why sudo × a different default Most apps you've used today watched you. They counted your taps, profiled your contacts, and quietly carried copies of everything you said back to a server you don't run. what sudo doesn't do Your account lives on your devices. The server passes messages along as encrypted blocks of bytes it can't read. It doesn't hold your password — there is no password to hold. It doesn't keep your address book. It doesn't track what you read. verifiable, not just promised This isn't a feature. It's the shape. We couldn't read your messages even if we wanted to, and we wrote the code so you can verify that. your keys, your account In a decade of "free" services that turned every user into a data point, this is a small refusal. You own your account because you alone hold the keys. If you lose them, no one can give them back — including us. That's the deal: privacy that can't be revoked because nobody else has the lever. how sudo works accounts, encryption, devices, recovery — plain language. → trust model what the server can and cannot see, and why. → privacy what's stored, what's not, what you control. →