Security Hub

Defensive security guidance for document workflows. Plain-English for non-technical readers, deep technical references for advanced users.

Who this is for

Office workers
Whistleblowers
General PDF users
Journalists and support teams

Start here

Non-Technical (7)

Practical guidance with minimum jargon.

Open non-technical track

Technical (9)

Deep risk models and systems-level controls.

Open technical track

Policy

Defensive-only boundary for all security content.

Read policy

Latest reviewed

What Verified Processing Means (2026-03-14)
CSP Exfiltration Analysis (2026-03-14)
Residual Risk Disclosure (2026-03-14)

All security articles

Non-Technical · high · beginner

2026-02-20 · 5 min

Emergency Risk Steps

What to do first when you think your document-sharing identity may be exposed.

Non-Technical · high · intermediate

2026-02-20 · 7 min

Journalist Submission Hygiene

Defensive submission habits that help sources and journalists reduce avoidable exposure.

Non-Technical · medium · beginner

2026-02-20 · 6 min

Office Worker Secure Sharing

How to share policy, HR, legal, and finance PDFs with fewer accidental leaks.

Non-Technical · high · beginner

2026-02-20 · 7 min

Redaction Pitfalls

Common redaction mistakes and safer defaults before public or legal sharing.

Non-Technical · low · beginner

2026-02-20 · 6 min

Safe PDF Handling Basics

Plain-English habits that reduce accidental identity leaks when sharing PDFs.

Non-Technical · low · beginner

2026-03-14 · 4 min

What Verified Processing Means

Plain-language explanation of the green shield badge and what it proves about your privacy.

Non-Technical · high · beginner

2026-02-20 · 8 min

Whistleblower Quickstart

A beginner-safe, defensive workflow for people sharing documents under pressure.

Technical · high · advanced

2026-03-14 · 20 min

CSP Exfiltration Analysis

Analysis of browser-based data exfiltration vectors and how CSP and VPE address each one.

Technical · high · advanced

2026-02-20 · 10 min

Endpoint and Browser Leakage Model

Technical model of how endpoint state and browser context can break document anonymity goals.

Technical · medium · advanced

2026-02-20 · 9 min

Evidence Handling Chain

Technical integrity practices for preserving document credibility while reducing exposure.

Technical · high · advanced

2026-02-20 · 9 min

Metadata Forensic Traces

Technical overview of metadata and structural traces that can persist in PDF workflows.

Technical · high · intermediate

2026-02-20 · 8 min

Network Model Limits

Where network privacy controls help and where they do not in document-sharing workflows.

Technical · medium · advanced

2026-02-20 · 8 min

Reproducible Build Verification Basics

Why reproducible client builds matter for trust and how to verify what you run.

Technical · high · intermediate

2026-03-14 · 8 min

Residual Risk Disclosure

Honest disclosure of what the VPE cannot protect against, with practical recommendations.

Technical · high · advanced

2026-02-20 · 10 min

Threat Modeling Workflow

A practical model for deciding which controls matter for your document-sharing risk.

Technical · medium · advanced

2026-03-14 · 15 min

Verified Processing Environment (VPE)

Architecture of the VPE system that proves no data leaves the browser during PDF processing.