Editorial vocabulary
Glossary
Definitions for the vocabulary OffshorePress uses across the publication, the jurisdictional dossiers, and the legal documents. The entries are sober and short — one paragraph each — and they cite the treaty article, the statute, the case, or the technical specification under which the term carries weight.
The glossary is part of the operation. Readers landing on a journal article through a search engine should be able to click through to the meaning of a term in context — what data adequacy actually is under EU law, what a warrant canary is and is not, what RingCT does to a Monero transaction. The entries are written for the same audience the publication serves: journalists, NGO IT staff, lawyers, archivists, and operators who need a definitional reference they can cite back to.
What the reader will not find here is a marketing gloss of a product feature, an SEO-stuffed listicle of related terms, or a sponsored definition that points at a commercial offering. The vocabulary is editorial; the operator is part of the constituency the vocabulary belongs to, not the owner of it.
A
- Article 19 ICCPR
- The 1966 treaty provision under which freedom of expression — including the right to seek, receive, and impart information in any medium — is guaranteed in international law. It is the textual basis on which the press-freedom tradition the publication writes from grounds itself.
- Atomic swap
- A cross-chain exchange of cryptocurrencies between two parties such that both legs of the swap complete or both fail — with no intermediary holding the funds. Constructed using hash-time-locked contracts on each chain, with a shared hash pre-image binding the two transactions.
B
- BÜPF
- The Swiss federal statute governing lawful surveillance of telecommunications, including the data-retention duties imposed on Swiss telecommunications providers and the procedural framework under which such surveillance is judicially authorised. The 2018 amendments expanded the scope to include some over-the-top services.
C
- CoinJoin
- A Bitcoin transaction construction in which multiple parties combine their inputs and outputs into a single transaction such that an external chain observer cannot reliably correlate which input pays which output. The principal opt-in privacy technique on Bitcoin; foundational implementations include JoinMarket, Wasabi (ZeroLink), and Whirlpool (Samourai).
D
- Data adequacy
- A formal determination by the European Commission that a third country, a territory, or a specified sector of a third country ensures an adequate level of protection for personal data. The decision permits free transfer of personal data from the EU to the designated jurisdiction without bespoke contractual or organisational safeguards under GDPR Article 45.
- DMCA takedown notice
- A statutory notice under the US Digital Millennium Copyright Act, section 512, by which a rights-holder claiming infringement may compel a US-jurisdiction online service provider to expeditiously remove allegedly-infringing material in exchange for the provider's safe-harbour from secondary liability. The instrument has no procedural force outside the United States.
F
- Five Eyes
- The signals-intelligence sharing alliance among the United States, the United Kingdom, Canada, Australia, and New Zealand, formalised in the post-war UKUSA Agreement and progressively expanded. The Nine Eyes adds Denmark, France, the Netherlands, and Norway; the Fourteen Eyes adds Germany, Belgium, Italy, Spain, and Sweden. Neither Iceland nor Switzerland is a member of any of the three groupings.
G
- GDPR controller and processor
- The two principal categories under which an entity that handles personal data is regulated under the EU General Data Protection Regulation. The controller determines the purposes and means of processing; the processor processes personal data on behalf of a controller under contract. The distinction governs the allocation of responsibility and the contractual machinery required between the two.
H
- Höfundalög
- Iceland's copyright statute, originally enacted in 1972 and amended periodically to align with EU directives Iceland imports under the EEA Agreement. The statute is notable for what it does NOT contain: a US-style notice-and-takedown procedure equivalent to the DMCA.
- HSTS preload
- A browser-vendor-maintained list of domains for which the browser refuses to make any plaintext HTTP request, regardless of whether the user has previously visited the domain — eliminating the bootstrap attack against the HSTS response header. Maintained by Chromium and consumed by all major browsers.
- HTLC
- A cryptographic payment construction in which a payment is conditional on the receiver disclosing a pre-image of a known hash within a defined time window; if disclosure does not occur the payment is reclaimable by the sender. The foundational primitive on which the Bitcoin Lightning Network's multi-hop payment routing is built.
I
- IMMI
- A 2010 parliamentary resolution and the surrounding legislative package committing Iceland to become a jurisdiction with the strongest available protections for journalism, source confidentiality, intermediary liability limits, and whistleblowers. Pieces of the package are now in force; others remain political commitments awaiting implementing legislation.
- Intermediary liability
- The legal doctrine governing whether — and under what conditions — a host or platform is liable for content that its users publish. The principal regimes are the US Communications Decency Act section 230, the EU E-Commerce Directive Article 14 (replaced by the Digital Services Act articles 6-10), and the national-law transpositions that build on each.
M
- MLAT
- A bilateral or multilateral treaty under which the law-enforcement and judicial authorities of one state may formally request the assistance of another in obtaining evidence, executing search warrants, or compelling testimony located in the other's jurisdiction. The principal procedural instrument through which a foreign state can reach data hosted offshore by lawful means.
- Mutual TLS
- A TLS connection mode in which the client, in addition to the server, presents and proves possession of a public-key certificate during the TLS handshake. The server may then authenticate the client by certificate (rather than, or in addition to, a password or session token) and refuse the connection if the certificate is not on a whitelist.
N
- National security letter
- An administrative subpoena issued by a US federal agency — most often the FBI — compelling production of specified categories of subscriber records and electronic communications metadata in the course of a national-security or counter-intelligence investigation. The letters are issued without prior judicial review and typically carry a non-disclosure obligation.
O
- Onion service v3
- The third-generation Tor onion-service protocol, deployed network-wide in 2018, replacing the legacy 16-character v2 addresses with 56-character ed25519-based v3 addresses. The protocol improves cryptographic strength, defends against enumeration of services, and supports new operational primitives including client authorisation.
P
- P2P exchange
- A cryptocurrency-trading platform in which trades execute directly between two parties without the platform taking custody of the funds, typically using a multi-signature escrow construction to ensure neither party can defraud the other. The principal acquisition path for Monero (and increasingly for Bitcoin) that does not pass through a KYC-mediated exchange.
- PGP web of trust
- The OpenPGP trust model in which the authenticity of a public key is established by signatures from other key-holders whose own keys are trusted by the verifier — building a directed graph in which trust propagates by transitive signature rather than by a centralised certificate authority.
- ProtonMail v UVEK
- The 2021 ruling by the Swiss Federal Administrative Court holding that ProtonMail, the encrypted email service, was NOT a 'full' telecommunications service-provider under the BÜPF and was therefore not subject to the broader data-retention and interception duties the statute imposes on telcos. A foundational precedent for the classification of encrypted communications services under Swiss surveillance law.
R
- revFADP
- The Swiss Federal Act on Data Protection in the form that took effect 1 September 2023, replacing the 1992 statute. The revision aligns Swiss law with the EU General Data Protection Regulation closely enough to maintain Switzerland's data-adequacy status while retaining specifically Swiss elements — including stronger sanctions in some respects and a different supervisory architecture.
- Right to be forgotten
- The right of a data subject to obtain from a controller the erasure of personal data concerning them, on grounds including that the data is no longer necessary for the original purpose, that consent has been withdrawn, that the processing is unlawful, or that the subject objects to processing under specified conditions. Codified at GDPR Article 17.
- Ring signature
- A cryptographic primitive permitting a signer to produce a signature on behalf of an ad-hoc group of public keys such that a verifier can confirm the signature was produced by some member of the group but cannot determine which. Foundational to Monero's transaction-input unlinkability.
- RingCT
- The Monero protocol upgrade activated January 2017 that hid transaction amounts by replacing the plaintext amount field with a Pedersen commitment. Combined with ring signatures and stealth addresses, RingCT is the third pillar of Monero's default-private transaction surface.
S
- Schrems II
- The 2020 ruling by the Court of Justice of the European Union invalidating the EU-US Privacy Shield framework for transfer of personal data from the EU to the United States, and imposing additional due-diligence requirements on controllers using standard contractual clauses for any third-country transfer where the receiving country does not offer essentially equivalent protection.
- Source protection
- The legal protection against compelled disclosure of the identity of a journalist's confidential source. The European-law foundational authority is Goodwin v United Kingdom (1996); national-law surfaces vary widely, with the strongest regimes in Sweden, Iceland, and Switzerland and the thinnest in jurisdictions with no shield statute.
- Stealth address
- A cryptographic addressing scheme in which a single published wallet address (the 'view-and-spend' key pair) corresponds to a sequence of one-time output addresses derived per transaction. Chain observers see distinct receiving addresses for each payment, breaking the on-chain linkability that conventional addresses expose.
- Subject access request
- The right of a data subject to obtain from a controller confirmation that personal data concerning them is being processed, a copy of that data, and information about the processing — its purposes, recipients, retention period, and source. Codified in GDPR Article 15 and equivalent provisions in revFADP and other adequacy-rated regimes.
W
- Warrant canary
- A regularly-updated public statement asserting that an operator has not received certain categories of secret legal process — typically national security letters, gag-ordered subpoenas, or undisclosed surveillance directives. The absence of an expected update is the signal, on the premise that an operator can be compelled to lie about receipt but cannot be compelled to make a positive false statement.
- Whistleblower Directive
- The 2019 EU directive establishing minimum standards for the protection of persons who report breaches of Union law — codified as Directive (EU) 2019/1937. It mandates internal and external reporting channels, prohibits retaliation, and provides remedies for whistleblowers who suffer it. Implementing legislation in the member states has been uneven; Switzerland and Iceland are not bound by the directive but maintain analogous protections.
By category
The same entries, grouped thematically. Readers scanning for a statute, a procedural instrument, or a cryptographic primitive may find this view faster to navigate than the alphabetical ledger above.
International law
Treaties, statutes, and case law that shape what an offshore operator can be compelled to do — and what the operator can lawfully refuse.
Procedure
The instruments a legal demand actually travels through, from a mutual-assistance request to a subject access right, and the operator-side procedural responses each requires.
Jurisdictional posture
The cross-cutting categories that describe how a country behaves towards journalism, surveillance treaties, and third-country data transfers.
Cryptography and payment
The cryptographic primitives and protocol mechanics that make the payment routes OffshorePress accepts privacy-preserving rather than merely cash-equivalent.
Infrastructure
The operator-side technical primitives — onion routing, mutual TLS, preload lists — that the journalism the brand serves depends on operationally.
Press and activism
Civil-liberties concepts that frame why the operation exists, drawn from the press-freedom tradition the publication writes from.