Slashdot Mirror
Evernote Reverses Course On Opt-out Privacy Policy That Would've Exposed Users' Content To Employees (venturebeat.com)
Evernote has withdrawn planned changes to its privacy policy that would have permitted some employees to view the content of users' note, as the company works on new features that rely on machine-learning technology. From a report on VentureBeat: The company caused an uproar earlier this week when news emerged of the pending changes, which were due to take effect on January 23. Even if users were to opt out of allowing their information to be viewed by employees, the planned changes drew attention to the company's existing policy that permitted employees to look at users' content "for other reasons stated in our Privacy Policy," which included quite a few vague reasons, including "to maintain and improve the service." Evernote CEO Chris O'Neill issued an apology of sorts yesterday for the company's "poor communication" around the policy, and pointed out that users' information would be anonymized. But today the company has gone one step further by announcing that it's no longer implementing the planned changes in their current form
.
I already deleted my account and uninstalled the apps.
Knock yourself out. That's all I use Evernote for. I'll even save you the effort, here is this week's sorted by store and store location: Plan: A steak & lobster B black bean soup C chicken pizzaiola (70) Need: sandpaper soy sauce cereal B chorizo B dry black beans C 2 oz pepperoni C 2 cans tomato sauce A broccoli A lobster tail C 1.5 lb chicken tits wasabi eggs milk hash browns C 4 oz mozzarella avocados garam masala
That's right, lets all breathe a sigh of relief. No changes will be made, to include any effort by users to actually secure the unecrypted notes at the heart of this "privacy" issue.
Users were actually in some kind of uproar about employees reading their cleartext data synced to the cloud...cue the irony.
Rarely used it since Notes.app was released by Apple
Deleted all my notes and deactivated my account like they said I'd have to if I didn't want them molesting what little data I entrusted them with
I can't believe this is a sincere change of heart and more of a business decision because of the negative press, like a child who apologizes for something just because their parent forces them to. Personally the damage is already done; I'm not using Evernote anymore, and the service was not unique nor vital to my life so it's a minor inconvenience at most.
They're not sorry they wanted to do it, they're sorry you found out. They haven't stopped wanting the data for whatever partner they plan to sell it to. Even if it is harmless and everyone else is already doing it, bad PR is a bitch.
They SAY they reversed their policy, but how are you gonna prove it?
I like Evernote a lot. It's worked very well for me and the few problems I've had over the years were resolved relatively quickly by support.
That said, I think the software was finished a while ago. I wish they would stop adding new features, make the company way, way smaller, and just polish and refine the core product. Everything that isn't the core product should be moved to an extension. Lower the development and support costs enough that the company can be profitable by charging users $1 or $2 per month.
Played around with Evernote a few times but I've never been able to figure out how to integrate it into my workflow in a productive fashion. It just seems too clumsy to really be terribly useful. I can't really figure out a good way to use the service. Does anyone out there really find it terribly useful? If so for what?
Since I don't really use it right now I'm not worried about them looking at any non-existent data.
I keep a lot of notes on personal projects I do in kind of a 'journal'-like fashion on Evernote. What I use it for isn't awesome, it's just nice, convenient and it worked nicely in browser and mobile form. All the fucking while, we all know what we're giving up when we use 'free' cloud services of any kind. Should assumed neural network or machine learning foo happening under the hood to our data, patterns, habits, ect. be a surprise? No. But I don't like how my whole life is getting digitally profiled for the sake of a few dollars in a CEO's pocket.
Direct re-link from /., but Snowdon did a similar rant that I totally agree, even if it's in regards to cell phone metadata: metadata of any kind is WAY more powerful than you think. I couldn't agree more. I think of all the times at work we mined Apache/Nginx logs coupled with click tracking and what they ordered from our inventory, it was simply amazing with little effort the amount of easily assumed information you could correlate, trend and rightfully assume to try and learn you 'user base' without actually soliciting them, ever. But, where's the line drawn?
Nothing is scared anymore, man.
But they NEED the (I mean your) data!
That they thought it was even an acceptable suggestion in the first place tells me all I need to know. Fuck these arrogant Silicon Valley companies.
The old adage still holds true: don't put anything on the internet that you wouldn't want to see in the newspaper the next morning! Are some paranoid companies still managing their own server farms?
I've abandoned my search for truth; now I'm just looking for some useful delusions.
CEO Chris O'Neill issued an apology of sorts yesterday for the company's "poor communication"
Sorry that was not "poor communication", it was made quite clear what they were intending to do.
It was a shitty idea that backfired on them, and rather than be a man and admit to making a stupid decision he now tries and pretend the idea was misrepresented by using the wrong words.
I've got no time for companies that try and pull this shit, yet another name on the growing list of companies to avoid and never recommend.
(Tries what, exactly?)
I really just don't understand how people like you are able to keep looking at the world that way. I get how someone can make that mistake when they're young, and I get how (if they're stupid) they might repeat it a few times. (I personally might be a little stupid, since I repeated it a few times.) But how someone can be so resistant to learning common sense, even if they are pretty stupid just doesn't make sense to me. Even stupid people ought to be able to learn this:
Security is about capabilities, not intent.
Evernote "tried this" when they designed how the system works and offered it to the public. You "tried this" when you knowingly shared sensitive information with Evernote, in spite of being 100% certain that you were eternally granting them unlimited capabilities with regard to that plaintext information.
Nothing regarding the security or privacy of the information changed when Evernote announced their intent to mine the info, and nothing has changed with their announcement to abstain from doing that. The capabilities remain identical. They weren't threatening to change the deal, because there never was any deal.
So.. you're right to be dumping them. But you are so fucking doing it for the wrong reason. If you were concerned about them using or leaking your information then you wouldn't have given it to them in the first place, or you would have been just as likely to dump them the day before their mining announcement.
People, please fucking stop it. Stop trusting services' intent. Don't trust companies' intent, and don't trust your government's intent. Address capabilities. If you don't want people to have access to information, then fucking deny them the information! Don't give them the information and then hope they pinky swear something. I don't fucking get how people are still making this mistake in 2016. WTF?!
From a capabilities perspective, you didn't dump them for privacy reasons. It sounds to me like you dumped them because they confronted you with the truth: that your notes were totally insecure. You wanted to ignore that, but they publicly mocked every one of their users and laughingly told the world, "look at how much these people want to pretend their notes are secure!"
Had Evernote let you continue to deny the obvious, they'd still have you as a user. Their announcement is what you cared about, since you sure as fuck didn't care about the actual privacy implications. So, you fired them over their announcement. The lesson that you have just taught, will be learned: companies should lie to people about their intents.
Now that you know you are teaching everyone to lie about their intent, can you finally admit that intents are irrelevant and start addressing capabilities? I have a hunch that Evernote isn't the only company you should be firing. Who else are you trusting with your information?
This is why your legal department nags you about using "free" services with which your company doesn't have an enterprise contract.
WHats new?
Notice the sentence at the end of the summary..
"it's no longer implementing the planned changes in their current form."
It reads like they still want the changes, they're just trying to come up with a different way of accomplishing the same thing.
ANY company which does what Evernote did deserves to be judged as harshly as possible
in the court of public opinion. In other words they deserve to go out of business.
I never used Evernote despite being encouraged to do so by some associates who think they
are pretty smart. Those associates are not looking quite so smart now, are they ?
Nope. I'm already working on moving all of my notes out and closing my account. I'm encouraging others to do the same.
Burn these overbearing companies to the ground at the first sign of this kind of bullshit.
I mean literally.
Really, if you can't accept someone looking at your stuff you should maybe rethink this whole storing-it-on-their-servers thing. Why in the world does anyone think a little thing like a privacy policy would stop them? (Not picking on Evernote specifically, the same goes for any online data service.)
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.