Use case · for VNC refugees

Encrypted remote desktop without VNC setup

Classic VNC often ships with no built-in transport encryption and needs per-server config. Scry is transport-encrypted over WebRTC with zero per-server setup — free single-monitor on Mac, Windows, and the browser.

Get Scry — encrypted by default, no VNC setup

Mac · Windows · Linux · browser · 0.2.x public preview

If you've run classic VNC — TightVNC, UltraVNC, TigerVNC and friends — you know two things. First, it's lightweight, free, and deployed on millions of machines. Second, getting it secure and reachable is its own project: many classic VNC servers ship with no built-in transport encryption (you're expected to tunnel it over SSH yourself), plus per-server configuration, password legacy, and firewall/port wrangling for every machine.

If you searched encrypted remote desktop and you're a VNC refugee, this page is about removing both problems at once — honestly, including what we can and can't claim about encryption.

The two VNC problems Scry removes

  • 1. Transport encryption you don't have to bolt on

    Classic VNC like TightVNC ships without built-in encryption; securing it traditionally means setting up an SSH tunnel per connection. Scry's connection is transport-encrypted by default over WebRTC — DTLS/SRTP is part of the standard, not something you configure. There is no “now set up the SSH tunnel” step.

  • 2. No per-server setup

    With VNC you install and configure a server on every machine, manage passwords, and open ports. Scry uses a pairing code and one account. No port forwarding, no per-server config.

The honest encryption boundary — read this

Scry's connection is transport-encrypted using WebRTC's standard DTLS/SRTP. That is a real, named, verifiable property and it's exactly the security gap classic VNC leaves open.

We are not claiming end-to-end encryption. Transport encryption protects the connection in transit; an end-to-end claim is a stronger, separate guarantee that we have not published the evidence for. If your threat model specifically requires verified end-to-end encryption, treat that as not-yet-proven here and choose accordingly. We would rather lose the click than overstate this.

What you give up vs classic VNC

Be clear-eyed: classic VNC is free, open-source, ultra-lightweight, and has decades of deployment behind it. Scry has none of that heritage. Scry does now ship a native Linux host (X11 today, Wayland landing in 0.3), but if you specifically want open-source you can audit and self-host, classic VNC (or an OSS tool built on it) is still the honest choice — not Scry.

Honest limits

  • Free is single-monitor; multi-monitor, audio, and file transfer are Pro and currently in preview at the 0.1.x stage.
  • No free mobile — iOS and Android are Pro-only by design.
  • Transport-encrypted, not end-to-end (covered above).
  • Linux host is new — X11 today, Wayland landing in 0.3 (in test). If you need a deeply field-hardened Linux deployment, classic VNC or RealVNC is the honest pick.

Encrypted by default. No SSH tunnel. No per-server config.

Free single-monitor on Mac, Windows, and the browser. Pair with a code, one account, transport-encrypted over WebRTC.

Get Scry

Related

Scry vs RealVNC

The honest side-by-side, including where RealVNC wins.

Remote desktop without port forwarding

No router config — and where homelab setups still beat us.