Cuadernos Lacre

Privacy, encryption, communications, data protection.

Cuadernos Lacre is a periodic publication concerning the universe of digital privacy: encryption, communications, data protection, European legislation and digital sovereignty for professionals and companies.

We do not promote any products. We analyze the sector. And we do so from a specific position: that of those who build Solo2, a point-to-point communication tool. Our point of view is not neutral, but it is declared.

No pop-ups. No ads. No third-party resources. Just a self-hosted anonymous visit counter on our European servers, and the essential JavaScript —written or supervised by us— so that you can choose a language and a light or dark theme. Your preference is stored on your own device; it never reaches us.

  1. Reflection · June 29, 2026

    You Are Not Anonymous

    You are not anonymous, and you never really were. But the question that matters isn't whether they can see you, but who you are forced to trust—and why the only channel without middlemen is talking directly.

  2. Reflection · May 27, 2026

    What a signature cannot fix

    «Just have them sign an authorization and that's it» is the comfortable way out when a channel is not suitable for sensitive data. But a signature does not move the data, it cannot give away what belongs to third parties and, far from remedying the breach, it puts it in writing. The only thing that solves the problem is for the data not to go where it shouldn't.

  3. Analysis · May 26, 2026

    Real vs. apparent privacy: the questions to ask yourself

    Operative synthesis of cycle 2: the questions that distinguish a service with architectural privacy from one with declarative privacy. Twelve questions organized in six layers for the European professional before adopting any digital tool for sensitive data.

  4. Analysis · May 25, 2026

    Self-hosting as a professional practice

    When self-hosting is professional prudence and when it is excess. GDPR applied to your own server, the three intermediate figures between the transatlantic cloud and the basement, and the real cost question beyond hardware.

  5. Concept · May 23, 2026

    The 24 words: what a cryptographic identity is

    A cryptographic identity is not a password: no server stores it and it cannot be recovered. A didactic explanation of the BIP39 mechanism, why exactly twenty-four words, and the real weight that falls on those who possess them.

  6. Analysis · May 22, 2026

    The business model as a signal of trust

    How a service is economically sustained determines what the user represents to that service. Mapping models in circulation and the operative question to ask before trusting third-party data to a digital tool.

  7. Concept · May 21, 2026

    End-to-end encryption, truly explained

    What providers say when they say E2EE and what they don't say. From Diffie-Hellman exchange to the Signal protocol: a didactic explanation of the mechanism and its limits, with the operative question that matters.

  8. Analysis · May 20, 2026

    Kill switch and institutional capture

    A promise of protection that retains the possibility of withdrawing it. Analysis of a design pattern spanning Tesla, John Deere, Adobe, Apple Pay, or European DSA and AI Act obligations.

  9. Concept · May 19, 2026

    What SHA-256 really is

    A mathematical fingerprint that fits in sixty-four characters and changes entirely at the slightest change in text. Why we call it a digital wax seal and where it appears in your daily life.

  10. Analysis · May 18, 2026

    Schrems II, five years later

    Five years after the CJUE C-311/18 ruling, the legal framework for personal data transfers between Europe and the US remains unstable. Analysis for European professionals relying on US cloud services.

  11. Analysis · May 16, 2026

    When no one is in between

    Encrypting what passes through a server protects the content. Not having a server in between eliminates the question. An architectural analysis of the difference between both models in professional communication.

  12. Analysis · May 16, 2026

    GDPR and Professional Messaging: Why Most Are Non-Compliant Without Knowing It

    Almost any firm, clinic, or consultancy sends documents containing client data via messaging applications whose servers are located outside the European Economic Area. They do so in good faith. However, European regulations have something to say about this.

  13. Reflection · May 16, 2026

    Professional Secrecy in the Digital Era

    Professional secrecy is not just a legal obligation. It is the foundation of trust between the professional and their client. When that communication passes through a technically inadequate channel, secrecy is not broken on the day someone leaks something: it was broken much earlier, at the moment the tool was chosen.

  14. Analysis · May 16, 2026

    Encryption Is Not Privacy: What Metadata Tells About You

    Just because a messaging service advertises end-to-end encryption does not mean your conversation is private. The content is encrypted, yes. But the pattern—who you talk to, at what time, how many times—tells almost as much as the message itself. And often, it is not encrypted at all.

  15. Reflection · May 16, 2026

    A brief history of wax sealing

    For four centuries, a drop of red wax guaranteed that no one had read a letter. We lost it in the digital transition. It is recoverable. A brief history of the wax seal as an instrument of integrity by physical design, and its digital equivalent: the SHA-256 seal over a serverless architecture.