Conignis

Security

Private by design. Encryption first. Minimal trace.

🔎 Threat Model

  • Primary risks: mass surveillance, sensitive metadata leakage, account takeover, and compelled data requests.
  • Assumptions: end devices may be at risk; servers are untrusted for plaintext; network is hostile.
  • Goal: keep contents and identities protected, minimize blast radius if a device or account is compromised.

🔒 End-to-End Encryption

  • Client-side keys: Messages, files, and sensitive event data are encrypted before upload.
  • Groups: Per-room keys with member-specific wraps; simple, fast key rotation on role changes.
  • Forward secrecy: Short-lived session keys and periodic rekeying.

🧹 Metadata Minimization

  • Automatic scrub: EXIF and other file metadata removed on upload.
  • Coarse location: Optional city / geohash; delayed pins to avoid real-time tracking.
  • Limited headers: No third-party analytics, beacons, or fingerprinting.

👥 Identity & Access

  • Pseudonymous by default: Handles, not real names or phone numbers.
  • Optional verification: Opt-in confirmation by username, email, or SMS when organizers require it.
  • Roles & scopes: Organizer, Steward, Volunteer, Participant, Media — least-privilege permissions.

💸 Payments Safety

  • Crypto support: Bitcoin, USDT, and Monero for tickets/donations.
  • Separation of concerns: Wallets and keys are user-controlled; CONIGNIS🔥 stores no private keys.
  • Optional escrow: Multi-sig flows for higher-trust scenarios.

🧼 Data Lifecycle

  • Ephemeral by default: Auto-purge windows for rooms, messages, and files.
  • Export & delete: Simple “delete-me” and export tools for organizers and participants.
  • Backups: Server backups contain only ciphertext and minimal system logs.

🤖 AI-Assisted Moderation (Client-Side)

  • Local analysis: Optional on-device models to flag violent or spam content before send.
  • Private by design: No content uploaded for classification; organizer policies remain human-controlled.
  • Transparency: Clear on/off controls and logs of actions taken by AI helpers.

📄 Operations & Compliance

  • Minimal logs: Only what’s required for reliability; no IP-to-identity mapping.
  • Open components: Preference for audited, open-source crypto/build tooling.
  • Legal requests: We can only provide encrypted blobs and basic service metadata; no plaintext available.

👐 Responsible Disclosure

  • Security contact: security@conignis.com (PGP available).
  • Bounty (planned): Rewards for responsibly disclosed vulnerabilities.
  • Audit roadmap: Periodic third-party reviews; publishing summaries and fixes.

together in fire🔥

Get Early Access See all Features →