Alternatives to Browser Notebook

Browser Notebook


Browser Notebook is new and leaks several features, that other applications offer. For example currently only plain texts are supported, there is no option for automatic synchronization, not all browsers support the local mode, iOS support is limited...

Privacy, Confidentiality, Integrity

The focus is initially on encryption security rather than features. Browser Notebook intends to provide a more robust privacy concept (texts are never stored unencrypted, use of authenticated encryption and memory-hard key derivation, making the source code available).

No Registration, no Download, no Installation

Unlike most other applications, you must not download or install anything and there is no registration and no login. You can just call the website and start using it. Of course, if you want to use Browser Notebook locally without Web access, you must download the files, but no installation is required.

Proprietary and closed source Applications

The Top Dogs: OneNote, Google Keep

If you don't care about privacy, you can use Microsoft OneNote or Google Keep. There are many features and they are simple to use, but these are proprietary application, you can't verify what they are doing with your data and these companies are known to care little for privacy.

Evernotes and other closed Source Applications

Evernotes is free to use and has many features, but it is - like OneNote and Google Keep closed source. Encryption is an option and the algorithms are now a bit better than in the past, where the weak RC2 algorithm was used for encryption, but there is still no authenticated encryption that prevents tampering attacks.

Open Source Alternatives: Laverna, Simple Notes and Turtle

Simple Notes

Simple Notes is only for Windows, Android and Linux open source (not for macOS), you have to download and install and you need a registration to use. The content is encrypted, but at least they can read your data too. This is fine, if you forgot your password, but not suitable, if you care about your privacy.

Home: Simple Notes
Source Code: GitHub


Turtle uses authenticated encryption based on the SJCL library (like Browser Notes) and a key derivation function with a high iteration count (100K), but unfortunately not a memory- hard key derivation function. You need to download and install the application.

Home: Turtle
Source Code: GitHub


Laverna is the only application here, that can be used without any registration and installation - like Browser Notebook. Encryption is an option, that is disabled by default. Like Turtle it uses authenticated encryption, but also not a memory-hard key derivation function to protect against custom hardware attacks.

Home: Laverna
Source Code: GitHub

Private Notes, Encrypted Texts, Secret Memos...

If you search with these terms or if you have a look in categories of popular download sites like encryption software, security applications or cryptography programs, you will find countless apps for this purpose.
If the main focus is not on privacy, you can just look for the features you need.

Open Source

Making the source code available does not protect against program bugs or poor implementations, that can be used to compromise the confidentiality, privacy or integrity of your data. But it opens up the opportunity for everyone to check this. It is a requirement for security software, but not sufficient. And even if you sort out closed source programs, there are still many left.

Cryptography: Encryption and Key Derivation

The algorithms to encrypt the content are usually not the weak point of these programs. There are many algorithms that still remain secure: AES, Twofish, Serpent, Threefish...
In addition to program bugs and bad implementations, the weakest point of password encryption programs is the function to derive the encryption key from your password. No one, who is interested in your data, will pay attention to the encryption algorithm, instead she or he will try to crack your password.
The time you have to wait after typing the password gives a hint about the quality of the key derivation. To prevent so called custom hardware attacks, the key derivation function should also be memory-hard like Argon2, Scrypt (used here), Catena, Lyra2 or Yescrypt.