TECHNICAL DOCUMENTATION

• Roadmap
  • Release Cycle
  • Objectives
  • Release Types
  • Release Workflow
  • Feature Prioritization
  • Testing and Quality Assurance
  • Long-Term Vision
• Requirements
  • Hardware requirements
  • Software requirements
  • Supported browsers
• Features
  • User features
  • Legal features
  • Security features
  • Technical features
• Security
  • Threat model
    • Users matrix
    • Anonymity matrix
    • Communication security matrix
    • Identity disclosure matrix
    • Usage scenarios matrix
    • Data security matrix
    • Threats to anonymity and confidentiality
      • Browser history and cache
      • Metadata
      • Malware and trojans
      • Network and reverse proxies
      • Data stored outside the platform
      • Environmental factors
      • Incorrect data retention policies
      • Human negligence
      • Advanced traffic analysis
  • Application security
    • Architecture
    • Anonymity
    • Authentication
      • Password
      • Receipt
    • Password security
      • Password storage
      • Password complexity
      • Two-factor authentication
      • Slowdown on failed login attempts
      • Password change on first login
      • Periodic password change
      • Password recovery
    • Web application security
      • Session management
      • Session encryption
      • Cookies and xsrf prevention
      • HTTP headers
      • Crawlers policy
      • Anchor tags and external urls
      • Input validation
      • Form autocomplete off
    • Network security
      • Connection anonymity
      • Connection encryption
      • Network sandboxing
    • Data encryption
    • Application sandboxing
    • Database security
      • Secure deletion
      • Auto vacuum
      • Limited database trust
      • Limited database functionalities
    • DoS resiliency
      • Proof of work on users' sessions
      • Rate limit on users' sessions
      • Rate limit on logins, whistleblowers' reports and attachments and operations
    • Other measures
      • Browser history and forensic traces
      • Secure file management
      • Encryption of temporary files
      • Secure file delete
      • Exception logging and redaction
      • Entropy sources
      • UUIDv4 randomness
      • TLS for smtp notification
  • Encryption protocol
    • Encryption's workflow
    • Encryption's details
      • Algorithms
      • Users’ credentials
      • Users’ keys
      • Data encryption's keys
    • Key generation
    • Key recovery
    • Key escrow
  • Security audits
• Development
  • Development environment
    • Requirements
    • Setup
    • Run
    • Building the docs
  • Software libraries
  • Database schema
  • Release procedure
  • Release versioning
  • Release tagging
  • Release packaging
  • Package publishing
  • Repository signing
  • Continuous integration
    • Unit tests
    • E2E tests
• Quality assurance