DISQUS

DISQUS Hello! The Tao of Mac is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

  • Subscribe

  • Community

  • Top Commenters

  • Popular Threads

  • Recent Comments

    • You could use http://fakefriends.me/ instead, it is a social network of choice.

      1 week ago by Fil

      in Unsocial - Tao of Mac

    • I know exactly what you mean - I played with twitter for about 2 weeks before I realised it wasn't going to make my day any better. 160 characters is TOO pithy. I mean - who sends 1 text these...

      1 week ago by keithspragg

      in Unsocial - Tao of Mac

    • Not really. You clearly dismiss whole services outright: e.g. "FriendFeed is pointless, period. Also, it is not completely symmetrical and decreases fidelity of the content it aggregates,...

      1 week ago by Robin

      in Unsocial - Tao of Mac

    • I think you missed the bit where I mentioned that I've been considering this for a while (re: Facebook albums). Searching the site for previous articles in the same vein wouldn't hurt, either.

      1 week ago by rcarmo

      in Unsocial - Tao of Mac

    • I agree about the potential for social websites to cause distraction and noise, but are you sure you're not attributing a little too much to the services themselves rather than your usage...

      1 week ago by Robin

      in Unsocial - Tao of Mac

The Tao of Mac

Tech made Simple
Jump to original thread »
Author

The Tao of Mac - On Evernote, and Security

Started by taoofmac · 1 year ago

No excerpt available. Jump to website »

10 comments

  • Hi Rui,

    could you please identify the packet sniffer in the image ?
    Thank you.
  • It's the Cocoa Packet Analyzer. It's now linked in from the post.
  • Hey Rui! Long time reader from Brazil.

    I've been beta testing Evernote for a while now. I really don't remember they promising any kind of ultra security feature. Therefore, this unsecured connection, is no big deal.

    And, come on, if you really want to store something private on-line, you shouldn't choose a beta application and even refrain from storing this kind of information on-line.

    Anyway. This finding show us a good opportunity for people behind Evernote. They can create a subscription model for those willing an extra level of security on their accounts.

    Abração,
    Flavio
  • Your points are valid except for it not being a big deal. Consumers
    should demand better information about security and be more aware of
    what cleartext communication entails.
  • Rui -

    Thanks for the detailed analysis. You're absolutely correct the that the current free beta uses SSL for authentication and plaintext HTTP for subsequent operations. This is similar to how free services like gmail behave.

    In the near future, we will offer a Premium version of the service for a few dollars a month that will offer greatly increased storage, priority image processing, and SSL for all communications.

    Thanks
  • That is good to know. Bear in mind, however, that free Gmail also
    supports full SSL encryption of the entire session. It's not the
    default, but it's there.
  • Strictly speaking, so does Evernote Beta if you just change the URLs, but I understand what you're saying.

    Thanks
  • That "some reason" that data is sent in the clear is because encryption would kill the CPU on their servers if they got a modicum of traffic.

    That is, unless they had crypto accelerators:

    http://www.google.com/search?q=crypto+accelerator

    or had a server with a CPU with built-in crypto:

    http://www.sun.com/processors/UltraSPARC-T2/
  • Well yeah, but it's kind of an obvious solution. I've been using those
    since 2000 or something, and they're getting faster and cheaper all
    the time...
  • I agree about the security criticisms of evernote. Just imagine if it were secure and supported PDF capture, paired with my shiny new fujitsu scansnap s300m, I could have a secured document repository anywhere on the planet.

    Unfortunately it's not truly secure and does not support PDF's. Even as a local app, the lack of pdf support is a dealkiller for me.

Add New Comment

Returning? Login