Security

Privacy by design. Encryption by default.

What we protect against

  • Server compromise — Message content cannot be decrypted from server storage; the server does not possess the key.
  • DB dump — Stored data is encrypted or non-sensitive by design; a database dump does not expose plaintext messages.
  • Rogue operator — Operators cannot decrypt room content without the key.

Limitations

The server may see operational metadata (e.g. request patterns, opaque identifiers). We do not protect against:

  • Endpoint compromise — If a participant's device or browser is compromised, an attacker may read content there.
  • Screenshots or copying — Participants can capture or share what they see.
  • Malicious participants — Anyone with access to the room can forward or leak content.

Verified security claims

We publish machine-verifiable evidence for every security claim we make.

  • 16 proven claims backed by static analysis, DB schema scans, and runtime evidence
  • TLA+ formal verification of protocol invariants (join, governance, fork-choice)
  • 1,900+ automated tests across Python and Rust implementations
  • 12 cross-implementation parity vectors verifying cryptographic consistency between Python reference and Rust CLI
  • Adversarial test harness with concurrent double-spend, replay, rate-limit bypass, and fuzz testing

Run the evidence pipeline yourself: clone the repository and run make security-evidence.

View security claims matrix

What Atopos is

Atopos is an ephemeral, encrypted communication product. Rooms are designed so that message content is encrypted end-to-end. The server does not possess the decryption key: keys stay client-side, and the URL fragment is used so that the key is never sent to the server.

Review workflow

We publish documentation so you can assess our design and claims. Suggested flow:

  1. Read the threat model to understand in-scope and out-of-scope threats.
  2. Inspect the security evidence (summary and reviewer pack).
  3. File issues or questions via the repository or our disclosure policy.

Documentation

Canonical security documentation is maintained in our public GitHub repository.

View on GitHub
Whitepaper Threat model Transparency report Disclosure policy Security notice Evidence (latest)

Evidence-backed claims

We run automated checks and publish sanitized summaries in the GitHub repository. See the latest run and artifacts.

Security evidence

Report a vulnerability

If you believe you've found a security issue, please follow our disclosure policy for contact instructions. We do not expose relay endpoints, hostnames, or raw logs on public pages.

Disclosure policy
Publish-safe only. Only publish-safe artifacts are posted here. No hostnames, IPs, relay endpoints, or raw logs.
Home Evidence