Apr 9

Evernote confidential

I’ve read a couple of blog posts recently where the writer was concerned about adding sensitive notes to Evernote: ‘I didn’t feel comfortable keeping such data in the cloud, or on an unencrypted server’.

There are a couple of solutions for storing confidential or sensitive data in Evernote.

Encrypt your notes

In Evernote, you can encrypt part or all of a note, but not a complete notebook. To encrypt part or all of a note, highlight the text or the whole note (Ctrl-A), right click, and select Encrypt Selected Text, or hit Ctrl-Shift-X. If your sensitive data are attached to notes as PDFs, you will have to encrypt those PDFs before attaching to your Evernote note. There are free tools available to password protect and encrypt PDFs, for example, Free PDF Tools.

Use local notebooks

But let’s assume you aren’t happy with storing sensitive, password protected, encrypted notes on Evernote’s servers. Well there is a straightforward way around this, one which seems to be commonly missed by many. You actually don’t have to sync all of your data to the Evernote servers, indeed you actually don’t have to sync any of it!

Here’s what to do. Make a new local notebook. On the Windows client, go to File>New Notebook and choose New Local Notebook:

Evernote - New Local Notebook

Local notebooks are not synced to the Evernote servers or to any of your other devices where Evernote is installed. They stay on the machine where they were created. They’re not the same as offline notebooks in Evernote Premium where you can select to have all your notes in certain notebooks synced and saved on your mobile device ready for offline use.

Advantages of local notebooks

Adding more data to these notebooks obviously doesn’t count to your monthly upload limit – because it’s not taking up space on the Evernote servers, so there is no cost involved. Indeed if you really wanted, you could make your entire Evernote system from local notebooks, everything would be stored on your PC or laptop, Evernote would see none of it and you would only have the limits of your storage space as your storage limit. You can store your sensitive data here without it being synced up to the Evernote servers.

Disadvantages of local notebooks

Well there are some. You obviously won’t have access to them on online or on your other devices. Evernote won’t be able to run their OCR magic on attached PDFs and JPGs (to make them searchable) as this is done on the Evernote servers. But you could OCR them before you add them to your Evernote local notebook. You can’t change a synced notebook to a local notebook (or vice versa) but you can create a new notebook (synced or local) and copy the notes into the new notebook.

Searching PDFs and other attachments in local notebooks

If you’re an Evernote Premium user and you place your PDFs in a synchronized notebook, Evernote will index them and they will become searchable even if you move them to a local notebook later. Obviously that’s not what you want for sensitive information. Problem is, if you have a PDF scanned as an image without OCR and you put it straight into a local notebook it won’t be searchable. So it’s best to run OCR on your scanned PDF before sending it straight to your local notebook in Evernote. Then it will be searchable within Evernote but the data won’t appear on the Evernote servers. You’ll have to check if your scanner is producing searchable PDFs. Here’s the dialogue box I see when I send a PDF from my ScanSnap S1300i to Evernote.

Scan to Evernote with text recognition

Certainly my Canon MP280 multifunction printer and ScanSnap produce searchable PDFs. How do I know? Well, to check, open the PDF, hit Ctrl-F and enter a keyword which appears in the PDF and see if it can be found. One word of caution – if you’ve scanned a PDF upside down and then used a utility like PDFill PDF Tools to rotate it, you may lose the searchability of your PDF.

Backing up local notebooks

All your local and synced notebooks are stored in the same Evernote database. If you have both synced and local notebooks, your database will not be the same on the Evernote servers (only synced notebooks) as it is on your hard drive (synced and local notebooks). Because the local notebooks aren’t synced to the Evernote servers, you must back them up yourself. If you don’t do this, and you later reinstall Evernote, your database will be restored from the servers so you will lose all your local notebooks an that would be disastrous.

To get all your data back including local notebooks, you’ll have to restore the database from your backup. In Windows, to backup your Evernote database to an external drive, go to C:\Users\[Your Username]\AppData\Local\Evernote\Evernote\Databases and backup everything that’s in that folder. To restore notes, you must restore your entire Evernote database from where it’s backed up. Your note attributes (tags, notebooks, etc.) will be preserved if you restore your database.

Of course you can also copy your database to another PC or laptop and access all your local notebooks there too.

Still not happy?

But let’s say you’re still not happy with a database where some notebooks are synced and some aren’t. Well you could open a new Evernote account and make all notebooks local and keep that separate from your synced account. There’s no cost involved as obviously there are no uploads to Evernote so you can add as much sensitive info as you like to this database. However, I have read the possibility that you may have to keep one default synced notebook. But just keep that synced notebook empty. Of course if you are really sensitive about your data, you could even keep it in local notebooks and encrypt the notes as well, just in case.

Do you store sensitive data in Evernote? Any tips? I’ve tried to verify as much of this information as I can from Evernote blogs and forums, etc but if I’m incorrect on anything or there’s some tip I’ve forgotten, let me know and I’ll update the text.


Jan 26

Do you save passwords in your browser? Have you stored sensitive information on your PC or Mac? Want to track down what stuff you’ve saved and where? Well I’ve come across a program called Identity Finder which will help to track private information like passwords, and credit card and bank account numbers on your PC or Mac. There’s a free version with more limited capabilities which I’m trying out here. In essence, it will only scan your My Documents folder not the entire hard drive, it won’t look for bank account numbers, and won’t go through emails and attachments; you’ll have to buy a licence for the Home or Premium editions for that. The Free edition searches Firefox and IE for hidden passwords. It will also shred or secure your sensitive data by encryption. Here’s a list of comparisons between the different editions.

Identity Finder2

So I downloaded and ran the Free edition. The scan took 20 minutes to complete and identified a number of sensitive passwords stored away in some files which I had forgotten about. You can scroll down through the results window and even preview the results for certain file types like pdfs and doc files. Although I don’t use Firefox any more, my hidden passwords there were all visible to Identity Finder so I went into Firefox and removed them. It didn’t report anything for Chrome but I do store those passwords in there so I suspect it isn’t checking Chrome at all.

But it was the passwords stored around the My Documents folder which worried me most. I do use LastPass to store my passwords securely so these back up locations storing passwords on my PC should be dealt with securely just in case anyone accesses it – they’re clearly quite easily found.

Identity Finder allows you to shred the files, or more usefully encrypt them. However I was only interested in the list of sensitive files as I use and like the free Axcrypt for file encryption. I’ll use this to encrypt the sensitive files.

I recommend you give Identity Finder Free a try and see what you find on your PC or Mac. You might be surprised. If you store all your sensitive stuff within My Documents and aren’t interested in emails and bank account numbers, it may be right for you. If not, the paid editions search more deeply and have 1-year to 5 year licences with a 40% discount on the 5-year licence.


` `