1.2 KiB
GSoC: Additinal protection per note
- Feature request: Password or pin protection
- Suggestion: Add instructions to generate app-specific password enhancement
- Turtl Documentation - Security and encryption
Password or pin protection: It’s very unclear what people want. It seems the threat model is you give your unlocked phone or laptop to someone, and you don’t want them to see your notes. But of course, the solution is to not do that. All devices these days support multiple accounts, so there’s no point giving their unlocked device to someone they don’t trust. I think we should remove this issue until it’s betted defined. Perhaps it should go to a different category like, “to be specified”. We need to know what’s the threat model, what people want. I’ve heard dozens of variations (locking the app, obfuscating the data, encrypting the data, encrypting a note, a notebook, encrypting a part of a note, etc.) so it’s unclear what needs to be done. I guess for me it seems so unnecessary that I can’t quite wrap my head around it.