Guatemalan journalist and developer — I build security & privacy tools for journalists and human rights defenders.
Based in Germany. I work where investigative journalism meets digital security: researching digital threats and hostile environments, and building the defensive tooling that helps reporters and defenders stay safe. Most of what I ship runs entirely client-side or offline, with no accounts and no telemetry.
| Project | What it does | Stack | Live |
|---|---|---|---|
| apipass | Encrypted vault for API keys & secrets — 100% in-browser (AES-256-GCM + Argon2id), also a signed macOS app | Web Crypto · Tauri/Rust | apipass.c-lab.tools |
| computer-check | Read-only macOS security self-check — plain-language report, encrypted local history, zero telemetry | Tauri · Rust · Python | desktop app |
| hashcheck | Verify file integrity by hash, entirely in your browser — no uploads, no backend | JavaScript · Web Crypto | hashcheck.c-lab.tools |
| GovScan | Passive scanner that audits & grades government websites (SSL/TLS + security headers) | Python | govscan.j-lab.tools |
| cartas-a-desconocidos | Anonymous handwritten-letter exchange | Node.js · Docker | cartasadesconocidos.com |
| noir | Dark, minimal Ghost CMS theme | CSS | noir.quicktheme.online |
- Digital security for high-risk users — threat modeling, device hardening, and self-assessment tooling for journalists and human rights defenders
- OSINT & investigations — open-source research supporting accountability journalism
- Privacy-first engineering — client-side cryptography, offline-first, no-telemetry design


