News, guides, and analysis on digital privacy, encryption, and secure file management.
Filarr now lets you share any file as an encrypted link. The decryption key lives in the URL fragment — the part after the # that browsers never send to servers. Here's what just shipped, how the trick works, and what we actually see on the server (almost nothing).
A ranked list of the best local-first applications in 2026 — notes, files, knowledge management, project management, and team docs. Honest pros and cons, current pricing, and which app fits which workflow.
Obsidian and Filarr are both local-first note-taking apps, but they make different trade-offs. Encryption, plugins, sync, mobile, license — here's an honest, side-by-side comparison so you can pick the right one.
Notion stores your data on its servers and holds the encryption keys. Here are the credible privacy-first alternatives in 2026 — encrypted by default, local-first, or open source — with current pricing and a migration path for each.
KEK (Key Encryption Key) and FEK (File Encryption Key) form the two-layer key hierarchy used by serious encrypted apps — Signal, BitLocker, Apple's File Protection, Filarr. Here's what each one does, why one global key is dangerous, and what a correctly designed encryption layout looks like.
End-to-end encryption and zero-knowledge encryption are often used interchangeably, but they describe different things. Here's the precise difference, where they overlap, and which one to look for in your messaging app, password manager, and notes app.
Zero-knowledge encryption is the architecture where the service hosting your data cannot read it — even if it wants to, even if it's hacked, even if it's subpoenaed. Here's how it works in plain language, with diagrams.
AES-256-GCM is the authenticated encryption mode used by Signal, 1Password, WireGuard, and TLS. Here's what each part of the name means, why GCM beats CBC, and what to look for when a notes app claims AES-256 encryption.
Local-first software keeps your data on your device — not on someone else's server. Definition, the 7 properties from Ink & Switch, real examples, and which popular apps (Notion, Figma) are NOT local-first.
Filarr's desktop client is now published on GitHub under Business Source License 1.1. What this means, what stays closed, and why I chose this license.
Threat model, cryptography, Electron hardening, comparisons with Signal / 1Password / Obsidian, real-world CVE walk-throughs. The complete guide to everything protecting your data — including from the servers hosting it.
I wanted one app for my files, my notes, and my knowledge graph — encrypted by default, no cloud, no account. Nothing existed, so I built it.
Notes, files, graph view, canvas — all encrypted with AES-256-GCM, all on your machine. No cloud required. No account needed. Free.
