Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy

Starting Next Year, Evernote Employees Could Access Your Unencrypted Notes (betanews.com) 98

Mark Wilson, reporting for BetaNews: Evernote has published an update to its Privacy Policy, revealing that as of 23 January 2017, employees will be able to access unencrypted notes. The change is being wheeled in because of the apparent failings of machine learning. Perhaps more worrying is the fact that Evernote says that it is not possible to opt out of having employees possibly accessing your unencrypted notes. The only way to fully protect your privacy is to delete all your notes and close your Evernote account. The update to the Privacy Policy starts off sounding fairly innocuous: "The latest update to the Privacy Policy allows some Evernote employees to exercise oversight of machine learning technologies applied to account content, subject to the limits described below, for the purposes of developing and improving the Evernote service."
This discussion has been archived. No new comments can be posted.

Starting Next Year, Evernote Employees Could Access Your Unencrypted Notes

Comments Filter:
  • by Anonymous Coward

    RIP Evernote!

    • as if anyone ever read privacy policies...

    • Re:RIP (Score:4, Informative)

      by zopper ( 4044367 ) on Wednesday December 14, 2016 @05:25PM (#53486655)
      The article is FUD. If any of you really read the change directly from Evernote... "If you want to opt out, you can do so in your account settings, and our engineers won't look at your data to improve the service." Evernote clearly states you CAN OPT OUT and the only thing you loose is the machine learning thing. So everything is going to be like now for you.
    • Why not encrypt the notes? People are suddenly amazed and shocked that when they put unecrypted data into the "cloud" that other people can look at it? This is not the 90s with noobs on AOL, we should all be assuming that the internet is a dangerous minefield and to tread slowly and carefully while there.

  • Maybe a better name would be Looking Glass services.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      That's exactly right. As we see, any promises made in the terms of service and privacy policies aren't worth the electrons they're written on and we should have no expectation of privacy in our cloud accounts.

      We, the consumer, are just cattle to be exploited.

      • by Anonymous Coward

        What you fail to understand is that YOU are not the actual customer.

        If you are not paying for the service -- and I mean REALLY paying for it, as in "paying your full share of the actual cost of providing the service to you" -- then you are NOT the customer. You are the PRODUCT, which is being sold to whoever IS paying for the cost of providing the service. What, did you think Evernote, Twitter, Facebook, etc. were charitable non-profit organizations or something? You really think they're somehow obligate

        • by mlts ( 1038732 )

          I was paying for it, mainly so I can use multiple devices and upload larger documents. Keyword is "was". At least exporting your stuff isn't too hard (install their app, dump your notebooks, delete, flush trash can.)

          Wish there is something for Android that would store notes locally and sync them to one's own Dropbox, GDrive, or other account, preferably encrypted... only thing it seems that does is Apple's Notes app.

          • by skegg ( 666571 )

            I used to use MyPhoneExplorer [google.com] to sync my Android phone with my Windows desktop. There's a corresponding desktop client [fjsoft.at]. Worked very well.

            You could then use something like Duplicati [duplicati.com] to sync with a cloud provider. I use it to backup to my own server over SSH.

          • by AmiMoJo ( 196126 )

            dump your notebooks, delete, flush trash can

            Dude... That's... That's not the trashcan. No wonder it's always blocked.

        • ...You are the PRODUCT, which is being sold ...

          That is the business model that was used by print magazines. Subscription costs did not cover the cost of publishing, ad costs did. The purchasers of ad space were buying access to the eyeballs of the subscribers, and paying for the publication of the magazine.

        • No, you're a user who is trading off a known amount - the amount being what you put into unencrypted Evernote - of privacy in return for free use of software.

  • Machine learning? (Score:4, Insightful)

    by Anonymous Coward on Wednesday December 14, 2016 @02:33PM (#53485283)

    What possible legitimate use have a company that is in the business of storring small text files on behalf of their customers of machine learning? None! That's all, they are not providing any other service nor their customers are asking them to!

    • by Desler ( 1608317 )

      It's a easy way to bilk VCs of money.

    • by AmiMoJo ( 196126 )

      They are trying to complete with other providers of similar services, like Google Keep. They offer automatic transcription, so for example if you take a photo of a document or object with text on it, that text will be OCRed and make searchable.

      To improve those services it is vital to have a large amount of test data. When the automated system makes a mistake it will need to be examined and corrected by a human, hence the need for staff to see user's data. In fact many other companies already do this, with v

  • by cfalcon ( 779563 ) on Wednesday December 14, 2016 @02:33PM (#53485285)

    This is stupid, of course, but what's the replacement?

    I'd love a solution that could work on an Apple phone or a Linux box, and sync via a method that isn't viewable to naughty employees, as evernote is quickly becoming. Even throwing away the hard part of that requirement (Linux), what solutions are there really in this space?

  • "The only way to fully protect your privacy is to delete all your notes and close your Evernote account." Easy enough, but I'm confused about the encryption part, can they read those or are they saying it's hackable or that they have a key?
  • I don't have a problem with this. If you don't like it, don't use Evernote.

    I don't use Evernote, so it's not a problem for me.

  • Migration path? (Score:4, Insightful)

    by layabout ( 1576461 ) on Wednesday December 14, 2016 @02:48PM (#53485439)
    I've tried Google keep, Microsoft one note, personal wikis but nothing seems to function as well as Evernote. The ability to access the same data, without explicit synchronization steps on tablet, phone, and laptop is a core value of Evernote. What's the alternative?
    • You are trading security for convenience. The alternative is to do it the traditional way with pen, paper and a scanner attached to an open source computer/network None of these programs respect your privacy, at all, for even one second. I see no point in using them for anything
    • Check out Simplenote [simplenote.com].

      If you just want text, it's perfect.

      • This looks good. The two main problems I see are 1. There isn't a way that I can see to group notes into "folders" and 2. There isn't a way that I can see to export/backup all of my notes (that is, I want a zip file of all of my notes in a non-proprietary text format).

        • (1) you could use tags if you want which would function as well if not better than folders

          (2) the api seemingly allows one to export your notes pretty easily at least with the windows client (resophnotes)

          I've been using simplenote for years with resophnotes as my primary client and it automatically syncs with my iOS version on my phone so I can research things in a pinch

          I use it as a sort of knowledgebase where any individual idea or thing I'd want to come back to gets its own note (plus I have some s
    • by Anonymous Coward

      Keep does everything you're calling out as important. It's not as robust a product for sure, but it syncs great.

    • by Anonymous Coward

      I moved to ColorNote. Works well on Android. Encrypts before syncing to the cloud. The only drawback is that the sync function uses gmail or facebook authentication. Works very well for notes and lists. Permissions required are minimal. Can be downloaded from 3rd party apk sites or google market or windows market for w8.

      http://www.androiddrawer.com/24549/download-colornote-notepad-notes-app-apk/

  • This is not true! (Score:4, Informative)

    by Tommy Carpenter ( 4202129 ) on Wednesday December 14, 2016 @02:56PM (#53485531)
    The article says "The only way to fully protect your privacy is to delete all your notes and close your Evernote account." Evernote comes with built in encryption, you just have to use it: https://help.evernote.com/hc/e... [evernote.com] Moreover, evernote warns you "WARNING: We do not store a copy of your encryption key. If it is forgotten by you, your note is lost forever". So it is NOT true what this article says!
    • Enter a passphrase into the form. You will need to enter this passphrase whenever you attempt to decrypt this text. Do not forget this passphrase because Evernote does not store this information anywhere.

      Sounds really user friendly. Typing in a passphrase every time I want to read a note.

      No thanks.

      I liked Evernote in the beginning but they've been getting more and more obnoxious as time rolls on. Interstitial ads? On a paid subscription?

      Bye.

    • evernote warns you "WARNING: We do not store a copy of your encryption key. If it is forgotten by you, your note is lost forever"

      Well if that's what they say it must be true!

    • TFA also says, in the quotation from the Evernote privacy policy, that customers can turn off the machine learning that is the reason for the employee access by disabling it in the account settings. I just did that with no problem at all.

      If one is serious about security, though, then why would he/she trust any cloud provider's encryption?

  • No need to read privacy policies. Just check "I agree" and go about your day.
  • Just deleted my account.

  • Is there a way the application can be reconfigured to talk to your own Domain Controllers or OwnCloud server?

  • Ever since the recent change to only allowing two devices to access a free account I have been meaning to switch my notes. This is just accelerating that need.

  • "Cloud" services can be done very securely, look at any number of business/enterprise services from MS, Amazon, Oracle, SAP or any of a dozen other vendors. Its sad that the consumer end of the cloud is such a joke security wise. look at the past few months, this and the the yshoo FBI search thing are great examples of how piss poor the consumer cloud is. It doesnt have to be this way. We need a secure consumer cloud.

  • Article is FUD (Score:5, Informative)

    by asvravi ( 1236558 ) on Wednesday December 14, 2016 @04:23PM (#53486269)

    I use Evernote software extensively. I actually took the time out to read both old and new privacy policies and their FAQ closely as soon as I got the email from Evernote.

    The article and the Slashdot summary are, as usual, best described as FUD. They make it seem as if Evernote is compromising privacy and making it impossible to opt out of. Nothing can be farther from the truth. The change being made now is to include an additional reason for Evernote employees to access my notes - and that is to verify that the machine learning is working as intended. This change can be entirely opted out of by unchecking an option in the client. The thing that is not possible to opt out of is, other circumstances and reasons for which Evernote employees access my data, which was already in the old policy and continues unchanged in the new policy. That relates to things like legal obligations, troubleshooting, TOS violations and protecting users against malware etc, which are the norm at any service provider.

    See for yourself under "Do Evernote Employees Access or Review My Notes?"
    Old policy [evernote.com]
    New policy [evernote.com]

    In fact, Evernote has some of the the most transparent and clear privacy and security policies I have ever seen among online service providers.
    1. It is in the form of Q & A
    2. The crux of it is in the form of clear tables with "We collect" and "Why we collect it" columns.
    3. It is very comprehensive, dealing with all imaginable aspects of privacy and security

    Not only did Evernote provide a very clear update on the upcoming changes, they also allowed a well advertised opt-out (although an opt-in would have been better). They also have an 800 word FAQ to specifically clarify the changes and my options here [evernote.com]. They are also clear about not using my data for other purposes. From their 3 laws of data protection -

    Our business model is old-fashioned: we only make money when you decide to pay us for a great product. This means that trust is our biggest asset and keeping your data private is fundamental

    .
    I couldn't have asked for anything better.

  • if this is a warning by subterfuge ... maybe someone at evernote has got fed up with the FBI/... demanding that customer notes be secretly turned over to them and added this to show that anything unencrypted should not be assumed to be private. Maybe/maybe-not.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...