This morning Evernote CEO Chris O’Neill sent an email to apologize for and clarify this week’s Privacy Update blunder. This apology suggests that two factors make what they’re doing OK in their eyes. One of these factors is the user’s ability to opt-out. The other is the idea that “select” Evernote employees may see “random content” from Evernote users. This is not good enough.
Privacy in 2016 means encryption from the point at which we submit information to the point at which it’s read. Read, that is, by the people we intend for it to be read by. There is absolutely no reason why we shouldn’t expect to be able to communicate around the world with complete privacy.
Here’s what Evernote’s CEO said this morning as a follow-up to yesterday’s mess:
“Select Evernote employees may see random content to ensure the features are working properly but they won’t know who it belongs to. They’ll only see the snippet they’re checking. Not only that, but if a machine identifies any personal information, it will mask it from the employee.”
Instead of providing encrypted data through their service, Evernote has essentially admitted to their lack of understanding of the importance of data privacy. They suggest that they’re relying on a machine to identify any personal information, and that this machine will mask it from their employees – that’s completely beside the point.
This company should not need to look at any data made by any everyday Evernote user, ever. It’s as if they’re asking everyone in the world to play-test their video game to make sure it works. But worse, because they’re saying everyone WILL play-test this service unless they make an extra effort not to.
If Evernote truly wants to retain the faith of privacy-seeking citizens, they need to drop this line of reasoning as soon as possible. Content used to “ensure the features are working properly” does not need to be coming from random users, and it definitely shouldn’t be. Evernote needs to guarantee full end-to-end encryption for all users by default – encryption they, themselves, cannot break.
All Evernote has done is to make clear their ability to see your data and their willingness to use it to test their next big feature. They do not need to do this, and they absolutely should not do this. It’s time to look for Evernote alternatives.