Remember strong passwords with this keyboard trick

Everyone knows that real people suck at coming up with strong passwords. They are either easy to remember and laughably weak, or decently strong and impossible
qwertyto recall. On top of that, it is highly recommended to use different passwords for different sites, so that compromising one won’t compromise the others. In this article, I follow Nobel laureate Manuel Blum’s recommendation of using not a password, but an easy to remember algorithm to come up with a way to generate strong, specific passwords for each site, and be able to remember them all. (more…)

Read More

Is self-destruct email possible?

Earlier this week, my new app SeeOnce was rejected (hopefully only temporarily) by the iOS app store for allegedly misleading users into thinking that it could make self-destructing messages. Leaving aside what exactly “self-destruct” means for a digital message and whether or not SeeOnce actually achieves this, a number of current and past apps have claimed precisely this. In this article, companion to the one on Privnote vs. SeeOnce, I go over these apps, how they work, and how they can be used most profitably.


Read More

The case for symmetric encryption

ursa-icon-witeIn this day and age, everything dealing with encryption seems to be of the more complex asymmetric kind: PGP, SSL, TLS, BlockChain, you name it. So, is the old-fashioned symmetric encryption, where the same key is used to encrypt and decrypt, obsolete and done with? “By no means!” say a number of users. In this article, I begin quoting an email I got recently, adding some of my own musings, and making an announcement after that. (more…)

Read More

SeeOnce 1.0 published

IMG_1602SeeOnce is my new privacy app, which achieves something rather extraordinary: it does away completely with key management chores and makes everything automatic while providing fully client-based forward-secrecy encryption where messages can be read only once.

This is no Snapchat refusing to let you see a message again (though they have it). It is no Virtru or Dmail, either, where the key (Virtru) or the encrypted message (Dmail) is denied to you after a certain amount of time. This is the real thing. Keys exist only on the sender’s and recipient’s machines, and they are overwritten as soon as a new message is encrypted or decrypted. There are no extra copies.

People at the UK, India, Australia, and other places (see my previous article on this) are going to find SeeOnce quite handy. Now they can hand in their personal Keys if requested by the competent authority, but still their email will remain unreadable to them.

You can get SeeOnce at or as a Chrome app at

You can also get it at the Android and iOS app stores:

Android Google Play:

Apple iTunes:

Read on to learn how SeeOnce achieves this amazing feat (more…)

Read More

Current version of SeeOnce

SeeOnce is a new app, similar to PassLok, but where everything is automatic. It allows you to send self-destructing messages by email, and switch to real-time chat when necessary.

Current version of SeeOnce is: 1.0.1
Made on 9/3/15
Main source:

SHA256 string for web source (single html file):


Watch F. Ruiz reading this string:


Read More

Which end-to-end encrypted email is best?

After the 2013 Snowden revelations, there has been a push to make email more private than it currently is (which is, essentially, like writing on a postcard). The big guns, Google and Yahoo, have wowed to make their respective email systems end-to-end  (E2E) encrypted but progress has been slow. The official page about the Google effort has not been updated for months (as of June 2015). In this article, I go over some options available today, while we wait for that final solution that, at this pace, might still take a while to come. (more…)

Read More