scrut.ch has no shiny features. That’s what it’s all about. So rather than bragging about what it can, let’s summarize what it’s missing:
No sign-up, or login or cookies
No Rich-Text-Editor, no WYSIWYG
No pricing, no ads, no tracking
No server-side knowledge of your contents
No images, no files
No themes, no templates
No apps. Just browser and PWA
No folders, no hashtags
No clutter, pure focus
Find out, why not having all of this is enough to have. Try it out and start from.scrut.ch.
Free like in ’free beer‘
Why should one charge for an editor without significant features, right? So no reason for scrut.ch not to be free of charge. If the dire situation of needing money arose one day, we’ll think of something.
However, if you feel generous today, why not just give money without someone asking for it. There are options for donations.
Encrypted? Yes.End-to-end? Sure.
Everything you enter from.scrut.ch is encrypted before it leaves your device. The only place, where the cleartext of your contents exists, is right on your device(s). This is how it works:
After starting from.scrut.ch your client generates two random values:
The encryption key:
The slug is unique and identifies your Scrutch. It is part of of the public URL. The encryption key is used to encrypt and decrypt any contents. There is no real owner of a Scrutch. Anyone having both public URL and encryption key is able to read and write.
How sharing works
The encryption key is stored exclusively on the client. If you want to share your Scrutch, we recommend sending public URL and encryption key over different channels. However, you may append the encryption key to the public URL of your Scrutch, which gives you the private URL.
In a private URL the encryption key is part of the URL and therefore gives the recipient instant access to your Scrutch. The key is appended via hash and therefore not part of the HTTP request browsers send over the network. This ensures the key never leaves the device it’s shared with.
These are the basics of the encryption of scrut.ch. If you’re eager to dive deeper into the crypto being used behind the curtains, there’s a more detailed description in the Q&As down below.
Questions & answers
Is scrut.ch truly for free? Any catches?
Right now it is. And as long as we can afford to run the servers, there will always be a free version of scrut.ch. There might be some paid bells and whistles in the future. But what’s there right now, will be there for free in the future. There are options for donations, if you want to support scrut.ch voluntarily.
How confidential are my texts? How secure is scrut.ch?
Very confidential. And pretty secure. Every time you create a new Scrutch, a random key is being generated by your device. This key is used to encrypt everything you type before it leaves the client. The key is different for each Scrutch and exclusively stored on the devices its shared with. It is never sent to our (or third-party) servers.
Okay, and how exactly does scrut.ch encrypt my texts?
scrut.ch uses client-side symmetric encryption utilizing the Advanced Encryption Standard (AES) with a 256 bit key derived from the encryption key (passphrase) of each Scrutch. The key derivation function is PBKDF2 with a thousand iterations. The library used to perform the heavy crypto lifting in the background is CryptoJS.
I want more details.
Sure! The key derived from each Scrutch’s encryption key isn’t the actual key used to encrypt/decrypt the contents. It’s rather the key to enrypt/decrypt the actual encryption key. Why so complicated? This ensures the actual key used to encrypt/decyrpt your contents stays the same, even if you decided to change the encryption key of your Scrutch. This isn’t possible right now, but may be in the future. If it wouldn’t stay the same, we would have to decrypt und re-encrypt all your contents after every passphrase change.
So what’s stored on your servers then?
Legit question. For each Scrutch the server knows the following:
Its slug as clear text. Used to identify and find a Scrutch.
The SHA3 hash of the Scrutch’s encryption key. Used to permit access only for people having the matching encryption key.
The AES-encrypted lower level encryption key. Used to encrypt/decrypt the contents of the Scrutch. Can be decrypted using the key derived from the Scrutch’s encryption key.
A checksum of the content. Since the server cannot read to contents of your Scrutch, the checksum is used to detect changes.
A timestamp of the last change. Used to detect whether there is a newer version of the content on the server than on your client(s).
The encrypted content. Binary gibberish only decryptable by your devices.
I wanna know moar!!!
Come on, give me a break! If you’re curious and/or an expert on cryptography, take a look a the crypto compontent of scrut.ch, which will be released on GitHub, soon. If you found any mistakes or weird stuff in our crypto, please tell us before going public to give us the chance to fix it asap: email@example.com
I lost my encryption key. How can I recover it?
Hold on to something … you can’t. That’s the beauty of encryption. The encryption key of a Scrutch never leaves your device(s). So, if you lost access to it, we cannot restore it. Without it, your Scrutch content is just binary gibberish. Try to remember if you shared your Scrutch with another device. It may be still there, including the decryption key.
Are my texts stored forever?
Simple answer: yes. Honest answer: in most cases. Since scrut.ch is a free service, we like to keep data trash at a minimnum. So from time to time, we may delete Scrutches which we consider unused over a very long period of time. But no reason to worry! We’re talking very long periods and we’ll think twice before doing so.
What’s the difference between scrut.ch and Scrutch?
scrut.ch is the software. A Scrutch is a single text/note written with scrut.ch. Genius, right?
Are you from Switzerland?
Hehe, nope, I’m not. However, start from.scrut.com wouldn’t have looked that nice, would it?
“scrut.ch started as a side-project of mine, and it still is. However, servers and orange juice come at a price. So if there’s the slightest chance of you enjoying this little tool, consider a small donation to support its wellbeing.
Besides the promise to put any money straight to the maintenance and tuning of scrut.ch, there are no benefits. Except my whole-hearted gratitude.
And, hey! If you can only afford one donation once in a while, don’t regret spending it for a stupid editor. There are more important causes like saving our oceans (or the entire planet, even). Here are some links to get you started: charitywatch.org, givewell.org, greatnonprofits.org”
If you like and use scrut.ch regularly, consider supporting the maintenance and development. You may donate as much as you feel comfortable with, one-time or on a regular basis. Choose between the usual suspects of online payment processors. Show donation options.
If you own a busines and like to donate/pay via VAT invoice, please do drop a line an we’ll sort it out: firstname.lastname@example.org