DISQUS

Community Page on DISQUS

what is this?

The Tao of Mac

Jump to original thread »
Author

The Tao of Mac - On Evernote, and Security

Started by taoofmac · 4 months ago

No excerpt available. Jump to website »

10 comments

  • Miguel Carmo

    4 months ago

    Hi Rui,

    could you please identify the packet sniffer in the image ?
    Thank you.
    reply
  • taoofmac

    4 months ago

    It's the Cocoa Packet Analyzer. It's now linked in from the post.
    reply
  • Flavio

    4 months ago

    Hey Rui! Long time reader from Brazil.

    I've been beta testing Evernote for a while now. I really don't remember they promising any kind of ultra security feature. Therefore, this unsecured connection, is no big deal.

    And, come on, if you really want to store something private on-line, you shouldn't choose a beta application and even refrain from storing this kind of information on-line.

    Anyway. This finding show us a good opportunity for people behind Evernote. They can create a subscription model for those willing an extra level of security on their accounts.

    Abração,
    Flavio
    reply
  • taoofmac

    4 months ago

    Your points are valid except for it not being a big deal. Consumers
    should demand better information about security and be more aware of
    what cleartext communication entails.
    reply
  • Dave Engberg

    4 months ago

    Rui -

    Thanks for the detailed analysis. You're absolutely correct the that the current free beta uses SSL for authentication and plaintext HTTP for subsequent operations. This is similar to how free services like gmail behave.

    In the near future, we will offer a Premium version of the service for a few dollars a month that will offer greatly increased storage, priority image processing, and SSL for all communications.

    Thanks
    reply
  • rcarmo

    4 months ago

    That is good to know. Bear in mind, however, that free Gmail also
    supports full SSL encryption of the entire session. It's not the
    default, but it's there.
    reply
  • Dave Engberg

    4 months ago

    Strictly speaking, so does Evernote Beta if you just change the URLs, but I understand what you're saying.

    Thanks
    reply
  • David Magda

    3 months ago

    That "some reason" that data is sent in the clear is because encryption would kill the CPU on their servers if they got a modicum of traffic.

    That is, unless they had crypto accelerators:

    http://www.google.com/search?q=crypto+accelerator

    or had a server with a CPU with built-in crypto:

    http://www.sun.com/processors/UltraSPARC-T2/
    reply
  • taoofmac

    3 months ago

    Well yeah, but it's kind of an obvious solution. I've been using those
    since 2000 or something, and they're getting faster and cheaper all
    the time...
    reply
  • Ed

    3 months ago

    I agree about the security criticisms of evernote. Just imagine if it were secure and supported PDF capture, paired with my shiny new fujitsu scansnap s300m, I could have a secured document repository anywhere on the planet.

    Unfortunately it's not truly secure and does not support PDF's. Even as a local app, the lack of pdf support is a dealkiller for me.
    reply

Add New Comment

Returning? Login