You can EASILY make it so the CLIENT encrypts the note-data LOCALLY, THEN sends it to the server which STORES it encrypted without so much as decrypting it, and whenever the CLIENT requests data, it receives the same ENCRYPTED data (over regular HTTP, remember, so no overhead), and THEN the CLIENT decrypts it.

    I only see one reason you didn’t do this: Money.

  • Dave Engberg

    P -

    Unfortunately, if we only stored an opaque encrypted backup of your database file on our server, we couldn’t provide most of the features that our users love.

    We couldn’t give you any web or mobile interfaces to access your notes. We couldn’t let you add notes via email/phone/Twitter. We couldn’t index your images for text searching. We couldn’t clip web pages via our bookmarklet Web Clipper. We couldn’t offer cool integrations from partners like Eye-Fi, Pelotonics, etc.

    Basically, half of the great things you see on this blog would disappear.

    I think that what you’re really looking for is just a hard drive backup service for a local application on your computer. You could do this with Evernote if you choose: put all of your notes in “Local” notebooks on your computer and then subscribe to something like Iron Mountain’s secure backup service to store an encrypted copy of your database file.

    Thanks for the feedback.

  • Brad Ruffkess

    Any update on Blackberry support now that Blackberry has App World?

  • Joe Abley

    Dave: I would happily lose all the features you mentioned if the data I want to store was only ever exposed in plain text on the devices I operate.

    What I have been looking for is a single application that provides a rich and pleasant interface on multiple devices for storing and indexing a wide variety of media types.

    Evernote seems like just the right thing, except that it’s unusable for anything other than trivia that I’m not happy to be made public.

    Channel security in the form of HTTP/TLS is an irrelevant distraction.

    It’s a shame — I’d use Evernote all the time, for everything, if it was secure. As it stands the only things I can use it for are things that I don’t particularly care about remembering.

  • ShouldIBScared

    I just purchased the Premium service so I could file everything in my personal life online. I can get it to it from work on the web, from home on the mac client and on my iPhone. I put everything on there. Usernames, passwords, passports, social security cards, checkbook images, etc. I don’t do any local encryption because I think I couldn’t get to that information than on the web or iPhone. I paid for the premium service as it uses SSL. However, how safe is Evernote Premium from my account getting hacked into? Should I be Scared?

  • Michael Fischer

    I agree with Joe.

    I use Evernote for note-editing on my Mac desktops and my iPhone. That’s all.

    I’d be a much heavier user of it and would be more inclined to store work and personal data if the data were encrypted both in transit and server storage.

    I don’t use Web clips, video notes, social network integration, or other features that would expose my data to others.

    For me, anyone other than me is an unauthorized user of my data. That includes Evernote itself.

    Moreover, everyone should be aware that the Stored Communications Act (18 U.S.C. s. 2701) the Government can easily obtain your data from Evernote, and without notifying you. Unless that data is encrypted and Evernote lacks the key, it’s a sitting duck.

  • Jeff

    Dave Engberg~

    So I’ve put my money where my mouth is and have been using Evernote extensively over the last couple of months. (I’ve become a true convert of tagging vs sub-directories for organizing and visualizing my data)

    The more I use Evernote, the more uses I find for it, though I still refuse to put sensitive information there – yes I realize I can encrypt bits of a note, but I find that to be way too cumbersome when I have literally a hundred or more notes that I would prefer were encrypted in their entirety. I still maintain that it would become my one true information store if only the back-end were encrypted.

    In your response above you stated:
    “Unfortunately, if we only stored an opaque encrypted backup of your database file on our server, we couldn’t provide most of the features that our users love.”

    How about giving me a choice of all the nifty tools/interfaces/methods OR a secure back-end? That would seem to satisfy almost everyone (of course once you did this, then we’d be clamoring for all the bells and whistles PLUS the back-end encryption!)

    If you were to implement a public encryption algorithm such as blowfish (www.schneier.com/blowfish.html) then it could be used on the client to encrypt entire notebooks, and also on the web interface (perhaps via javascript – it’s been done before) then the web interface could still be useful.

    I would gladly sacrifice those bells and whistles for the sake of strong (pgp/gpg, et al) encryption on the back-end.

    I use Evernote on my Macs, my Windows machines as well as my iPhone; I think it is a great tool that is getting better all the time (Hello, Evernote for iPhone version 3??? Great upgrade there, thanks!) so for me (and I expect that many Evernote users as well) I don’t need all those extra methods for getting info into Evernote; with all the versions I just install it everywhere. What I really want more than anything is security in the cloud.

    Please re-consider strong encryption for our data on your servers.

  • Dave Engberg

    When I said that “we couldn’t provide most of the features” if we just stored a completely encrypted blob of data for each user, I was actually putting it mildly. To really achieve what you suggest, we wouldn’t even be able to implement incremental synchronization of your account, since this requires visibility at a level of granularity which would give away too much information about the contents of your notes.

    There’s always a trade-off between security and functionality, and truly complete encryption of your account (so we can’t see any of the metadata or structure of your notes) just loses far too much of the functionality that you like. At that point, it’s not really “Evernote” any more.

    There are a few options for people who don’t want the functionality of Evernote, but just want an encrypted backup of files on their computer. You can, of course, just make notes in Local notebooks and then back up your hard drive with something like Iron Mountain’s encrypted backup service. (There are others, but I’m familiar with this one from a past job.)

  • Greg

    I’d like to add a bit to Jeff’s comments above, taking into account what Dave has said with regards to the architecture. While not a developer, per se, I can certainly appreciate what Dave’s saying with regards to the sync and other functionality being dependent on the byte-level visibility of the contents. I can also appreciate my colleague Jeff’s points about data security being important.

    I would add that from my perspective (and possibly this goes for most of the folks that have spoken up for encryption), I find quite a bit of value in all of the ways that Evernote is accessible for most of my note data. I do find that there are some types of data (passwords, contacts, and maybe a couple others) that I would gladly forego having all of the features that rely on an un-encrypted back-end; if that meant I could store all the data in the Evernote Application.

    Dave has hinted that we can use local notebooks, and indeed, I’ve experimented with that. However, it appears at this moment that it’s an “all-or-nothing” solution: In order to manually sync or backup the local notebooks, I have to essentially bypass the synchronization built in to Evernote and manually copy the .exb file everywhere I want it. One of the only things I have a slight issue with, architecturally, is that while Evernote allows me to choose to have notebooks that are synchronized or not, it keeps them all IN THE SAME FILE. That is one feature that I feel is better handled in Microsoft OneNote. (My apologies: that is the first time I’ve publicly said anything positive about Microsoft, and I promise it won’t soon happen again!). But all comedy aside, with OneNote, each notebook is a separate file. If we implemented this concept in Evernote (even just separating the “Synchronized notebooks” from the “Local notebooks” into two distinct files), then we could easily have a service where we could choose between Encrypted/Local and Un-Encrypted/Synchronized and be able to have the best of both worlds. In fact, this could be an ideal “premium” feature: The Encrypted notebooks could be replicated (in their entirety) via the service for an additional fee, which I think most of us would gladly pay.

    One other security related feature request: At least allow us to “lock” the client with a password. This wouldn’t probably be all that traumatic to implement, and I’m not suggesting that we have to be able to login to the server in order to open the application, more like a local login using a cached hash of our online password. This would keep casual “prying eyes” from opening our local Evernote files yet still allow disconnected use.

    All things considered, I still think Evernote is an extremely useful and well thought out service/application. I’m just suggesting that adding some of this type of functionality would broaden it’s install base.

  • Dave Engberg

    If you’re concerned about someone accessing your personal PC, I’d recommend using the screen lock feature in the OS and a file system encryption solution like TrueCrypt. This is a much more comprehensive solution to protecting your private data on your own computer than separate screen lock and file encryption in every application you use (word processor, mail client, note taking software, etc.)

  • Michael Fischer

    Dave says:

    “To really achieve what you suggest, we wouldn’t even be able to implement incremental synchronization of your account, since this requires visibility at a level of granularity which would give away too much information about the contents of your notes.”

    Not so. If the data is structured as an append-only log, synchronization becomes trivial, even if stored as an opaque blob.

  • Kurt

    Is it really encrypting the data? I don’t see the point of all this based on what I have discovered (I’m no security expert, but still this is enough to make me feel insecure)

    I did the following:
    1. Wrote a simple note with 2 checkboxes, with the text “FirstBox” and “SecondBox”.
    2. Opened the database with Notepad++, and looked for these 2 strings. Interestingly enough, these text were all over the place.
    3. Encrypt the text “FirstBox”
    4. Opened the database again with Notepad++. I can see the “html” portion of the database shows the text is encrypted:

    Pha2/hePKsU=

    However, the string “FirstBox” is still searchable elsewhere in the database.

    What is the point of encrypting the GUI side of it, when the database side of it is not encrypted (granted, the string’s location seems random, but still, it is in plain text. If it were to be a social security number, an intruder can recognize it easily).

    I guess the best way is to use it is in USB mode, and put it inside a truecrypt container.

    It would be nice if the database itself is encrypted — prevents things like “intruder copying the database file and enjoying the data at home”.

    All in all, an interesting program. If it is more secure than this, I will go for the premium and use it extensively.