Lately, I’ve spent some parts of my evenings poking at Turtl’s core library. Turtl is a note-taking application, focused on security and listed as one of three recommended alternatives, on privacytools.io, to Evernote, Google Keep, or Microsoft OneNote.

I’ve collected the findings in a short audit report which can be found here: audit report link.

The work was unpaid, focused primarily on crypto, and done mostly whenever I found the time for it, so it is in no way exhaustive of the entire library.

I’d like to thank Andrew Lyon(@orthecreedence) for being very helpful in collaboration and answering questions.

Thanks to Ionut Mihalcea for providing feedback on the audit report.

Found a mistake?

Please reach out.