The Evernote Privacy Problem

I was disappointed to learn recently that Evernote decided to bring in an intrusive change in to its privacy policy and then default that change as an opt-out rather than an opt-in. I first saw this reported on TechCrunch which informed me that the change was coming in to play on January 23, 2017.

The Change to the Privacy Policy

Evernote decided that they would give employees access to reading your notes stored in the service. Although this access would be given to a handful of “trusted” employees, it still gave me the shudders to think that people might be reading my personal notes.

Although there’s nothing illegal going on in my account, there is certainly some private information that I believed was private and that only I could access. Think things such as medical information and pay slips from my past employment. I don’t want someone random reading those. For Evernote to automatically opt me in to this showed to me that my notes are not my notes, despite them claiming otherwise with the first of the 3 laws of data protection which inform me that my data is mine. Likewise, the second law could also be questioned as well.

Opt-out???

What surprised me most is that Evernote would think it be acceptable to automatically opt-in all users in to their machine learning algorithm with human assistance. This should never have been opt-out. The big mistake they made was assuming that everybody would be OK with this.

As it turns out, there was a backlash on Twitter with many people cancelling their accounts. Trust was immediately lost for many. After a day or so of pressure on social media (perhaps not the pressure, but the number of people terminating their account), Evernote did the right thing and made this change an opt-in meaning that to be included in the service you will need to give permission.

An Acceptable Change

To me, this is an acceptable fix to the problem for now. However, I feel I’ve lost a lot of trust in Evernote. I decided not to jump ship for 2 reasons. First, the date for the change was January 23, 2017, so a little over a month away which gives me some time to think about this. Second, a quick jump to another service might be a bad move. Consider OneNote as an example, I have yet to read their privacy policy. Had I quickly jumped to another service I might find that my notes are even less secure or less private.

What Next?

For now, I’m sticking with Evernote. I like the service. I’ve been a premium user for maybe 5 years or more. I use it daily. I like many features such as being able to quickly sync across devices, easily scan documents with my ScanSnap scanner*, clip items from the web, store PDF’s and search them, amongst many other things. But I am on the lookout for something else where I can keep my notes to myself.

I tried Bear and although an amazing looking app (one of which I will keep on my iPhone and desktop), I didn’t feel it had all the features I needed just yet. A positive side of Bear is that it syncs with iCloud which means that Bear does not/cannot read your notes, although sync comes with the paid accounts only.

For a disappointing change, they managed to turn it around a little and settle things down somewhat. But I do need to pay more attention to privacy policies when signing up to new services and I need to regularly check for changes on any other services I use which contain important information. I don't know how long I'll be with Evernote for now, but it certainly has me a little concerned.