Encrypt everything
The end-to-end encryption dependency
Running encryption is, more than ever, a necessity. Choices abound between slick apps from tech giants promising “end-to-end” security, often bundled with their ecosystems, rules, and constant updates that could slip in backdoors. Or free tools that feel clunky, buried in jargon, and saddled with outdated guides that leave even experts fumbling. On the corporate side, you’ve got Signal, WhatsApp, polished interfaces that make you feel safe, delivered via app stores to your device.
They’re there to give users (consumers, really) that warm glow of privacy while funneling data through central servers we must assume are riddled with surveillance hooks. The main draw? Convenience.
Because the open-source alternatives often lack intuitive setups, forcing you to wrestle with command lines just to encrypt a simple message, or finding public-keys of someone on a centralized server.
Even tech-savvy folks hit walls: copy-paste a key generation script from docs, and it flops due to untested code or missing dependencies. Good luck integrating it with everyday tools without endless tweaks. In essence, you’re paying these middlemen (through data or subscriptions) for usability, while questioning if your “secure” chats are truly private. As someone valuing sovereignty, do you cling to these apps out of habit, or the illusion of protection? Or do you face the reality that true encryption demands local control, free from any network touch?
The dire need stems from our surveillance-saturated world, especially in the EU’s iron-fisted regime. The Digital Services Act isn’t just scanning—it’s mandating backdoors, with laws like France’s Article 821-4 requiring decryption in 72 hours flat. Assume every byte you send hits a dragnet: client-side encryption crumbles when apps get coerced into updates that expose keys.
We’ve seen it in scandals where “secure” services folded to warrants, leaking troves of data. Centralized systems are vulnerabilities waiting to crack—rigged like the Hot Lotto fraud, but for your privacy. Without robust, user-owned encryption, you’re naked in a panopticon: messages, files, even thoughts sifted by algorithms and agents. This isn’t paranoia; it’s pattern recognition. From whistleblowers dodging reprisals to everyday folks evading ad trackers, encryption is your shield against the “EU-junta zone’s” overreach. But current free options fail: they’re arcane, error-prone, and demand constant key swaps over potentially tapped channels. We need encryption that’s seamless, local-first, transforming plaintext to ciphertext on your machine before any transmission. No reliance on apps that could betray you; just verifiable, tamper-proof locks you control.
Timeseed v2
Enter Timeseed, not as a sales pitch but a rallying cry for what encryption should be: decentralized, open-source, and free of economic traps. No tokens, no coins—just a lightweight daemon harnessing time-based randomness for key generation. It runs on your setup, minimal compute like a Golang whisper, pulling from networks akin to Drand’s node collective. Born from cryptographic research at places like EPFL, it counters centralized flaws by deriving keys from unpredictable, verifiable seeds. No single point of failure; nodes worldwide aggregate randomness every 30 seconds, resistant to manipulation or shutdowns. You encrypt to a correspondent’s timeseed—publicly shareable when paired with offline-peppered passwords—or tie to daily/long-term derivations. The magic? No unencrypted contact needed for setup or re-keying. Adapt on the fly: shift seeds without exposure, perfect for evolving threats like tightening laws. In 2025, with DSA claws deepening, this means sending files as gibberish until unlock, shielding against scans that demand quick decryption. It’s encryption evolved—local, pre-network, empowering you to lock down everything from emails to backups without feeding the surveillance machine.
Critics of free tools echo tired excuses: “It’s not for beginners,” “Use the apps with better UX,” or “Privacy pros only.” I reject that gatekeeping. If encryption is vital for freedom—against state mandates, corporate espionage, or cyber thugs—why do open-source staples still deliver glitchy installs and opaque maintenance? It should be as effortless as opening a browser: download, run, encrypt. Yet, most free libraries demand coding chops, leaving non-techies reliant on flawed apps. Add the costs: energy for constant runs, hardware for secure storage, and the risk of IP exposure (even VPNs leak). Your provider logs it all, flagging you as a “privacy nut.” These hurdles outweigh benefits in a sea of corporate nodes, where growth masks stagnation—many “secure” setups are just branded wrappers. True adoption explodes with accessible software: imagine billions encrypting seamlessly, not just elites. Timeseed bridges that—verifiable randomness for keys, zero trust in intermediaries, tiny footprint. No illusions; it’s practical defense, turning the tide against backdoored worlds.
Timeseed.io stands as the practical solution, hosting a client-side web app that lets you generate high-entropy TimeSeed roots and derive reproducible passkeys without any server involvement. You can run it offline by downloading the HTML file for local use on your machine, ensuring encryption happens purely on-device, or access it online for convenience while keeping secrets local. Built on WebCrypto APIs, it separates key derivation from encryption: input a 50-character Base62 TimeSeed (randomly generated), add an optional pepper secret (for stronger security or when the timeseed is known publicly), and scope to daily or semester labels for domain-separated keys via HKDF-SHA256.
This produces 256-bit hex passkeys for LockIt, enabling secure text or file encryption with no key exchange needed—share the TimeSeed publicly if pepper-protected, or keep it private for direct use.
Argon2 serves as the key derivation function in LockIt, transforming the passkey into an AES encryption key with parameters frozen for security: iterations t=5, memory m=131072 KiB, parallelism p=1, and a 16-byte random salt. This memory-hard design resists brute-force attacks by demanding significant computational resources, making it ideal for password-based encryption where attackers might try offline guesses. By outputting a 32-byte hash directly as the AES-256 key, Argon2 ensures each encryption under the same passkey gets a unique key thanks to per-message salting.
AES-GCM then handles the authenticated encryption in LockIt, using a 12-byte random (initialization vector) IV for each operation to prevent nonce reuse, while appending a 16-byte tag for integrity checks—any tampering throws an error on decrypt. Passkeys from TimeSeed feed into this: a 64-hex-char string becomes the Argon2 password, deriving fresh AES keys per file or text, with formats like TS4-TEXT-v4 (hex-encoded for text) or armored “ .locked “ files (base64 binary blobs for portability).
This combo guarantees confidentiality, integrity, and stateless decryption, all client-side and local.
Basically, you encrypt securely before anything hits an app, network, service or central system. It allows you to have identifiers not tied to a person, telephone number, e-mail or IP address. And it most importantly re-keys every day.
The companion site ‘LockIt’ acts like an app, and complements timeseed by offering the standalone encrypt/decrypt functionality, perfect for quick use on a phone during emergencies or for stripped-down convenience without the full TimeSeed key generator. Load it in a browser, paste a pre-derived passkey, and handle text or files directly—ideal for mobile scenarios where you need to unlock on the go, maintaining the same AES-GCM and Argon2id rigor but skipping key derivation steps.
As threats mount, why settle for half-measures?
The EU and its surveillance state widens, and we need a convenient, secure and independent way of encrypting.
Encrypt everything with Timeseed: generate keys from future seeds for travel-safe vaults, time-lock inheritances without escrows, or message sans surveillance.
Start simple, test it online, or grab it from GitHub, save the html page.
Spin up the daemon, craft your timeseed.
In this “new EU way of life,” it’s not choice; it’s imperative.
Reclaim your data, or watch it totalitarianism hoard your data in data banks rigged against citizens.
Mr 21