Alcazar · Blog

Digital dead man's switch: how it works and when to use one

Mon, 20 Apr 2026 00:00:00 GMT

A digital dead man’s switch is a check-in system for your digital life. If you stop responding for long enough, it sends the message, file, or instructions you set up earlier.

That matters because so much of life now sits behind passwords and private accounts. Family records, cloud files, legal documents, digital assets, and business systems can become hard to reach if one person suddenly disappears. A dead man’s switch does not replace estate planning or account recovery, but it can make your digital legacy much easier to handle.

If you want the broader definition first, see what a dead man’s switch is. This guide focuses on the digital version: how it works, when it helps, and how to set one up without creating new risks.

What a digital dead man’s switch actually does

It waits for regular proof that you are still available.

That proof might be:

clicking a check-in link
opening an app and confirming you are OK
replying to a reminder
logging in before a deadline

If you keep checking in, nothing happens.

If you stop, the system starts the process you defined earlier. That may include an alert, an automated release of instructions, or delivery of encrypted messages to trusted people.

The trigger is not death itself. The trigger is silence.

That is why a digital dead man’s switch can be useful for more than inheritance. It can also help with travel safety, temporary incapacity, illness, and business continuity.

How it works in practice

Most systems follow the same basic pattern:

You choose a check-in schedule, such as every week or every month.
You set an inactivity trigger, which is the amount of missed time that should count as a real problem.
You add one or more recipients, such as a family member, executor, cofounder, or attorney.
You decide what each person should receive.
The service sends reminders before anything is released.
If you still do not respond during the grace period, it sends the messages, files, or instructions you prepared.

Good systems do not jump from one missed prompt to a full release. They use staged reminders and a cooldown window so a missed flight, hospital stay, or lost phone does not trigger the wrong action.

In other words, a dead man’s switch has two jobs: send the right thing, and avoid sending it too early.

Where people use digital dead man’s switches

The most common use cases are quieter than the phrase suggests.

Personal digital legacy

Someone may need a map of your important accounts, devices, and files. Not the raw secrets in one unsafe bundle, but enough information to start the right process.

Examples:

where your password manager emergency kit is stored
which cloud drive contains family documents
who should receive private letters or personal notes
how to locate records needed for estate planning for digital assets

Privacy-conscious message delivery

Some people want certain messages delivered only if they truly become unreachable. That might be a note to family, instructions for a trusted friend, or access details for one specific archive.

This is where secure data transfer matters. Sensitive information should not be sitting in plain text inside an ordinary email if it can be avoided.

Digital assets and account handoff

A digital dead man’s switch can support legacy planning for online accounts, domains, creator income, or digital assets such as crypto wallet instructions, encrypted backups, or account inventories.

The safest pattern is usually to send directions, context, or partial access steps, not a single unprotected master secret.

Business continuity

Small businesses and solo operators often have hidden dependencies on one person. If that person disappears without warning, the problem is not just emotional. It is operational.

A dead man’s switch can help the right people quickly learn:

which domains are critical
where billing systems live
how to reach key vendors
where incident-response instructions are stored
which credentials require a formal recovery process

That kind of handoff can buy time and reduce chaos.

The main benefits

What it does well:

It starts the process early instead of waiting for someone to discover a document months later.
It reduces guesswork for family, coworkers, or executors.
It can support privacy and security by limiting who gets what.
It helps separate timing from legal authority. The switch can alert people and send instructions while formal estate or company processes catch up.
It creates a structured way to deal with absence, not just death.

For many people, the value is simple: important information stops depending on luck.

Risks and limits

These systems are useful, but they are easy to misunderstand.

The first risk is a false trigger. If the check-in process is too fragile, a travel problem, health event, or spam filter could cause an unwanted release.

The second risk is over-sharing. If one message contains everything, one mistake exposes everything.

The third risk is stale information. A dead man’s switch is only as good as the instructions inside it. Old passwords, changed providers, or outdated contact details can turn a thoughtful plan into a confusing one.

There is also platform risk. If you rely on a service, you are trusting that company to stay reliable, secure, and available over time.

Most important, a digital dead man’s switch is not a substitute for:

a legal will
account-specific legacy tools
password manager emergency access
a broader digital legacy or estate plan

It is one layer, not the whole system. If you want a cleaner distinction, dead man’s switch vs digital will covers where those tools differ.

Legal, privacy, and ethical questions

You may have the technical ability to release information automatically. That does not always mean you should.

Start with the legal side. Laws around account access, inheritance, and executor authority vary by country and sometimes by state. Some platforms do not allow accounts to be transferred freely. Others require death certificates, court documents, or specific legacy-contact tools. That is why legal considerations belong in any serious setup.

If the purpose is inheritance, treat the switch as support for estate planning for digital assets, not a replacement for it. The legal document decides authority. The switch helps the right person know what exists and what to do next.

Privacy matters too. Your plan may involve other people whose names, messages, or data appear in your files. Think about whether they would expect that information to be released.

The ethical question is often plain: should this message or file be sent automatically if you cannot confirm the timing yourself?

If the answer is not clearly yes, do not automate it.

What to look for in a secure solution

Not every product that mentions dead man’s switches deserves trust.

If you are comparing tools, look for these basics:

If you want a concrete example of the category, Alcazar’s Dead Man’s Switch shows the general shape to look for: scheduled check-ins, grace periods, encrypted delivery, and the ability to send different information to different trusted contacts.

Strong encryption

At minimum, stored content should be encrypted. Better still, sensitive material should be encrypted in a way that reduces what the service itself can read. If a tool promises privacy, ask how the encryption works, who holds the keys, and what remains visible to the provider.

Granular access controls

Different recipients should be able to receive different things. Your executor may need account instructions. A sibling may only need a personal note. A business partner may need operational contacts, not family archives.

False-trigger prevention

A good system should support multiple reminders, a grace period, and more than one path for check-in. Correct timing matters more than speed.

Clear audit trail

You should be able to see when messages were updated, when reminders were sent, and what the release rules are. Hidden behavior is the opposite of reassuring in a product like this.

Secure delivery options

If the system sends attachments or links, the handoff should use secure data transfer rather than loose plain-text forwarding wherever possible.

Sensible account protection

Look for ordinary security hygiene: strong authentication, login alerts, session controls, and thoughtful recovery procedures. If an attacker can hijack your account, they may be able to change recipients or trigger rules.

Best practices before you set one up

Decide what problem you are actually solving. Legacy planning, last messages, business continuity, and emergency access are related, but not identical.
Keep legal authority and practical instructions separate. A will handles ownership. The switch handles timing and notification.
Avoid sending one master secret if you can split the process instead.
Write short, plain instructions that someone can follow under stress.
Choose recipients carefully and give each person only what they need.
Test the check-in flow and false-trigger safeguards before relying on it.
Review the setup after major life changes, account changes, or business changes.

A simple plan that gets maintained is better than an elaborate plan that quietly breaks.

FAQ

Is a digital dead man’s switch only for after death?

No. It usually works from non-response, not a formal record of death. That means it can help if someone is incapacitated, missing, traveling without contact, or otherwise unable to manage their normal digital life.

Is a dead man’s switch the same as a digital will?

No. A dead man’s switch is an automated timing mechanism. A digital will is a broader plan for accounts, files, and instructions. If legal transfer of property is involved, you may also need formal estate documents.

Should I store passwords or seed phrases in one?

Usually not in raw form. It is safer to separate instructions from the most sensitive secrets. For high-value accounts or crypto, use layered access, offline backups, or account-specific recovery tools where possible.

What is the biggest setup mistake?

Making the trigger too easy to trip, or packing too much information into one release. Both create avoidable risk.

Can a business use a digital dead man’s switch?

Yes. It can support business continuity by alerting the right people, sharing vendor or system instructions, and reducing confusion when one person holds critical operational knowledge.

How often should I review it?

At least after major life events, role changes, new accounts, or provider changes. A dead man’s switch with outdated instructions is much less useful than people think.

What security feature matters most?

There is no single winner, but strong encryption plus good false-trigger prevention is a strong baseline. Privacy is not enough if the wrong message goes out at the wrong time.

The practical takeaway

A digital dead man’s switch does one narrow job: it notices your silence and starts the next step.

Used well, it can protect private messages, support a family during a hard moment, and help a small business avoid preventable confusion.

Keep the plan simple. Protect the sensitive parts. Think through the legal side. Test the trigger. Update it when life changes.

Best crypto hardware wallets in 2026

Fri, 17 Apr 2026 00:00:00 GMT

If you hold crypto you actually care about, the best hardware wallet for most people in 2026 is a Trezor Safe 5. If you are Bitcoin-only and want the paranoid setup, get a Coldcard Mk4 or Coldcard Q. If you want a smaller, very clean third option, look at the BitBox02.

That is the short version. Everything else is a tradeoff.

Short answer

Wallet	Best for	Open-source firmware	Secure element	Air-gap option	Price
Trezor Safe 5	Most people	Yes	EAL6+, NDA-free	No	~$169
Trezor Safe 3	Cheaper version of the above	Yes	EAL6+, NDA-free	No	~$79
Coldcard Mk4	Bitcoin maximalists	Yes	Dual secure element	Yes (microSD)	~$149
Coldcard Q	Same as Mk4, nicer screen and QR	Yes	Dual secure element	Yes (microSD, QR)	~$249
BitBox02	Quiet third option, minimal design	Yes	EAL6+	No	~$149
Keystone 3 Pro	DeFi and multi-chain, air-gapped	Yes (firmware)	Triple EAL5+	Yes (QR)	~$169
Ledger Flex / Stax	Polished UX, broadest coin support	Partial	EAL6+, closed firmware	No	$249 / $399
NGRAVE ZERO	Highest certification, big budget	Partial	EAL7	Yes	~$398
Tangem	Gift-card-style simplicity	App only	EAL6+	Yes (NFC)	~$55

What a hardware wallet actually does

A hardware wallet is a small, dumb computer that does one thing: it holds your private keys and signs crypto transactions offline.

Your keys never touch your laptop or phone. When you want to send funds, the wallet signs the transaction on the device, using buttons or a touchscreen you can physically see, and sends the signed result back to your computer. Even if your laptop is full of malware, the keys stay inside the wallet.

That is the whole idea. Everything after this is about how well a given device pulls it off.

Two things actually matter:

The chip that stores the keys (the secure element).
Whether outside people can audit the code running on the device (open source firmware).

Air-gapping, Bitcoin-only firmware, multisig, and fancy screens are nice to have, but these are the two that decide your real threat model.

Secure elements in plain English

A secure element is a tamper-resistant chip built to resist physical attacks. Voltage glitching, side-channel analysis, decapping the chip and probing it with a laser, all of that. The same class of chip is used in credit cards and passports.

Secure elements are rated on the Common Criteria EAL scale, from 1 to 7:

EAL5+: Ledger’s STMicroelectronics ST33 chip. Same level as bank cards.
EAL6+: Infineon Optiga Trust M, used by the Trezor Safe 3, Safe 5, and BitBox02. Higher assurance than EAL5+.
EAL7: NGRAVE ZERO. The highest rating there is. Very few consumer devices reach this level.

Trezor’s older Model T did not have a secure element at all, which meant the seed could, with specialized equipment, be physically extracted. The Safe 3 and Safe 5 fixed that. Do not buy a used Model T for real holdings.

One nuance worth knowing: Trezor uses the Infineon Optiga Trust M, which is NDA-free. That means its documentation is public and researchers can audit it. Ledger’s secure element is covered by an NDA with STMicroelectronics, so the firmware running inside it is closed. Coldcard uses two secure elements from two different vendors, so one compromised supplier does not sink the whole device.

Open source vs closed firmware

Open source firmware means anyone can read the code that runs on the device. That matters because the device is the thing you are trusting to never leak your keys. If the code is closed, you are trusting the company instead.

Trezor, Coldcard, BitBox, and Keystone publish their firmware. Ledger publishes about 95% of its stack, but the firmware that runs inside the secure element stays closed, because of the chipmaker’s NDA.

This is also the real story behind the 2023 “Ledger Recover” meltdown. Ledger announced a feature that would let the device encrypt your seed phrase, fragment it, and send the pieces to three custodians. Users noticed something uncomfortable: if the device can do that at all, then a signed firmware update can always, in theory, push your seed off the chip. Ledger’s own ex-CEO admitted on Reddit that users had been oversold the “trustless” framing. The hardware did not change. The public understanding of what it could do did.

Closed firmware is not automatically bad. Ledger has a strong track record and solid hardware. It just means the security story ends with trust the vendor. Open source wallets let the story end with anyone can verify.

Trezor Safe 5, for most people

The Trezor Safe 5 is the easiest hardware wallet to recommend to a normal crypto holder in 2026.

Fully open source firmware and hardware schematics.
Infineon Optiga Trust M secure element, EAL6+, NDA-free, so the entire security stack can be audited.
Color touchscreen with haptic feedback, USB-C, decent desktop and mobile app (Trezor Suite).
Shamir Backup support, passphrase support, PIN.
Supports Bitcoin plus 8,000+ other coins and tokens.

Trezor invented the hardware wallet in 2014 and has kept publishing firmware, audits, and vulnerability disclosures for more than a decade. That track record is hard to buy from a newer brand at any price.

If you want the cheaper option with the same firmware, the Trezor Safe 3 at around $79 uses the same Optiga Trust M chip. It has a smaller monochrome screen and buttons instead of a touch interface. For a first hardware wallet, it is still a great pick.

The main limitation of both Safe models is that they are not air-gapped. You still sign transactions over USB-C. For most real-world threats, this is fine. If your threat model includes a sophisticated attacker with full control of your laptop, air-gapped devices give you an extra layer.

Coldcard if you only hold Bitcoin

The Coldcard Mk4 (and the newer Coldcard Q) is the wallet for people who want their keys to never touch a USB cable if they can help it.

Coldcard is Bitcoin-only. That sounds like a limitation until you realize what it buys you: the firmware does not need code for thousands of other chains, so the attack surface is much smaller. Less code, fewer bugs.

The good stuff:

Fully air-gapped workflow using microSD cards or (on the Q) QR codes. You never have to plug it into a computer.
Two secure elements from two different vendors (ATECC608 and DS28C36B on the Mk4). One vendor getting compromised does not break the device.
Open source firmware, including the firmware for the secure element, which most vendors keep closed.
Duress PIN and brick-me PIN for plausible deniability if someone forces you to unlock it.
Serialized, tamper-evident packaging so you can detect shipping-level attacks.
Advanced Bitcoin features: PSBT, multisig, BIP-85 child seeds, Seed XOR, miniscript.

The bad stuff is predictable: it is Bitcoin-only, the interface has a learning curve, and the Mk4 is a buttons-and-small-screen device. The Q is much nicer to use but costs more.

If most of your net worth is in Bitcoin and you want the most serious self-custody tool available to consumers, this is the one.

BitBox02, the quiet third pick

The BitBox02 is a Swiss-made wallet that does not get enough attention.

Open source firmware.
EAL6+ secure element (NDA-free).
Clean minimal design, touch sensors, OLED display.
Comes in a Multi edition (Bitcoin plus Ethereum and friends) and a Bitcoin-only edition.
Supports the anti-klepto protocol, which prevents a malicious wallet from leaking your keys through bad nonce generation. Almost nobody else implements this.

BitBox02 sits between “beginner-friendly” and “serious tooling.” If you like the Trezor philosophy but want something smaller, cleaner, and with a slightly nerdier toolkit, this is a good pick.

The other names, with honest takes

Ledger

Ledger dominates sales. Their hardware is well-built, their app is the most polished, and they have never had their secure element cracked in the wild. The Nano X, Flex, and Stax support the widest range of coins of any mainstream wallet.

There are reasons to hesitate, though. The firmware inside the secure element is closed. The 2023 Ledger Recover announcement showed users that a signed firmware update can, in theory, move your seed off the device, which is a very different threat model than “keys never leave.” Ledger also had a 2020 customer data breach that leaked names, emails, phone numbers, and physical addresses of around 270,000 users, which led to a long tail of phishing and physical threats.

Buying a Ledger in 2026 is a reasonable choice if you value the ecosystem and understand the tradeoff: you are trusting Ledger the company, not just Ledger the chip.

Keystone 3 Pro

If you want an air-gapped multi-chain wallet, especially one that works well with DeFi and MetaMask, the Keystone 3 Pro is the most interesting choice. QR-code-only signing, three secure elements, 5,500+ assets, open source firmware. It has a steeper setup than a Trezor but fills a real gap between “Coldcard for Bitcoin” and “Trezor for everything else.”

NGRAVE ZERO

The NGRAVE ZERO holds the highest security certification of any consumer hardware wallet (EAL7), is fully air-gapped, and has tamper-proof design and biometric authentication. It also costs around $400, is only partially open source, and the companion app is rougher than Trezor’s. If cost is no object and you are storing life-changing sums, it is worth considering. For most people it is overkill.

Tangem

Tangem is a different form factor: a set of NFC cards. You tap them to your phone. EAL6+ secure element, seedless option (keys never leave the card), very easy for non-technical users. The tradeoff is a smaller feature set and less support for advanced setups like multisig. As a backup or gift-to-a-beginner, it is surprisingly good. As your only wallet for serious holdings, probably not.

What actually steals crypto

In the wild, almost nobody loses funds because someone cracked a secure element. They lose funds to:

Phishing. A fake Ledger Live, a fake Trezor Suite, a fake airdrop site. You sign a transaction thinking it is one thing and it is another.
Fake hardware. Researchers have found counterfeit Ledger Nano S Plus devices on Chinese marketplaces that replace the secure element with a Wi-Fi chip and silently send seeds to an attacker. In 2025 a fake Ledger Live app passed Mac App Store review and drained over $9.5 million.
Supply-chain attacks on web libraries. In December 2023, an attacker used a phishing email to compromise a former Ledger employee’s NPM account and published a malicious version of Ledger’s Connect Kit that rerouted funds on multiple DeFi front-ends. The hardware was fine. The JavaScript was not.
Writing the seed phrase somewhere dumb. A photo on your phone that syncs to cloud. A note in a password manager that later leaks. A text file on your laptop.
Wrench attacks. Someone physically forces you to unlock the wallet. No chip protects you from that. Duress PINs and hidden passphrases help.

This shifts the practical advice:

Buy only from the manufacturer’s official site. Not Amazon. Not a marketplace. Not a friend of a friend.
Verify the download. Only install the companion app from the vendor domain. Check signatures when possible.
Write the seed on paper or steel. Never type it into anything. A hardware wallet is useless if the seed leaks.
Treat every transaction you sign as real money. Read what the device shows before confirming. The point of an on-device screen is that it cannot lie to you in the way a website can.
Use a passphrase on top of the PIN for real amounts. It turns a stolen seed into a dead seed.
Consider multisig for large holdings. Two or three devices from different vendors, so no single compromised chip can move funds.

The simple takeaway

Most of the hardware wallet market is noise once you raise the bar to open-source firmware plus a proper secure element plus a real track record. The shortlist is small on purpose:

Trezor Safe 5 (or Safe 3 on a budget) for most people.
Coldcard Mk4 or Coldcard Q for Bitcoin-only and maximum paranoia.
BitBox02 as a cleaner, quieter alternative to Trezor.
Keystone 3 Pro if you want air-gapped plus multi-chain.

Everything else is fine for some users, but these four cover almost every real threat model without asking you to trust a closed firmware blob or a brand-new company.

The hardware is usually not what fails. You are. Most lost crypto starts with a phishing link, a bad download, or a seed phrase stored where it should not be. Pick a good device, buy it from the right place, protect the seed, and read every screen before you tap confirm.

Best VPNs in 2026 for privacy and security

Sat, 11 Apr 2026 00:00:00 GMT

Search best vpn 2026 and you mostly get the same names shuffled around: NordVPN, Surfshark, ExpressVPN, Proton VPN, Mullvad, sometimes Windscribe.

That list gets much shorter if privacy and security come first.

The three best picks are Proton VPN, Mullvad, and IVPN.

Proton VPN is the best all-rounder.

Mullvad is still the cleanest anonymity-first choice.

IVPN is the smaller old-school privacy pick.

Short answer

VPN	Best for	Private payments	Open-source and audited	Network reach
Proton VPN	Most people	Cash, Bitcoin, bank transfer	Yes	120+ countries
Mullvad	Maximum privacy	Cash, Monero, Bitcoin, bank wire	Yes	About 50 countries
IVPN	Small privacy-first alternative	Cash, Monero, Bitcoin	Yes	Smaller network

Privacy-first VPNs are easy to praise and harder to verify. The standard here is simple: private payment options, client apps people can inspect, public audits, a real track record, and a network broad enough to be useful. Plenty of VPNs hit some of those marks. Very few hit all of them.

Proton VPN: the best balance

Proton VPN lands first because it is the easiest privacy-first VPN to recommend to normal people.

Its apps are 100% open source. It passed a fourth consecutive annual no-logs audit in 2025. Its transparency report shows that every listed legal request in 2025 was denied because Proton had no connection logs to hand over. It also accepts cash, Bitcoin, and bank transfer.

The other reason Proton lands first is practical: it is the most useful service in this privacy-first group. Proton’s network now spans 120+ countries, which is far broader than Mullvad or IVPN. That matters if you travel, want a nearby server for speed, or need a country that smaller providers simply do not cover. The apps are polished, the free tier is real, and the censorship-resistance features are strong.

The tradeoff is account anonymity. Proton still works through a Proton account, and mailed cash has to be credited to that account. For most people, that is a reasonable trade. It just is not as clean as Mullvad’s random account-number model.

If you want one VPN that is serious about privacy without becoming annoying to use every day, this is the one.

Mullvad: the cleanest privacy model

Mullvad is still the easiest answer to the question, how little can a VPN company know about me?

The design has stayed refreshingly simple. No email address. No name. Just a random account number. You can pay with cash, Monero, Bitcoin, and bank wire. Mullvad has held onto the same flat-rate model since 2009, which is rare in a market built on discounts, bundles, and upsells.

It also has the kind of trust record people usually claim, but rarely prove. Mullvad publishes its open-source projects. Its app went through a full 2024 security audit. In early 2026, it also published a new audit of its account and payment systems. The strongest real-world test came in 2023, when Swedish police showed up with a search warrant and left without customer data.

Mullvad is not tiny, either. Its live server list covers 50 countries. That is enough for a lot of people. It is just not as broad as Proton, Windscribe, or the big mainstream brands.

If what you want is the smallest trail between you and the VPN company, Mullvad is still the standard.

IVPN: the smaller serious option

IVPN has been around since 2009, and it has one of the clearest privacy-first identities in the market.

Like Mullvad, IVPN does not require an email address. It accepts cash, Monero, and Bitcoin. Its apps are open source on all major platforms, and it keeps publishing independent audits. It is also unusually transparent about who runs the company, which should not be rare in VPNs, but still is.

The drawback is straightforward: IVPN has the smallest network of the top three. If your main goal is the widest spread of countries and exit IPs, Proton is more useful. But if you want a smaller operator with a long record and a serious privacy culture, IVPN is easy to take seriously.

The other names people compare

These are the other names that keep showing up in 2026 roundups.

VPN	Open-source clients	Public audits	Private payments	Reach	Bottom line
Proton VPN	Full client stack	Yes	Cash, Bitcoin, bank transfer	120+ countries	Best balance of privacy, security, and usefulness
Mullvad	Full client stack	Yes	Cash, Monero, Bitcoin, bank wire	50 countries	Best pure-privacy option
IVPN	Full client stack	Yes	Cash, Monero, Bitcoin	Smaller network	Best smaller privacy-first provider
Windscribe	Desktop, mobile, and browser apps open source	Yes	Crypto	69+ countries, 115+ cities	Better than many roundup lists admit. Strong honorable mention.
NymVPN	Full client stack	Yes	Cash, crypto, Taler	70+ locations	The most interesting new entrant, but too new for a top 2026 trust ranking
NordVPN	Linux app and shared libraries open; not full client stack	Yes	Crypto, prepaid retail cards	Huge network	Strong mainstream VPN, but not fully open source in the way the top three are
Surfshark	No	Yes	Crypto	100 countries	Good value and broad reach, but proprietary clients keep it off this list
ExpressVPN	Partial only: Lightway core and browser extensions	Yes	Crypto	105 countries	Serious product, but only partial open-source transparency

Two names deserve a little more context.

Windscribe comes closer to the shortlist than most people expect. Its network is large, many of its apps are open source, it has public audits, and in 2025 it won a legal fight in Greece after authorities tried to force a logs-based answer that Windscribe did not have. If I were extending this list beyond three, Windscribe would be next.

NymVPN is genuinely interesting. It is fully open source, audited, and supports cash, crypto, and Taler. It also does something technically different from the rest of the field. The problem is age, not ambition. NymVPN’s commercial launch was only in March 2025, which is too recent for me to rank it above providers with a decade or more of real-world history.

The big mainstream brands are easier to explain. NordVPN, Surfshark, and ExpressVPN are all serious products. They have large networks, polished apps, and public audits. They show up constantly in roundups for a reason. But for a privacy-first ranking, open-source client transparency is where they lose ground. That is the line that separates “good mainstream VPN” from the shortlist above.

The simple takeaway

If privacy is your top priority, the answer is still short:

Proton VPN is the best VPN for most people in 2026.
Mullvad is the best VPN for people who want the strongest privacy and the least personal data tied to an account.
IVPN is the best smaller alternative.

The market looks huge until you raise the bar a little. Then it stops being huge very quickly.

One last thing

A VPN can hide your traffic from your ISP, hide your home IP from sites you visit, and help on hostile public Wi-Fi. It does not make you anonymous by itself.

If you log into Google, Facebook, or your bank, they still know it is you. If your browser is full of trackers, a VPN does not fix that. If your device is already infected, a VPN does not save you.

So yes, use a good VPN. But treat it as one privacy tool, not the whole plan.

Monero is simpler, Zcash is more flexible

Wed, 08 Apr 2026 00:00:00 GMT

If you want the simplest private digital cash today, Monero is still the practical answer.

Every Monero transaction hides the sender, receiver, and amount by default. You do not have to remember to turn privacy on.

Zcash is more flexible. Its modern shielded system is technically beautiful, and it gives you a cleaner selective-disclosure story through viewing keys. But it only protects you if you stay in shielded mode. The moment you fall back to transparent addresses, much of the privacy story is gone.

Short answer

Coin	Best for	Privacy model	Daily-use catch
Monero (XMR)	People who want privacy without extra decisions	Private by default in every transaction	Harder exchange access, heavier wallet sync, weaker audit story
Zcash (ZEC)	People who want strong privacy plus selective disclosure	Very strong privacy in shielded mode, optional transparency	You must use shielded wallets and avoid transparent rails

If you only remember two lines, use these:

Monero is harder for the user to misuse.
Zcash is easier to fit into systems that still want audit and compliance hooks.

What privacy coins are trying to hide

A normal public blockchain leaks three simple things:

who paid
who got paid
how much moved

Privacy coins try to hide some or all of that while still proving the transaction is valid.

The network still has to verify that you owned the funds and did not create new coins from nowhere. Privacy coins are basically different answers to one question:

How do we prove the payment is real without showing everyone the payment?

Monero in plain English

Monero hides privacy leaks by stacking several different tricks on top of each other.

First, it uses ring signatures. In plain English, when you spend Monero, your wallet mixes your real spend with decoy outputs from the blockchain. Observers can see that someone in the ring signed the transaction, but not which one.

Monero later upgraded this machinery with CLSAG, which cut transaction size and improved verification speed. The Monero project says a typical transaction dropped from about 2.5 kB to 1.9 kB, with around a 20% improvement in signature verification.

Second, it uses stealth addresses. The address you hand to a payer is not the address that shows up plainly on-chain. The sender creates a one-time destination for that payment, so outside observers cannot easily link all incoming payments back to your public address.

Third, it uses RingCT, short for Ring Confidential Transactions, to hide amounts. Monero made RingCT mandatory in 2017, then kept shrinking the cost of hidden-amount proofs with Bulletproofs+ and related upgrades.

There is also a network-layer piece. Dandelion++ changes how transactions spread through the peer-to-peer network, making it harder to link a transaction to the IP address that first broadcast it. That helps, but it does not make network surveillance disappear.

The practical result is simple: Monero gives you one opinionated privacy setup, and it applies it every time.

That makes Monero easier to use correctly than most people expect. You are not constantly asking yourself whether you used the private address type or the private memo option or the private wallet mode. The answer is built in.

Everyday Monero tradeoffs

Monero’s strongest advantage is also the source of its friction.

Because the chain is opaque, wallets have to do more scanning work to figure out which outputs belong to you. In normal life, that means wallet sync can be noticeably more annoying than with transparent coins, especially on older devices or if you have not opened the wallet in a while. Remote nodes and lighter wallets help, but this is still one of Monero’s biggest usability taxes.

Monero also has a weaker disclosure story. It does support view keys, but Monero’s own docs note that sharing a view key is mainly reliable for incoming transactions, not a full clean picture of outgoing activity. That makes Monero great for private payments and less elegant for business accounting, audits, or regulated workflows.

The other everyday fact is access. Monero is the coin most directly targeted by regulated exchange delistings. Binance delisted XMR in 2024, and Kraken later pulled it from the EEA due to regulatory changes, following similar moves elsewhere in Europe. So even if the protocol works fine, the on-ramp is often worse than for ordinary crypto.

Zcash in plain English

Zcash comes from a different idea.

Instead of mixing your spend into a crowd of plausible spends, Zcash uses zero-knowledge proofs, specifically zk-SNARKs, to prove a shielded transaction is valid without revealing the sender, the receiver, or the amount.

This is the part engineers love about Zcash. It feels closer to real cryptographic magic. The network can verify the payment without learning the payment details.

Zcash has two worlds:

transparent addresses, which behave more like Bitcoin
shielded addresses, which carry the real privacy

If you send z-to-z, the public chain does not reveal the sender, receiver, or amount. The official Zcash docs are very clear that shielded transactions are the most secure mode. They also note one small leak that is easy to miss: the chain still reveals that a transaction happened and what fee was paid.

This design gives Zcash a big advantage over Monero in one area: selective disclosure. Zcash was built with a stronger viewing-key model, so it is easier to let an auditor, accountant, or compliance partner inspect transactions without handing over spending authority. That is one reason institutions and regulated products have always found Zcash easier to talk about than Monero.

The Sapling upgrade made shielded transactions much more practical. The later Orchard upgrade moved Zcash’s newest shielded pool to Halo 2, which means the modern Orchard system no longer depends on the old trusted-setup model people still associate with early Zcash.

Zcash also added unified addresses, which bundle multiple receiver types into one address and help supporting wallets autoshield funds.

So the current Zcash pitch is not just “optional privacy.” It is closer to shielded by default, when the wallet ecosystem does its job.

Everyday Zcash tradeoffs

Zcash’s problem is not that shielded privacy is weak. It is that optional privacy is easier to leak.

If your exchange only gives you transparent withdrawals, or your wallet defaults to transparent behavior, or you deshield funds too early, you lose the benefit. Zcash’s privacy depends much more on which wallet you choose and which rail you use.

Optional privacy also splits the crowd hiding with you. When a large share of users or services stay transparent, the shielded set is not as socially automatic as Monero’s privacy set.

The project now pushes users toward shielded-first wallets for exactly this reason. The official site recommends using a wallet that is shielded by default, and its own Zashi wallet is explicitly presented as a self-custody shielded wallet.

So the pragmatic Zcash rule is simple: if you are not using shielded tools, you are not really using Zcash for privacy.

The biggest difference in one sentence

Monero protects privacy by making the safe path the default.

Zcash protects privacy with stronger compartmentalization, but asks more of the ecosystem and the user.

That difference sounds philosophical, but it becomes very practical once real people start buying, withdrawing, storing, and spending the coin.

Where privacy coins still leak

A privacy coin can hide what the blockchain shows. It does not automatically hide everything around the blockchain.

You still leak information if:

you buy from a KYC exchange
your wallet app phones home in a bad way
your phone or laptop is already compromised
you reuse the same identity across merchants, chats, or invoices
you convert back to a transparent asset too quickly
your recipient is careless with addresses, memos, or receipts

Monero tries to close more leaks at the chain level by default. Zcash gives you very strong shielded privacy, but more ways to step outside it by accident. Neither coin solves ordinary operational security for you.

The short version is that privacy coins protect the ledger, not your whole life.

So which one is better?

For most people who want private digital cash and do not want to think about the privacy model every time, Monero is better.

For people who care about zero-knowledge cryptography, want a cleaner selective-disclosure story, or need something that can fit more naturally into semi-regulated workflows, Zcash is more interesting.

That does not make Zcash worse. In some ways the cryptography is more impressive. But if the question is everyday use instead of elegant protocol design, the answer stays pretty plain:

Monero is the safer choice for user behavior.
Zcash is the more flexible choice for system design.

My practical takeaway

If I wanted the privacy coin that ordinary users are least likely to misuse, I would pick Monero.

If I needed privacy plus a believable audit trail for a business, fund, or regulated counterparty, I would look much harder at Zcash, but only with shielded wallets, shielded withdrawals, and a clear policy against drifting back into transparent mode.

Monero is the coin that says, private means private every time.

Zcash is the coin that says, private when needed, disclose when chosen.

Both are technically serious. Only one of them makes the private path hard to forget.

What Palantir actually sells

Mon, 06 Apr 2026 00:00:00 GMT

Palantir sells software that turns a large institution into something closer to a live strategy game. Every plane, patient, part, shipment, transformer, case file, and target becomes an object on one shared map of the organization. People can search it, filter it, graph it, alert on it, and increasingly ask an AI to work on top of it. That is useful when you are running an airline or mine. It is also useful when you are running a military targeting program or a deportation system. The same basic product pattern shows up in both worlds.

That is the cleanest answer to the question people have been asking about Palantir for twenty years.

The company now says it has four main platforms: Gotham, Foundry, Apollo, and AIP. By the end of 2025 it had 954 customers, up 34% year over year, and its top 20 customers averaged $93.9 million in annual revenue. So this is no longer a niche spy-tech company with a few unusual contracts. It is a big software vendor. But the interesting part is still what the software actually does.

The stack

Foundry is the main commercial product. Palantir describes it as a data operations platform for data management, logic, analytics, and workflows.

Gotham is the government and defense side. Palantir is less explicit in public docs, but in practice it is the part most associated with intelligence, military, and police analysis. Palantir’s own filing says Gotham powers defense and intelligence operations and integrates with the rest of the stack.

Apollo is the least glamorous but maybe the most important reason Palantir can win high-stakes deployments. It is a deployment and operations system that pushes software across public cloud, on-prem, and disconnected or air-gapped environments. That matters if your customer is a hospital, a military network, or a police force that cannot just use normal SaaS.

AIP is the newer AI layer. Palantir’s own docs describe it as LLM connectivity, agents, automations, evals, and governed AI workflows. The key point is that AIP is not supposed to be a raw chatbot glued onto company data. It is meant to sit on top of Palantir’s existing model of the organization, with permissions, audit trails, and human review checkpoints already in place.

If you want the short version, Palantir is selling an operating system for institutions.

The core trick is the Ontology

The heart of Palantir is what it calls the Ontology. In plain English, that is a shared model of the organization.

Palantir takes raw inputs from existing systems, then maps them into objects, properties, links, and actions.

An object might be:

a patient
a shipping container
a locomotive part
a transformer
a mine sensor
a deportation target
a military point of interest

A property is something about that object, like location, health, owner, urgency, warranty status, or risk score.

A link connects objects to each other: this patient is in this ward, this order depends on this supplier, this part belongs to this engine, this person is associated with this address, this target came from this sensor report.

An action is what a user can do from inside the system: assign a task, reschedule a shipment, approve a maintenance plan, mark an alert as resolved, write back to another system, or trigger a workflow.

That sounds abstract until you see the examples. Palantir’s own docs say the Ontology can represent plants, equipment, products, customer orders, and financial transactions. The backend docs show it is built to index, query, search, aggregate, and write back across those objects.

This is the main reason Palantir is not just “a big database.” A database stores records. Palantir tries to build a live model of the organization, then lets people operate through that model.

What data goes in

This is where Palantir gets concrete.

In a consumer goods supply chain case study, Palantir says it integrated seven ERP systems and modeled plants, SKUs, customers, bills of material, inventory, raw materials, and forecast demand. The goal was not a prettier dashboard. It was to let managers ask questions like: where can we swap materials, reduce waste, and raise margins on specific products?

In a shipping case study, the inputs included booking systems, container tracking systems, CRM data, and task queues for thousands of agents in more than 100 countries.

In a rail warranty case study, the data covered each locomotive part’s lifecycle from purchasing to storage to installation to failure to removal, plus warranty terms and claims workflows.

At Ferrari, Foundry ingests Grand Prix data, test bench results, and part information for power unit engineers. Ferrari says an F1 season can generate as much as 1.5 trillion data points.

At Airbus Skywise, the data includes work orders, spares consumption, component data, fleet configuration, onboard sensor data, flight schedules, operational interruption history, pilot reports, technical requests, and service bulletins. Airbus now says more than 12,300 aircraft and 48,000 users are connected to the platform.

At PG&E, the claimed input scale is 8 to 10 billion data points per day. The company has described using Foundry with smart meter data, geospatial data, grid topology, and wildfire risk information across 25,000 miles of wire.

At Rio Tinto, the data ranges from hundreds of equipment units and rail systems in Pilbara to thousands of underground mine sensors at Oyu Tolgoi in Mongolia.

In healthcare, NHS England says its Federated Data Platform is meant to work with bed counts, waiting lists, staff rosters, supplies, discharge data, and social care capacity. Tampa General Hospital has described integrating nursing schedules, patient information, and acuity levels.

In semiconductors, Athinia uses Palantir Foundry to let fabs and materials suppliers share codified or anonymized process and materials data. The pitch is better quality control, supply chain transparency, and faster root-cause analysis.

In government and enforcement, the data gets more sensitive.

Reuters says the Pentagon’s Maven Smart System takes in data from satellites, drones, radars, sensors, and intelligence reports to identify military points of interest and speed analyst work.

The ACLU’s roundup and 404 Media’s reporting say Palantir systems used by ICE can pull together immigration history, family relationships, employment information, phone records, biometrics, criminal records, home and work addresses, and data from sources like HHS, USCIS, and commercial data products.

That range is the story. Palantir can work with almost any data, but it is strongest when the data describes an operation with lots of moving parts and a high cost of being wrong.

What users actually see

A lot of confusion about Palantir comes from people imagining some giant black box. The user-facing layer is actually more mundane.

Palantir’s Object Explorer is basically search for the Ontology. Users can run keyword queries or property filters, see tables, maps, charts, compare object sets, export results, and take bulk actions.

Quiver is the analysis surface. It uses cards on a canvas. Some cards filter or join data. Others make charts, time-series views, anomaly detection, or dashboards.

Workshop is the app builder. Palantir’s own getting-started example is a “Flight Alert Inbox” with an object table, filter list, object view, and a resolve button that writes back through an action. That sounds trivial, but it is a good picture of what many Palantir apps really are: operator screens for people who need to see the current state of the world and do something about it.

This matters because Palantir is not mostly selling executive dashboards. It is trying to build software that working teams sit inside all day.

Why companies buy it

The value proposition is simple: most big organizations already have the data they need, but it is trapped in systems that do not line up with the actual work.

A manufacturer has ERP, MES, procurement systems, quality systems, spreadsheets, and sensor feeds. None of them agree cleanly with each other. A hospital has EHRs, scheduling systems, staffing systems, discharge data, and supply tools. An airline has maintenance systems, operations data, flight telemetry, engineering logs, and vendor data. A police or intelligence agency has case systems, registries, tip lines, and surveillance feeds.

Palantir’s claim is that it can make those systems legible as one operational picture, then let people actually run the business on top of that picture.

The case studies are unusually specific:

A Fortune 100 consumer goods company integrated seven ERP sources in five days and Palantir claims up to $100 million in annual savings.
A major shipping company used Foundry to prioritize tasks across 100+ countries, with Palantir claiming tens of millions in savings.
A railroad used Foundry to recover $20 million+ per year in warranty claims.
Airbus says Palantir helped accelerate A350 delivery by 33% and later expanded into the broader Skywise ecosystem.
United said the combination of Palantir Foundry and Skywise would improve maintenance and operational reliability.
Ferrari says Palantir lets race engineers turn analyses that once took minutes into seconds.
Rio Tinto says Foundry helps coordinate 53 driverless trains and monitor mine risk from thousands of sensors.
Tampa General said Foundry helped drive a 30% improvement in nurse staffing ratio, a 28% reduction in PACU hold time, and a disaster-response app in under 24 hours.

The through-line is operational compression. Fewer handoffs. Fewer spreadsheet rituals. Faster decisions with more context.

Why governments buy it

Governments have the same mess as big companies, but with worse procurement, worse data sprawl, stricter security, and higher stakes.

The British government’s biggest public Palantir deployment is the NHS Federated Data Platform. It is built on Foundry, under a £330 million contract over seven years. NHS England says the system is meant to support elective recovery, care coordination, vaccination, population health planning, and supply chain management. Its FAQ says local trust instances can hold identifiable care data for direct care, while national planning views use de-identified or aggregate data. By late 2024, NHS England said 91 trusts and 31 systems had signed up.

In the U.S. military, Palantir is now deeply embedded. Reuters reports the Pentagon awarded a $480 million Maven contract in 2024, then the Army expanded it with more licenses, and later consolidated contracts into an agreement worth up to $10 billion over ten years. Maven is not a vague “AI for defense” story. Reuters describes it as battlefield software that helps analyze sensor and intelligence data and identify targets or military points of interest.

Palantir’s work with immigration enforcement is even more concrete, and more politically explosive. The ACLU describes four main systems or programs: ELITE for target identification, ICM for case management, ImmigrationOS for streamlining deportation operations, and AI-enhanced tip processing. 404 Media says ELITE can display targets on a map, show dossiers on individuals, and assign an address confidence score. Reuters says ICE awarded Palantir a $30 million contract related to systems that identify undocumented immigrants and track self-deportations.

Germany gives a different picture of the same core technology. Deutsche Welle reports that Palantir’s Gotham software is already used by police in Hesse, Bavaria, and North Rhine-Westphalia, with Baden-Württemberg planning to implement it. In Hesse it is branded HessenData. The Hesse interior ministry says it has been used since 2017 against organized crime and terrorism and credits it with helping prevent a 2018 Islamist attack.

So when people ask which governments use Palantir, the answer is not vague. Public reporting and official materials show real deployments in the U.S. military, U.S. immigration enforcement, NHS England, and multiple German state police systems, among others.

The AI layer changes the pitch, not the core product

A lot of recent coverage makes Palantir sound like an AI company that happened to have government contracts first. That gets the order backwards.

The AI story works because Palantir already spent years building the data model, permissions, and workflow layer. Its own docs say AIP agents are grounded in the Ontology, documents, and custom tools, with LLM access scoped by platform security. AIP Logic is for building LLM-powered functions that can read ontology objects, return outputs, and even stage edits for review. Palantir’s filings emphasize human review checkpoints and audit controls.

That is why Palantir can sell AI to very conservative organizations. It is not saying, “let the chatbot loose on your data.” It is saying, “we already know what your data means, who can touch it, and what actions are allowed. Now we can put an LLM inside that box.”

The uncomfortable truth

Palantir’s commercial and government businesses look very different morally, but they are technically closer than many people want to admit.

The same features that help a hospital coordinate beds and discharges can help an immigration agency coordinate detention and removal.

The same features that help a utility map wildfire risk can help a military map targets.

The same “single source of truth” story that sounds good in manufacturing also means centralizing very sensitive information about people.

That is why critics focus less on the software buzzwords and more on the consequences of putting this kind of system in the hands of states. The ACLU argues that Palantir systems help create centralized dossiers, expand the use of brokered personal data, and enable opaque targeting decisions. In Germany, civil liberties groups have challenged Palantir-style police data mining in court. In Britain, critics of the NHS rollout worry less about today’s official contract language than about what a centralized health data platform could enable later if laws or politics change.

Palantir’s own answer is that its permissioning, logging, and governance controls constrain misuse. Sometimes that is probably true. But the controls do not change the fact that the software is designed to make large institutions more legible to themselves and more capable of coordinated action. Whether that feels admirable or chilling depends a lot on who the customer is and what they are trying to do.

Final view

Palantir is not mainly selling dashboards. It is not mainly selling a database. It is not even mainly selling AI.

It sells software for taking a sprawling institution, modeling the important parts of it as a live system, and letting people operate through that model.

For companies, that means better maintenance, fewer supply chain blind spots, faster planning, and more disciplined operations.

For governments, it can mean better hospital coordination or military logistics. It can also mean target selection, mass surveillance, and deportation infrastructure.

That is what Palantir actually does. It makes complicated institutions easier to see, easier to query, and easier to steer.

The best tools for sending an email if you go silent

Fri, 03 Apr 2026 00:00:00 GMT

This is a surprisingly small category.

Most people think there must be dozens of good tools for this. There are not. Once you strip away password-manager recovery, Apple legacy features, and generic estate-planning advice, only a handful of products are actually built to notice your silence and send something by email. If you want the broader definition first, start with what a dead man’s switch actually is.

People searching for a dead man’s switch email tool are usually asking for one of three different things:

A way to hand off a Gmail or Google account after inactivity.
A true check-in system that sends a custom message or file if you stop responding.
A self-hosted setup they can audit and control themselves.

Those are different jobs. The best choice depends on which one you mean.

The short list

If I were narrowing this down for a normal reader, I would focus on five options.

5. LastSignal

This is the best technical option for people who want a self-hosted system.

LastSignal is open source, self-hosted, and built around browser-side encryption. Its site says messages are encrypted before upload, the server stores only ciphertext, and recipients decrypt in the browser with their own passphrases. It also uses email check-ins and supports multiple reminders, cooldown periods, and trusted contacts who can delay delivery if you are alive but temporarily unreachable.

That is a thoughtful design. It is also self-hosted, which changes the trade.

Why it is interesting:

You can inspect the code.
You control the hosting.
The security model is documented in unusual detail.

Why it is not for everyone:

You need to keep the server, domain, SMTP setup, and maintenance alive for the long term.
The project itself is clear that there is no managed service and no warranty.
Long-term reliability is harder when you are the operator.

That last point matters more than people think. A dead man’s switch is supposed to still work when years have passed and nobody is thinking about it. Self-hosting is appealing, but it can quietly undermine the whole point.

4. DeadMansSwitch.email

This one looks like a more polished, privacy-forward take on the category.

Its public materials describe automatic message delivery after inactivity, multiple reminders, two-factor authentication, encrypted storage, and a zero-knowledge design. On paper, that is a strong feature set for people who want a service built specifically around email delivery.

I would put it on the shortlist, but with more caution than the options above.

The reason is not that anything looks wrong. It is that the public documentation I found is thinner. With a product like this, I would want to test the reminder flow, read the policy pages carefully, and make sure I understand exactly what happens if the company changes direction or disappears.

So the verdict here is: promising, worth a look, but do your homework before trusting it with anything irreplaceable.

3. Dead Man’s Switch

This is the old-school option.

It has been running since 2007, which counts for something in a category where longevity is part of the product. Its model is simple: you write messages, choose intervals, get reminder emails, and if you never check back in, the messages send. The service also has a test mode so you do not have to wait months to see whether your setup works.

Why I would still consider it:

Long operating history.
Straightforward check-in logic.
Very simple mental model.
Test mode for verification.

But there is an important catch. The service itself says it is meant for casual use and should not be trusted for whistleblower or life-and-death scenarios. It also suggests using PGP or GPG yourself if you need stronger privacy guarantees.

That honesty is refreshing. It also tells you exactly where this product belongs: practical, lightweight, ordinary use. Not the highest-stakes version of this problem.

2. Google Inactive Account Manager

This is the best default answer for people whose digital life already runs through Gmail.

Google lets you choose a period of inactivity, nominate up to 10 trusted contacts, and decide whether they should just get a notification or also receive selected account data. Google says it looks at signals like sign-ins, Gmail usage, My Activity, and Android check-ins before deciding your account is inactive.

This is not the cleanest “dead man’s switch” in the classic sense. It is really a Google-account continuity tool. But for millions of people, that is close enough to the thing they actually need.

Why it is good:

It is built into an account many people already use every day.
It can notify people automatically after inactivity.
It can share Gmail-related data without asking your family to learn a new service.

Where it falls short:

It is tied to your Google account, not your broader digital life.
It is better for account handoff than for carefully staged message delivery.
It is not the right fit if you want separate messages for different people on different schedules.

If your real question is “how do I make sure someone gets access to my Gmail or hears from me if I disappear,” this is the first thing I would look at.

1. Alcazar Dead Man’s Switch

If you want an actual missed-check-in system that sends messages and files to the people you chose, this is the strongest fit in the group.

The product is built around check-ins, grace periods, and automatic delivery. You pick a daily, weekly, or monthly rhythm. If you miss it, reminders escalate across the channels you set up. Only after the full grace period passes do encrypted messages and files go out. The public product page also says you can send different information to different contacts, attach files, and test the setup before relying on it.

Why it stands out:

It is built for the exact problem, not adapted from account recovery.
Different contacts can receive different messages and files.
It supports reminders through email, Signal, and Telegram, which lowers the chance of a false alarm.
Test mode is a real advantage in a category where people often set things up and hope.

The main caveat is simple: this is a dedicated product, not a default feature inside a platform you already use. That is good if you want flexibility. It is one more service to trust if you do not.

What is not really in this category

Some very good products solve adjacent problems, but they are not the same thing.

Apple Legacy Contact helps a designated person request access to an Apple account after death with an access key and supporting documents.
Bitwarden Emergency Access lets a trusted contact request view or takeover access to your vault after a wait period you define.
1Password’s Emergency Kit is a recovery document, not an automated silence trigger.

These are useful tools. They are just not email dead-man-switch tools in the narrow sense. If that distinction still feels fuzzy, dead man’s switch vs digital will is the cleanest breakdown.

They answer, “How can the right person get access?”

A true dead man’s switch answers, “What should happen if I stop checking in?”

That difference sounds small until you actually need one.

How I would choose

If I had to make this simple:

Pick LastSignal if you are technical, want open source, and are willing to maintain it properly.
Evaluate DeadMansSwitch.email only after testing it yourself, because the concept is strong but I would want more operational confidence first.
Pick Dead Man’s Switch if you want the simplest long-running classic and your needs are modest.
Pick Google Inactive Account Manager if your main concern is Gmail and you want the easiest mainstream answer.
Pick Alcazar Dead Man’s Switch if you want a real check-in-based system for custom emails, files, and different recipients.

One last practical point

None of these tools is a substitute for legal estate planning.

They can send instructions, messages, account maps, or recovery material. They cannot create legal authority by themselves. If the real problem is inheritance, executors, or formal control over assets, you still need the ordinary legal layer too.

But if your real problem is timing, if silence itself should trigger a message, this category is real and useful.

It is just smaller than it first appears.

The most secure phone today is a Google Pixel running GrapheneOS

Thu, 02 Apr 2026 00:00:00 GMT

If you care about serious phone security, the best setup today is a recent Pixel running GrapheneOS.

If you want the closest mainstream alternative, use a recent iPhone on the latest iOS with Lockdown Mode enabled.

I would also split sensitive work from normal phone use. The strongest setup is usually not one phone that does everything. It is a hardened phone for sensitive tasks and a separate everyday phone for the rest.

What “secure” means

When people say they want a “secure phone,” they often mean three very different things:

Protection from ordinary theft, scams, and malicious apps.
Protection from a serious remote attack, including so-called zero-click spyware.
Protection from physical coercion, where someone pressures you to unlock the phone or move funds.

A normal up-to-date iPhone or Android phone is already decent at the first one.

The second problem is the one that separates ordinary phones from hardened ones. Modern phones are full of messaging parsers, browsers, radios, cloud sync, and privileged system services. They are always connected and they hold nearly everything.

The third problem is harder still, because no operating system can fully protect you from someone standing next to you demanding your passcode.

So the real question is which phone gives an attacker the fewest easy paths in, and which setup leaves the least exposed if something still goes wrong.

The threat model changed

The market for commercial spyware is real, well-funded, and ugly. NSO Group became the most famous example because of Pegasus, but it is not alone. Intellexa has been tied to the Predator spyware platform and a long list of mobile zero-days. QuaDream used invisible iCloud calendar invites to help install its own iPhone spyware.

There are exploit brokers in this world too. Zerodium made that market unusually visible when it publicly offered seven-figure payouts for zero-click iPhone chains. That is a useful reminder that serious mobile exploits are not hobby projects. They are expensive products.

This matters because the phone is now the center of the user’s digital life: messages, location history, photos, notes, email, password resets, second factors, wallet apps, and often cloud backups too.

GrapheneOS on Pixel

GrapheneOS is a hardened version of Android that focuses heavily on making unknown bugs harder to exploit.

That is the right place to focus, because every vendor patches known bugs. The harder problem is surviving the bugs that have not been found yet.

GrapheneOS puts a lot of work into that layer. Its own features page highlights stronger sandboxing, enhanced verified boot, a hardened memory allocator, tighter app boundaries, and more exploit mitigations aimed at making remote compromise less reliable and privilege escalation harder.

In simple terms, it tries to reduce attack surface and make exploitation harder even when a bug exists.

It also helps that modern Pixels have strong hardware security. GrapheneOS has stuck with Pixel devices partly because the hardware support is there. Features like memory tagging are not marketing fluff. They help catch whole classes of memory corruption bugs that still dominate serious exploits.

GrapheneOS also handles Google services in a cleaner way than most people expect. If you want them, you can run Google Play as ordinary sandboxed apps instead of as deeply privileged system components.

None of this makes GrapheneOS magic. You can still install a malicious app. You can still lose the device. You can still hand over the passcode. But if the question is which consumer phone platform is trying hardest to survive a sophisticated attack, GrapheneOS on a recent Pixel is the best answer today.

iPhone with Lockdown Mode

Lockdown Mode is Apple saying, openly, that high-risk users need a different security profile from everyone else.

When Lockdown Mode is on, the iPhone stops behaving like a normal iPhone in several ways. It blocks many message attachment types, strips out link previews, limits complex web features, restricts some incoming service invitations, tightens device connections, turns off 2G and 3G, and makes configuration-profile tricks much harder.

That is good security engineering because fewer features usually means fewer ways to get hacked.

Apple also built defenses such as BlastDoor to isolate and validate untrusted message content before it reaches more sensitive parts of the system. That does not make iPhones unhackable, but it does raise the cost of building reliable iPhone spyware.

The tradeoff is usability. Some sites break. Some messages lose features. Some workflows get annoying. For most people that is unnecessary. For high-risk users it can be the right trade.

The clean comparison is this: GrapheneOS is a hardened operating system choice, while Lockdown Mode is a hardened operating mode inside a mainstream phone. If you can tolerate the platform change, GrapheneOS is stronger. If you want the safer mainstream option, pick the iPhone.

Pegasus and the spyware market

Citizen Lab documented FORCEDENTRY, an NSO Group iMessage zero-click exploit that worked against fully modern Apple devices. The important part here is not just the bug. It is the delivery model.

The victim did not need to tap a link. The message itself was enough.

That is what “zero-click” means. Once the public saw those attacks hitting activists, journalists, political figures, and other civil-society targets, it became much harder to dismiss phone security as a niche concern. If you are worth targeting, your phone is one of the first places people will try.

AI and zero-days

Google says its Big Sleep AI agent has already found previously unknown vulnerabilities in real software, and in one case helped identify a critical SQLite bug before attackers could use it in the wild.

That is defensive use, but the same reality cuts both ways. If defenders can use AI to search large codebases, compare versions faster, and spot strange edge cases, offensive teams can use similar methods too. Maybe not as a fully autonomous hacker yet, but certainly as a force multiplier for exploit research.

So yes, zero-days will probably be found faster in the AI era. That makes hardening more valuable, not less.

The UK and iCloud encryption

In 2025, Apple removed Advanced Data Protection for UK users after pressure from the British government, a move widely reported as a response to demands under the Investigatory Powers Act (Reuters coverage).

This did not mean Apple turned off end-to-end encryption for everything in Britain. iMessage, FaceTime, Keychain, and some other categories stayed protected.

But it did mean UK users lost the option to keep several major iCloud categories, including backups, photos, notes, and files, under that stronger end-to-end protection.

It is a useful warning: even if the handset is excellent, cloud backups can be a weaker link. Cloud security is not only a technical question. It is also a legal and political one.

Motorola and GrapheneOS

At MWC 2026, Motorola announced a formal partnership with the GrapheneOS Foundation and said the two groups will work on future devices engineered for GrapheneOS compatibility.

The official announcement was careful on timing, but follow-up reporting points to the first compatible Motorola flagships arriving in 2027, not on current devices.

If that happens, GrapheneOS stops being only a Pixel answer. That matters both for adoption and for the broader idea that hardened mobile security is becoming commercially real.

Practical setup

If you want the most secure phone setup available to a serious consumer today, use:

A recent Pixel running GrapheneOS as a dedicated high-security phone.
A strong passphrase, not a weak 6-digit PIN.
The smallest app set you can tolerate.
Separate profiles or separate devices for risky apps and everyday browsing.
As little sensitive cloud backup as possible.

If you are staying on Apple, the best version of the setup is:

A recent iPhone on the latest iOS.
Lockdown Mode enabled.
A long passcode.
Minimal installed apps.
Careful thought about what still lands in iCloud.

Crypto and high-risk data

If you store large amounts of cryptocurrency or other highly sensitive data, go one step further and stop treating the phone as the final vault. Use separate hardware devices for signing, storage, or recovery whenever possible. A phone is too exposed, too networked, and too easy to pressure in person.

If those separate devices are part of a real wallet or access workflow, a monitoring layer can still help. Something like Alcazar Flare is relevant here not as a replacement for good device separation, but as a way to notice unauthorized device access or suspicious wallet activity sooner.

If I had to give one answer, it would still be simple: GrapheneOS on a recent Pixel is the strongest phone setup available today. The iPhone with Lockdown Mode is the best easier alternative.

AI Progress and the Singularity: the case for 2027-2029

Fri, 27 Mar 2026 00:00:00 GMT

Either AGI starts showing up in the next few years, or the whole singularity story is much farther away than most people think.

My best guess is 2028.

I think there is a real chance that we get something fair to call AGI between 2027 and 2029.

Not because every demo on Twitter is real. Not because every benchmark is profound. Not because one lab says the word “reasoning” louder than the others.

I think that because three things are now true at once:

the models got much better
the scaffolding around the models got much better
the amount of useful work they can do in one shot has started to climb fast

That does not prove a singularity is near. It does mean the argument is no longer science fiction.

There is about a 60% chance that AGI-like systems arrive by the end of 2029, with 2028 as my single best guess.

If that does not start happening soon, then it probably does not happen on today’s curve ten years later.

Either the curve bites hard in the next few years, or the whole singularity story belongs to a much stranger world with different hardware, different institutions, and probably a different technical paradigm.

First, define the words

People use AGI, ASI, and singularity sloppily. So here is the plain-English version.

AGI means a system that can do most valuable cognitive work at least as well as a good human, and usually faster. If you can throw it coding, research, analysis, planning, writing, and tool use, and it holds up across the board, that is close enough for this article.

ASI means something clearly beyond the best humans at almost all of that.

Singularity is the strongest claim of the three. It means progress starts compounding so fast that normal forecasting breaks. Humans stop being the main pace-setter.

Those are not the same claim. You can believe in AGI and still be skeptical of ASI. You can believe in ASI and still think the word singularity is too dramatic.

The short history

Most AI history does not help much with this question. A few moments do.

Deep Blue beating Kasparov in 1997 was important because it showed machines could crush humans in a domain once treated as a test of intellect. But it was narrow. It was a machine for chess.

AlexNet in 2012 helped establish deep learning as the main road, not a side alley.

AlphaGo in 2016 changed the emotional tone of the field. DeepMind did not just beat a Go champion. It produced moves that looked alien to strong human players. AI was no longer just brute force plus speed. It could find ideas people missed.

Around that same period, another piece of history sits behind the current race: OpenAI was founded in 2015 partly out of a real fear that advanced AI might get concentrated inside Google after its acquisition of DeepMind. That fear now looks less naive than it did at the time. A lot of the current AI story is really about who gets to control general-purpose intelligence.

Then came the language-model phase.

The architecture break behind that phase was the Transformer. Once Attention Is All You Need landed in 2017, the field had a much better recipe for training large sequence models in parallel. A lot of what came next was that recipe getting scaled, refined, and pointed at more data.

GPT-2 in 2019 was the first time many people saw that simple next-token prediction could turn into eerily coherent text at scale. The model was still flaky, but the direction was obvious.

GPT-3 in 2020 pushed that much further. It made the “general-purpose text engine” idea feel real. You could prompt it into translation, summarization, code, Q&A, or light reasoning. A lot of people still dismissed it as autocomplete with good PR. They were not fully wrong. But they were no longer fully right either.

Then two things changed the picture more than raw scale did.

The first was RLHF and the InstructGPT line. That took models that were smart in a messy way and made them usable.

The second was ChatGPT in 2022. ChatGPT was not the first strong model. It was the first time millions of people understood, in one afternoon, that the interface to computing might change.

Then the center of gravity shifted again.

In 2024, reasoning models started to become a real product category. OpenAI o1 was the clearest public marker. “Think before answering” stopped being a research rumor and became a thing normal users could feel.

At the same time, the field moved from chat to action.

AutoGPT was an early viral moment in 2023. It was messy, overhyped, and loop-prone. But it planted the idea that you could wrap a model in tools, memory, and retries and get something agent-like.

By 2025, that idea got much more serious. Operator, deep research, and similar systems showed that agents were no longer just toys for prompt hackers. They were still unreliable. They were also useful.

And for many engineers, somewhere around November 2025, agentic coding crossed a line. Not because one product magically solved software engineering, but because the combination of better models, better tool use, and better coding harnesses made delegation feel normal. Claude Code is the cleanest symbol of that shift. It was not the first coding agent, but it was one of the clearest signs that “ask the model to edit the repo, run tests, and come back with a patch” had become a practical workflow, not just a conference demo.

Then came the more personal version of the same story.

OpenClaw belongs in this story because it made the always-on personal agent feel real. If ChatGPT turned LLMs into a consumer product, OpenClaw and similar runtimes made people ask a more dangerous question: what happens when the model is not just a chat box, but a semi-autonomous operator living in your messages, your tools, and your workflow?

That is the real through-line.

First we got narrow systems. Then general language systems. Then usable assistants. Then reasoning models. Then agents that can actually do work.

What changed in the last two years

The simple answer is that the models got better. But that is too shallow.

The deeper answer is that we are stacking several kinds of progress on top of each other now.

Training improved. Inference got more powerful. Test-time compute became a real lever. Tool use improved. Retrieval improved. Memory got less fake. Coding scaffolds got sharper. Evaluation got less academic and more task-shaped.

That shift changed the argument.

For a while, people argued past each other because one side pointed at chatbot tricks and the other side pointed at benchmark failures. Both were missing the operational middle: what happens when you give a strong model a shell, a browser, a file editor, long horizons, retries, and permissioned access to the world?

That middle is where a lot of the action is now.

This is also why software is the first domino. Code lives in text, diffs, terminals, logs, tests, and tickets. The world of software is already shaped like a language model’s natural habitat. You do not need full robotics to change software. You need long-enough task horizons, good enough judgment, and enough reliability that the review burden is still worth it.

We are getting close.

The three timeline camps

Most timeline arguments are easier to read if you stop treating them as one giant debate.

There are really three camps.

1. The fast camp

This is the AI 2027 and Situational Awareness camp.

The fast camp thinks the missing distance is small, and that once AI systems become strong enough at coding and research, they start speeding up the very process that improves them. That is the core loop.

The strongest version of this argument is not “models look cool.” It is “the systems are already eating more of the cognitive stack, and once they cross the threshold where they can materially accelerate AI R&D, the curve bends.”

AI 2027 is the most concrete public version of this view. It tries to say, in detail, what a near-term transition to superhuman coders and then much faster progress could look like. Leopold Aschenbrenner makes a related case in Situational Awareness: extrapolate compute, algorithmic efficiency, and “unhobbling,” and AGI by 2027 starts to look plausible rather than insane.

This camp is also closer to frontier-lab rhetoric than many skeptics want to admit. Top lab leaders keep describing very short timelines in slightly different language. They may avoid the word singularity, but they are not talking like people who think this is a 2045 story.

2. The medium camp

This camp is less interested in sci-fi vocabulary and more interested in massive acceleration.

Dario Amodei is a good example. In Machines of Loving Grace, he argues that powerful AI could arrive reasonably soon and then compress decades of progress in fields like biology into a few years. His framing is useful because it takes both sides seriously: intelligence helps a lot, but the physical world still imposes latency.

This camp says:

yes, big change is close
no, intelligence is not magic dust
yes, software may move first
no, wet labs, fabs, logistics, and governments will not move at model speed

I think this camp is underrated because it is less theatrical than the pure takeoff story and less comforting than the skeptic story.

It also fits a lot of current evidence better.

3. The slow or skeptical camp

This camp has several flavors.

Epoch makes the cleanest serious case for longer timelines. The argument is not “AI is fake.” The argument is that people are hand-waving bottlenecks. Compute, data, real-world experiments, deployment cost, and messy agentic work all slow things down. On that view, current progress is real but does not imply a software-only singularity in the next few years.

Gary Marcus is the stronger skeptic on the core paradigm. He thinks LLMs are not the royal road to AGI.

François Chollet is more subtle. His complaint is not that current models do nothing. It is that memorization and interpolation are being confused with general intelligence. The ARC line of critique says we should care much more about efficient adaptation to genuinely new problems.

This camp has a real point. Many bullish people talk as if a model being strong at code, math, and web tasks automatically means it is one clean scale-up away from robust autonomous research. That is not proven.

What the camps are actually disagreeing about

A lot of this debate sounds philosophical. Most of it is not.

The real disagreements are about bottlenecks.

Can AI automate AI research early enough to speed up its own improvement?

How much does real progress depend on more chips, more power, more data centers, more experiments, and more human review?

Do agentic systems keep getting better as you give them more time and tools, or do they just fail more slowly?

Is current progress mostly a smooth extension of what transformers already do well, or do we still need a real conceptual break?

And maybe the biggest one:

When a model looks bad in a bare benchmark, is that telling you something deep about its limits, or are you just measuring the wrong level of the stack?

I do not think either side fully owns that question yet.

The economic warning shots

One reason timeline talk stopped sounding academic is that people started sketching the second-order effects.

Citrini Research did this with The 2028 Global Intelligence Crisis. It is explicitly a scenario, not a prediction. That distinction is important. But the scenario still hit a nerve because it describes a world many people can now imagine: coding agents get cheap, white-collar pricing power cracks, and large parts of the economy realize too late that cognitive labor was more exposed than expected.

I would not treat that essay as prophecy. I would treat it as a useful stress test.

Once agents become good enough, the question stops being “can they reason?” and becomes “which parts of the economy were quietly built on expensive human cognition?”

My prediction

Here is my best guess.

There is about a 60% chance that we get AGI-like systems by the end of 2029.

If you want a rough split, I would put it like this:

about 25% by the end of 2027
about 45% by the end of 2028
about 60% by the end of 2029

My modal year is 2028.

Why that range?

Because the strongest part of the bullish case is real. Coding, research assistance, tool use, long-horizon work, and test-time reasoning are all improving at the same time. That is exactly where you would expect the curve to steepen if AGI is near.

But I do not buy the strongest version of the fast-takeoff story. I think reliability, evaluation, deployment friction, and physical bottlenecks still loom large.

So I end up here:

2027-2029 looks live.

Much later than that, on the current story, looks less convincing.

And this is the part many people will find strange: if we get to 2030 without a real AGI break, I would update toward longer, not toward “sure, then maybe 2034.”

Why?

Because the singularity claim is not just “progress continues.” It is “progress is about to compound.”

If it does not start compounding soon, then one of two things is probably true:

current systems are missing something important
the real bottlenecks are stronger than the near-term bulls think

In either case, the comfortable middle story gets weaker. The idea that today’s paradigm somehow muddles along for years and then suddenly turns into a clean singularity in the mid-2030s is, to me, less believable than either a near break or a much longer detour.

That is why I think singularity is either a near-term event or a much later civilization-level event.

Soon, or not for a while.

What it means if this is right

The first big consequence is that software changes before most institutions are emotionally ready for it.

Not all software jobs disappear. That is the wrong frame. The deeper change is that the unit of work changes. One good engineer with several agents starts to look like a small team. Review, taste, problem selection, security, and system design count more. Boilerplate production counts less.

Research changes too. Not because AI replaces every scientist at once, but because literature review, hypothesis generation, experiment planning, and coding-heavy analysis all get cheaper before labs know how to price the new reality.

Security gets stranger. If you can give an agent useful authority, you can also give it dangerous authority. The same thing that makes personal agents compelling also makes them risky.

And the biggest shift is psychological.

Once a system can reliably compress a week of cognitive work into an hour of supervision, people stop arguing about whether it is “really intelligent.” They start reorganizing around it.

That is the point where the vocabulary fight counts less than the economic one.

Final view

I do not think the singularity is guaranteed.

I do think the burden of proof has changed.

Five years ago, saying “AGI by the end of the decade” made you sound reckless.

Today, saying it is impossible should require more argument than many skeptics are giving.

That does not mean the bulls are right. It means the world has moved.

My best guess is still 2028.

If I am wrong because it happens later by a year or two, fine.

If I am wrong because this whole line of progress stalls, that will be one of the most important facts of the decade.

But if I am right, then the period people will look back on as the hinge was probably not some far future date.

It was when coding agents became useful, reasoning models became normal, and the distance between “chatbot” and “co-worker” started collapsing in plain sight.

What is a wrench attack?

Sat, 21 Mar 2026 00:00:00 GMT

TL;DR

A wrench attack is a physical attack used to steal bitcoin or other crypto.

Instead of hacking a wallet, the attacker threatens, kidnaps, assaults, or tortures the person who controls it. In real cases, that can look like a crypto kidnapping, a home invasion aimed at a bitcoin holder, or another kind of coercive theft.

That is the basic meaning.

The reason the term matters now is simple: self-custody gives ordinary people direct control over money that can be moved quickly and, once sent, is often hard to recover.

What does wrench attack mean?

A wrench attack means the attacker goes after the human, not the cryptography.

Your wallet software can be solid. Your seed phrase can be stored correctly. Your hardware wallet can be genuine. None of that helps much if someone is standing in your home, pointing a weapon at you, and ordering you to unlock your phone or sign a transaction.

It is still theft, but the mechanism is coercion in the real world rather than a technical compromise. The funds are digital, but the pressure is physical.

Why is it called a wrench attack?

The name comes from the famous $5 wrench xkcd comic.

The joke is brutal and memorable. Why spend huge effort breaking strong encryption when you could threaten the person holding the password with a cheap wrench?

That joke stuck because it captures a real security truth: the hardest part of a system is often the human being operating it.

Why crypto holders are especially exposed

This kind of crime can happen with cash, jewelry, or bank credentials too. Crypto has a few traits that make it unusually attractive to attackers.

First, self-custody concentrates power. If one person controls the seed phrase, hardware wallet, or exchange login, one person may be all an attacker needs.

Second, transfers can happen fast. A criminal does not need to carry cash out of the building. They may only need a phone, a device unlock, and a signed transaction.

Third, public signals make target selection easier. As Chainalysis wrote in its 2025 mid-year crime update, attackers are increasingly targeting individuals, and operational security now matters as much as technical security. Social media posts, conference appearances, leaked customer data, luxury signaling, and public wallet chatter can all help criminals decide who looks worth targeting.

Fourth, these attacks are often planned. NBC News reported that crypto kidnappings and related physical attacks now span dozens of countries, and victims are often identified through prior relationships, surveillance, or online visibility rather than random chance (NBC analysis).

How fast is this problem growing?

No one has a perfect global count. Many victims never report these crimes, and some reports never become public.

Still, the public record is moving in a clear direction.

Counting the dated entries in Jameson Lopp’s public database of physical attacks involving crypto shows this recent trend:

Year	Documented cases
2019	9
2020	15
2021	36
2022	36
2023	25
2024	41
2025	74

That means the database’s documented count rose from 41 cases in 2024 to 74 in 2025, an increase of about 80% in one year.

There is also an early warning in 2026. By March 21, the same database had already logged 23 documented cases for the year. That is a partial-year figure, so it should not be compared directly with full years, but it shows the pace has not disappeared.

The broader industry is seeing the same direction. Chainalysis said 2025 was on track to have potentially twice as many physical attacks as the next highest year on record, while also noting that the real number is likely higher because many attacks go unreported.

France, the U.S., and the rest of the world

France

France became one of the clearest hotspots in 2025.

Using the same Lopp database, 20 of the 74 documented 2025 cases were linked to France. That is roughly 27% of the year’s public cases in that dataset.

The most widely reported case was the kidnapping of Ledger co-founder David Balland. Reuters reported that Balland and his wife were kidnapped in January 2025, that a ransom was demanded in cryptocurrency, and that Balland’s hand was mutilated during the ordeal. NPR and AP later reported another French case involving the father of a crypto entrepreneur, with French media saying one of his fingers was cut off.

That grim detail is why the threat no longer feels abstract. The violence described in these cases is real.

United States

The U.S. remains one of the biggest long-run clusters of documented cases.

In the same public database, the United States has the highest cumulative count since 2014. For 2025 alone, it logged 8 documented U.S. cases.

The American cases are not just small robberies. NBC News reported that a Minnesota family was allegedly held hostage at gunpoint in September 2025 and forced to hand over about $8 million in cryptocurrency. NBC also reported on the New York case in which two men were accused of kidnapping and torturing a victim in an attempt to steal bitcoin (NBC analysis).

So the U.S. story is not “this only happens somewhere else.” It is already part of the domestic crypto risk picture.

Rest of the world

This is a global problem, not a French problem with a few U.S. copycats.

NBC News found 67 crypto kidnapping cases in 44 countries and more than 150 alleged wrench attacks worldwide over the past decade. Lopp’s broader physical-attack database now spans incidents across dozens of countries as well, including the UK, Canada, Brazil, Thailand, Hong Kong, India, Pakistan, South Korea, and others.

The pattern is consistent across borders:

A victim is believed to control meaningful crypto.
Attackers think the victim can access it quickly.
The victim is isolated, pressured, or surveilled.
The criminals try to force an immediate transfer.

The geography changes. The logic does not.

How can you protect yourself from a wrench attack?

There is no perfect defense. The goal is to make yourself a harder target and make your funds harder to reach quickly.

These are the clearest ideas that show up across the research from Jameson Lopp’s public guidance, Casa’s physical security guide, and Chainalysis:

Keep your crypto life private. Do not advertise holdings, gains, routines, or devices on social media. Do not make it easy for strangers, casual acquaintances, or insiders to know what you control.
Do not keep meaningful access in one easy place. If all signing power lives on the phone in your pocket or in a hardware wallet at home, an attacker has a short path to your funds.
Split control. Multisig, offsite key storage, and time delays make it much harder for one coerced person to move everything on demand.
Treat physical security as part of crypto security. Better locks, cameras, lighting, safer routines, and awareness of surveillance matter. So does thinking carefully about conferences, travel, and who knows where you live.
Have a silent alert and response plan. This is the layer many people forget. If you are being pressured, you may need a covert way to notify trusted contacts, share location, or trigger a pre-planned response. That is exactly the kind of problem Alcazar Flare is built for: silent alerts, trusted-contact notification, live location sharing, and response-plan coordination when someone is being forced to unlock a wallet or device.
Prioritize your safety over your coins. No wallet setup is worth dying for. If you are in immediate danger, focus on surviving the incident and contacting law enforcement as soon as you safely can.

One nuance is worth saying clearly: decoy or duress wallets are sometimes discussed, but they are not a magic fix. Even Jameson Lopp’s write-up on duress wallets argues they are unreliable on their own because you cannot predict how a violent attacker will react. A better mindset is layered defense: privacy, split control, slower access, and a silent emergency plan.

The simple definition to remember

If you only remember one sentence, use this:

A wrench attack is when someone skips hacking your crypto and attacks you instead.

That is the meaning people are usually looking for.

And that is why the topic matters now. As crypto becomes more valuable and more visible, physical attacks become more tempting to criminals. The right response is not panic. It is to stop treating personal safety and wallet security as two separate things.

Dead man's switch vs digital will: what each one is for

Thu, 19 Mar 2026 00:00:00 GMT

TL;DR

These terms get mixed together because they all answer the same uncomfortable question: what should happen to your accounts, files, and instructions if you suddenly cannot manage them yourself?

But they are not the same thing.

A dead man’s switch triggers automatically when you stop checking in.
A digital will is a plan for your digital assets, accounts, and instructions.
A last will and testament is the legal document that gives formal authority and directs property.
Emergency access and digital legacy features help trusted people get into specific accounts when the time comes.

Most people who need one of these probably need a mix of them.

The simple version

If you want the fastest possible explanation, use this table:

Tool	What triggers it	Best for
Dead man’s switch	You stop checking in	Automatic alerts, messages, instructions, or handoff
Digital will	Your own planning process	Listing accounts, wishes, contacts, and recovery steps
Last will and testament	Legal process after death	Naming beneficiaries, executors, and property distribution
Emergency access / digital legacy	A trusted person’s request or proof of death	Access to specific accounts and vaults

That is the practical difference.

Why people confuse these terms

The overlap is real.

Someone planning a digital legacy might need:

a way to pass on account instructions
a way for family to access photos or messages
a legal document for actual inheritance
a backup plan if nobody knows something is wrong

That is how people end up searching for all of these at once:

dead man’s switch
digital will
last will and testament
last message
digital legacy
emergency access

The confusion comes from the fact that these tools can support each other. But each one solves a different part of the problem.

What a dead man’s switch is actually for

A dead man’s switch is the automatic part.

It expects you to check in. If you stop responding for long enough, it follows the rules you set earlier.

In modern software, that usually means:

You choose a check-in schedule, such as weekly or monthly.
You set a grace period so false alarms do not trigger immediately.
You decide who should get what.
You keep checking in as normal.
If you go silent long enough, the system sends or releases what you chose.

This is useful when the problem is not just access, but timing.

You do not want your partner, cofounder, or lawyer waiting until someone happens to discover a document. You want a system that notices your silence and starts the handoff.

That is why dead man’s switches are good for:

private last messages
solo-founder continuity
recovery instructions
travel check-ins
high-stakes cases where silence itself is the warning sign

What a digital will is for

A digital will is broader and less automatic.

Usually, when people say digital will, they mean some combination of:

a list of important accounts
instructions for devices and storage
notes about subscriptions, domains, or online income
directions for where documents or hardware are stored
names of the people who should handle different parts

In other words, a digital will is often an organized plan for your digital life, not a magical new legal category.

That distinction matters.

A digital will can be very useful even if it is not the legal document that transfers ownership. It can tell the right people what exists, what matters, and what to do first.

It is especially good for messy real-world details that legal documents often do not handle well:

where the hardware wallet is
which password manager matters
how the business billing stack works
which domains renew critical services
what should be deleted versus preserved

Where a last will and testament fits

A last will and testament is the legal layer.

It is about authority, beneficiaries, and distribution of property through the proper process.

That is why a dead man’s switch should not be sold as a substitute for a will. It is not one.

If the question is:

who inherits what
who is the executor
who has legal authority
how assets should be distributed

then you are in will territory, not dead man’s switch territory.

The practical rule is simple:

use a will for legal authority
use a digital will for clarity and instructions
use a dead man’s switch when timing and automatic escalation matter

Where emergency access and digital legacy fit

Emergency access tools are different again.

They do not mainly answer “when should this start?” They answer “how can the right person get in?”

That is why they are such a good companion to digital legacy planning.

Some of the clearest examples are first-party platform features:

Apple Legacy Contact lets you designate someone who can request access to your Apple account data after your death using an access key and death certificate.
Apple also says some data is excluded, including Keychain items like passwords and passkeys. See Apple’s Legacy Contact data list.
Bitwarden Emergency Access lets a trusted person request view or takeover access to your vault after a wait period you define.
1Password’s Emergency Kit gives you a recovery document that you can store safely or share with someone you trust.

These are not dead man’s switches. They are access mechanisms.

That is an important difference. A dead man’s switch is triggered by non-response. Emergency access is usually triggered by a trusted person taking action under rules you already set.

Where a last message fits

A last message is not a legal or technical category on its own. It is content.

It might live inside:

a dead man’s switch
a sealed document
a digital estate plan
an email draft or recorded video

This is worth pointing out because people often search for “last message” and “dead man’s switch” as if they are synonyms.

They are not.

A dead man’s switch is the delivery mechanism. The last message is just one possible thing it might deliver.

What most people should actually set up

For most people, the right answer is not to pick one term and hope it covers everything.

A better setup looks like this:

Create or update the legal documents you actually need.
Make a clear digital will or digital asset inventory.
Set up emergency access or legacy contact features on the platforms that support them.
Add a dead man’s switch only if your silence itself should start the process.

That fourth step is where a product like Alcazar’s Dead Man’s Switch fits naturally: scheduled check-ins, grace periods, trusted contacts, and encrypted delivery for the cases where you do not want vital instructions waiting in a drawer.

The practical takeaway

If you remember one thing, let it be this:

A dead man’s switch is for automatic escalation. A digital will is for organized instructions. A last will and testament is for legal authority. Emergency access is for getting into the accounts that matter.

Those tools overlap, but they are not interchangeable.

Once you separate them, planning gets much easier. You stop looking for one magic object and start building a system that matches how real digital lives actually work.

What is a dead man's switch?

Mon, 16 Mar 2026 00:00:00 GMT

TL;DR

A dead man’s switch is any mechanism that triggers when the operator stops acting.

In old machinery, that meant a train or mower stopping when the driver let go. In software, it usually means a check-in system: if you stop confirming that you are OK, the system sends a message, releases instructions, or hands off information to trusted people.

That is the core idea.

Everything else people bundle into the term, from John McAfee lore to Russia’s Dead Hand to digital legacy features in Apple or password managers, is easier to understand once you keep that one definition in view.

What does dead man’s switch mean?

A dead man’s switch is a fail-safe that activates when a person becomes absent, incapacitated, or unable to keep signaling that they are still present.

You will also see it written as dead man switch or deadman’s switch. The meaning is the same.

The key property is not death in the literal legal sense. The key property is loss of check-in.

That is why the term started in physical safety systems. If a train operator collapsed, a locomotive should not keep moving just because nobody was there to stop it. The safest design was to require continued human input. No input, then the system changes state.

Modern internet versions use the same logic:

if you do not respond to a prompt
if you miss a scheduled check-in
if you fail to cancel an alert
if you disappear for long enough

then something happens automatically.

That “something” could be harmless, serious, or dramatic:

a family member gets a message
a cofounder receives recovery instructions
an attorney gets a document
a security contact is told to investigate
prewritten files are released

The common thread is simple: the trigger is your silence.

Why the term feels more dramatic than it is

Popular culture has made the phrase sound like blackmail theater.

People picture a vault of secrets, a final message, a whistleblower dump, or some movie plot where a villain says, “If I die, this goes public.”

That use does exist. But it is only one corner of the concept.

In practice, most real dead man’s switches are more boring and more useful:

operational continuity
safety shutdowns
welfare checks
incident escalation
digital legacy handoff

The movie version is the loud version. The practical version is usually just a timer plus a missed check-in.

Why John McAfee shows up in searches for this

For a lot of people, John McAfee is where the phrase entered their mental map.

Before his death in 2021, McAfee posted claims suggesting incriminating material would be released if he disappeared. After his death, those claims fueled a wave of “dead man’s switch” speculation. Reuters’ reporting covered the death itself, but the supposed switch became a layer of internet mythology on top of that event.

That episode matters because it distorted the public meaning of the term.

A dead man’s switch does not need to involve conspiracies, kompromat, or 31 terabytes of mystery files. It can be as mundane as:

“If I do not check in for seven days, send my partner the instructions for where the important documents are.”

That is still a dead man’s switch.

Is Dead Hand a dead man’s switch?

Mostly, yes.

Dead Hand, the Soviet system also known as Perimeter, is the most famous geopolitical example of the idea. Britannica describes it as a semiautomated nuclear launch system allegedly designed to retaliate if a nuclear strike was detected and communications with top commanders were cut off. See Britannica on Dead Hand.

The reason people connect dead hand meaning, dead hand system, and Russia Dead Hand to this topic is that Dead Hand is basically a specialized dead man’s switch for deterrence.

The logic is brutal but clear:

detect signs of a catastrophic attack
check whether normal command still exists
if command appears gone, allow retaliation to proceed

That is why Dead Hand is such a memorable example. It takes the same underlying pattern and pushes it to the most extreme possible domain.

Still, it helps to be precise: Dead Hand is not the definition of a dead man’s switch. It is one famous subclass of it.

Dead man’s switch vs kill switch

People often mix these up because both involve triggers and consequences.

A kill switch is a mechanism you intentionally activate to stop, disable, or destroy something.

A dead man’s switch activates because you failed to keep it from activating.

That difference matters.

With a kill switch, the action is deliberate and positive. You press the button.

With a dead man’s switch, the action is indirect. You stop checking in, let go, fail to respond, or disappear, and the system interprets that silence as the signal.

Sometimes a system can contain both ideas at once. But they are not interchangeable terms.

Dead man’s switch vs emergency access

This is where modern digital planning gets interesting.

Many tools that people actually need are not dead man’s switches, even if they solve a related problem.

Take a few examples:

Apple Legacy Contact lets you designate someone who can request access to your Apple account data after your death, using an access key plus a death certificate. Apple also makes clear that some data, including Keychain items like passwords and passkeys, is excluded. See Apple’s data access list.
Bitwarden Emergency Access lets a trusted person request view or takeover access to your vault, with a wait period that you define.
1Password’s Emergency Kit is a stored recovery document that helps you or someone you trust regain access if needed.

These are adjacent ideas, but they are structurally different.

Emergency access tools are usually based on:

designated trusted people
explicit approval flows or waiting periods
recovery documents
proof of death or proof of authority

A dead man’s switch is based on non-response.

You can combine the two. In fact, that is often the smart way to do it. A dead man’s switch can send the instructions that tell someone where the emergency kit is, how to invoke emergency access, or which accounts matter most.

But the tools are solving different problems.

Emergency access says, “How can the right person get in when the time comes?”

A dead man’s switch says, “How do we know when to start?”

Dead man’s switch vs a last will and testament

A dead man’s switch is also not the same thing as a last will and testament.

A will is a legal document. It names beneficiaries, gives directions for property, and works through an executor and legal process.

A dead man’s switch is an operational mechanism. It sends, reveals, or triggers something when you fail to check in.

That makes it useful for different things:

practical instructions
account maps
contact trees
location of documents
a private last message
information that helps someone carry out your wishes

But it does not replace estate planning.

If you want assets transferred, authority established, or disputes minimized, you still need proper legal documents. If you want someone to quickly know where the encrypted backup lives, what the server root password policy is, or which lawyer to call first, a dead man’s switch can help with that.

That is where the phrase digital will can be helpful, as long as you do not confuse it with a legally sufficient will. A dead man’s switch can support a digital will by delivering instructions or pointers, but it is not the legal instrument itself.

So what should most people actually use?

For most normal people, the right answer is not “set up a dramatic dead man’s switch and forget about it.”

It is a layered setup:

a real estate plan if your situation calls for one
a digital legacy plan for accounts and devices
emergency access for password managers and important platforms
a dead man’s switch only where automatic escalation is actually useful

That last layer is best for situations like:

solo operators who hold critical operational knowledge
people who travel or work in higher-risk contexts
anyone who wants a trusted person to get a message if they go silent
people who want recovery instructions delivered without waiting for someone to discover a document by accident

If that is the layer you actually need, a dedicated service like Alcazar’s Dead Man’s Switch is the kind of tool to look at: check-ins, grace periods, trusted contacts, and encrypted delivery, without trying to pretend it replaces a will.

If all you need is inheritance planning, a dead man’s switch may be the wrong first tool.

If what you need is a timed last message, a check-in based alert, or a way to ensure key instructions do not stay buried forever, it starts to make sense.

A practical definition worth keeping

If you only remember one sentence, use this one:

A dead man’s switch is a system that triggers because you stopped checking in.

That definition is broad enough to include locomotives, digital alerts, and even Dead Hand, while still being specific enough to separate the idea from kill switches, password-manager recovery, and legal wills.

It also explains why the topic keeps showing up next to phrases like last message, digital legacy, and dead hand. All of them live near the same human problem:

What should happen if I am suddenly not here to do the next thing?

That question is uncomfortable. It is also practical.

Which is probably why the term has survived for so long.

Hacker News digest: why Top HN focuses on the comments

Fri, 13 Mar 2026 00:00:00 GMT

Top HN is our Hacker News digest. It publishes a daily edition for readers who want a quick scan of the day and a weekly edition for people who would rather catch up in one sitting.

The product exists because of a familiar Hacker News problem. A title gets your attention, but the real value is often deeper in the thread: a correction from someone who has done the work before, a reply that adds missing context, or a practical comment that is more useful than the original article.

We did not want a thin list of links with vague summaries attached. We wanted a Hacker News summary that captured what people were actually talking about and why a story was worth reading for technical readers.

What makes a good Hacker News digest

For us, a good digest does two things well. First, it tells you which stories were worth your time. Second, it tells you what the conversation added.

That second part is more important than it looks. Hacker News is full of posts that get a burst of points and then fade out without much substance. Those may be fine front-page items, but they are weak digest material. A useful digest should prioritize stories that led to strong discussion, disagreement, explanation, or firsthand experience.

That is the core idea behind Top HN. We are not trying to mirror the front page. We are trying to make Hacker News easier to follow for people who care about the signal.

How Top HN picks stories

We fetch stories inside a strict UTC window and rank them, but points alone are not enough. We also look for signs that a thread is alive.

If a post has impressive points but too little real discussion, it is often not worth a place in the digest. On the other hand, a story with strong engagement and a rich thread tends to produce better reading, better summaries, and better reasons to click through.

The goal is to find Hacker News stories that people actually argued about, explained, expanded on, or learned from.

Why comment summaries help

Most Hacker News digests stop at the headline and link. That misses a lot of the reason people read Hacker News in the first place.

Top HN summarizes both parts of the experience:

the linked article or source
the comment thread that made the story worth opening

That means a reader can understand the basic news item, then quickly see whether the discussion added useful technical, product, or business context.

We also keep the thread summaries grounded. When a comment is especially useful, surprising, or important, the digest links back to the original discussion so the reader can inspect the source in context.

That makes Top HN feel less like detached commentary and more like a guided map of the conversation.

Daily vs weekly digest

The daily digest is the short version. It is for people who want to keep up with Hacker News in a few minutes a day.

The weekly digest is the broader catch-up. It is for readers who want the strongest stories and discussions from the week without needing a daily reading habit.

Together, they give readers two good ways to follow the same source of attention: once a day for a quick habit, or once a week for a more complete review.

Who this is for

Top HN is built for:

developers who want a fast read on what technical people are discussing
founders and product teams who want to see which ideas are landing or getting challenged
investors and operators who want a higher-signal view of where technical attention is moving
curious readers who like Hacker News but do not want the time cost of reading every thread

Why we think this format works

Reading Hacker News directly is still great when you have time. But many readers do not want to monitor the front page, sort through weaker threads, and decide which discussions are worth twenty minutes of attention.

A good Hacker News digest should reduce that work. It should help you decide what deserves a click, what can be safely skipped, and what the discussion added beyond the headline.

That is the standard we are aiming for with Top HN.

If you want to try it, you can read the latest daily digest, browse the weekly digest, or subscribe to the daily RSS feed.

Dead man's switches: how they work and when to use one

Sun, 08 Mar 2026 00:00:00 GMT

A dead man’s switch is a system that expects you to check in. If you stop responding, it carries out an action you chose in advance.

The original idea came from machinery. A train or device would keep running only while someone actively held a control. Software borrowed the same logic and turned it into a safety tool for modern life. Instead of stopping a machine, it can release a message, share a file, or notify the right people when you go silent.

How a dead man’s switch works

Most dead man’s switch tools work in five steps:

You choose a check-in schedule, such as weekly or monthly.
You upload or write the information that should be released later.
You pick the people who should receive it.
The system reminds you before and after a missed check-in.
If the grace period expires with no response, delivery happens automatically.

That is the plain answer to the dead man switch meaning people usually search for. It is a check-in system with a backup plan.

Common uses

People use dead man’s switches for digital estate planning, crypto recovery, business continuity, and private messages for family. A founder might store recovery codes so a partner can keep the company running. A traveler might share itinerary details if they miss a check-in. A journalist might arrange for sensitive documents to be released if they disappear.

The pattern stays the same. Something important needs to reach someone else, even if you are no longer able to send it yourself.

When to use one

You should consider a dead man’s switch when silence would create a real problem. Maybe your family would lose access to key accounts. Maybe a business would get locked out of critical systems. Maybe instructions, credentials, or final messages would never reach the people who need them.

If you want a version built for encrypted messages, scheduled check-ins, grace periods, and trusted contacts, see Alcazar’s Dead Man’s Switch.

Sharing encrypted files in a single HTML file

Thu, 05 Mar 2026 00:00:00 GMT

You don’t need to be a spy to have secrets. You just need a tax return, a medical record, or a login you need to share with a colleague.

The problem is sending them. Email is like a postcard; anyone handling the mail can read it. Chat apps are better, but do you want your financial documents sitting in a chat log forever?

Portable Secret creates a secure, digital envelope. You put your files inside, lock it with a password, and get a single HTML file you can send anywhere.

Here are five ways to use it.

1. The Insecure Channel Handoff

Sometimes you have to use email. Maybe you are sending a contract to a lawyer or a tax form to an accountant. They don’t use Signal. They use Outlook.

Don’t attach the PDF directly. Create a Portable Secret with the document inside. Email the file. Then, send the password via a different channel, like a text message or a phone call.

If their email gets hacked, the attacker only gets a locked file.

2. The Digital Emergency Kit

What happens if you lose your phone, your laptop, and your house keys all at once?

Create a text note with your master password, your recovery phrases, and emergency contacts. Save it as a Portable Secret. Put that file on a cheap USB drive and leave it with a trusted friend or in a safety deposit box.

If you need it, you can plug it into any computer. Since the decryption happens in the browser, you don’t need to install special software on a borrowed machine.

3. The Dead Man’s Switch Payload

Services like Dead Man’s Switch send an email if you don’t check in for a certain period. It is a useful way to pass information if something happens to you.

But you shouldn’t trust the service itself with your raw secrets.

Instead, attach a Portable Secret file. Give the password to your beneficiaries now. When the email eventually arrives, they can open the attachment safely. The service provider never sees the contents.

4. Client Credentials

If you build websites or set up accounts for clients, you eventually need to give them the keys.

Pasting a root password into Slack or Teams is bad practice. It lingers in search history.

Wrap the credentials in a Portable Secret. Send it over. Once they open it and change the password, they can delete the file. It is a clean, ephemeral handoff.

5. The Cloud Storage Layer

Cloud storage is convenient, but it is not private. Providers scan files for various reasons.

If you need to store scans of your passport or birth certificate in the cloud, don’t upload the raw images. Wrap them in a Portable Secret first. You get the convenience of cloud availability with the privacy of local encryption.

Summary

Portable Secret is most useful when you need to send or store something sensitive, but you don’t control the channel. Email inboxes, cloud drives, contractor handoffs, and emergency backups all fall into that category.

If the file has to travel through systems you don’t fully trust, package it first and share the password separately. Create your own at Portable Secret.

Practical uses for a dead man's switch

Sun, 01 Mar 2026 00:00:00 GMT

We spend our lives accumulating digital keys. Passwords to bank accounts, phrases for crypto wallets, access to cloud storage full of family photos. But unlike a physical key under the mat, these digital assets are often locked inside our heads or on encrypted devices. If something happens to us, they vanish.

This is where a Dead Man’s Switch comes in. Despite the grim name, it is really a life assurance tool. It monitors your activity, usually by asking you to check in via email or app at set intervals. If you stop responding, it assumes you are incapacitated and automatically executes a pre-set plan.

Here is how real people use this simple automation to protect their work, their assets, and their families.

If you are less interested in use cases and more interested in which tools are actually worth considering, see the best tools for sending an email if you go silent.

The Digital Will

Most of our modern wealth and identity is purely digital. You might have Bitcoin in a hardware wallet, a master password for your banking, or a domain name renewal that keeps your family business online.

If you are incapacitated, your family might have the legal right to these assets but no way to access them. A Dead Man’s Switch solves this. You can upload an encrypted file containing your seed phrases, PINs, or the location of a physical ledger. If you don’t check in for 30 days, the system automatically emails the decryption key to your spouse or trusted executor. It ensures your digital estate doesn’t die with you.

The Final Goodbye

Grief often comes with unanswered questions. Sometimes the most valuable thing you can leave behind isn’t money, but a message.

People use these switches to send delayed letters to loved ones. It could be a video for a child’s future birthday, a confession, or just a simple reminder of love that arrives when they need it most. It allows you to have the last word on your own terms, offering closure that a sudden departure usually steals away.

The Activist’s Shield

For journalists, whistleblowers, and activists living under oppressive regimes, information is ammunition. But it can also be a target.

In high-stakes environments, a Dead Man’s Switch acts as an insurance policy. A journalist holding sensitive evidence of corruption can set up a system that releases the data publicly if they are detained or silenced. This creates a “deterrent” effect. Adversaries know that harming the person won’t kill the story; in fact, it might trigger its immediate release to every major news outlet in the world.

The Solo Adventurer’s Safety Net

You don’t have to be a spy to need a safety line. Solo hikers, climbers, and travelers often venture into areas where accidents happen without witnesses.

If you are hiking the Appalachian Trail alone, you can set a switch to check in every 48 hours. If you go missing and miss a check-in, the system can email your GPS coordinates and itinerary to local search and rescue teams or family members. It turns a passive absence into an active alert, potentially saving your life while you are still recoverable.

The Business Continuity Plan

Small business owners and freelancers often suffer from “founder dependency.” If the one person who knows the server root password or the 2FA backup codes gets hit by a bus, the entire company freezes.

A Dead Man’s Switch is professional responsibility. It ensures that if the founder is unavailable for an extended period, the critical operational data (admin credentials, bank access, client lists) is securely transferred to a partner or second-in-command. It keeps the lights on even when the pilot is gone.

Automated Social Legacy

Some users want to manage their public image even after they are gone. This might mean sending a final tweet to followers, publishing a pre-written blog post, or archiving a portfolio. It allows public figures or creators to sunset their online presence gracefully rather than leaving it to fade into silence.

Summary

A Dead Man’s Switch is responsible automation. It guarantees that no matter what happens, your voice is heard, your assets are safe, and the people you care about are not left in the dark.

Whether you rely on a trusted friend or a dedicated service like Alcazar’s Dead Man’s Switch, having a plan ensures your digital legacy is as resilient as the life you lived.