https://from.scrut.ch

# A writing platform built for … writing.

scrutch is a non-bloated editor that combines the joy of writing with uncompromising focus and privacy.

It stays out of the way, so you never miss capturing the sparks that ignite your imagination.

Fast

When you want to write, just write. Anywhere, anytime, instantly. No login, no cookie banners, no fuss.

Start from.scrut.ch …

Secure

You own what you write. All content is end-to-end encrypted. If you you want to share, you can. Securely.

Encryption and sharing

No features … almost

scrutch has no shiny features. That’s what it’s all about. So rather than bragging about what it can do, let’s summarize what it lacks:

We’ve put together a few short videos on our YouTube channel to show you some of the hidden gems of scrutch. And now find out, why not having all of this is enough to have and start from.scrut.ch.

Encrypted? Yes. End-to-end? Sure.

Everything you enter from.scrut.ch is encrypted before it leaves your device. The only place, where the clear text of your contents exists, is right on your device(s). This is how it works:

After starting from.scrut.ch your client generates two random values:

The slug:
xASjANwR
The encryption key:
yFrI-Z3Jh-6GvV-xJ4q-ZH7o-UwmM-oOtT-tpKT

The slug is unique and identifies your text. It is part of of the public URL. The encryption key is used to encrypt and decrypt any contents. There is no real owner of a text. Anyone having both public URL and encryption key is able to read and write.

How sharing works

The encryption key is stored exclusively on the client. If you want to share a text, we recommend sending public URL and encryption key over different channels. However, you may append the encryption key to the public URL of your text, which gives you the private URL.

Public URL Private URL

https://from.scrut.ch/xASjANwR#yFrIZ3Jh6GvVxJ4qZH7oUwmMoOtTtpKT

In a private URL the encryption key is part of the URL and therefore gives the recipient instant access to your text. The key is appended via hash and therefore not part of the HTTP request browsers send over the network. This ensures the key never leaves the device it’s shared with.

These are the basics of the encryption of scrutch. If you’re eager to dive deeper into the crypto being used behind the curtains, there’s a more detailed description in the FAQ down below.

Pricing — up to you

scrutch is free and it’s not. It has a simple and honest pricing model: If you like it and use it, it is only fair to pay for it, right? If and when that time comes is 100 % your decision.

One of the core principles of scrutch is that you can quickly jot down notes and ideas from.scrut.ch in any browser at any time. We won’t put any barriers (like login or paywall) in front of that, ever.

A privacy friendly side effect: Since we don’t force users to create an account to pay, we can’t link payment information to encrypted content on scrutch.

Monthly payment Yearly payment save 2 months

You like it and you’re bold.

Cool! Help to maintain and develop scrutch by giving a reasonable amount every month or year.

$3/month

$30/year

Subscribe now Subscribe now

Cancel anytime. Amount may differ in your local currency and VAT might be applied during checkout.

You like it, but fear subscriptions.

We’ve been there. You can support scrutch with a one-time “donation” while making up your mind.

$50 once

Support once

Amount may differ in your local currency and VAT might be applied during checkout.

You want to host your own instance.

Although scrutch is a truly end-to-end encrypted service, there may be some use-cases where you want to host your own instance of it. For instance, if you want to run it behind a firewall, use your custom branding or want to keep the encrypted data in your own hands for regulatory reasons.

Request a quote

Payments and subscriptions are handled by Paddle. Your payment information doesn’t touch our servers, nor can it be linked to content stored with scrutch. After check-out you’ll receive an invoice, including VAT, if applicable. If you have questions or problems regarding adjustments or cancellation of recurring payments, do not hesitate to reach out: hello@scrut.ch.

Questions & answers

Is payment truly voluntary? Any catches?

Yes … and no! We provide scrutch free to try and free to use. There are no paywalls. Because we believe in the low-threshold to use this writing tool. And it further increases privacy if we can’t link (paying) customers to encrypted contents on scrutch.

However, if you observe yourself using it on a regular basis, there is a somewhat moral expectation to pay for it. So if scrutch proved useful to you, please do some soul-digging and consider supporting it.

How confidential are my texts? How secure is scrutch?

Very confidential. And pretty secure. Every time you create a new text, a random key is being generated by your device. This key is used to encrypt everything you type before it leaves the client. The key is different for each text and exclusively stored on the devices it is shared with. It is never sent to our (or third-party) servers.

Do we guarantee it is 100 % secure? Well, we don’t. Nobody would do that. People make mistakes, software may have errors, bad guys may be powerful or smarter than us. But we do our best. If you have the time, let us explain.

Okay, and how exactly does scrutch encrypt my texts?

scrutch uses client-side symmetric encryption utilizing the Advanced Encryption Standard (AES) with a 256-bit key derived from the encryption key (passphrase) of each text. The key derivation function is PBKDF2 with a thousand iterations. The library used to perform the heavy crypto lifting in the background is CryptoJS.

I want more details.

Sure! The key derived from each text’s encryption key isn’t the actual key used to encrypt/decrypt the contents. It’s rather the key to encrypt/decrypt the actual encryption key. Why so complicated? This ensures the actual key used to encrypt/decrypt your contents stays the same, even if you decided to change the encryption key of your text. This isn’t possible right now, but may be in the future. If it wouldn’t stay the same, we would have to decrypt and re-encrypt all your contents after every passphrase change.

So what’s stored on your servers, then?

Legit question. For each text the server knows the following:

  • Its slug as clear text. Used to identify and find a text.
  • The SHA3 hash of the text’s encryption key. Used to permit access only for people having the matching encryption key.
  • The AES-encrypted lower level encryption key. Used to encrypt/decrypt the contents of the text. Can be decrypted using the key derived from the texts’s encryption key.
  • A checksum of the content. Since the server cannot read to contents of your text, the checksum is used to detect changes.
  • A timestamp of the last change. Used to detect whether there is a newer version of the content on the server than on your client(s).
  • The encrypted content. Binary gibberish only decryptable by your devices.

I wanna know moar!!!

Come on, give me a break! If you’re curious and/or an expert on cryptography, take a look at the crypto component of scrutch, which will be released on GitHub, soon. If you found any mistakes or weird stuff in our crypto, please tell us before going public to give us the chance to fix it asap: hello@scrut.ch

I lost my encryption key. How can I recover it?

Hold on to something … you can’t. That’s the beauty of encryption. The encryption key of a text never leaves your device(s). So, if you lost access to it, we cannot restore it. Without it, your contents are just binary gibberish. Try to remember if you shared your text with another device. It may be still there, including the decryption key.

Can I format my texts? Any hidden features?

scrutch uses Markdown to highlight texts and derive certain information from it (the title, for instance). We’re working on a guide to get you started. In the meantime, take a look at the basic syntax of Markdown and our YouTube channel, which introduces some not-so-obvious features like task lists.

Are there mobile apps for Android/iOS/Nokia 3310?

As of now, we do not plan to develop any native apps. This would mean a lot of extra work. We firmly believe in web technology.

This is why scrutch offers advanced progressive web app (PWA) and offline support. We recommend installing the scrutch PWA on your mobile devices, including tablets. It’s easy and natively supported by the operating system. There is more than one article on how to install a PWA on Android and iOS.

Can I install scrutch on my own server? Is it open-source?

Since scrutch is a truly end-to-end encrypted service, there are no real benefits of hosting your own instance. Except trust issues, of course.

It’s not decided yet, whether to open-source scrutch’s client and server applications. We believe open-source projects should adhere to certain standards and be provided it in a proper and well documented way. This would require quite some extra time, which – as of now – is rather spent on improving user experience and stability.

However, we’re working on bundling all the encryption related code into a package library for everyone to use and verify. Check our official GitHub presence or follow us on X to get updated about this.

If you’re an organization and want to use it with your own branding or within an intranet, you may request a quote for on-premise licensing and support. Take a look at our pricing on how to reach out.

Does scrutch offer built-in spell/grammar checking?

This is sad, but currently it doesn’t. Even sadder: It won’t happen soon.

Spell and grammar checking usually means sending your text to a third-party service which specializes on these things. One of the downsides of end-to-end encryption is that it doesn’t make sense to send your unencrypted content to other parties. So spell checking would have to take place on your client and only on your client. And here we’re talking about a whole domain of challenges. A domain different to the core of scrutch.

So we recommend using the built-in spell checker of your browser or install an appropriate extension. Do keep in mind, that many tools (especially grammar checkers) send your inputs to their servers. If you don’t mind that, go for it or choose an extension that works locally, only.

What is the retention of my texts?

Retention is basically unlimited. As long we can afford to run the servers, the texts will continue to exist. Keep in mind there’s always a copy of your texts on your device(s). So even if servers go down, you’re still able to access them.

What happens if your servers go down or you abandon the project?

This is a valid concern. If you’re offline or the server is gone, you still have access to your texts. There’s always a copy on your device. The sync of changes to other clients will have to wait until you’re online again. So as long as you have access to at least one of your devices, you shared/created texts with, you keep access to your contents.

How can I report bugs or request a feature?

We created a special repository on GitHub to track issues. So if something doesn’t feel right, we’d be happy if you reported it there. Please use it to tell us about issues, only.

To receive support or suggest a feature send us an old-school email: hello@scrut.ch

Are you from Switzerland?

Nope, I’m not. Start from.scrutch.com wouldn’t have sounded cool and (from.)scrat.ch was already taken. If you’re the owner of scrat.ch, please do get in touch if you’re eager to donate your domain. 😘

Any yet unanswered questions on your mind? Please do ask: @scrut_ch or hello@scrut.ch

Start from.scrut.ch …