Journalist and developer building security & privacy tools for people at risk.
I work where investigative journalism meets digital security. Researching hostile digital environments and building tools that help journalists, activists, and human rights defenders protect themselves and hold power to account.
Based in Germany · investigations focused on the Global South.
- Defensive security tools — encrypted vaults, device self-checks, and file-integrity tools that run locally with no telemetry, for people who can't assume their devices are safe
- Investigative tooling — OSINT and auditing tools that turn public data into accountability journalism
- Threat research — surveillance tech, Telegram ecosystems, and digital threats against the press
- Web & infrastructure — dashboards, Ghost themes, and full-stack apps for newsrooms
| Project | What it does | Stack | |
|---|---|---|---|
| apipass | Encrypted vault for API keys & secrets — 100% in-browser (AES-256-GCM + Argon2id), no backend, plus a signed macOS app | Web Crypto · Tauri/Rust | Live |
| computer-check | Read-only security self-check for your own Mac — plain-language report, encrypted local history, zero telemetry | Tauri · Rust · Python | — |
| hashcheck | Verify file integrity by hash, entirely in your browser — no uploads, no backend | JavaScript · Web Crypto | — |
| GovScan | Passively audits & grades government websites on SSL/TLS and security headers | Python | — |
| cartas-a-desconocidos | Anonymous handwritten-letter exchange | Node.js · Docker | Live |
| noir | Dark, minimal Ghost CMS theme | CSS | Live |
Tools that protect people should be local, auditable, and quiet. That's how I build.