Articles

Long-form privacy and security writing. No fluff, no filler, no affiliate links — just what works, what doesn't, and the difference between the two.

No Tracking
No Cookies
No Affiliates

What you'll find here

Most privacy writing on the internet is either marketing for a product or paranoia masquerading as advice. The aim of these pieces is to land somewhere honest in the middle: technical enough to be load-bearing, practical enough to act on, skeptical enough to call out the things that don't work.

Each article is standalone. Read them in any order. None of them require an account, run JavaScript, or set a single cookie.

Reading List

Fingerprinting

Your Browser Is the Snitch

How canvas, WebGL, AudioContext, and font enumeration combine into a near-unique signature that survives cookie clearing, VPNs, and incognito mode — and the two strategies that actually defeat it.

2026-04-28 9 min
Opsec

Threat Models for Normal People

Five archetypes from the default citizen to the high-risk dissident, and a four-question framework that decides which privacy tools are useful and which are decorative for your specific situation.

2026-04-28 8 min
Networking

DNS: The Quiet Surveillance Layer

DNS leaks every domain you visit in plaintext. DoH and DoT close the biggest leak; SNI, IP, and OCSP each take another bite. A practical full-stack recipe for sealing the metadata channel.

2026-04-28 10 min
Cryptography

Why E2EE Without Forward Secrecy Lies to You

Store-now-decrypt-later is the threat model that breaks generic encryption claims. The Signal Double Ratchet, what PQ3 added to iMessage, and why PGP is the cautionary tale of doing crypto the 1991 way.

2026-04-28 9 min
Infrastructure

Self-Hosting Without the Ego Trip

When self-hosting genuinely improves your privacy, when it just makes you a worse cloud provider, and the boring docker-compose stack that has aged well across years of real deployments.

2026-04-28 11 min
Authentication

Password Managers Are Boring (And That's Why They Win)

The single highest-leverage security upgrade you can make in an afternoon. Diceware passphrases, why SMS 2FA is worse than no 2FA, and the hardware-key floor for anyone with anything to lose.

2026-04-28 9 min
Networking

The VPN You Were Sold Is Not the VPN You Need

What a VPN actually does, what a decade of YouTube ads have lied about, who owns the major brands, and the rubric for picking one if your use case actually calls for it.

2026-04-28 10 min