Protected Text

Your notes. Protected.

  • The safest site on the web for storing your text!
  • Enter any URL, e.g. protectedText.com/anything
    You find it - its yours!
  • Encrypt all your notes, access anywhere.
  • Simple. Fast. Free. No ads. Secure - don't trust us, check the code yourself.

Go to protectedText.com/ (or write directly in the address bar)

Why is it so safe?

  • Your password isn't sent to our server - we can't decrypt your text even if we wanted to. Only encrypted text is sent over the Internet.
  • No cookies, no sessions, no registration, no users tracking. We can't identify you at all. We can't know when the same user visits two different sites.
  • No logging in or out, just close the browser tab and you're safe.
  • No ads - we hate ads because they can track you, and they're distracting.
  • You don't have to trust anyone or agree on anything - check the code yourself. All our code is well written and full of comments so that you can understand it in details - start by looking at main.js, and check communication with our servers.
  • If someone wants your text, he'll need your password, but he'll have to find your site first.

Overwrite protection

  • You can use the same sub-site from multiple browsers/devices at the same time, without having to worry about ever losing any changes.
explanation image


  1. Q: I've forgotten my password, what can I do?

    A: Passwords are never sent to our servers. We only store encrypted text - which is useless data once password is lost. Also, we don't know who this text belongs to.

  2. Q: Why is my URL changed from "Mark's notes" to "mark-s-notes"?

    A: Some characters aren't allowed in URL addresses, that's why your URL is redirected to URL that has some characters replaced with dashes. You can always type in "Mark's notes" and you'll be redirected to the same URL.

  3. Q: What are your long-term plans? How will you react to legal pressure?

    A: We'd like to create file storage and sharing service with similar security approach.
    In case of legal prosecutions, we can't hurt users because we don't know anything about them, and we can't decrypt their notes. If needed, we'll relocate server to other country or start implementing easy-to-use self-hosting solution.

  4. Q: Why is this better then Evernote?

    A: Evernote is far from secure, and their Privacy Policy says: 'Your Notes also may be viewed where necessary ... to comply with our legal obligations, such as responding to warrants, court orders or other legal process.'
    Also, Evernote doesn't have overwrite protection - you could lose your text.

  5. Q: Do I have to use long password?

    A: You don't have to, but it's recommended. The longer the password, the harder it's to guess it. Note that your text is protected by both URL and your password.

  6. Q: Can I use suspicious internet connection (e.g. Starbucks)?

    A: Yes. Your password (or password hashes) are never sent over the network, and all data that's sent or received is always encrypted. Your data is decrypted only on your device, and encrypted before it's returned to us.

  7. Q: How can you verify that password is correct if you don't store it anywhere and don't send it to server? How do you authenticate the user?

    A: Server doesn't know anything about authentication, that's all handled in your browser. There are no users on ProtectedText.com, just sites. Password is never saved, not even inside encrypted text.
    Decryption of page will fail if password is incorrect, so whoever can decrypt the page must have used the correct password. The idea is that we don't have to know the password, we just have to make sure that password is correct - and one way to check that is to try decrypting some well-known text using provided password. Well-known text we're using is URL of current site (which is different, but known, for each site).
    Once user creates the password, we store the encrypted URL, and each time password needs to be tested we just try decrypting encrypted URL. If we get the expected URL we try using the same password for decrypting the whole site (it's possible (but very unlikely) that two different passwords correctly decrypt the same URL, but using that wrong password for decrypting everything else will result with gibberish).

  8. Q: How does overwrite protection work?

    A: Overwrite protection prevents you from saving any changes if text was changed in the meantime. (Server stores the hash of newest content, and sends the hash to the client together with the content. Client has to return that hash when trying to save content. Server can compare stored and received hash to determinate if client was served with the latest changes.)

  9. Q: How can I create a backup of my notes?

    A: You can save your site together with referenced resources by manually downloading each file, and use that directly (page doesn't need to talk to server once it's sent to the user). The saved site will have all you data in encrypted form, so it's safe.
    Data for each site is stored in a single very long line near the end of HTML, right after page URL (it's very long, you can't miss it). Only difference between two different sites is in that very long line and URL.

  10. Q: How is title of each tab computed?

    A: Title of tab consist of up to 20 characters from first non-empty line of text.

  11. Q: Is server code available somewhere? I'd like to host the service myself.

    A: We haven't opened the server code, for now. We'd like to provide perfect security to everyone, not just tech users. So we've created this approach where server side is irrelevant - that's the beauty of this service.
    Nobody should be forced to trust anyone in order to be secure, that's why all security is provided from client code (which user can verify). If you knew the server code, you still can't know whether that code is running or if it's replaced by some other code. In other words: whenever server code is responsible for providing security, you have to trust someone who runs it.

  12. Q: How long do you keep sites on your servers? Will they ever expire?

    A: Sites are never deleted. We'll keep them forever, unless you delete them yourself.

  13. Q: Is there a length limit?

    A: Current maximum length is a bit more then 750 000 chars per page.

  14. Q: Is there some kind of self-destruct mechanism?

    A: We don't keep (and can't know) anything about you. All we know are encrypted versions of notes users store on our server, so once you delete your notes, that's it, there is nothing more to destroy.

  15. show more... Hide FAQ

Click to enable sharing

If you have any comment, suggestions, or you'd like to find out more - feel free to email us.

© 2013- ProtectedText.com