Hacker Newsnew | comments | show | ask | jobs | submit login

Confirmed here too.

https://support.evernote.com/link/portal/16051/16058/Article...




"For Evernote's consumer product, the current encryption algorithms are chosen more for exportability under the Commerce Department rather than strength, since our software permits the encryption of arbitrary user data with no escrow."

I guess Evernote's been around for a while, but wasn't it way back in 2010 that the BIS allowed simple self service registration and annual self classification of almost all "mass market" use of crypto?

http://www.bis.doc.gov/encryption/summary.htm

-----


Addressing US regs doesn't necessarily mean you are compliant with assorted international regs.

Crypto, export, and service availability can be tricky things.

-----


International regulations are pretty insane. For example, France requires you to submit your software to them for review that's supposed to take up to 2 weeks. This isn't just for product releases, it includes everything, including patches.

Apple, MS and Google can get away with it because they have large legal teams that help them with all the various rules and regulations. For smaller companies, it's simply too massive to bother taking more than an off-the-shelf solution.

-----


So, how come all sorts of small companies, from 1Password to Dropbox use stronger encryption?

-----


I don't buy this. They could easily have high security versions in countries that allow it. Lowest common denominator in this case is not a good idea.

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: