Alternative Applications for In-Browser Note Encryption

Browser Notebook

Features

Browser Notebook is new and leaks several features, that other applications offer. For example there is no option for automatic synchronization, not all browsers support the local mode, iOS support is limited...

The focus is on privacy and ease of use.

No Registration, no Download, no Installation

Unlike most other applications, you must not download or install anything and there is no registration and no login. You can just call the website and start using it. Of course, if you want to use Browser Notebook locally without Web access, you must download the files.

Proprietary and closed source Applications

The Top Dogs: OneNote, Google Keep

If you don't care about privacy, you can use Microsoft OneNote or Google Keep. There are many features and they are simple to use, but these are proprietary application, you can't verify what they are doing with your data and these companies are known to care little for privacy.

Evernotes and other closed Source Applications

Evernotes is free to use and has many features, but it is - like OneNote and Google Keep closed source. Encryption is an option and the algorithms are now a bit better than in the past, where a broken algorithm (RC2) was used for encryption, but there is still no authenticated encryption that prevents tampering attacks.

Open Source Alternatives: Laverna, Simple Notes and Turtle

Joplin

Joplin is available for all major operating systems and can be synchronized between them. Joplin has the most features and the largest community of all the programs presented here. Encryption is an option, not a default setting. Joplin uses the same library for encryption as BrowserNotebook (sjcl), but without a memory-hard key derivation function.

Home: Joplin
Source Code: GitHub

Simple Notes

Simple Notes is now available for Linux, Windows, Mac, Android and iOS, you have to download and install and you need a registration to use. The content is encrypted, but at least they can read your data too. This is fine, if you forgot your password, but not suitable, if you care about your privacy.

Home: Simple Notes
Source Code: GitHub

Turtle

Turtle uses authenticated encryption based on the SJCL library (like Browser Notes) and a key derivation function with a high iteration count (100K), but unfortunately not a memory-hard key derivation function. You need to download and install the application.

Home: Turtle
Source Code: GitHub

Laverna

Laverna is the only application here, that can be used without any registration or installation - like Browser Notebook. Encryption is an option, that is disabled by default. Laverna uses authenticated encryption, but not a memory-hard key derivation function to protect against custom hardware attacks. It is very simple to use.

Home: Laverna
Source Code: GitHub

Private Notes, Encrypted Texts, Secret Memos...

If you search with these terms or if you have a look in categories of popular download sites like encryption software, security applications or cryptography programs, you will find countless apps for this purpose.
If the main focus is not on privacy, you can just look for the features you need.

Open Source

Making the source code available does not protect against program bugs or poor implementations, that can be used to compromise the confidentiality, privacy or integrity of your data. But it opens up the opportunity for everyone to check this. It is a requirement for security software, but not sufficient. The choice of note taking apps is wide. It is absolutely not required to use closed source programs.

Cryptography: Encryption and Key Derivation

The algorithms to encrypt the content are usually not the weak point of these programs. There are many algorithms that still remain secure: AES, Twofish, Serpent, Threefish...
In addition to program bugs and bad implementations, the weakest point of password encryption programs is the function to derive the encryption key from your password. No one, who is interested in your data, will pay attention to the encryption algorithm (unless a broken algorithm is used), instead she or he will try to crack your password. And this is quite possible in most cases.
The time you have to wait after typing the password gives a hint about the quality of the key derivation. To prevent so called custom hardware attacks, the key derivation function should also be memory-hard like Argon2, Scrypt (used here) or Balloon.

Alternatives to Browser Notebook