SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
ea8cf47118ddaf155bb3c287b1d3430719d0cb89
securebit-chat/SECURITY_DISCLAIMER.md

9.4 KiB
Raw Blame History

Security Disclaimer and Terms of Use

🔒 SecureBit.chat Enhanced Security Edition v4.02.442

Important Legal Notice

READ THIS DISCLAIMER CAREFULLY BEFORE USING SECUREBIT.CHAT SOFTWARE

📋 Overview

SecureBit.chat is an open-source, peer-to-peer encrypted messaging application designed to support freedom of speech and privacy rights. This software implements military-grade cryptography with complete ASN.1 validation and is provided as-is for educational, research, and legitimate communication purposes.

⚖️ Legal Disclaimer

Developer Liability

THE DEVELOPER(S) OF SECUREBIT.CHAT ASSUME NO RESPONSIBILITY OR LIABILITY FOR:

  • Any misuse, illegal use, or criminal activities conducted using this software
  • Compliance with local, national, or international laws and regulations
  • Any damages, losses, or consequences resulting from the use of this software
  • The security or privacy of communications in jurisdictions where encryption is restricted
  • Any vulnerability, security flaw, or compromise that may occur despite our security measures

User Responsibility

BY USING SECUREBIT.CHAT, YOU ACKNOWLEDGE AND AGREE THAT:

  1. Full Legal Responsibility: You bear complete and sole responsibility for how you use this software
  2. Compliance Obligation: You must ensure your use complies with all applicable laws in your jurisdiction
  3. Risk Acceptance: You understand and accept all risks associated with using encrypted communication software
  4. No Warranty: This software is provided "AS IS" without any warranties, express or implied

🌍 Jurisdictional Considerations

Encryption Laws Vary Globally

  • Some countries restrict or prohibit the use of strong encryption
  • Export controls may apply in certain jurisdictions
  • Corporate/government networks may have policies against encrypted communications
  • Users must verify local laws before using this software

High-Risk Jurisdictions

Exercise extreme caution in countries with:

  • Restrictions on encrypted communications
  • Surveillance laws requiring backdoors
  • Penalties for using VPN/encryption software
  • Authoritarian internet controls

🎯 Intended Use Cases

Legitimate Uses (Encouraged)

  • Journalism: Protecting sources and whistleblowers
  • Human Rights: Organizing and advocacy in oppressive regimes
  • Business: Corporate communications requiring confidentiality
  • Personal Privacy: Private communications between individuals
  • Research: Academic study of cryptographic protocols
  • Education: Learning about secure communication systems

Prohibited Uses (Illegal/Unethical)

  • Any illegal activities under applicable law
  • Criminal conspiracies or planning illegal acts
  • Harassment, threats, or abuse of others
  • Circumventing legitimate law enforcement (where legally required)
  • Distribution of illegal content
  • Financial crimes or fraud

🔐 Security Limitations

No Absolute Security

UNDERSTAND THAT:

  • No cryptographic system is 100% unbreakable
  • Implementation bugs may exist despite best efforts
  • Social engineering and endpoint security remain vulnerabilities
  • Quantum computing may eventually threaten current encryption
  • Traffic analysis may reveal communication patterns

User Security Responsibilities

YOU MUST:

  • Keep your devices secure and updated
  • Use strong, unique passwords
  • Verify security codes through out-of-band channels
  • Understand the risks of your communication environment
  • Follow operational security (OPSEC) best practices

🏛️ Freedom of Speech Support

Our Mission

SecureBit.chat is developed to support:

  • Article 19 of the Universal Declaration of Human Rights
  • Freedom of expression and right to privacy
  • Resistance to censorship and mass surveillance
  • Protection of journalists, activists, and dissidents

Ethical Use Commitment

We believe privacy and free speech are fundamental human rights, but:

  • These rights come with responsibilities
  • Freedom of speech does not include freedom from consequences
  • Users must respect the rights and safety of others
  • Illegal activity is never justified, regardless of privacy tools used

📊 Technical Security Information

Current Implementation (v4.02.442)

  • ECDH P-384 key exchange with complete ASN.1 validation
  • AES-GCM 256-bit encryption
  • ECDSA P-384 digital signatures with enhanced key verification
  • RSA-2048 digital signatures for file metadata
  • Perfect Forward Secrecy with key rotation
  • MITM protection via out-of-band verification
  • Zero server architecture (pure P2P)
  • DTLS Race Condition Protection against October 2024 WebRTC vulnerabilities
  • ICE Endpoint Verification for secure WebRTC connections
  • Message Size Validation with 1MB DoS protection
  • Atomic Operations for race condition prevention
  • Secure Memory Management with advanced wiping techniques
  • Symbol-Based Context Isolation for private instance management
  • Rate Limiting System (10 files/minute) with client identification

🔒 ASN.1 Complete Structure Validation (NEW)

  • Complete ASN.1 DER Parser: Full structural validation of all cryptographic keys
  • OID Validation: Algorithm and curve verification (P-256/P-384 only)
  • EC Point Format Verification: Uncompressed format 0x04 validation
  • SPKI Structure Validation: Element count and type checking
  • Key Size Limits: 50-2000 bytes to prevent DoS attacks
  • BIT STRING Validation: Ensuring unused bits are 0
  • Fallback Support: P-384 to P-256 compatibility
  • High-Risk Vulnerability Fix: Prevents keys with valid headers but modified data

Known Limitations

  • WebRTC fingerprinting possibilities (mitigated by anti-fingerprinting techniques)
  • Browser-based implementation constraints
  • Dependency on Web Crypto API security
  • No protection against compromised endpoints
  • Traffic analysis potential despite encryption (mitigated by packet padding and noise)
  • Memory safety depends on JavaScript engine implementation
  • DTLS protection effectiveness depends on WebRTC implementation

🔄 Future Development

Post-Quantum Roadmap

  • v5.0: CRYSTALS-Kyber/Dilithium implementation
  • Long-term: Resistance to quantum cryptanalysis
  • Ongoing: Security audits and improvements

Advanced Security Technologies (v4.02.442)

  • ASN.1 Validation Framework: Complete DER parsing and key structure verification
  • Enhanced Key Security: OID and EC point validation for all cryptographic operations
  • PKCS Compliance: Full adherence to cryptographic standards
  • Structural Security: Complete validation of all key components
  • Vulnerability Prevention: High-risk key manipulation attack prevention

Previous Advanced Security Technologies (v4.01.441)

  • DTLS Protection Framework: Comprehensive WebRTC security enhancement
  • Memory Safety Mechanisms: Advanced protection against use-after-free vulnerabilities
  • Race Condition Prevention: Atomic operations for critical security sections
  • Error Sanitization System: Secure error handling without information leakage
  • Context Isolation: Symbol-based private instance management
  • File Transfer Security: Cryptographic signatures and metadata validation
  • Advanced DoS Protection: Message size validation and rate limiting

📞 Contact and Reporting

Security Issues

  • Responsible disclosure: Email security issues to the development team
  • CVE reporting: We participate in responsible vulnerability disclosure
  • Bug bounty: Consider implementing for critical security findings

Legal Concerns

  • Law enforcement: Contact appropriate legal authorities in your jurisdiction
  • Abuse reports: Report illegal use to relevant authorities
  • Compliance questions: Consult with legal counsel

📜 License and Terms

Open Source License

SecureBit.chat is released under the MIT License, providing:

  • Freedom to use, modify, and distribute
  • No warranty or liability guarantees
  • Full source code transparency
  • Right to audit security implementation

Terms Acceptance

By downloading, installing, or using SecureBit.chat, you acknowledge:

  1. You have read and understood this disclaimer
  2. You accept full responsibility for your use of the software
  3. You agree to comply with all applicable laws
  4. You understand the security limitations and risks
  5. You will not hold the developers liable for any consequences

⚠️ Final Warning

SECUREBIT.CHAT IS A POWERFUL TOOL FOR PRIVACY AND FREE SPEECH

With great power comes great responsibility. Use this software ethically, legally, and with full understanding of the risks and responsibilities involved.

Remember: The strongest encryption cannot protect against poor operational security, compromised endpoints, or illegal activities that attract law enforcement attention.

🛡️ Declaration of Intent

This software is created to:

  • Protect human rights and fundamental freedoms
  • Support legitimate privacy needs in an increasingly surveilled world
  • Advance the field of secure communications
  • Educate users about cryptography and privacy

It is NOT intended to facilitate illegal activities or harm others.

Last Updated: January 15, 2025
Version: Enhanced Security Edition v4.02.442 - ASN.1 Validated

USE AT YOUR OWN RISK AND RESPONSIBILITY

Reference in New Issue View Git Blame Copy Permalink