SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
Files
15173a927805fe76ac01774db1007c82e2a26e39
securebit-chat/SECURITY_DISCLAIMER.md
T
lockbitchat 15173a9278
CodeQL Analysis / Analyze CodeQL (push) Has been cancelled
Details
Deploy Application / deploy (push) Has been cancelled
Details
Mirror to Codeberg / mirror (push) Has been cancelled
Details
Mirror to PrivacyGuides / mirror (push) Has been cancelled
Details
release: v4.8.14 secure chat tools (code blocks, view-once, disappearing, unsend, panic) 
New privacy-focused messaging controls in the composer:
- Code blocks: button wraps the message in a fenced block; both peers render a
  monospace code window with a copy button (clipboard auto-clears after ~30s).
  Window is built from sanitized text via React nodes — no new XSS surface.
- View-once: recipient sees a blurred bubble, reveals on tap, then it is wiped.
  Honestly cooperative (not screenshot-proof).
- Disappearing messages: optional 30s/5m/1h timer auto-deletes on both sides
  with a live countdown; incoming TTL clamped to [5s, 24h].
- Unsend (delete for everyone) via new MESSAGE_TYPES.message_delete control.
- Panic wipe: clears chat, wipes keys and disconnects (behind a confirm).

Transport:
- Per-message metadata (id / view-once / timer) travels inside the encrypted
  envelope, not in the sanitized text, so content cannot spoof these controls.
- _sanitizeMessageMeta whitelists + bounds metadata on send and receive.
- AAD/replay protection, SAS gate and receive-side DOMPurify are unchanged.

Adds tests/secure-chat-features.test.mjs (full suite: 17 files, all passing).
Bumps version to 4.8.14 across package.json, package-lock.json, manifest.json,
index.html, meta.json, README, SECURITY_DISCLAIMER, header and init banner.
2026-06-18 20:37:50 -04:00

1.3 KiB
Raw Blame History

Security Disclaimer and Terms of Use

SecureBit.chat is provided as open-source software for lawful private communication, research, and education. It is supplied as is, without warranties of any kind.

User responsibilities

By using SecureBit.chat, you are responsible for:

  • complying with applicable laws and organizational policies
  • securing your devices and browser environment
  • verifying SAS codes through an out-of-band channel
  • understanding that endpoint compromise can defeat application-layer protections
  • configuring TURN correctly when relay-only privacy mode is required

Security limitations

No communication system can guarantee absolute security. SecureBit.chat reduces risk through encrypted transport, mandatory peer verification, explicit file-transfer consent, local metadata protection, and lifecycle cleanup, but it cannot protect against compromised devices, malicious users with physical access, or incorrect operational practices.

Intended use

SecureBit.chat is intended for legitimate private communication, journalism, research, education, business confidentiality, and personal privacy. It is not intended to facilitate unlawful activity, abuse, harassment, or harm.

Current release

  • Product release: v4.8.14
  • Protocol version: 4.1
  • Last updated: May 17, 2026
Reference in New Issue View Git Blame Copy Permalink