Cuadernos Lacre is a periodic publication concerning the universe of digital privacy: encryption, communications, data protection, European legislation and digital sovereignty for professionals and companies.
We do not promote any products. We analyze the sector. And we do so from a specific position: that of those who build Solo2, a point-to-point communication tool. Our point of view is not neutral, but it is declared.
No pop-ups. No ads. No third-party resources. Just a self-hosted anonymous visit counter on our European servers, and the essential JavaScript —written or supervised by us— so that you can choose a language and a light or dark theme. Your preference is stored on your own device; it never reaches us.
-
You Are Not Anonymous
You are not anonymous, and you never really were. But the question that matters isn't whether they can see you, but who you are forced to trust—and why the only channel without middlemen is talking directly.
-
What a signature cannot fix
«Just have them sign an authorization and that's it» is the comfortable way out when a channel is not suitable for sensitive data. But a signature does not move the data, it cannot give away what belongs to third parties and, far from remedying the breach, it puts it in writing. The only thing that solves the problem is for the data not to go where it shouldn't.
-
Real vs. apparent privacy: the questions to ask yourself
Operative synthesis of cycle 2: the questions that distinguish a service with architectural privacy from one with declarative privacy. Twelve questions organized in six layers for the European professional before adopting any digital tool for sensitive data.
-
Self-hosting as a professional practice
When self-hosting is professional prudence and when it is excess. GDPR applied to your own server, the three intermediate figures between the transatlantic cloud and the basement, and the real cost question beyond hardware.
-
The 24 words: what a cryptographic identity is
A cryptographic identity is not a password: no server stores it and it cannot be recovered. A didactic explanation of the BIP39 mechanism, why exactly twenty-four words, and the real weight that falls on those who possess them.
-
The business model as a signal of trust
How a service is economically sustained determines what the user represents to that service. Mapping models in circulation and the operative question to ask before trusting third-party data to a digital tool.
-
End-to-end encryption, truly explained
What providers say when they say E2EE and what they don't say. From Diffie-Hellman exchange to the Signal protocol: a didactic explanation of the mechanism and its limits, with the operative question that matters.
-
Kill switch and institutional capture
A promise of protection that retains the possibility of withdrawing it. Analysis of a design pattern spanning Tesla, John Deere, Adobe, Apple Pay, or European DSA and AI Act obligations.
-
What SHA-256 really is
A mathematical fingerprint that fits in sixty-four characters and changes entirely at the slightest change in text. Why we call it a digital wax seal and where it appears in your daily life.
-
Schrems II, five years later
Five years after the CJUE C-311/18 ruling, the legal framework for personal data transfers between Europe and the US remains unstable. Analysis for European professionals relying on US cloud services.
-
When no one is in between
Encrypting what passes through a server protects the content. Not having a server in between eliminates the question. An architectural analysis of the difference between both models in professional communication.
-
GDPR and Professional Messaging: Why Most Are Non-Compliant Without Knowing It
Almost any firm, clinic, or consultancy sends documents containing client data via messaging applications whose servers are located outside the European Economic Area. They do so in good faith. However, European regulations have something to say about this.
-
Professional Secrecy in the Digital Era
Professional secrecy is not just a legal obligation. It is the foundation of trust between the professional and their client. When that communication passes through a technically inadequate channel, secrecy is not broken on the day someone leaks something: it was broken much earlier, at the moment the tool was chosen.
-
Encryption Is Not Privacy: What Metadata Tells About You
Just because a messaging service advertises end-to-end encryption does not mean your conversation is private. The content is encrypted, yes. But the pattern—who you talk to, at what time, how many times—tells almost as much as the message itself. And often, it is not encrypted at all.
-
A brief history of wax sealing
For four centuries, a drop of red wax guaranteed that no one had read a letter. We lost it in the digital transition. It is recoverable. A brief history of the wax seal as an instrument of integrity by physical design, and its digital equivalent: the SHA-256 seal over a serverless architecture.