Reading a Red Stet recording

What this link is

Red Stet is a school writing tool that records the process of writing, not just the finished page. As a student types, Red Stet captures keystrokes, pauses, pastes, and cut-and-rearrange moves into a tamper-evident recording attached to the document.

You can read the document like any other. You can also look at the receipt: did this person write it, in how long, and with how much help from elsewhere?

You're not a forensics expert. You're forming your own judgment about authorship instead of taking a teacher's, student's, or parent's word for it.

What you see without a Red Stet account

The verifier runs the EAV checks in two passes. The signature pass needs nothing from you; the decryption pass needs authentication.

Signature pass — runs on any copy of the file

• The document body — same text the writer turned in or published.
• An integrity verdict — green "Verified" if the EAV signature is intact since export, red if the envelope was altered.
• A summary — total writing time, number of sessions, first and last keystroke, paste count. These metadata fields ride outside the encrypted payload.

Decryption pass — requires authentication

The replayable keystroke timeline lives inside the encrypted payload. An unauthenticated viewer of a .red.md file sees the signature verdict and the summary, but the timeline is locked. Signing in (Clerk session, or a one-time link the teacher sent you) hands the verifier the key needed to unwrap the envelope. Then the timeline opens.

You don't see other documents, classmates, teacher feedback, or private notes. EAV is the trust layer; the verifier surface is narrow on purpose.

Got a .red.md file instead of a link? Drop it onto red-stet.com/verify in your browser. Same passes. Works offline for the signature check — see Verifying offline.

Reading the timeline as a non-teacher

The recording is broken into sessions — one continuous sitting per session. Open the doc, write, close the tab. The timeline lists them in order with date and duration.

Look at shape, not speed or length:

• A normal paper spans 2–8 sessions over several days. Sessions vary in length. First session drafts the most; later sessions revise.
• A rushed paper is one or two sessions the night before. Not cheating — many students work that way — but useful context.
• A paper assembled from elsewhere shows one short session, a large paste at the start, minimal editing. Total time may be minutes.

You're not grading. You're checking whether the recording is consistent with the work the person claims.

Paste vs. type, and the rhythm bar

Red Stet separates typed characters from pasted ones. Every paste is recorded with size and timestamp. The rhythm bar shows it: short marks for typing, taller darker marks for pastes.

Pasting isn't suspicious by itself. Students paste quotes, outlines, citations. What matters is ratio and placement:

• One large paste at minute zero, no typing — copy-in-and-submit pattern. Worth a conversation.
• Many small pastes throughout — usually citations and quotes. Normal for any sourced paper.
• One medium paste near the end — usually a works-cited list. Normal.
• Zero pastes — the student typed everything. Not better or worse, just a working style.

Each paste is labeled with its character count. The summary gives you the totals: "12 pastes, 1,840 chars pasted, 4,200 chars typed."

The EAV chain of trust — what makes this evidence trustworthy

Every session produces a manifest — a fingerprint of what happened in that sitting: keystrokes, pastes, timestamps. Each new manifest references the previous one's fingerprint. The sequence forms a chain inside the EAV envelope.

On export, the envelope is signed with Red Stet's ES256 key. Any later edit — adding a session, removing one, changing a paste, rewriting a timestamp — breaks the signature. The verifier recomputes the chain-of-trust badges in your browser.

What each badge means

• Bundle seal — the EAV envelope's signature verifies against Red Stet's published JWK. If green, the envelope is authentic and unedited since export.
• Session chain — every manifest's chain head links to the previous one. If green, no sessions were removed or reordered.
• Document body hash — the body matches the hash recorded inside the envelope. If green, the text you're reading is what was recorded.
• Manifest integrity — each session manifest's chain head matches its contents. If green, no internal manifest fields were edited.

The verifier runs the checks in your browser; Red Stet's servers aren't asked for the signature pass. The math is in the file. A page can't lie about a broken signature.

Designed for the academic-integrity case, not to defeat a determined attacker. A tampered file does not survive even casual edits like deleting an awkward session.

What the recording does not prove

Strong evidence of how and when the writing was assembled. Not a magic truth detector. The limits:

It doesn't prove who was at the keyboard

The recording knows a Red Stet account typed the words. It doesn't know whether the account-holder was personally at the keyboard, whether a sibling helped, or whether someone dictated aloud. Two people in a household look the same.

It doesn't prove the source of ideas

A student can read an AI-generated passage in another tab and re-type it word for word. The recording shows clean human typing rhythm — because there was human typing. What it can show is whether the re-typing has suspicious shape: one long session, no revisions, no false starts. Real human drafting almost always rewrites.

It doesn't prove the writing is good, original, or honest

Silent about quality. Silent about whether the argument is correct, the citations real, the ideas the writer's own. Those judgments stay with the reader.

Common scenarios

Three situations. Same page; different questions.

You're an admissions reviewer

An applicant attached a recording to a writing sample. Multiple sessions across days, normal typing, modest pastes — reassuring shape. One session of fifteen minutes ending in a finished essay is a meaningful signal.

You're an employer or editor

A candidate sent a writing sample with an EAV verifier link. Same questions. Also a lightweight way to confirm the work isn't lifted — the session chain shows when the candidate had each phrase in hand. Useful for journalism hiring, technical writing, grant-application review.

You're a parent reviewing a student's work

A teacher shared a recording because there's a question about authorship. Read the timeline alongside what your child tells you. Discrepancies surface fast: "I wrote this over a week" but the recording shows one session, or "I didn't paste anything" but the timeline shows a 2,000-character paste at the start. The recording is a conversation starter, not a verdict.

When the recording looks reassuring

A reassuring recording usually shows all of these at once:

• Green verdict. All four checks pass. File unedited since export.
• Multiple sessions across multiple days. Two or more sittings, at least overnight apart — the common pattern for assigned schoolwork.
• Total time fits the assignment. A 1,500-word essay typically takes 3–10 hours of active writing. Much faster + unusually polished prose deserves a look.
• Uneven typing rhythm. Bursts, pauses, backspaces. The shape of thinking.
• Small, contextual pastes. Quotes, citations, maybe a re-pasted outline.

All five lined up, you have strong basis to believe the writing was assembled the way the writer says. Not certainty — strong evidence, like an unedited photograph of where someone stood.

Attaching a recording at all is itself a small signal. The feature exists for writers who want their work to be checkable.

When something seems off — what to do

Red verdict, wrong-looking timeline, or oversized pastes — the order to think in:

1. Check the verdict first

A red verdict means the EAV envelope was altered after export — not that the writer cheated. Files get corrupted by email gateways, mangled by chat-app copy-paste, or edited innocently by someone who didn't know an envelope was embedded. Ask the sender for a fresh export of the original .red.md.

2. Don't try to be the investigator

You're a verifier, not a prosecutor. The recording is one data point. "This applicant cheated" from the recording alone is premature. Read it alongside the writer's own account of how they worked.

3. Talk to the person who shared it

Teacher sent it? Go back to them — they have the assignment context: prompt, due date, what other students' recordings look like, what the writer has said. Student or applicant sent it directly? Ask them. The recording makes the conversation easier; it doesn't replace it.

Your privacy as a verifier

Opening a link or dropping a .red.md file collects almost nothing:

• No account created. You don't sign in. Not added to any roster, class, or mailing list.
• The school isn't notified you viewed. Red Stet doesn't tell the teacher, student, or IT "this email opened the link at 4:17pm."
• The file stays on your computer. The standalone /verify page parses in your browser. Never uploaded. Disconnect your network and it still works.

To skip the server entirely, ask for the .red.md directly and verify offline. The verifier page is a single static file — no further network needed once loaded.

Verifying offline, with no network

The verifier at red-stet.com/verify is a single static HTML file with embedded JavaScript. Save the page (browser menu → Save Page As…) and you have an offline verifier that runs the EAV signature pass without any Red Stet server.

Useful in three cases:

• Long-term archives. Save the .red.md and the verifier page together. Self-contained certificate — no DNS or company required for the signature check.
• High-trust settings. Legal review, journalism source verification, anywhere you don't want third-party JavaScript at check time. The saved verifier is a few hundred lines of readable code.
• Air-gapped environments. Government, defense, certain corporate networks. Works on a machine that's never seen the internet.

Same code, server or local. Decryption of the keystroke timeline still requires the recipient's key — offline auth via a one-time link, or a cached Clerk session. The Sprint B transparency-log anchor adds a network-dependent badge for verifying the timestamp wasn't backdated; the signature pass stays offline-capable.

Related reading

• → Reading the provenance recording — teacher-facing version with paste flags, baseline matching, scrubber regions.
• → What's recorded (and what isn't) — writer's-eye view of session contents.
• → Running an integrity investigation — how teachers and admins escalate flagged recordings.
• → Back to the help library.

Something in your recording not explained here? Email feedback.