Create SECURITY.md #2674
Open
Create SECURITY.md #2674
+57
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR adds a `SECURITY.md` file to the repository, providing a clear security policy for the Quiet project. The document outlines: - The scope and limitations of Quiet’s current security posture. - Supported versions, with the latest release being the only one to receive timely patches. - Guidance on iOS push notifications, noting potential metadata exposure, and the option for users to disable them for better privacy. - Warnings that Quiet is not audited and is unsuitable for high-risk scenarios where proven security is required. - A vulnerability reporting process, with details on disclosure timelines and crediting reporters. - References to the project’s Threat Model and future intentions to refine metadata exposure details. This addition aims to improve transparency and help users understand Quiet’s current security stance and who should or shouldn’t rely on it. Feedback is welcome, especially regarding clarity and completeness.
holmesworcester
requested changes
Jan 1, 2025
| @@ -0,0 +1,57 @@ | |||
| # Security Policy | |||
|
|
|||
| Quiet is an experimental, peer-to-peer, end-to-end encrypted, and serverless team chat application built on Tor & IPFS. While we aim to improve user autonomy and privacy beyond what centralized messengers can offer, **Quiet is not audited** and **should not be relied upon in high-risk scenarios requiring proven, thoroughly vetted security guarantees**. | |||
There was a problem hiding this comment.
I would cut "and serverless" both because this has a separate meaning in industry and because we will be adding an optional server soon.
|
|
||
| ## Threat Model and Metadata Exposure | ||
|
|
||
| We have published a [Threat Model](https://github.com/TryQuiet/quiet/wiki/Threat-Model) detailing our assumptions, adversaries, desired security invariants, and known weaknesses. Since Quiet is under active development, some security features (e.g., deletion, user removal, direct messages, private channels) are still evolving. |
There was a problem hiding this comment.
I would say "are not implemented yet" instead of "are still evolving"
Comment on lines
+20
to
+24
| If enabled, iOS push notifications rely on a centralized Apple service. While message content remains encrypted, push notifications may reveal timing metadata to Apple’s servers. This could potentially allow a sophisticated adversary to learn when a user is active or receiving messages. | ||
|
|
||
| - **Optional Notifications:** Users who prioritize privacy may opt out of push notifications. Disabling notifications prevents this timing metadata from being exposed, at the cost of not receiving immediate alerts for new messages. | ||
|
|
||
| We will provide more detailed descriptions of metadata exposure in updated threat model documentation. |
There was a problem hiding this comment.
None of this is implemented yet. I think this belongs in the threat model doc and we should only update it once the way notifications work changes. I'd like to consolidate this info in the threat model doc because having information split between the two docs could lead to misunderstandings or mistakes. Thoughts?
|
|
||
| ## Disclaimer | ||
|
|
||
| Quiet is experimental software. While we issue timely patches and continuously work to improve its security, we cannot guarantee that Quiet meets the needs of users who face serious, well-funded adversaries or operate in highly sensitive contexts. For those use cases, please rely on mature, audited tools. |
There was a problem hiding this comment.
Seems redundant with other sections.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a
SECURITY.mdfile to the repository, providing a clear security policy for the Quiet project. The document outlines:This addition aims to improve transparency and help users understand Quiet’s current security stance and who should or shouldn’t rely on it. Feedback is welcome, especially regarding clarity and completeness.