The notes we jot down are our private thoughts that deserve to be encrypted in a secure, digital notebook. We shouldn’t worry who might read them. Like most users, I made the mistake of using whatever pre-installed app was on my smartphone. I’ve used Google Keep and my iPhone Notes app, but I needed to make a change. What are the best secure note-taking apps?
- Standard Notes
- NextCloud + Notes
- BONUS: DIY Method
I’ve reviewed each of these notebook apps and included reasons why they’re better than their closed-source, make-a-buck-with-my-data services. Check out the pros and cons.
Here’s the judgement criteria:
- Security & Privacy: How is data stored, transmitted/sync-ed, encrypted?
- Open Source: Is the code available for programmers to review and audit?
- User Experience: Does the app have a pleasant and modern look and feel?
- Ease-of-Use: Is typing, editing, and formating easy? Are the menus and settings clear?
- Features: Are there enough features to handle the average user’s needs?
- Cross-Platform: Can you take notes as easily on a laptop, tablet, and smartphone?
- Data Synchronization: Is data backed up and/or sync-ed across multiple devices?
- Technical Know-How: Is the software hard to get installed, setup, and running?
Etherpad is a web-based note app offering the ability of multiple users to edit notes at the same time. Users simply go to a private URL address in their favorite browser and begin taking notes. Individual colors separate per-user edits. On-screen chat provides an extra layer of collaboration.
Versions are continuously tracked and note history can be played back like video.
The newest user interface provides a clean and minimalist experience and the time-to-first-note is unbeatable when using a hosted instance. The project maintains a list of hosted instances with some explanations about the organization and caveats to each.
Etherpad is federated which means you can download and install it on your web server. This gives you maximum control over data security.
Etherpad’s code has gone through a few rewrites, and as with many open-source projects, it contains technical debt (old, bad, or unused code).
The web-based-only interface means that the average user will need to rely on someone else to host a server entrusting the server owner to keep their data safe and backed up. When testing on a mobile web browser, I was disconnected several times hinting that this might not be a good offering for the on-the-go user.
While the project quite simple to use, there’s not a lot of documentation and the community is small in comparison to other projects.
The average user will find the biggest hurdle in adoption is the lack of features.
How Etherpad Stacks Up
This note-taking app has more in common with Google Docs than an alternative to Google Keep or Evernote. It has some unique capabilities that might suffice for the casual note-taker but will leave the more-serious users wanting better functionality.
Standard Notes prides itself as a privacy- and security-centric note app. The source code for all the platforms is on Github for code review.
The software does a great job of providing a clean and bright interface across their desktop and mobile app versions. The user experience is well-thought-out and logical with menuing and settings that are clear. The web-based version performs very well.
The on-ramp is surprisingly short and fast from installation to your first note which required no upfront account creation or keying.
Standard Notes falls short in out-of-the-box features. Additional functionality comes from a variety of extensions that the user must install on each platform. Even formatting text inside notes or attaching images is not supported until an extension is added to the app.
Using extensions requires a monthly subscription which the average user may still find lacking needed functionality.
How Standard Note Stacks Up
Aside from the enhanced security and privacy of your data, users coming from Google Keep or Evernote will find even the features a large step backward.
Turtl is a rather functional notebook even at this early, beta stage. The developers have done an excellent job securely storing and synchronizing your note data.
This note-taking app provides several note types reminiscent of the paradigm found in a password manager. One of the note types is labeled as “password”.
The desktop and mobile apps look identical so users will feel at home with either.
Turtl’s installation is fairly straight-forward on Windows and mobile devices. Users on Mac and Linux will need to first unarchive the downloads and go through a manual installation.
You’ll need to create or log in to an account before taking your first note, While this is a familiar process, the developer devotes a whole step during sign up to point out that there’s no password recovery option. This can be a bit off-putting for some.
Additionally, there is no web-based version as of this writing and the iOS/iPhone app is in-progress.
There are no buttons to apply formatting to your notes. Users need to use Markdown for formatting. Here’s a short, 3-minute YouTube video showing the super basics of Markdown formatting.
How Turtl Stacks Up
Turtl provides a way to format plain-text notes and some additional organizing options, but it too is not as full-featured as Evernote. I found most of the options I needed to replicate Google Keep.
Joplin is the next step up in cross-platform note-taking apps. The software provides text formatting buttons, drag-and-drop capabilities, and even a web clipping browser extension.
Users have notes organized in notebooks which themselves can be organized into a hierarchy in the sidebar. Global search, templates, import/export are snappy and provide a lot of flexibility.
Data backup and multi-device synchronization occurs through connected local drive, OneDrive, NextCloud, Dropbox, or WebDAV (generic web storage). All data is encrypted on your device before it’s transmitted and stored remotely.
Joplin scores well on its security except for an issue about data stored unencrypted & without a password while on your local device. This might be a deal-killer if you’re looking for the most secure note-taking option.
|You’ll need to go into the Joplin settings to create an encryption password. The application does not prompt you to turn on encryption during setup. Here’s how to create a strong and secure password.|
The user experience is utilitarian, and the WYSIWYG editor is under development. Joplin’s note tagging is functional, but clunky and lacks the multi-tag capability.
How Joplin Stacks Up
Joplin takes note (pun intended) of the organization from Evernote, but the user experience is basic. Users have some visual formatting buttons, but Markdown is needed to truly make average users fully-productive.
Laverna is just fast. The app’s onboarding process from installation to writing your first note is amazing. Fast also refers to my experience in running this application. It’s amazingly responsive mirroring the same performance across multiple devices.
The user experience is clean, modern, and minimalistic with the familiar placement of menus and work areas on each platform. Notes are plain text or formatted via visual buttons and Markdown with a handy line highlighter helping writers track their typing location.
Notebooks help organize your content.
Laverna is federated providing advanced users control of the software. For the average user, data is encrypted then stored in Dropbox for backup and cross-device synchronization.
Laverna’s development progress has stalled as of this review. The Android version is yet-to-be-released with an iOS/iPhone app only hinted by the source code. Mobile users will only have a browser-based experience for the moment.
Dropbox’s free tier should be sufficient, but at the moment, it’s the only easy-option for data synchronization. This project needs additional commercial and self-hosted options to truly gain the trust of average and advanced users.
How Laverna Stacks Up
This note-taking app is a good alternative to Evernote and easily surpasses the capabilities of Google Keep notes. If development picks back up, Laverna’s attention to polish could easily make this worthy secure digital notebook.
NextCloud is an open-source collection of software that replicates productivity offerings from “big tech”. The techie, DIYer uses their server to host services like file storage (replaces Dropbox), calendar and contact organization (replacing Google), and even chat and video conferencing (replaces Skype or Hangouts) through a set of add-on apps.
The NextCloud Notes app added to your NextCloud server provides a basic set of note-taking functionality including synchronization with mobile apps.
The clean, productivity-focused user interface/experience centers around simple categorized notes formatted in Markdown.
In addition to categories, star-favoriting and integrated search round out this app add-on.
The security of NextCloud and thus your notes rely on the level of control, security, and encryption of the server as a federated project.
NexCloud and the Notes app require a tech-savvy enthusiast to set up and run. This level of experience and responsibility might not match with the average user’s requirements.
How NextCloud + Notes Stacks Up
The Notes app under Nextcloud is a great alternative to Google Keep. It falls short in replicating the features of Evernote.
|If you are tech-savvy, you should consider switching to a smartphone keyboard that respects your privacy so your notes and everything you type on your phone is more secure.|
HedgeDocs (formerly CodiMD) is a collaborative notes web app allowing users to create and share Markdown-based docs via public links.
This editor is federated. You’ll need to find a hosted instance or run your own instance which will give you greater control of your data.
The clean, minimalistic UI allows for dark and light themes and a presentation mode. A toolbar gives quick formatting help for users just getting started with Markdown during editing, and drag and drop is supported and well-implemented.
The free and open-source software (FOSS) project is under active development and there’s a supportive community of enthusiasts.
Once published, your notes cannot be unshared and those with the link to the files will continue to be able to view and edit the file.
How HedgeDoc Stacks Up
HedgeDoc fulfills a particular niche for users wanting a wide-open document collaboration tool. The development team have a clear use case around this offering and stick to a target audience providing this competent markdown editor.
SilentNotes is another excellent choice for end-to-end encrypted notes. This free and open-source software (FOSS) offering has a committed developer with active project improvements.
The apps offer synchronization via 5 online storage services. User notebooks can stay updated between Windows computers and Android smartphone devices.
The WYSIWYG editor on both platforms is solid and among the better implementations I’ve seen especially for mobile.
There are no Mac, Linux, or iOS app versions expected. I do wish there was an export function that allowed for backup and restore as disaster recovery.
How SilentNotes Stacks Up
Users that primarily work on Windows and Android operating systems will find SilentNotes a good fit.
NoteRiot is an excellent example of merging technologies into a wonderfully secure note app with a modern and distraction-free experience. The web app is responsive and snappy and data is encrypted before being sent over a secure connection to be stored on the blockchain.
Notes and to-do lists are the main focus of this note-taking app. Each note can be organized by a color, label and/or heart-shaped favorite toggle. Searching is instantaneous and filters directly to matching notes.
Formatting is accomplished through the use of Markdown or directly via a true WYSIWYG, visual editor which is rare in all the reviewed apps.
The import option provides a clear set of instructions to bring your Google Keep notes over to NoteRiot. The export function creates a Markdown export so you’re not ever locked into using NoteRiot.
NoteRiot is a browser-only notes app. Both desktop and mobile users will need their browser handy.
Dropped images are converted to base64 encoded code/text which can be a bit hard to work around for Markdown users.
To-Do lists are simply new notes with checkbox items. On the main dashboard of notes, ticking the checkbox causes the to-do note to open. This interaction is a bit of an unexpected experience.
How NoteRiot Stacks Up
NoteRiot is head-and-shoulders above Google Keep especially for the focus on security and privacy. The project edges very close to Evernote’s capabilities but falls only slightly short due to the lack of native desktop and mobile apps.
10. BONUS: Secure & Sync Your Note Files
This method also gives you the flexibility to use whatever editor you choose without being locked into a particular app.
Notes are not encrypted while on a smartphone or tablet as Cryptomator is not treated as an actively mounted storage location.
This approach can be clunky with lots of moving parts to get working smoothly.
How the DIY Approach Stacks Up
The DIY approach isn’t going to be for the average user who wants to take notes and stay productive. There’s value to having your tool(s) work for you instead of you working on your tools.
Got any other projects I missed or do you have a DIY solution that works best while maintaining security?
👈 Catch me on Session Messenger (download)
Related Questions & Tips
Is the notes app secure? The iOS Notes app contains a “Lock Note” function which encrypts individual notes with a passphrase. Based on this security whitepaper, Apple provides end-to-end encryption tightly securing user notes even across devices or iCloud storage.
How do you encrypt notes? On the iOS Notes app select the “Lock Note” option and enter a unique password & password hint as described by Apple’s support page. For Android users, Google Keep does not currently have an encrypt option. Install a third-party notes app like Joplin or use your password manager to a secure note.