Slashdot Mirror

← Back to Stories (view on slashdot.org)

Starting Next Year, Evernote Employees Could Access Your Unencrypted Notes (betanews.com)

Posted by msmash on from the privacy-woes dept.

Mark Wilson, reporting for BetaNews: Evernote has published an update to its Privacy Policy, revealing that as of 23 January 2017, employees will be able to access unencrypted notes. The change is being wheeled in because of the apparent failings of machine learning. Perhaps more worrying is the fact that Evernote says that it is not possible to opt out of having employees possibly accessing your unencrypted notes. The only way to fully protect your privacy is to delete all your notes and close your Evernote account. The update to the Privacy Policy starts off sounding fairly innocuous: "The latest update to the Privacy Policy allows some Evernote employees to exercise oversight of machine learning technologies applied to account content, subject to the limits described below, for the purposes of developing and improving the Evernote service."

98 comments

  1. And in the beginning by Anonymous Coward · · Score: 0

    It was the end.

    1. Re:And in the beginning by Z00L00K · · Score: 1

      And then fill in a lot of notes with cryptic texts and obscure web addresses that don't lead anywhere.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    2. Re:And in the beginning by Anonymous Coward · · Score: 0

      The web addresses should lead to goatse.

    3. Re:And in the beginning by beastofburdon · · Score: 1

      And the occasional RickRoll.

  2. RIP by Anonymous Coward · · Score: 1

    RIP Evernote!

    1. Re:RIP by pr0fessor · · Score: 2

      as if anyone ever read privacy policies...

    2. Re:RIP by zopper · · Score: 4, Informative

      The article is FUD. If any of you really read the change directly from Evernote... "If you want to opt out, you can do so in your account settings, and our engineers won't look at your data to improve the service." Evernote clearly states you CAN OPT OUT and the only thing you loose is the machine learning thing. So everything is going to be like now for you.

    3. Re:RIP by Darinbob · · Score: 1

      Why not encrypt the notes? People are suddenly amazed and shocked that when they put unecrypted data into the "cloud" that other people can look at it? This is not the 90s with noobs on AOL, we should all be assuming that the internet is a dangerous minefield and to tread slowly and carefully while there.

  3. Cloud services should be renamed by QuietLagoon · · Score: 1, Insightful

    Maybe a better name would be Looking Glass services.

    1. Re: Cloud services should be renamed by Anonymous Coward · · Score: 0

      SkyNet ... clear as day view into everything you by anyone!

    2. Re: Cloud services should be renamed by Anonymous Coward · · Score: 3, Insightful

      That's exactly right. As we see, any promises made in the terms of service and privacy policies aren't worth the electrons they're written on and we should have no expectation of privacy in our cloud accounts.

      We, the consumer, are just cattle to be exploited.

    3. Re: Cloud services should be renamed by Anonymous Coward · · Score: 1

      What you fail to understand is that YOU are not the actual customer.

      If you are not paying for the service -- and I mean REALLY paying for it, as in "paying your full share of the actual cost of providing the service to you" -- then you are NOT the customer. You are the PRODUCT, which is being sold to whoever IS paying for the cost of providing the service. What, did you think Evernote, Twitter, Facebook, etc. were charitable non-profit organizations or something? You really think they're somehow obligated to give you their services for free with no expectation of any return whatsoever?

      TANSTAAFL. There Ain't No Such Thing As A Free Lunch. SOMEONE is paying for it.

    4. Re: Cloud services should be renamed by mlts · · Score: 2

      I was paying for it, mainly so I can use multiple devices and upload larger documents. Keyword is "was". At least exporting your stuff isn't too hard (install their app, dump your notebooks, delete, flush trash can.)

      Wish there is something for Android that would store notes locally and sync them to one's own Dropbox, GDrive, or other account, preferably encrypted... only thing it seems that does is Apple's Notes app.

    5. Re: Cloud services should be renamed by QuietLagoon · · Score: 2

      ...You are the PRODUCT, which is being sold ...

      That is the business model that was used by print magazines. Subscription costs did not cover the cost of publishing, ad costs did. The purchasers of ad space were buying access to the eyeballs of the subscribers, and paying for the publication of the magazine.

    6. Re: Cloud services should be renamed by skegg · · Score: 1

      I used to use MyPhoneExplorer to sync my Android phone with my Windows desktop. There's a corresponding desktop client. Worked very well.

      You could then use something like Duplicati to sync with a cloud provider. I use it to backup to my own server over SSH.

    7. Re: Cloud services should be renamed by Applehu+Akbar · · Score: 1

      No, you're a user who is trading off a known amount - the amount being what you put into unencrypted Evernote - of privacy in return for free use of software.

    8. Re: Cloud services should be renamed by AmiMoJo · · Score: 1

      dump your notebooks, delete, flush trash can

      Dude... That's... That's not the trashcan. No wonder it's always blocked.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Machine learning? by Anonymous Coward · · Score: 4, Insightful

    What possible legitimate use have a company that is in the business of storring small text files on behalf of their customers of machine learning? None! That's all, they are not providing any other service nor their customers are asking them to!

    1. Re:Machine learning? by Desler · · Score: 1

      It's a easy way to bilk VCs of money.

    2. Re:Machine learning? by AmiMoJo · · Score: 1

      They are trying to complete with other providers of similar services, like Google Keep. They offer automatic transcription, so for example if you take a photo of a document or object with text on it, that text will be OCRed and make searchable.

      To improve those services it is vital to have a large amount of test data. When the automated system makes a mistake it will need to be examined and corrected by a human, hence the need for staff to see user's data. In fact many other companies already do this, with varying degrees of anonymization applied before the employee gets the image. Of course, if the image contains a name, address, email or photo then the anonymization isn't very successful.

      The real issue here is that they made it mandatory with no opt-out. Best practice is to have an opt-in checkbox presented to the user with clear wording.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. What note solution? by cfalcon · · Score: 2

    This is stupid, of course, but what's the replacement?

    I'd love a solution that could work on an Apple phone or a Linux box, and sync via a method that isn't viewable to naughty employees, as evernote is quickly becoming. Even throwing away the hard part of that requirement (Linux), what solutions are there really in this space?

    1. Re: What note solution? by Anonymous Coward · · Score: 2, Informative

      After Evernote failed to fix some other issues earlier this year I switched to One Note and have been happy with it. Much better text editing and solid cross-platform support.

    2. Re: What note solution? by Anonymous Coward · · Score: 0

      An almost uncountable number of Web services that let you store text server side and pull it back via some Web interface. I typically jut use email. Of course I don't know if Evernote has fancy markup/interaction support. Hell, you could even use git/svn. All sorts of options.

    3. Re:What note solution? by Anonymous Coward · · Score: 1

      One Note

    4. Re:What note solution? by 110010001000 · · Score: 5, Insightful

      There is a note solution I use called "Sticky"

    5. Re:What note solution? by Quince+alPillan · · Score: 4, Informative

      Google Keep?

    6. Re:What note solution? by kaustik · · Score: 4, Informative

      There is this. Open source, encrypted, similar to Evernote. My concern is that I would dump all my data here and the kind folks running the project would move on to something else.

    7. Re:What note solution? by Anonymous Coward · · Score: 0, Insightful

      So you think that with a couple hundred employees, many of which would not have this access at all (accounting, marketing, sales, low-level peons, designers, customer service, reception, etc), and over 200 million users that your notes are going to get read? Very unlikely. No different than your email. It can be read by the server administrator. I was accused more than once by co-workers that we in IT read their email. We don't, we don't have time and don't give a shit, unless their boss asked us to.

      If you think ANY cloud service is going to offer real, true privacy, you're not living in reality. That is just not today's reality, maybe in the future, but surely not today.

    8. Re:What note solution? by OhPlz · · Score: 2

      The search feature is abysmally slow, and don't even get me started on the weak handwriting recognition!

    9. Re:What note solution? by kaustik · · Score: 1

      Perhaps you weren't able to read the actual announcement from Evernote. They state that employees WILL be manually reading the notes, in order to improve their machine learning capabilities.

      These are human beings reading confidential material. Abuse is incredibly likely.

      From the FAQ:
      "This is primarily to make sure that our machine learning technologies are working correctly, in order to surface the most relevant content and features to you. While our computer systems do a pretty good job, sometimes a limited amount of human review is simply unavoidable in order to make sure everything is working exactly as it should."

    10. Re:What note solution? by Anonymous Coward · · Score: 0

      There is deadnote on the onion network. You can get software on Linux, Windows, Android, and Ios to access the onion network then use the site from anywhere.

    11. Re:What note solution? by admin7087 · · Score: 1

      If I didn't already own a notebook and a pencil, I would probably use a single text file on a shared free Mega disk and access it with Emacs.

    12. Re:What note solution? by Just+Some+Guy · · Score: 2

      I self-host. There are a couple of good options that way:

      • If you have a Synology NAS, you can install Note Station which is basically Evernote but stored on your own server. It has nice (and free) iOS apps, and an Android app that I haven't used. There's no desktop app yet but it does have a nice web interface. This is probably the easiest drop-in replacement for Evernote - if you have a Synology.
      • If you're in the Apple ecosystem, I love DEVONthink Pro Office (DTPO). It's not so much a note app as a personal knowledge repository. My home ScanSnap scanner deposits docs directly into my DTPO inbox and OCRs them so they're fulltext searchable. It also has a nice UI for creating your own notes, spreadsheets, etc. directly in the app, and great system integrations to make it easy to save data from almost any app into it. It has amazing AI classification stuff, so it can automatically file things that look like invoices into my "Invoices" folder. It has a new iOS app that syncs to it, either via local Wi-Fi peer-to-peer or through your own WebDAV server (with end-to-end encryption so you don't have to trust your storage provider).

      Of those two, I prefer DTPO as it's more mature and already does everything imaginable. Note Station is pretty good today, too, and has a lot of promise. Either one will move your data to being 100% in your own control and I like that a lot.

      --
      Dewey, what part of this looks like authorities should be involved?
    13. Re:What note solution? by CrashNBrn · · Score: 2

      I researched this the last time Evernote bumped their prices by 40%+

      Pim Software

      1. EssentialPIM – Personal Information Manager for Windows, iOS and Android
      2. Efficcess - Free Personal Information Manager (PIM) Software

      Notes Organizer - Google Search

      1. Notes Organizer - The Official Home of AlfaPad - PIM
      2. TreeDBNotes Free PIM, Notes organizer, Document manager software
      3. TreeDBNotes Pro: Personal Information Manager, Notes Organizer, Contact Manager, Password manager, Task manager
      4. TreeNotes - Notes Manager, Notes Organizer for Windows - Notes in tree - Free trial
      5. WhizFolders, Notes Organizer and Outliner for Windows
      6. Treepad: Personal Information Manager, Notes Organizer, Word Processor, PIM, Database and more!

      They all have better pricing than Evernote. Efficcess has a Lifetime license for 99.95, as well as Business|Enterprise options.

      Most of the purely free options that I skimmed through don't support rich-text or embedding images.

    14. Re:What note solution? by Anonymous Coward · · Score: 0

      I think Synology has some NAS solutions and apps that might do some of this functionality. In that case you own the storage and network infrastructure. I don't know that it would be as easy or as convenient. I have a Synology NAS but I don't use it for cloud syncing. It does have some cloud apps for media and wiki apps.

      As someone else said 'One Note'. That's what I actually use. My use case for this kind of tool is only for work and they paid for the license. As MS pushes Office365 and suggests companies put all their crown jewels and internal communications on Microsoft's servers. I can see both a competitive conflict of interest as well as free pickings for governments, hackers, and I'm sure MS "needs" telemetry and probably does the same thing as EverNote but has some better wording to mask it in their TOS/EULA.

    15. Re:What note solution? by tattood · · Score: 1

      You could always rent a small AWS instance and run your own turtl server.

      --
      WTB [sig], PST!!!
    16. Re:What note solution? by 0100010001010011 · · Score: 1

      If you only need to save text, Self hosted Etherpad behind NGINX for authentication.

    17. Re:What note solution? by bobm · · Score: 1

      It appears that QNAP NAS also support note station. I haven't installed it yet but since I just deactivated my Evernote account I guess it's my next step.

      I stopped paying for evernote when I had to do a restore and all of my notes went into one folder.

      Since then I use a combination of Pocket and email, note perfect and hopefully Note Station will be a decent solution.

    18. Re:What note solution? by Just+Some+Guy · · Score: 1

      Give a shot. Worst case: you decide it sucks and continue looking for a good replacement. I still prefer DTPO, but if you already have the ability to run Note Station it's definitely worth a close look.

      --
      Dewey, what part of this looks like authorities should be involved?
    19. Re: What note solution? by Anonymous Coward · · Score: 0

      Lol. So your notes say pregnancy test for the wife.

      They start showing ads for DYI abortion and how to push the wife down the stairs, the right way.

    20. Re:What note solution? by Applehu+Akbar · · Score: 1

      "I'd love a solution that could work on an Apple phone..."

      The aforementioned Notes app. You can sync the phone app data, should you use the dreaded Cloud, with Notes on your other Apple devices and computers.

    21. Re:What note solution? by thegarbz · · Score: 1

      I lost all my sticky notes when my house burnt down*.

      * It didn't really but you're an idiot for suggesting sticky notes to people who specifically moved away from them with a better solution.

    22. Re:What note solution? by AmiMoJo · · Score: 1

      OneNote isn't bad, and you can make it use a local file that you think sync manually (I use encrypted cloud storage with my own key). There are apps for Android and I think iOS, maybe even Windows Phone.

      The companion Office Lens app is pretty good too. Photograph a sheet of paper, a book, a label or whatever and it will automatically neaten it up into a nice, perspective free scan and OCR it. There are other apps which claim to do the same, but they are not as good.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    23. Re:What note solution? by Anonymous Coward · · Score: 0

      That is just not today's reality, maybe in the future, but surely not today.

      You can say that all you want but it doesn't make it any more true. There are internet (stop saying "cloud", newb) services that focus on privacy, though you are obviously unaware of them.

    24. Re:What note solution? by perlancar · · Score: 1

      Keep is fine, except that there is only a single level of undo. I've managed to lose my edits a couple of times because of this.

  6. Yes feed me more by Anonymous Coward · · Score: 0

    Slurp slurp slurp.

    All your data is ours.

    We will analyse and profit from it.

    Resistance is futile.

    Slurp slurp slurp.

  7. Well they made my decision for me by TheCastro1689 · · Score: 1

    "The only way to fully protect your privacy is to delete all your notes and close your Evernote account." Easy enough, but I'm confused about the encryption part, can they read those or are they saying it's hackable or that they have a key?

    1. Re:Well they made my decision for me by Overzeetop · · Score: 3, Interesting

      If you believe them - and since you can't audit their code personally you shouldn't - then they cannot decrypt your encrypted notes without brute forcing it. They claim not to store you key: https://help.evernote.com/hc/e... You have to decide whether or not to believe them.

      --
      Is it just my observation, or are there way too many stupid people in the world?
    2. Re:Well they made my decision for me by mlts · · Score: 1

      If one can get access to the notes via some recovery mechanism like an E-mail to an account, a SMS, or other means, then it isn't really secure encryption. With services like Hushmail, if you lose your password, you can reset your account... but you will lose all the contents.

  8. Sounds fine to me by Grishnakh · · Score: 1

    I don't have a problem with this. If you don't like it, don't use Evernote.

    I don't use Evernote, so it's not a problem for me.

    1. Re:Sounds fine to me by Anonymous Coward · · Score: 0

      First they came for the Evernote users, and I did not speak out---
      Because I was not an Evernote user

    2. Re:Sounds fine to me by Grishnakh · · Score: 1

      Exactly. Screw them. No one is forcing you to be an Evernote user, or a user of any cloud service for that matter. There's not even any kind of monopoly effect going on here; no one really *needs* Evernote, and there's a ton of competitors anyway.

      People who continue to give their support to shitty companies like this is the whole reason these companies get away with their shenanigans.

      The only good thing here is that their actions are being publicized here, so that interested customers can leave. We'll see if it actually makes a difference, but I doubt it. People these days seem to be dead-set on continuing to patronize companies that treat them badly, so I doubt there'll be any significant defection.

  9. CAN by Anonymous Coward · · Score: 0

    Starting next year, they CAN access your data. Prior to 23 January 2017, they COULD not access your data.

    Does this place even bother hiring editors anymore?

    1. Re:CAN by fisted · · Score: 1

      Starting next year, they MAY access your data. Prior to 23 January 2017, they COULD [] access your data.

      FTFY. It's delusional to assume the people who run the damn service were somehow magically unable to access their own damn files.

      --
      CLI paste? paste.pr0.tips!
  10. There isn't one online by Overzeetop · · Score: 2

    There isn't a single cloud service provider with both open source software and zero knowledge servers, so right off the bat you're looking at rolling your own if you want any semblance of privacy/security. If you're not hosting it, or didn't write (or at least fully audit) the pre-uploading encryption, what ever you choose will be no more secure than pinning your notes to the wall of the local courthouse. You could pay someone like Rackspace to make something from scratch for you, but unless you can audit their code, you still don't really have any control and every good programmer will put in a back door so that they can monitor and verify things are running smoothly - the perfect vector for someone to steal your stuff.

    --
    Is it just my observation, or are there way too many stupid people in the world?
    1. Re:There isn't one online by Darinbob · · Score: 1

      Why not encrypt the data?

    2. Re:There isn't one online by Anonymous Coward · · Score: 0

      There isn't a single cloud service provider with both open source software and zero knowledge servers

      This claims to do just that: https://turtlapp.com/

  11. Migration path? by layabout · · Score: 3, Insightful

    I've tried Google keep, Microsoft one note, personal wikis but nothing seems to function as well as Evernote. The ability to access the same data, without explicit synchronization steps on tablet, phone, and laptop is a core value of Evernote. What's the alternative?

    1. Re:Migration path? by Anonymous Coward · · Score: 0

      The ability to access the same data, without explicit synchronization steps on tablet, phone, and laptop is a core value of Evernote. What's the alternative?

      A text file on a server you fully own and physically control.

    2. Re:Migration path? by spire3661 · · Score: 1

      You are trading security for convenience. The alternative is to do it the traditional way with pen, paper and a scanner attached to an open source computer/network None of these programs respect your privacy, at all, for even one second. I see no point in using them for anything

      --
      Good-bye
    3. Re:Migration path? by Wraithlyn · · Score: 1

      Check out Simplenote.

      If you just want text, it's perfect.

      --
      "Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
    4. Re:Migration path? by Anonymous Coward · · Score: 1

      Keep does everything you're calling out as important. It's not as robust a product for sure, but it syncs great.

    5. Re:Migration path? by Anonymous Coward · · Score: 0

      DokuWiki on a server you control, with appropriate plugins like the encryption and todo plugin, is probably the most like Evernote. The default template is very responsive to tablet, phone, and screen layouts. You can also set up niceties like being able to e-mail info to pages, like in Evernote Premium. The biggest downside is lack of a WYSIWYG editor, unfortunately.

    6. Re:Migration path? by Anonymous Coward · · Score: 0

      Aaaand it's on google app engine. balls
      can't use it in here..

    7. Re:Migration path? by irrational_design · · Score: 1

      This looks good. The two main problems I see are 1. There isn't a way that I can see to group notes into "folders" and 2. There isn't a way that I can see to export/backup all of my notes (that is, I want a zip file of all of my notes in a non-proprietary text format).

    8. Re:Migration path? by Anonymous Coward · · Score: 0

      As mentioned in a comment above: Turtl - A secure, encrypted, Free, free, Evernote alternative.

      https://turtlapp.com/

    9. Re:Migration path? by Anonymous Coward · · Score: 1

      I moved to ColorNote. Works well on Android. Encrypts before syncing to the cloud. The only drawback is that the sync function uses gmail or facebook authentication. Works very well for notes and lists. Permissions required are minimal. Can be downloaded from 3rd party apk sites or google market or windows market for w8.

      http://www.androiddrawer.com/24549/download-colornote-notepad-notes-app-apk/

    10. Re:Migration path? by Bourdain · · Score: 1

      (1) you could use tags if you want which would function as well if not better than folders

      (2) the api seemingly allows one to export your notes pretty easily at least with the windows client (resophnotes)

      I've been using simplenote for years with resophnotes as my primary client and it automatically syncs with my iOS version on my phone so I can research things in a pinch

      I use it as a sort of knowledgebase where any individual idea or thing I'd want to come back to gets its own note (plus I have some scripts to generate a header/name for each note automatically so it sorts in my desired way...) I have around 1100 notes now

      I used to use evernote before mobile devices became a thing and the new version was too slow for me to tolerate it

    11. Re:Migration path? by Anonymous Coward · · Score: 0

      I never saw the point in any of them.

    12. Re:Migration path? by Anonymous Coward · · Score: 0

      Simple Notes is better. Nice, clean, no ads, no IAPs, no spyware/telemetry, no cloud dependency, no permissions required and free of cost. There are too few applications like that these days.

  12. Final Straw by Anonymous Coward · · Score: 0

    Whelp, that's the final straw for me with Evernote. Constant bombarding to connect via social media, upgrade the account, limiting how many devices you can use it on (got a phone AND a tablet? Well screw you!), and now this? Deleted and done.

  13. This is not true! by tommyjcarpenter · · Score: 4, Informative

    The article says "The only way to fully protect your privacy is to delete all your notes and close your Evernote account." Evernote comes with built in encryption, you just have to use it: https://help.evernote.com/hc/e... Moreover, evernote warns you "WARNING: We do not store a copy of your encryption key. If it is forgotten by you, your note is lost forever". So it is NOT true what this article says!

    1. Re:This is not true! by ColdWetDog · · Score: 1

      Enter a passphrase into the form. You will need to enter this passphrase whenever you attempt to decrypt this text. Do not forget this passphrase because Evernote does not store this information anywhere.

      Sounds really user friendly. Typing in a passphrase every time I want to read a note.

      No thanks.

      I liked Evernote in the beginning but they've been getting more and more obnoxious as time rolls on. Interstitial ads? On a paid subscription?

      Bye.

      --
      Faster! Faster! Faster would be better!
    2. Re:This is not true! by OrangeTide · · Score: 1

      If a note is not encrypted you might as well assume it is being read by someone you don't know.
      So I fail to see the BFD.

      --
      “Common sense is not so common.” — Voltaire
    3. Re:This is not true! by Hognoxious · · Score: 1

      evernote warns you "WARNING: We do not store a copy of your encryption key. If it is forgotten by you, your note is lost forever"

      Well if that's what they say it must be true!

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    4. Re:This is not true! by Anonymous Coward · · Score: 0

      Jokes on Evernote. I have several dozen unencrypted notes and each one is an ASCII goatse or penis bird

    5. Re:This is not true! by The+MAZZTer · · Score: 1

      Sooo how exactly do you log into your Slashdot account again?

    6. Re:This is not true! by OhHellWithIt · · Score: 1

      TFA also says, in the quotation from the Evernote privacy policy, that customers can turn off the machine learning that is the reason for the employee access by disabling it in the account settings. I just did that with no problem at all.

      If one is serious about security, though, then why would he/she trust any cloud provider's encryption?

      --
      "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
  14. Privacy policies by jgullstr · · Score: 1

    No need to read privacy policies. Just check "I agree" and go about your day.

  15. add more hype please. by zlives · · Score: 1

    Cloud... Disrupted

  16. Goodbye Evernote by Ziest · · Score: 1

    Just deleted my account.

    --
    Another day closer to redwood heaven
  17. Sync to your own Server or OwnCloud? by Zombie+Ryushu · · Score: 1

    Is there a way the application can be reconfigured to talk to your own Domain Controllers or OwnCloud server?

  18. 2 devices by irrational_design · · Score: 1

    Ever since the recent change to only allowing two devices to access a free account I have been meaning to switch my notes. This is just accelerating that need.

  19. the consumer cloud kinda sucks by anthony_greer · · Score: 1

    "Cloud" services can be done very securely, look at any number of business/enterprise services from MS, Amazon, Oracle, SAP or any of a dozen other vendors. Its sad that the consumer end of the cloud is such a joke security wise. look at the past few months, this and the the yshoo FBI search thing are great examples of how piss poor the consumer cloud is. It doesnt have to be this way. We need a secure consumer cloud.

  20. Another nice one :) by Idisagree · · Score: 1

    https://github.com/Laverna/lav...

    Laverna is a JavaScript note taking application with Markdown editor and encryption support. Consider it like open source alternative to Evernote. https://laverna.cc/index.html

  21. Article is FUD by asvravi · · Score: 4, Informative

    I use Evernote software extensively. I actually took the time out to read both old and new privacy policies and their FAQ closely as soon as I got the email from Evernote.

    The article and the Slashdot summary are, as usual, best described as FUD. They make it seem as if Evernote is compromising privacy and making it impossible to opt out of. Nothing can be farther from the truth. The change being made now is to include an additional reason for Evernote employees to access my notes - and that is to verify that the machine learning is working as intended. This change can be entirely opted out of by unchecking an option in the client. The thing that is not possible to opt out of is, other circumstances and reasons for which Evernote employees access my data, which was already in the old policy and continues unchanged in the new policy. That relates to things like legal obligations, troubleshooting, TOS violations and protecting users against malware etc, which are the norm at any service provider.

    See for yourself under "Do Evernote Employees Access or Review My Notes?"
    Old policy
    New policy

    In fact, Evernote has some of the the most transparent and clear privacy and security policies I have ever seen among online service providers.
    1. It is in the form of Q & A
    2. The crux of it is in the form of clear tables with "We collect" and "Why we collect it" columns.
    3. It is very comprehensive, dealing with all imaginable aspects of privacy and security

    Not only did Evernote provide a very clear update on the upcoming changes, they also allowed a well advertised opt-out (although an opt-in would have been better). They also have an 800 word FAQ to specifically clarify the changes and my options here. They are also clear about not using my data for other purposes. From their 3 laws of data protection -

    Our business model is old-fashioned: we only make money when you decide to pay us for a great product. This means that trust is our biggest asset and keeping your data private is fundamental

    .
    I couldn't have asked for anything better.

    1. Re:Article is FUD by Anonymous Coward · · Score: 0

      Nothing better?

      I politely disagree. You could have asked for content to be encrypted before it is uploaded to online storage.

    2. Re:Article is FUD by LordWabbit2 · · Score: 1

      Which is an option you can choose as well, AND they don't keep a copy of your key, so they definitely cannot access it.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    3. Re: Article is FUD by Anonymous Coward · · Score: 0

      Evernote and similar cloud services are damned if they do, damned if they son't.

      They have to add value and that value usually is OCR, handwriting recognition, image recognition, text indexing. None of those work with client side encryption and without those features no one would pay for the service.

  22. I wonder ... by Alain+Williams · · Score: 1

    if this is a warning by subterfuge ... maybe someone at evernote has got fed up with the FBI/... demanding that customer notes be secretly turned over to them and added this to show that anything unencrypted should not be assumed to be private. Maybe/maybe-not.

  23. What Can Evernote Do To Hurt You? by Anonymous Coward · · Score: 0

    If you're not a criminal or doing criminal things, why does everyone care so much about keeping Evernote employees out of your notes? What could you possibly have on them that matters?

    Bad employee selling my notes off for identity theft / phishing I suppose? Is there any other reason OMG PRIVACY is so important?

    I am a boring old dad I suppose, but I don't get this whole world jump onto privacy being important. Why is this Evernote change a big deal to most of us?

  24. gaping asshole rape services by Anonymous Coward · · Score: 0

    Naw, gaping asshole rape services, that's what they are...

  25. who keeps their passwords in this... by Anonymous Coward · · Score: 0

    me..... damn.

  26. It still seems VERY abusive to me. by Futurepower(R) · · Score: 3, Insightful

    They know most people won't understand that.

  27. Was on the Fence About Confluence by Anonymous Coward · · Score: 0

    Mainly because I've already been using evernote for years on my desktop. Thanks evernote for making my decision going forward so easy! You really were helpful the entire time