galtenberg
commented
5 years ago Yes, the server side can potentially see & ask for everything, in theory. When you log in with this service, you are logging into evernote.
That said, since the client browser session holds the evernote secrets for the account, the server side only does what the client requests (lookup notebook titles and uuids, get a random note for a notebook).
As far as the contents of notes, right now the server side only selects a random note uuid, and then asks the evernote API for it. The data passes through the server side to the client, for rendering.
So the current implementation doesn't look at note contents, but could be altered to store it somewhere. Presently this project doesn't have a database, nor does it send data to any other service. If it ever did, we'd only keep metadata rather than actual data (so, for example, we could let you add a star-rating to a particular note uuid).
An alternative implementation of this project could be to keep all the evernote secrets on the client side - in fact, move most of the server side over to the client, so that the server does nothing except dumbly serve up client assets. It would be challenging, but possible.
I hope this was helpful and transparent. This is definitely a good question, whose implications you should understand for every service you use where private data is concerned.
For the current implementation of this service, your private data will remain unseen, untraced, and not kept anywhere.
Hello, does Evernote authorization allow you to see note contents on your side? This is a big issue for those with sensitive info. Thanks