diff --git a/book.toml b/book.toml
index 9d3a2f3..c61e649 100644
--- a/book.toml
+++ b/book.toml
@@ -7,3 +7,4 @@ title = "Cwtch Secure Development Handbook"
 
 [output.html]
 mathjax-support = true
+default-theme = "navy"
diff --git a/src/1.png b/src/1.png
new file mode 100644
index 0000000..65538ea
Binary files /dev/null and b/src/1.png differ
diff --git a/src/2.png b/src/2.png
new file mode 100644
index 0000000..4de6eb1
Binary files /dev/null and b/src/2.png differ
diff --git a/src/3.png b/src/3.png
new file mode 100644
index 0000000..7aac7c0
Binary files /dev/null and b/src/3.png differ
diff --git a/src/4.png b/src/4.png
new file mode 100644
index 0000000..b404f45
Binary files /dev/null and b/src/4.png differ
diff --git a/src/development.md b/src/development.md
index b73b433..6d483f2 100644
--- a/src/development.md
+++ b/src/development.md
@@ -7,6 +7,8 @@ To enhance this openness, automated builds, testing and packaging are defined
 as part of the repositories - improving te robustness of the code base at every
 stage.
 
+![](/1.png)
+
 While individual tests aren't perfect, and all processes have gaps, we should be
 committed to make it as easy as possible to contribute to Cwtch while also
  building pipelines and processes that catch errors (unintential or malicious)
diff --git a/src/overview.md b/src/overview.md
index 024df46..2c3e742 100644
--- a/src/overview.md
+++ b/src/overview.md
@@ -6,6 +6,9 @@ ecosystem, to document the known risks and mitigations, and to enable
 discussion about improvements and updates to Cwtch secure development
 processes.
 
+![](/2.png)
+
+
 ## History
 
 In recent years, public awareness of the need and benefits of end-to-end
diff --git a/src/risk.md b/src/risk.md
index 9ae8e68..01c535f 100644
--- a/src/risk.md
+++ b/src/risk.md
@@ -6,6 +6,8 @@ and to conduct large scale social network analysis to feed mass surveillance.
 Metadata resistant tools are in their infancy and research into the construction
 and user experience of such tools is lacking.
 
+![](/4.png)
+
 Cwtch was originally concieved an extension of the metadata resistant protocol
 Ricochet to support asynchronous, multi-peer group communications through the 
 use of discardable, untrusted, anonymous infrastructure.
diff --git a/src/tapir.md b/src/tapir.md
index f1bb442..c14ede3 100644
--- a/src/tapir.md
+++ b/src/tapir.md
@@ -130,6 +130,26 @@ we expect it to be protected via a preceeding app in an `ApplicationChain` e.g.
 
 * No direct testing (tested via integration tests and unit tests)
 
+### Ephemeral Connections
+
+Occasionally it is desirable to have a peer conenct to another / a service
+without using their long term identity (e.g. in the case of connecting to
+a Cwtch Server).
+
+In this case we want to enable a convenient way to allow connecting with an
+ephemeral identity. 
+
+It turns out that doing this securely requires maintaining a completely separate
+set of connections and applications in order to avoid side channel around avoid
+duplicate connections (i.e. if we did mix them up then a service might be able
+to exploit the fact that clients avid duplicate connections by attempting to
+connect to known-online peers and observing if they reject the connection
+ because they already have an outbound ephemeral connection open.)
+ 
+Because of this, we don't provide an explicit Ephemeral Connect api and instead
+recommend that peers maintain one long term service and multiple ephemeral
+ services. 
+
 ## Known Risks  
 
 ### Impersonation of Peers
diff --git a/src/ui.md b/src/ui.md
index e2bdcfb..bb843f6 100644
--- a/src/ui.md
+++ b/src/ui.md
@@ -2,6 +2,8 @@
 
 The UI is built on [therecipe/qt](https://github.com/therecipe/qt) which
  links in Qt libraries.
+ 
+![](/3.png)
 
 # Known Risks