Slashdot Mirror

← Back to Stories (view on slashdot.org)

Starting Next Year, Evernote Employees Could Access Your Unencrypted Notes (betanews.com)

Posted by msmash on from the privacy-woes dept.

Mark Wilson, reporting for BetaNews: Evernote has published an update to its Privacy Policy, revealing that as of 23 January 2017, employees will be able to access unencrypted notes. The change is being wheeled in because of the apparent failings of machine learning. Perhaps more worrying is the fact that Evernote says that it is not possible to opt out of having employees possibly accessing your unencrypted notes. The only way to fully protect your privacy is to delete all your notes and close your Evernote account. The update to the Privacy Policy starts off sounding fairly innocuous: "The latest update to the Privacy Policy allows some Evernote employees to exercise oversight of machine learning technologies applied to account content, subject to the limits described below, for the purposes of developing and improving the Evernote service."

20 of 98 comments (clear)

  1. Machine learning? by Anonymous Coward · · Score: 4, Insightful

    What possible legitimate use have a company that is in the business of storring small text files on behalf of their customers of machine learning? None! That's all, they are not providing any other service nor their customers are asking them to!

  2. What note solution? by cfalcon · · Score: 2

    This is stupid, of course, but what's the replacement?

    I'd love a solution that could work on an Apple phone or a Linux box, and sync via a method that isn't viewable to naughty employees, as evernote is quickly becoming. Even throwing away the hard part of that requirement (Linux), what solutions are there really in this space?

    1. Re: What note solution? by Anonymous Coward · · Score: 2, Informative

      After Evernote failed to fix some other issues earlier this year I switched to One Note and have been happy with it. Much better text editing and solid cross-platform support.

    2. Re:What note solution? by 110010001000 · · Score: 5, Insightful

      There is a note solution I use called "Sticky"

    3. Re:What note solution? by Quince+alPillan · · Score: 4, Informative

      Google Keep?

    4. Re:What note solution? by kaustik · · Score: 4, Informative

      There is this. Open source, encrypted, similar to Evernote. My concern is that I would dump all my data here and the kind folks running the project would move on to something else.

    5. Re:What note solution? by OhPlz · · Score: 2

      The search feature is abysmally slow, and don't even get me started on the weak handwriting recognition!

    6. Re:What note solution? by Just+Some+Guy · · Score: 2

      I self-host. There are a couple of good options that way:

      • If you have a Synology NAS, you can install Note Station which is basically Evernote but stored on your own server. It has nice (and free) iOS apps, and an Android app that I haven't used. There's no desktop app yet but it does have a nice web interface. This is probably the easiest drop-in replacement for Evernote - if you have a Synology.
      • If you're in the Apple ecosystem, I love DEVONthink Pro Office (DTPO). It's not so much a note app as a personal knowledge repository. My home ScanSnap scanner deposits docs directly into my DTPO inbox and OCRs them so they're fulltext searchable. It also has a nice UI for creating your own notes, spreadsheets, etc. directly in the app, and great system integrations to make it easy to save data from almost any app into it. It has amazing AI classification stuff, so it can automatically file things that look like invoices into my "Invoices" folder. It has a new iOS app that syncs to it, either via local Wi-Fi peer-to-peer or through your own WebDAV server (with end-to-end encryption so you don't have to trust your storage provider).

      Of those two, I prefer DTPO as it's more mature and already does everything imaginable. Note Station is pretty good today, too, and has a lot of promise. Either one will move your data to being 100% in your own control and I like that a lot.

      --
      Dewey, what part of this looks like authorities should be involved?
    7. Re:What note solution? by CrashNBrn · · Score: 2

      I researched this the last time Evernote bumped their prices by 40%+

      Pim Software

      1. EssentialPIM – Personal Information Manager for Windows, iOS and Android
      2. Efficcess - Free Personal Information Manager (PIM) Software

      Notes Organizer - Google Search

      1. Notes Organizer - The Official Home of AlfaPad - PIM
      2. TreeDBNotes Free PIM, Notes organizer, Document manager software
      3. TreeDBNotes Pro: Personal Information Manager, Notes Organizer, Contact Manager, Password manager, Task manager
      4. TreeNotes - Notes Manager, Notes Organizer for Windows - Notes in tree - Free trial
      5. WhizFolders, Notes Organizer and Outliner for Windows
      6. Treepad: Personal Information Manager, Notes Organizer, Word Processor, PIM, Database and more!

      They all have better pricing than Evernote. Efficcess has a Lifetime license for 99.95, as well as Business|Enterprise options.

      Most of the purely free options that I skimmed through don't support rich-text or embedding images.

  3. There isn't one online by Overzeetop · · Score: 2

    There isn't a single cloud service provider with both open source software and zero knowledge servers, so right off the bat you're looking at rolling your own if you want any semblance of privacy/security. If you're not hosting it, or didn't write (or at least fully audit) the pre-uploading encryption, what ever you choose will be no more secure than pinning your notes to the wall of the local courthouse. You could pay someone like Rackspace to make something from scratch for you, but unless you can audit their code, you still don't really have any control and every good programmer will put in a back door so that they can monitor and verify things are running smoothly - the perfect vector for someone to steal your stuff.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  4. Migration path? by layabout · · Score: 3, Insightful

    I've tried Google keep, Microsoft one note, personal wikis but nothing seems to function as well as Evernote. The ability to access the same data, without explicit synchronization steps on tablet, phone, and laptop is a core value of Evernote. What's the alternative?

  5. Re:Well they made my decision for me by Overzeetop · · Score: 3, Interesting

    If you believe them - and since you can't audit their code personally you shouldn't - then they cannot decrypt your encrypted notes without brute forcing it. They claim not to store you key: https://help.evernote.com/hc/e... You have to decide whether or not to believe them.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  6. This is not true! by tommyjcarpenter · · Score: 4, Informative

    The article says "The only way to fully protect your privacy is to delete all your notes and close your Evernote account." Evernote comes with built in encryption, you just have to use it: https://help.evernote.com/hc/e... Moreover, evernote warns you "WARNING: We do not store a copy of your encryption key. If it is forgotten by you, your note is lost forever". So it is NOT true what this article says!

  7. Re: Cloud services should be renamed by Anonymous Coward · · Score: 3, Insightful

    That's exactly right. As we see, any promises made in the terms of service and privacy policies aren't worth the electrons they're written on and we should have no expectation of privacy in our cloud accounts.

    We, the consumer, are just cattle to be exploited.

  8. Re:RIP by pr0fessor · · Score: 2

    as if anyone ever read privacy policies...

  9. Re: Cloud services should be renamed by mlts · · Score: 2

    I was paying for it, mainly so I can use multiple devices and upload larger documents. Keyword is "was". At least exporting your stuff isn't too hard (install their app, dump your notebooks, delete, flush trash can.)

    Wish there is something for Android that would store notes locally and sync them to one's own Dropbox, GDrive, or other account, preferably encrypted... only thing it seems that does is Apple's Notes app.

  10. Re: Cloud services should be renamed by QuietLagoon · · Score: 2

    ...You are the PRODUCT, which is being sold ...

    That is the business model that was used by print magazines. Subscription costs did not cover the cost of publishing, ad costs did. The purchasers of ad space were buying access to the eyeballs of the subscribers, and paying for the publication of the magazine.

  11. Article is FUD by asvravi · · Score: 4, Informative

    I use Evernote software extensively. I actually took the time out to read both old and new privacy policies and their FAQ closely as soon as I got the email from Evernote.

    The article and the Slashdot summary are, as usual, best described as FUD. They make it seem as if Evernote is compromising privacy and making it impossible to opt out of. Nothing can be farther from the truth. The change being made now is to include an additional reason for Evernote employees to access my notes - and that is to verify that the machine learning is working as intended. This change can be entirely opted out of by unchecking an option in the client. The thing that is not possible to opt out of is, other circumstances and reasons for which Evernote employees access my data, which was already in the old policy and continues unchanged in the new policy. That relates to things like legal obligations, troubleshooting, TOS violations and protecting users against malware etc, which are the norm at any service provider.

    See for yourself under "Do Evernote Employees Access or Review My Notes?"
    Old policy
    New policy

    In fact, Evernote has some of the the most transparent and clear privacy and security policies I have ever seen among online service providers.
    1. It is in the form of Q & A
    2. The crux of it is in the form of clear tables with "We collect" and "Why we collect it" columns.
    3. It is very comprehensive, dealing with all imaginable aspects of privacy and security

    Not only did Evernote provide a very clear update on the upcoming changes, they also allowed a well advertised opt-out (although an opt-in would have been better). They also have an 800 word FAQ to specifically clarify the changes and my options here. They are also clear about not using my data for other purposes. From their 3 laws of data protection -

    Our business model is old-fashioned: we only make money when you decide to pay us for a great product. This means that trust is our biggest asset and keeping your data private is fundamental

    .
    I couldn't have asked for anything better.

  12. Re:RIP by zopper · · Score: 4, Informative

    The article is FUD. If any of you really read the change directly from Evernote... "If you want to opt out, you can do so in your account settings, and our engineers won't look at your data to improve the service." Evernote clearly states you CAN OPT OUT and the only thing you loose is the machine learning thing. So everything is going to be like now for you.

  13. It still seems VERY abusive to me. by Futurepower(R) · · Score: 3, Insightful

    They know most people won't understand that.