I have never actually used Evernote. I tried it out but didn’t put any info in it. Now that I want to use it I have to go through hell to get back into my account. You ask me for 5 uncommon words I’ve used, how can I do this when I have never used the App?
This is rediculous!!!!

I want to cancel my premium account. We did not use it. I would like the yearly amount refunded. Thank you

Apparently, as a relatively new product, there is no freely available customer service to help new subscribers with their questions. Over the years I have seen this behavior change in companies that provide programs in the cloud. To compete & survive they found they had to respect the customer & provide support for them. My experience just accessing my premium edition this morning was highly frustrating. I was shocked to find there was no easy access to get support.

Security server and related issues:

1. You mention that the data is segregated into shards. Id est, data is spread across multiple disks by row, per DB. Therefor, the DB must provide service for shard shared tables / schema. However, you do not own your own servers. See following.

2. “Shards architected as pairs of redundant servers, providing hot standby capabilities should a single server fail.” Sounds good, however are the “pairs” located in distant server farms. If not, then the redundancy fails by single location, or close location infrastructure failure. This is true even if your server provider uses redundant power suppliers, has imbedded power generators, and has close vicinity emergency backup facilities.

Shards sound good as a buzzword! However, how many transactions, write, and more importantly read, do your “collocated” farms have to service? The reads are the hangup. Writes, well fast, but do they have server write cache power protection sufficient to provide UPS service to complete the write from cache across ALL “collocated” servers? Remember, your RAID disks you internal cache to improve access times! Your servers in turn use cache to optimize internal Process Unit instruction pipeline and predictive instruction execution. RAID reads are another issue. Since you are relying on shards, I must conclude that response time, viz. IP, Internet Protocol delay, is not an issue. Well, fine, you hide read response behind IP delay. However, if your transaction load reaches millions of transaction per second, then how is response time congestion handled? Does your collocation provider guarantee physical / logical / response time contract protection?

3. “Collocation” is another nice buzzword! Why don’t you just say “Cloud Provider!” Does your Collocation provider actually agree to an 99.999% uptime guarantee? Why 99.999%. Just how many seconds are there in a year? How much time is a 99.999% Service Agreement cover? The same goes for physical security? The same goes for data redundancy / data loss protection / restore guarantee?

If these guarantees are provided, what are the caveats in terms of contractual protection of the service agreements to you and your users? If you actually have contractual guarantees, this is news to me from cloud providers!

4. Your “colocation” data centers are located along the west coast! Really? You are entrusting your data to “diverse” locations on the west coast? Companies that had their data centers located on the west coast had to move their data centers to locations that were not liable to the physical hazards of the west coast. I know this since I worked with companies who relocated from the west coast, to the Phoenix Valley, because of physical insecurity of the west coast. I do not consider west coast data centers as a security point for you to emphasize!

5. You throw out the “RAID” buzzword! However, what level of RAID are you using. RAID level determine how secure data the spread across you redundant array of inexpensive disks actually is. RAID 0 provides no actual protection at all. Loss of one striped disk causes loss of all data. Considering your extensive discussion of Security, this is an important detail. Does your Collocation provider provide for hot swappable drives? If not, well hum? Does your Schard DBMS, and RAID level accommodate hot swapping? If not, whoops!

6. You do not use “removable media” for backups! Really? You consider this to be a security benefit. “Removable media” provides long term backup. Also, removable media and be easily duplicated offline. If you have a catastrophic failure, you can recover from removable media, if your other “protections” fail? Also, if you use duplicate “removable media,” you can use a service to move the media to multiple secure offsite locations, far from “your” data centers! “Removable media” is a plus for security, not a minus!

If “removable media” is a concern, then what protections do you have for printed media / material, and the destruction of printed media / material and it’s refuse!

If “removable media” is a concern, then what training do you have in place for “social engineering?” This includes not only “your” employees, but also your “colocation” facility employees? Humans have proven to be the weakest point in infrastructure security. I am including data centers in infrastructure facilities and providers! What about the trend toward BYOD? Memory sticks? Do you have strict policies and education regarding their use? BYOD of any type, is a good way to get into you WAN, and bypass firewall policies. This is how the Iranian enrichment centrifuges were hacked with STUXNET! A physicist brought in a BYOD that had a Siemens PLC firmware hack. It was a beautifully written hack! It destroyed the centrifuges, ruined the enrichment process, and unfortunately resulted in the execution of a number of physicists.

What about firewall ports? Are unused ports blocked? Out of service servers? Are they removed from your “server farm?” What about password files in the clear? Have you assured none exist? What about server structure layout documentation, operations procedures, software policies, recovery / disaster recovery processes? Is this documentation protected? Do you have a full time security staff? What about server LAMP or whatever software you use, systems staff? These are all “removable media!” Yes, the above mentioned do move off the business facilities!

7. You allow “operations personnel” into your physical data center! Why? They have no business in the server farm! Them blinkin lights and pretty cables and nice switches and buttons and nice power levers are all nice for poken touchin and watchin the blinkin lightin flashin!!! Keep your pokin fingers in you pokin pockets!

The only personnel allowed into the date center should be the “Data Center” personnel!!! Access to the data center should be physically protected by deep trenches, high berms, tall and thick concrete block walls with concertina wire coils decorating the top. Light beam, touch sensors, and vibration sensors should be spread around the inside of the physical perimeter protection.

Access to the facility should require multiple gated entrances with requisite ids. Guard monitored doors that only open upon presentation of Id. Biometrics should be a double level of security for passage through every entry of access! Biometrics should not be redundant, but require specific and unique physical presentation, id est, right hand, left hand! Metal detectors. Ids with specific location access permission per DB data. Trade of personal ids to internal data center ids with very identifiable labels, with limited access permissions per the location access permissions specified for the individuals personal id. The trade of ids should take place with the accessor on one side of a bomb proof booth and the provider of the internal id passing the internal id through a bomb proof drawer. All guards should be armed with at least side arms with orders to shoot on threatening provocation! The shoot order should be shoot to kill, with prior notification and agreement of local law enforcement. Guards should require proper firearms training and legal requirement for justification of use of deadly force! Data center terrorism is a real threat! It should be taken seriously. Data centers I have worked at provided this level of security! However, these data centers dealt with billions of dollars, and clients trading enormous amount of money on a daily basis. Therefor my suggestions are probably overboard.

Just how important can “simple” data be? If you want to know, then ask Target, who lost millions of credit card data vie external TP protocol hacks? Also ask the NSA or Dept. of Defense or Boeing! Their stolen data caused loss of life, and loss of strategic information regarding national security and national infrastructure force projection designs!

You have a responsibility for protecting an unknown level of critical information! I have no idea of the level of criticality. However, for your Business level users, I would think that possibly the level may reach a high level of criticality to your business users!

“Your” data centers should provide redundancy in not only you IP access, but redundancy in keeping the data center running until safe fallback shutdown can complete, should it be necessary! Does your “collocation” provider’s data centers have these physical security protections? What about multiple methods of communication to your backup data centers?

Also, the data center should have NO windows! It should be build from four foot thick reinforced concrete to provide protection from weather disaster, earth disaster and terrorist attempts.

6. “SOC-1 Type 2 audit” definitely sounds impressive. However, upon examination, one finds that “there is not an explicit or strict requirement regarding how the “system” is actually documented and to what extent.” Therefor, the audit requirements seems rather loose! How often are you required to perform disaster recovery tests? If the test are performed, are failures logged. If failures occur, must they be fixed before the next disaster recover test? Is fallback to the backup data center central to the disaster recover test? Is there a “long term disaster recovery test” performed, with recovery from “removable media” performed? NO! on the “removable media” since, for some reason, you consider this a detriment!

Therefor, in conclusion, you use a nice sprinkling of buzzwords! Buzzwords may assure users that you have a high level of security. However, examination of your statements indicates that there are subjects not covered! Buzzword are not defined, with explanation of exceptions to security provisions not discussed! Geographic location of data centers, and problems related to the locations, are not indicated! The term “colocation” is not defined, so users are not aware that you are actually using a cloud provider! Data center access is too broad! Actual physical and infrastructure is not described!

Regardless of these drawbacks, I will seriously consider using your service. Why? Well, we live in a dangerous time, and perfection does not exist! Data centers I have worked at, as a Systems Programmer, constantly had problems, required constant monitoring, and constant study of issues regarding up-time, performance, security, intra-systems bottlenecks, operations problems and internal application issues.

Thank you,
tim barry
principal engineer
senior staff
online systems
company unnamed
Phoenix, Az
40 years experience

Jesus bless you all!

I have an acct this one, but I had to change my password…signed out and lost my account. It is similar with spelling mistakes one I open it, but none of my emails,pix,chats are there….

Pls help asap

STOP WHAT YOU ARE DOING. THIS BUG CAN’T BE THAT HARD TO FIX. I AM COMMITTED TO EVERNOTE, BUT THEIR ARE ALTERNATIVE THAT DO SIMILAR THINGS, I DON’T WANT TO GO THERE!!!!

I set up Evernote on my computer after having used it on my iPad. During the transition, the content of a note was deleted. THE NOTE WAS NOT DELETED JUST THE CONTENT. I don’t know how or why. Slip of the thumb? Who knows. There’s no undo button anyway so it’s pointless to try and figure it out. Then it synced across the board and I have no access to it. The note is valued at approximately $225, an hour of my time. Trying to find instructions on how to remedy the error took another hour. To add insult to injury, in order to access the history of the note on Evernote, Evernote would like me to pay for a premium subscription, making it a $600 mistake. I’m not a newbie or computer illiterate. I have been trying out six different notetaking apps and none of them have done this. There is no way to contact support for this. I’m glad this happened early because there’s no way I’d pay money to a company whose support pages offer such limited help and offer no other alternatives.

PLEASE QUIT SENDING ME NOTIFICATIONS. I’M NOT USING EVERNOTE,DON’T LIKE IT

I’m amazed your business is making it with this customer service!

Very important content from one of my notes is lost. I had to work through your ticket submission system for an hour to make it work. Yet, nobody is getting back to me by email as promised and there is no customer service number to call. How can you be so irresponsible? Do you understand what it means to loose so much work?