The Tao of Mac: The Tao of Mac - On Evernote, and Security
Miguel Carmo
· 1 year ago
Hi Rui,
could you please identify the packet sniffer in the image ? Thank you.
taoofmac
· 1 year ago
It's the Cocoa Packet Analyzer. It's now linked in from the post.
Flavio
· 1 year ago
Hey Rui! Long time reader from Brazil.
I've been beta testing Evernote for a while now. I really don't remember they promising any kind of ultra security feature. Therefore, this unsecured connection, is no big deal.
And, come on, if you really want to store something private on-line, you shouldn't choose a beta application and even refrain from storing this kind of information on-line.
Anyway. This finding show us a good opportunity for people behind Evernote. They can create a subscription model for those willing an extra level of security on their accounts.
Abração, Flavio
taoofmac
· 1 year ago
Your points are valid except for it not being a big deal. Consumers should demand better information about security and be more aware of what cleartext communication entails.
Dave Engberg
· 1 year ago
Rui -
Thanks for the detailed analysis. You're absolutely correct the that the current free beta uses SSL for authentication and plaintext HTTP for subsequent operations. This is similar to how free services like gmail behave.
In the near future, we will offer a Premium version of the service for a few dollars a month that will offer greatly increased storage, priority image processing, and SSL for all communications.
Thanks
rcarmo
· 1 year ago
That is good to know. Bear in mind, however, that free Gmail also supports full SSL encryption of the entire session. It's not the default, but it's there.
Dave Engberg
· 1 year ago
Strictly speaking, so does Evernote Beta if you just change the URLs, but I understand what you're saying.
Thanks
David Magda
· 1 year ago
That "some reason" that data is sent in the clear is because encryption would kill the CPU on their servers if they got a modicum of traffic.
Well yeah, but it's kind of an obvious solution. I've been using those since 2000 or something, and they're getting faster and cheaper all the time...
Ed
· 1 year ago
I agree about the security criticisms of evernote. Just imagine if it were secure and supported PDF capture, paired with my shiny new fujitsu scansnap s300m, I could have a secured document repository anywhere on the planet.
Unfortunately it's not truly secure and does not support PDF's. Even as a local app, the lack of pdf support is a dealkiller for me.
All Comments
could you please identify the packet sniffer in the image ?
Thank you.
I've been beta testing Evernote for a while now. I really don't remember they promising any kind of ultra security feature. Therefore, this unsecured connection, is no big deal.
And, come on, if you really want to store something private on-line, you shouldn't choose a beta application and even refrain from storing this kind of information on-line.
Anyway. This finding show us a good opportunity for people behind Evernote. They can create a subscription model for those willing an extra level of security on their accounts.
Abração,
Flavio
should demand better information about security and be more aware of
what cleartext communication entails.
Thanks for the detailed analysis. You're absolutely correct the that the current free beta uses SSL for authentication and plaintext HTTP for subsequent operations. This is similar to how free services like gmail behave.
In the near future, we will offer a Premium version of the service for a few dollars a month that will offer greatly increased storage, priority image processing, and SSL for all communications.
Thanks
supports full SSL encryption of the entire session. It's not the
default, but it's there.
Thanks
That is, unless they had crypto accelerators:
http://www.google.com/search?q=crypto+accelerator
or had a server with a CPU with built-in crypto:
http://www.sun.com/processors/UltraSPARC-T2/
since 2000 or something, and they're getting faster and cheaper all
the time...
Unfortunately it's not truly secure and does not support PDF's. Even as a local app, the lack of pdf support is a dealkiller for me.