How to Secure Evernote

If you use Evernote as heavily as I do, you know how important it is to protect its content against data loss and prying eyes. The Evernote database in the company’s cloud is encrypted and so is every communication between your device and the cloud. Unfortunately the local copy of the Evernote database, the one residing in your personal device, is saved in clear, hence almost no protection is offered against someone able to put their hands on your machine. What can you do? Here are two possible solutions, not mutually exclusive:

  1. Encrypt your entire hard drive, using the default encryption engine of your operative system. This is just a good practice everyone should follow, no matter what software is installed or what data is stored on the device.
  2. Encrypt the local copy of the Evernote database, so that even knowing your password wouldn’t suffice to steal your most precious notes.

I came up with a handy batch script for my Windows machine for the second case. When the script is run, a disk containing the Evernote database is mounted from a local password-protected VeraCrypt-encrypted file, then Evernote is launched. A small pause is inserted between the two operations (3 seconds, but less works too) so that the disk is positively mounted when the Evernote’s launch is attempted. If the script is run again, Evernote will be first closed and then the encrypted disk will be dismounted.

The script is smart enough to understand whether Evernote is already running or not so it can do the right thing and toggle Evernote (and the encrypted drive) on and off.

The script code is shown below (thanks to Jon Tornetta for some minor fixes):

tasklist /FI "IMAGENAME eq Evernote.exe" 2>NUL | find /I /N "Evernote.exe">NUL

IF "%ERRORLEVEL%"=="1" (
    start /w /min C:\Progra~1\VeraCrypt\VeraCrypt.exe /v C:[Encrypted-Database-Location] /l E /a /e /q
    start C:[Evernote.exe-Location]
) ELSE (
    C:[Evernote.exe-Location] /Task:SyncDatabase
    taskkill /IM Evernote.exe /T /F
    start /min C:\Progra~1\VeraCrypt\VeraCrypt.exe /d E /q

exit 0

Before the script can be used, the Evernote database needs to be saved into the encrypted volume. On my Windows machine, the local Evernote folder is in C:\Users[Your Username]\AppData\Local\Evernote\Evernote\Databases. Follow the instructions on the VeraCrypt website to create a new encrypted volume and copy all the files from the folder above into it. Finally change the location of the database in the Evernote settings in Tools/Options/General/”Evernote Local Files”.

Happy safe note-taking!

Jan 20, 2017