lockbitchat
366f080128
- upgrade DOMPurify to patched release (fixes high-severity XSS GHSA-87xg-pxx2-7hvx) - upgrade esbuild build dependency; npm audit now reports 0 vulnerabilities - stop tracking config/ice-servers.js (TURN credentials); add example template - production logger no longer prints error context or info/debug output - bump version to 4.8.9 across header, manifest, README, init message - update SECURITY.md supported-release table to v4.8.x
28 lines
1.3 KiB
Markdown
28 lines
1.3 KiB
Markdown
# Security Disclaimer and Terms of Use
|
|
|
|
SecureBit.chat is provided as open-source software for lawful private communication, research, and education. It is supplied **as is**, without warranties of any kind.
|
|
|
|
## User responsibilities
|
|
|
|
By using SecureBit.chat, you are responsible for:
|
|
|
|
- complying with applicable laws and organizational policies
|
|
- securing your devices and browser environment
|
|
- verifying SAS codes through an out-of-band channel
|
|
- understanding that endpoint compromise can defeat application-layer protections
|
|
- configuring TURN correctly when relay-only privacy mode is required
|
|
|
|
## Security limitations
|
|
|
|
No communication system can guarantee absolute security. SecureBit.chat reduces risk through encrypted transport, mandatory peer verification, explicit file-transfer consent, local metadata protection, and lifecycle cleanup, but it cannot protect against compromised devices, malicious users with physical access, or incorrect operational practices.
|
|
|
|
## Intended use
|
|
|
|
SecureBit.chat is intended for legitimate private communication, journalism, research, education, business confidentiality, and personal privacy. It is not intended to facilitate unlawful activity, abuse, harassment, or harm.
|
|
|
|
## Current release
|
|
|
|
- Product release: `v4.8.9`
|
|
- Protocol version: `4.1`
|
|
- Last updated: May 17, 2026
|