Insights For Success

Strategy, Innovation, Leadership and Security

What the CIA Vault7 Wikileak really means for consumers

GeneralEdward Kiledjian
Wikileaks Unveils ‘Vault 7’: “The Largest Ever Publication Of Confidential CIA Documents”; Another Snowden Emerges
— Zerohedge
It includes software that could allow people to take control of the most popular consumer electronics products used today, claimed WikiLeaks.
— independent.co.uk
Surprise, everyone, the US Central Intelligence Agency (CIA) allegedly has the means to hack everyday electronics.
— techradar.com

Yes Wikileaks released a very large chunk of CIA information dubbed Vault7 that explains some of the hacking capabilities of the US intelligence service vis-a-vis consumer electronics. Obviously this "isn't good" from a privacy perspective because if the US intelligence community has these capabilities, other nation-states may also have them. 

After going through some of the information, I want to dispel some of the FUD (Fear Uncertainty and Doubt).

Are Whatsapp or Signal hacked?

I have written about Whatsapp security and professed my love for Signal . Many readers messaged me in a panic asking if these apps had "weak" security and had been breached by the CIA. 

Signal and Whatsapp encryption was not broken. 

The CIA would compromise the smartphone (iphone or Android) and then would install malware that would record audio, text or video before the Whatsapp/Signal encryption. 

The Wikileaks statement reads like this:

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.
— Wikileaks

So the short answer is no, these messaging apps were not compromised and their security is still good. Every security researcher know you must must must secure the endpoint because it is normally the weakest link in the chain. Here is proof. 

The security of Signal protocol was recently reviewed during a security audit and it passed with glowing colors. The EFF also rates Signal as an "all green" messaging app. 

Is the CIA hoarding 0 zero vulnerabilities?

We don't know what the CIA is really doing but based on the Vault7 Wikileak, I would say no. Very few 0 day attacks seem to be mentioned in the dump and any that were are being actively used. Nothing in the leak seems to indicate a hoarding of 0 zero vulnerabilities for emergency use.

The attacks mentioned in the leaks may be worrisome to John or Jane Doe but they are nothing new for anyone working in security. They seem to be leveraging "stuff" we already know about the Information Security circles. Yes they sometimes buy advanced attacks from brokers or researchers but most of what I read, I expected them to have.

Nothing I read would indicate that the CIA digital attack toolkit is better than that of the NSA. It is safe to assume the NSA has much stealthier and more powerful tools.

Do I break my Smart TV?

Don't throw away your Smart TV just yet. We learned that the CIA can hack your Smart TV and turn it into an espionage tool by running hacking software via USB port on the TV. Let me say that again, via USB port

Nothing in the document indicates that they can do this remotely via the internet. In security, we always assume that it is impossible to protect an asset if a bad actor can gain physical access to it. Nothing new here. 

Attribution

There are 2 pieces of malware in the wild that were thought to have come from China and Russia but can now likely be attributed to the CIA. These leaks provide enough information for security companies to now make educated assumptions about malware sources they know about and are trying to identify the source of. 

A colleagues working for a US security company said that they can now attribute 2 malware to the CIA previously thought to have come from China or Russia. He said his company will now use the info in these leaks to built signatures to detect and remediate some of the vulnerabilities mentioned here. 

Does this hurt the CIA. I would say no. There are enough vulnerability brokers in the dark market and the CIA has enough money to quickly rebuild a new toolkit.

Are these advanced hacking techniques?

No. They may seem advanced for the average Joe but there wasn't anything monumental or earth shattering for a security researcher. Funny enough, I've been chatting with one of my employees about a new tool from Hak5 called Bash Bunny. The Bash Bunny seems to be more advanced than many of the techniques revealed in this document. 

Is my tech safe?

The BBC published a good article documenting the reaction from major consumer tech manufacturers. 

As expected, Apple provided a lengthy response and committed to working with its security team to plug as many of the holes as quickly as possible.

While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities
— Apple PR

Samsung provided this response

We are aware of the report in question and are urgently looking into the matter.
— Samsung PR
We are aware of the report and are looking into it
— Microsoft PR

Notably absent (at least while I write this) is a response from Google about the vulnerabilities in Android that were actively exploited. As we know, not all Android phones receive timely updates and even those that do have some worrisome vulnerabilities. 

For the general consumer that is not being targeted by a nation-state intelligence agency, as long as you adhere to good security practices, an a Google branded Android phone will be just as safe as an Apple iPhone. I cannot recommend buying an Android phone from any other manufacturer as updates may be slow or non-existent. 

If you are in a job were security is critical, i would still contend that the iPhone is likely more secure because of the way Apple locks everything down.

Conclusion

I won't lose any sleep over the CIA leak. Yes it confirms that the US intelligence apparatus is actively targeting consumer hardware but we all assumed they were doing this anyway. Nothing in this leak revealed anything new and I would assume the NSA Signals Intelligence team is still the king of the hill. Sure the CIA seems to have a couple pocket knives but the NSA still has that 10" Rambo knife strapped to its belt.

 Also assume anything the US is doing can be easily replicated by other nation state actors. Do you really want foreign governments to have these abilities and your own (Canada, US, UK, Australia, etc) not to?

My Everyday Carry Pen (EDC) - TI Arto Review

GeneralEdward Kiledjian

A question I receive regularly is about what makes up my EDC kit. The first article I wanted to publish was about my pen. This is no ordinary pen. It is a magical pen that accepts over 200 different types of ink refills (roller-ball, ballpoint or D1). It is a beautiful pen made from aircraft grade titanium, which makes it super durable, light and incredibly beautiful. 

I have used hundreds of pens from a cheap BIC all  the way to an exclusive Montblanc. After everything is said and done, the TI Arto from Big Idea Designs is the one I chose to carry everyday (at work, during travel or at play). 

Why? First this wonderfully designed and carefully crafted pen accepts over 200 different types of ink refills (without hacking or modification). This means I can buy ink refills anywhere in the world and know it works. It even accepts the Uni-ball Signo DX without any modification. This is a highly prized refill by pen lovers worldwide but it never fits into these pen bodies. It works wonderfully in the TI Arto. How? Because the creative team at Big Idea Designs created a cone head that tightens as you screw it and therefore can securely hold almost any type of pen head in place. This internal compression cone is what makes this pen stand apart and is the secret to how it can accept 200+ ink refills. It is easy to use but will require a little fidgeting as you adjust it (when replacing the ink).

It is built from titanium which means it is extremely light and durable. I carry it in my wallet pocket along with a lighter and aluminium plate wallet and it has held up well. 

Overall I highly recommend the TI Arto. It will be a useful and beautiful part of any EDC kit delivering a lifetime of use.

link

you can see how beautifully the pen wears. This is with 1 year of use. Also note the TI symbol on the cap.

You can see the end of the compression cone holding my Uniball Signo 207 ink in place.

Example of Refills accepted by the pen without modification. This is grows every week.

Pen Name / Refill Name

Rollerball Style Refills

•Avant Pen Refills (0.5mm)
•Bic Velocity Gel Refill 0.7mm (Medium)
•Bic Velocity Gel Refill 1.6mm (Bold)
•Cross Gel Rolling Ball Refill 0.7mm
•Cross Porous Point Felt Tip Refills (Fine & Medium)
•Dong-A Fine Tech RT Pen Refill (GRC-43)
•Duke Rollerball Refill (Medium)
•Faber-Castell Ceramic Rollerball Refill 0.5mm
•Foray (Office Depot) Replacement Refills
•Foray (Office Depot) Replacement for Schmidt Rollerball Refills
•Foray (Office Depot) Replacement for Waterman Rollerball Refills
•Lamy M63 Refill
•Moleskine Gel Refills (0.5 and 0.7 mm)
•Mont Blanc Fineliner Refills
•Mont Blanc 163 Rollerball Pen Refills (F) & (M)
•Monteverde Rollerball Refill (Mont Blanc Style Replacements)
•Monteverde Mini Rollerball J22 Refill for Mini Jewelria Pens
•MUJI 0.5mm Refill
•Ohto C-304P Ceramic Rollerball Pen Refill – 0.4mm
•Ohto C-305P Ceramic Rollerball Pen Refill – 0.5mm
•Ohto C-307P Ceramic Rollerball Pen Refill – 0.7mm
•Ohto C-310P Ceramic Rollerball Pen Refill – 1.0mm
•Ohto F-300 Fude Pen Brush Refill
•Pentel EnerGel BLN105 Rollerball Pen Refill – 0.5mm
•Pentel EnerGel LR7 Gel Pen Refill – 0.7 mm
•Pentel EnerGel LR10 Gel Pen Refill – 1.0 mm
•Pentel EnerGel LRN5 Needle-Point Gel Pen Refill – 0.5 mm
•Pentel EnerGel LRN7 Needle-Point Gel Pen Refill – 0.7 mm
•Pentel HyperG Retractable KL257 Series (LR7 & KLR7)
•Pentel Sliccies Gel Multi Pen Refill (XBGRN3A) – 0.3 mm
•Pentel Sliccies Gel Multi Pen Refill (XBGRN4A) – 0.4 mm
•Pentel Sliccies Gel Multi Pen Refill (XBGRN5A) – 0.5 mm
•Pentel Slicci Techo Mini Gel Pen Refill (BG503) – 0.3 mm
•Pilot Ageless Future Gel Pen Refill (BLGS-7) – 0.7 mm (2 Colors)
•Pilot B2P Bottle to Pen Gel Ink Pen Refill – 0.7mm
•Pilot Frixion Ball Gel Multi Pen (LFBTRF refill) – 0.38mm
•Pilot Frixion Ball Gel Multi Pen (LFBTRF refill) – 0.5mm
•Pilot Frixion Ball Gel Multi Pen (LFTRF refill) – 0.38mm
•Pilot FriXion Ball 2 Biz Gel Pen Refill – 0.38 mm
•Pilot Frixion Erasable Gel Pen Refill (LFRF30P4) – 0.4mm
•Pilot Frixion BLS-FR5 (LFBK-23EF-B refill) – 0.5mm
•Pilot G2 Refills (America’s #1 selling ink gel pen, 0.38, 0.5, 0.7, &1.0mm)
•Pilot G2 Pro
•Pilot G6
•Pilot Hi-Tec-C Cavalier 0.4mm (Has more ink than the standard Hi-Tec-C refill)
•Pilot Hi-Tec-C Coleto 0.3mm (LHKRF-10C3) 15 different colors
•Pilot Hi-Tec-C Coleto 0.4mm (LHKRF-10C4) 15 different colors
•Pilot Hi-Tec-C Coleto 0.5mm (LHKRF-10C5) 15 different colors
•Pilot Hi-Tec-C Slim Knock Gel Pen Refill (LHSRF-8C3) – 0.3mm – 3 Colors
•Pilot Hi-Tec-C Slim Knock Gel Pen Refill (LHSRF-8C4) – 0.4mm – 3 Colors
•Pilot Hi-Tec-C “Standard” – 0.25mm (BLS-HC25)
•Pilot Hi-Tec-C “Standard”- 0.3mm (BLS-HC3)
•Pilot Hi-Tec-C “Standard”- 0.4mm (BLS-HC4)
•Pilot Hi-Tec-C “Standard”- 0.5mm (BLS-HC5)
•Pilot Juice Gel Ink Series Refill 0.38, 0.5, 0.7mm (LP2RF) – (3 Colors)
•Pilot Precise V5 RT/V7 RT, named Hi-tecpoint V5 RT/V7 RT in Europe
•Pilot Q7 Needle Point Refill 0.7mm (BLS-GCK-7 / LHKRF-8C7)
•Pilot V ball RT (BLS-VB5RT)
•Pelikan Roller Refill 338 Rollerball
•Platinum Gel Pen Refill (BSP-60S) 0.5mm
•Platinum Gel Ball Pen Refill (GSP-80N) – 0.5 mm
•Roting TIKKY Liner Refill – 0.5mm
•Sakura R-GBH Ballsign Gel Multi Pen Refill – 0.4 mm (4 Colors)
•Sakura R-GBP Ballsign Knock Gel Pen Refill – 0.4 mm (3 Colors)
•Schmidt Safety ceramic roller 888 Fine
•Schneider Topball 850
•Staples Classic Grip Pen 0.7mm Gel (#31581)
•TUL GL1 Gel Pen Retractable Needle Point Fine 0.5mm
•Uniball Signo DX 0.28mm Refill (UMR-1-28)
•Uniball Signo DX 0.38mm Refill (UM-151)
•Uniball Signo DX 0.5mm Refill (UMR-1-05)
•Uniball Fanthom Erasable Gel Pen Refill (UFR-122) – 0.5 mm (3 Colors)
•Uniball Impact RT 1.0mm Bold (Signo UMR-80)
•Uniball Style Fit Gel Multi Pen Refill (UMR-109) – 0.28, 0.38, 0.5mm (16 Colors)
•Uniball Signo RT Gel 0.38mm & 0.5mm (UMN-138)
•Uniball Signo (UMN-152)
•Uniball Signo 0.28mm (UMN-82)
•Uniball Signo 0.38mm (UMN-83)
•Uniball Signo 207 Gel Refill 0.7mm (UMR-87, UMR-85)
•Uniball Jetstream 0.38 (SXR-38)
•Uniball Jetstream 0.5mm (SXR-5)
•Uniball Jetstream 0.7mm (SXR-7)
•Uniball Jetstream 1.0mm (SXR-7)
•Uniball Jetstream 1mm (SXR-10)
•Uniball Mitsubishi Liquid Ink Rollerball Pen Refill(UBR-300)- 0.5 mm
•Visconti Rolling Ceramic 0.7mm (AA40)
•Waterman Rollerball Refill
•Zebra Sarasa Clip Pen Refill – 0.7mm (JF-Refills for Sarasa, Sarasa SE, Sarasa Clip)
•Zebra JF-0.4 Sarasa Gel Pen Refill – 0.4 mm (4 Colors)
•Zebra JF-0.5 Sarasa Gel Pen Refill – 0.5 mm (4 Colors)
•Zebra JJ2 Gel Ink Refill
•Zebra J15 Gel Ink Refill
•Zebra JJZ15 Gel Ink Refill
•Zebra JJ21 Gel Ink Refill
•Zebra Sarasa Dry Gel Ink Rollerball Refill (JLV-0.4) – 0.4 mm (3 Colors)
•Zebra Sarasa Dry Gel Ink Rollerball Refill (JLV-0.5) – 0.5 mm (3 Colors)
•Zebra Gel Ink Rollerball Refills (RBJF5) – 0.5mm (3 Colors)
•Zebra JT-0.4 Sarasa Gel Pen Refill (RJT4-BK)- 0.4 mm
•Zebra RJF3 Gel Ink Refill
•Zebra RJF4 Gel Ink Refill
•Zebra RJF5 Gel Ink Refill
•Zebra RJF10 Gel Ink Refill
•Zebra Sarasa (NJK-0.4) – 0.4mm
•Zebra Sarasa (NJK-0.5) – 0.5mm

Ballpoint Style Refills

•Ballograf Original Ballpoint Pen Refill (4 Colors)
•Ballograf Pocket Ballpoint Pen Refill (2 Colors)
•Bic Pro+ 1.0mm Pen Refill
•Diplomat EasyFLOW Ballpoint Pen Refill
•Caran D’ache Goliath Refill
•Faber-Castell Ballpoint Pen Refill (Medium)
•Faber-Castell Scribero Gel Ink Roller Refill
•Fisher Space Pen “PR” Series Refills – 15 Different Refills
•Fisher Space Pen “U” Series Refills (UF1, UF2, UF4) – 3 Colors
•Foray (Office Depot) Ballpoint Refill for Parker Refills
•Foray (Office Depot) Replacement For Mont Blanc Ballpoint Refills
•Foray (Office Depot) Ballpoint Refill for Waterman Refills
•Kaweco Soul G2 Refill 1.0mm
•Kaweco Sport Roller Ball Pen Refill (This is a smooth Rollerball gel ink)
•Kokuyo FitCurve Ballpoint Pen Refill (PRR-SJ7D) – 0.7 mm (3 Colors)
•Lamy M22F Refill – Fine, Med, Broad
•Metaphys Locus 3Way Multi Pen Refill – 0.5mm
•Midori Brass Bullet Ballpoint Pen Refill – 0.5 mm
•Moleskine Ballpoint Refill
•Mont Blanc Ballpoint Refills (F) & (M)
•Monteverde Needle Point Refill (Fine)
•Monteverde Soft Roll P13 – Colored inks
•Monteverde Soft Roll P15- (Superbroad, Medium, Ultrafine)
•Ohto P80-05NP Needlepoint Ballpoint Pen Refill 0.5mm
•Ohto P80-07NP Needlepoint Ballpoint Pen Refill 0.7mm (writing width is 0.35mm)
•OhtoPS-205NP Extra-Fine Ballpoint Pen Refill 0.5mm (writing width is 0.35mm)
•Ohto PS-207NP Extra-Fine Ballpoint Pen Refill 0.7mm
•Ohto 893NP Needle-Point Ballpoint Pen Refill – 0.3 mm
•Ohto 895NP Needle-Point Ballpoint Pen Refill – 0.5 mm
•Ohto 897NP Needle-Point Ballpoint Pen Refill – 0.7 mm
•Parafernalia Ballpoint Pen Refill
•Parker Ballpoint Pen Refill (Broad, Medium, Fine)
•Parker GEL Ballpoint Pen Refill (Medium)
•Parker Quinkflow Ballpoint Pen Refill (Medium, Fine)
•Pelikan Giant Ballpoint Pen Refill 337 (Broad, Fine, Medium)
•Pentel Rolly C4 Ballpoint Multi Pen Refill (BKSS7) – 0.7 mm (4 Colors)
•Pentel (KFLT8) Ballpoint Pen Refill
•Pentel Selfit Ballpoint Pen Refill (BKS7H-AD)- 0.7 mm
•Pentel Vicuna XBXST5-A Refill – 0.5mm
•Pentel Vicuna BXM5H Refill – 0.5mm
•Pentel Vicuna BXM7H Refill – 0.7mm
•Pilot BRFV-8EF Acro Ink Ballpoint Pen Refill – 0.5 mm (3 Colors)
•Pilot BRFV-8F Acro Ink Ballpoint Pen Refill – 0.7 mm (3 Colors)
•Pilot BRFN-30F Ballpoint Pen Refill – 0.7 mm
•Pilot BRFN-30M Ballpoint Pen Refill – 1.0 mm
•Pilot BTRF-6F Ballpoint Pen Refill – 0.7 mm (3 Colors)
•Platignum Standard Ballpoint Pen Refill
•Sailor Pica Kirei Anti-Bacterial Ballpoint Multi Pen Refill – 0.7 mm(3 Colors)
•Sailor Pica Kirei Anti-Bacterial “Mini” Ballpoint Multi Pen Refill – 0.7 mm (3 Colors)
•Sakura R-NOB Ballpoint Pen Refill ( SAKURA R-NOB#49) – 0.7 mm
•Schmidt P900 B Ballpoint Pen Refill (Broad, Medium, Fine)
•Schmidt P950M MegaLine Pressurized Ballpoint Pen Refill (Medium)
•Schmidt 4889 MegaLine Pressurized Pen Refill
•Schmidt 9000M EasyFlow Pen Refill
•Schmidt P8900 Super Bowl Refill (Fine)
•Schneider Express 735 Pen Refill (Broad, Medium, Fine)
•Schneider Slider 755 Pen Refill (Extra-Broad, Medium)
•Sheaffer Ballpoint Refill II (Medium)
•Sheaffer K Ballpoint Refill
•Sheaffer T Ballpoint Refill
•Stabilo Ballpoint Refill
•Stabilo EASYgel Refill
•Tombow BR-ZLM Ballpoint Pen Refill
•Uni SXR-80-05 Jetstream Ballpoint Multi Pen Refill – 0.5 mm (4 Colors)
•Uni SXR-80-07 Jetstream Ballpoint Multi Pen Refill – 0.7 mm (4 Colors)
•Uni Power Tank High Grade Ballpoint Pen Refill – 0.7 mm
•Visconti Ballpoint Pen Refill AA49 1.4 (Broad)
•Visconti Gel Refill AA38 (Broad, Medium, Fine)
•Zebra F-Refill Ballpoint Pen Refill – 0.7 mm (2 Colors)
•Zebra G-301 JK-Refill Gel Pen Refills – 0.7 mm (2 Colors)
•Zebra SK-0.4 Ballpoint Pen Refill – 0.4 mm (2 Colors)
•Zebra SK-0.7 Ballpoint Pen Refill – 0.7 mm (4 Colors)
•Zebra Stylus Pen LV-Refills – 1.0mm
•Zebra Zmulsion Ink Pen Refill – 1.0 mm (EQ-1.0)

D1 Style Refills

•Acme Black 4FP Four-Function Pen Ballpoint Pen Refill
•Acme Highlighter 4FP Four-Function Pen Multi Functional Pen Refill
•Aurora Mini Medium Point Ballpoint Pen Refill
•Caran D’ache Ecridor XS Mini Refill
•Cross Matrix Ballpoint Pen Refill
•Cross Micro Ballpoint Pen Refill
•Kaweco D1 Soul Ballpoint Refill
•Lamy M21 Ballpoint Pen Refill
•Lamy M55 Tripen Marker Refill (Orange Highlighter)
•Monteverde Soft Roll Ballpoint Pen Refill – D1 (628)
•Ohto R-4C5NP Needle-Point Ballpoint Pen Refill – 0.5 mm
•Ohto R-4C7NP Needle-Point Ballpoint Pen Refill -0.7mm
•Parker Mini Ballpoint Refills
•Parker Vector 3-in-1 Ballpoint Refills
•Pelikan 38 Ballpoint Refills
•Pentel XBXS5-A (0.5mm)
•Pentel XBXS7-A (0.7mm)
•Pentel Vicuna XKBXES7 Ballpoint Pen Refill – D1 – 0.7 mm
•Pilot BRF-8M & BRF-8F-B 0.7mm Refills
•Pilot Hi-Tec-C Slims (LHRF-20C3-B 0.3mm)
•Platinum BSP-60 Series
•Platinum BSP-100
•Platinum SBSP-120S Hybrid Ink Ballpoint Refill
•Retro 1951 D-1 Ballpoint Refill
•Rotring Tikky 3-in-1 Ballpoint Refills – 0.7mm (2-Colors)
•Staedtler Multi Pen Ballpoint Refill (92RE-09)- D1 – 0.7 mm
•S.T. Dupont Mini Olympio Ballpoint Pen Refill
•Tombow Outdoor Pen Refill (BR-VMP)
•Tombow VS Ballpoint Pen Refill (BR-VS) – D1
•Uni SXR-200 Jetstream Ballpoint Multi Pen Refill (0.5 and 0.7mm)
•Zebra Tele-scopic Slide Ballpoint Pen Refill – 4C – 0.7mm
•Zebra ESB-0.7 Emulsion Ink Ballpoint Pen Refill – D1 – 0.7 mm
•Zebra JSB-0.4 (RJSB4-BK)
•Zebra JSB-0.5 (RJSB5-BK)
•Zebra Sharbo X Ballpoint Multi Pen Refill Component – D1
•Zebra Sharbo X Gel Ink Multi Pen Refill Component – D1

Why I left Evernote

GeneralEdward Kiledjian

I have been an Evernote user since September 26 2008 (8 years 5 months 8 days). Many of those years were spent as a paying premium customer, but at the end of 2016, I decided it was time to leave. I wanted to share why I am leaving and my plans to replace it.

The Evernote I loved

From the very beginning, Evernote was a wonderful company to support. It was this scrappy upstart that was committed to building a "100 year company" (link) and was incredibly committed to its customers. It believed in openness and came to market with original ideas. It was unlike anything else being offered at the time.

The original founding leaders had this crazy open-dialog podcast that gave listeners an inside look into the company. The freemium model Evernote pioneered worked like a charm. Evernote constantly moved premium features into the free tear and was constantly challenged to make newer & better features for the 5% of their paying premium customer-base. 

Every platform I tested had an Evernote client that worked relatively well and within minutes of setting up a new device, everything I had captured was there waiting for me. It was a wonderful time.

The app was lightning fast and reliable. Sync was blazing and worked every time. Text recognition (even in images and attachments) was super accurate. I was happy.

Even though I didn't need most of the premium features, I started paying a premium membership to support the company. It was my one key app. I used it as my reference folder, as my to do manager (GTD), my list making application, etc. It become an extension to my brain. 

I was an Evernote ambassador, talking about it every chance I had and bringing more and more people into the fold. Everyone that joined Evernote thanked me. Everyone loved it, even those on the free tier. It offered incredible value to everyone that took the time to use it. Search Amazon for Evernote and you get 1,145 products from Moleskin notebooks to books to help organize your life using Evernote. 

Then July 20th 2015, they announced via a blog post that Phil Libin would be leaving the company and his replacement was this polished executive named Chris O'Neill. Other executives also left (such as Max Levchin). Little did we know O'Neill had plans to dramatically change the service we had come to love and depend on.

The Bad Changes

The new Evernote price

The first major shock was the change in pricing. My beloved Premium membership almost doubled in price and the functionality of the free/plus service dropped. 

When prices increase, consumers will evaluate all possible alternatives and determine if the new price is still the best choice for him/her.

For $10 more a year, I can buy an Office 365 home subscription shareable with 5 family members. Everyone on my accounts is entitled to all of the Microsoft Office apps (Word, Excel, Powerpoint, etc), plus each user receives 1TB of online OneDrive storage and of course Microsoft made it's OneNote app free for everyone on all platforms.

As a customer of Evernote, I was asking myself if spending an extra $10 and moving to Office 365 home made sense. For most consumers, it will.

The second was the downgrade if you chose not to pay these new higher prices. You were limited to sync on only 2 devices and your free monthly upload allowance was 60MB which meant it become unusable (for free) for most users.

The junkening

Over the years, Evernote lost its way and tried to become the everything app for everyone (a swiss Army knife). It had a food memories app.

The Evernote Food app allowed you to capture memories of great food you had enjoyed in restaurants (logging pictures, location, friends with you, etc). 

It bought a screen-capture and markup tool called Skitch and after a couple of updates, killed it (moving some of its features into its already bloated core Evernote app).

It had and killed many other apps (A contact app, a meeting app, Flash cards, etc).

Over the years it's main app, the Evernote Client (Mac, Windows), became a bloated mess of slowness and crashing. They migrated from their own data center to the Google Cloud platform ( earloier this year) promising faster and better service. The blog post on February 8 2017 mentions :

Rather than pouring resources into the day-to-day maintenance of equipment and software required for running the Evernote service, we can now focus more of our time and energy into responding to customer needs.

All good sentiments but I haven't seen any benefits as a customer. Evernote is still an expensive bloated mess. 

Breaking their own rules

In 2011, Evernote published the 3 laws of data protection:

  1. Your Data is Yours
  2. Your Data is Protected
  3. Your Data is Portable

The fist rule is clear, my data is mine and the only thing Evernote was going to do to it was normal operational tasks the ensure they can deliver the services I was expecting. The new Evernote wanted to add a machine learning function for its premium users and as part of that change tried to update its Terms of Service. This change was so viciously attacked by its users that in December 2016, they were forced to roll-it back and tried to reframe the conversation.

The worry was that the changed language gave Evernote employees the right to "read" your notes as they attempted to spot check and validate their new Machine Learning tools. The reversal meant the change would now be opt-in. This never should have happened the way it did. It showed clear gap in their change management and product management processes.

The second rules stated that :

Everything you put into Evernote is private by default. We never look at it, analyze it, share it, use it to target ads, data mine it, etc.–unless you specifically ask us to do one of these things.

This seems to conflict with their unilateral attempt to change the privacy language to enable their Machine Learning feature but.... The next part of this rule is:

we take many precautions to protect your data from accidental loss and theft. Everything you put into an Evernote synchronized notebook is stored in our secure data center with multiple redundant servers, storage devices and off-site backups.

Evernote had a couple of issues with data availability but the biggest was one that affected "some Mac users" and caused attachments to get deleted (article here). 

certain sequences of events can cause an image or other attachments to be deleted from notes without warning, but text is not affected.

So far, Evernote has failed on the first 2 of their data protection laws. The third law was about data portability. The law said:

There is no data-lock in Evernote. We are committed to making it easy for you to get all of your data into, and out of, Evernote at any time.

Ask anyone that has a large collection of notes with tags and dozens of folders, there is no graceful way to export your data in a usable format. Attachments are exported with their original file names (not the note name) and all structure is lost (tags and folder are lost).

I as one of the people that asked for Evernote to make a better export feature to ensure they met their own portability commitment. I wasn't sure how it should work, but knew it needed something better.

As you added more and more notes, this feature became more important and the lack of it became a glaring issue. As much as they say you can export in HTML, the exported data is useless. 

So they failed to meet their own 3 rules of data protection. 

No Markdown Support

As a technical Evernote user, I was part of their forums, UserVoice feature request system and always answered their user surveys. A feature I have wanted for years was Markdown formatting support (which would improve note compatibility). Their standard response was always that this was not part of their road-map. I wasn't the only one clamoring for Markdown support. Their forums listed thousands of users asking for it. 

Unfortunately Evernote was clearly not interested. 

Less consumer more business 

In an interview with The Verge,  Chris mentions the wants a more balanced customer base (less consumer and more corporate. This clearly shows in the steps they have taken and ancillary services they have killed.

Consumer services have been killed (Food, Flash Cards, etc) while corporate ones have been maintained (Evernote Work Chat a slack competitor and Presentation mode a Powerpoint competitor).

Changing competitive landscape

As Evernote continues to squeeze its free tier customers and makes paid tiers more expensive, it's primary competitor, Microsoft OneNote, has gone free for everyone on every platform. Additionally Google has its Keep/Google Docs combo and Apple its's Pages/Apple Notes combo. All of its chief competitors are offering more and more functions for free.

Others like Dropbox have launched services like Dropbox paper offering their existing subscribers cool new Evernote competing features. 

When I started using Evernote, it was the defacto standard integration partner for every app or service that I used. Almost every app I had on my Windows, Mac, Android, iPhone or iPad integrated with Evernote. As Evernote alienates its customers and more competitors enter the market, this is becoming less and less true. There was a huge benefit to knowing everything you had would work with Evernote, as this slowly disappears, that advantage also disappears. 

The Best Evernote Alternative

Having tested dozens of services, there isn't a really good alternative an Evernote power user will like but you have to accept this reality and move on. Evernote has clearly shown disdain for its consumer users and so the search for an alternative is ongoing.

The closest to Evernote has been Microsoft OneNote. OneNote is now free for everyone, getting more polished and feature rich with every update and they are clearly targeting Evernote users. It will definitely take some getting use to but it is a close enough alternative that most users will be extremely satisfied.

Microsoft OneNote works on most platforms, even on an Apple watch. 

In my quest to free my notes, I will be testing Clevernote.io more on that in coming weeks. 

I have gone through the period of grief and have accepted the fact that there is no "perfect" migration tool or strategy. I will lose some functionality and context around my Evernote notes but that's the cost of admission.

We are also seeing new companies pop up and try to fill the new Evernote void. One such startup service is called Bear

Bear is a beautiful simple note taking app that reminds me of Evernote's beginnings. It only works on iPhone, iPad and Mac today but who knows what the future will hold. A Bear Pro subscription is $15. 

Conclusion

I don't think the ship has yet sailed for Evernote and they can recapture their glory days if management does the right things but I am doubtful. Many have called Evernote the "broken Unicorn" and I agree. Most companies will stick with the good and trustworthy Microsoft and won't fork over hundreds of thousands a year to Evernote.

And unless Evernote changes course quickly, it will lose its core base of users (those who have been unofficial ambassadors over the years). 

So my recommendation is start the grieving process now and looking at alternatives. 

Google allows you to receive 50MB email attachments

GeneralEdward Kiledjian

I've been a Google GMAIL user from the start and get excited when Google releases new features. The sultan of search has increased the inbound attachment limit to 50MB (from 25MB). Outbound attachment size is still capped at 25MB.

Sending and receiving attachments is an important part of email exchanges. While Google Drive offers a convenient way to share files of any size, sometimes you need to receive large files as direct email attachments. So starting today, you will be able to receive emails of up to 50MB directly.

This change is rolling out to users and should hit everyone in the next week.

Google announcement here.

CRTC prevents Sugar Mobile from operating on the Rogers network

GeneralEdward Kiledjian

Canadians don't have a lot of wireless connectivity choices and this sad reality is reflected in the high prices we pay. I have previously written about Sugar Mobile and their not for everyone mediocre but cheap offering.

Today they have been dealt a blow by the CRTC (read the CRTC ruling here). The CRTC ordered Sugar Mobile to stop using the Rogers network (improperly) within 50 days. 

Ice Wireless has improperly allowed the end-users of its mobile virtual network operator Sugar Mobile Inc. to obtain permanent, rather than incidental, access to [Rogers’] cellular network
— CRTC

Obviously Sugar Mobile is disappointed by the ruling and has published this statement on their website.

The Canadian market needs competition to drive innovation and hopefully make the market more competitive. It looks like one option has been taken off the table.