Don’t want your info hacked? Don’t put it online.

4 03 2013

The free and paid note-taking application Evernote was recently hacked, forcing the company to reset passwords for many users, including myself, and to require them to reset their passwords on all of their computers and devices before they could continue to use it. This has caused a small stir and some have chosen to enumerate some of its security failings.

Evernote iconI use Evernote every day and I love it. It is a great way to keep notes and documents synced between my computers and to see them on my iPhone. However, I still acknowledge that this is a web-based service because all of my notes live on a server somewhere else, a server that I neither own nor maintain. Since it is on the web, I approach it with a fair amount of caution. I use the same rule that I use for all my other web-based accounts on Facebook, Twitter, GitHub, Flickr, et cetera. I do not put anything into Evernote that I would not be fine with the whole world seeing. Everything else, I keep on my own drive(s).

The Evernote team certainly has their share of blame, with their lax attitude toward security and even encouraging users to put their tax documents on Evernote. However, the users have their share of blame. If you are willing to put any of your tax documents on a non-governmental web site, you are essentially accepting the consequences of sharing very sensitive documents with the whole world.

It may sound harsh, but there it is. If you do not want to see Evernote leak your personal information, do not give Evernote that information. It will not make it into someone else’s hands unless you give that information to them.