Skip to content

Security: fraction/oasis

Security

docs/security.md

Security Policy

Security Model

Oasis is experimental software, please don't trust it with your life.

If everything is working correctly, it's likely that:

  • Only your computer can access Oasis.
  • Only you can publish a message to your feed.
  • Only the recipients of private messages can read the message.
  • Only basic HTML is supported in blobs, which can't access the rest of Oasis.

It's important to know that this is not a silver bullet:

  • Your public messages can be read by anyone on the Secure Scuttlebutt network.
  • Your IP address can be seen by anyone that peers with you.
  • Your private messages can be read by anyone with access to your private key.

You should also know:

  • Information that others can read can be saved, without your permission.
  • Encryption techniques that are unbreakable today may become compromised in the future; maybe in dozens or hundreds of years.

Supported Versions

Only the latest release is supported.

Reporting a Vulnerability

Send an email to [email protected] to report any security problems. Please do not use the public issue tracker.

Learn more about advisories related to fraction/oasis in the GitHub Advisory Database