Disclaimer: I am the co-founder of Notesnook, an end-to-end encrypted note taking app. I have tried to be as objective as possible but there may be some bias.
Privacy by design is far superior to privacy by promise. Companies like Google, Notion, Evernote, and in fact, any company that does not ensure end-to-end encryption all promise to never read your personal data but do nothing to actually prevent it.
Last week, I posted about this on our X account but didn't get a chance to elaborate:
Even the /r/Evernote moderators don't know this (or they don't want to acknowledge it):
In this blog post, I want to explain how Evernote always has access to your notes, why privacy policies are not guarantees, and how this can lead to user privacy violations. By the end of this blog post, hopefully you'll understand why any company claiming to protect your privacy without end-to-end encryption is just gaslighting you.
Can Evernote employees really read my notes?
In 2016, Evernote updated their privacy policy to include:
The latest update to the Privacy Policy allows some Evernote employees to exercise oversight of machine learning technologies applied to account content, subject to the limits described below, for the purposes of developing and improving the Evernote service.
This is primarily to make sure that our machine learning technologies are working correctly, in order to surface the most relevant content and features to you. While our computer systems do a pretty good job, sometimes a limited amount of human review is simply unavoidable in order to make sure everything is working exactly as it should. (emphasis ours)
A little further down they asked the question:
Who will be able to access my data?
We keep the list of Evernote employees who have access to user data as small as possible. (emphasis ours)
This was in 2016 and they quickly reverted this privacy policy update but the damage was done:
Even though this is 9 years old, it is a perfect example of a company abusing user privacy. You have to give Evernote props for listening to their users and being honest. Most companies aren't but that doesn't make the privacy situation any better. A privacy policy is just a promise, after all — it doesn't have any built-in limits to prevent the vendor from accessing your private data.
To put it simply, if I hand you a notebook for safekeeping, you'll be able to open & read it anytime. You might promise not to but I have no control over it. Even if you opened & read it, I'd have no way of knowing or preventing you.
Evernote works similarly: you give them your notes for safe keeping but there's nothing preventing them from reading those notes except a promise with conditions:
no one at Evernote can view it unless you expressly give us permission or it’s necessary to comply with our legal obligations
"If necessary to comply with our legal obligations" is a slippery slope. It basically gives a company free reign to do whatever it wants with your data under a legal pretence. But it also means the company (and in turn its employees) can open & access your notes at anytime as long as their is a legal basis.
A recent example of this is Telegram September 2024 privacy policy update which allowed them to disclose users’ IP addresses and phone numbers to law enforcement agencies internationally for any user arbitrarily. This impacted hundreds of thousands of users worldwide, users who probably started using Telegram due to its "promises", users who were caught unaware by a company's policy changes.
There is nothing wrong with complying with legal requests but all laws are not equally good. Governments change, policies shift, the legal becomes illegal, something you wrote or said years ago could be used against you today, and in it all, you remain powerless because your data is not in your control.
In contrast, if you look at end-to-end encrypted systems, your data is encrypted before you give it over to the vendor much like locking away your notebook in a secure box before giving it to a friend for safe keeping. Even if your friend wanted to, he'd have no way to open the box to see what's inside. Zero compromise. Complete control.
How far can you trust privacy policies?
In 2024, LinkedIn was caught abusing users' data for training AI without their consent even though their privacy policy had no mention of this. A survey conducted in 2019 in America concluded that 78% people almost never read privacy policies, and those that do, just glance over it.
How can you trust in a promise that you don't even read?
Technically speaking, if a company violated their privacy policy the users wouldn't know about it until after the damage was done. For example, if Evernote secretly trained an ML model on your notes, there would be zero public proof to hold against them. This has happened countless times where privacy policy updates were made only after users' privacy had been violated:
- In 2010, Google launched their social media platform, Google Buzz, and automatically enrolled all Gmail users making their contact data publicly visible—without user consent or a prior privacy policy update.
- In 2013, Path made a settlement with FTC for violating users' privacy by secretly uploading their mobile address books.
- In 2017, Vizio embedded tracking software in its smart TVs that monitored user viewing habits and device metadata (e.g. Wi-Fi networks and demographic segments) and transmitted this to third parties—despite general privacy policy statements that did not clearly disclose these intrusive practices.
There are countless examples like these where the company said one thing in its privacy policy but did the complete opposite. Privacy policies are just that: policies. We, as users, trust the companies will keep their word but there are no built-in limits to prevent them from not doing that.
At the end, the choice is yours: do you want privacy by promise or privacy by design?
End-to-end encryption requires no trust
In end-to-end encryption, you own the keys, the door, and the house. You decide who enters — not some company policy that can change without notice. The new Evernote privacy policy mentions:
To help refine or improve the technology, we may ask you for permission to review portions of your Content.
How is this "permission" acquired? A toggle in the app? What does the toggle actually do? Does it hold the key to your data? No. Does it have control over who can access your data? No. It just updates a value in a database that has nothing to do with your data. What happens if your personal notes get "reviewed" without your permission by mistake? This is what end-to-end encryption was designed to prevent.
"Encrypting everything is just not realistic"
A lot of companies run away from end-to-end encryption because it's hard. It's hard to do everything on users' devices. It's hard to make things cross-platform. It's hard to make a good search. It's hard to keep everything performant.
It's hard but not impossible.
If you go through Evernote's transparency reports, you will notice multiple instances where Evernote responded to requests with user data. They do not mention whether that includes user notes but they are legally bound to respond to such requests with as much data as they can within the limits of the law.
The question is: why do they have the power to "provide" your data, with or without your consent, to anyone? Shouldn't you be in control of who gets to access your data? Is it even your data if you have no control over who can read, access, and monitor it?
Evernote is not alone in this. All companies that do not end-to-end encrypt user data have to hand over your private data if pressured under the law. They have no choice in the matter. By giving them power to host your data, you also give them the control to share whatever they want with whoever they want.
What about companies that end-to-end encrypt everything? Aren't they also legally required to respond? They are but everything is encrypted so there's not much anyone can do even if they have the raw encrypted blobs.
"It's just notes"
Why do you put a lock on your phone? Isn't it "just a phone"? Why not let everyone access everything in it freely? Because it's private, it's personal, and it doesn't matter what you have in there — what matters is that it's yours.
Caring about privacy does not make you a criminal — it just makes you human.
Conclusion
Don't depend on privacy policies to protect your privacy. Unless your data is encrypted before it leaves your device, someone, somewhere, always has the keys and the access. If this concerns you (as it should) and you want to take back control over your data then here are a few resources you can look into:
- Privacy Guides - the best way to start taking back control over your digital life. Includes recommendations for alternatives to non-private tools like browsers, operating systems, email clients, note taking apps etc. Their community is absolutely awesome and will help you start your privacy journey. I recommend checking out their Why Privacy Matters article.
- Techlore - a wonderful resource of videos, articles, tools, alternatives to help you get started with privacy.
There are many other resources you can follow, as long as you keep one thing in mind: your privacy matters.
