Back to home
A

Security & Threat Model

How we protect you, and what we can't protect against

Security Architecture

End-to-End Encryption

Messages are encrypted using AES-256-GCM with keys derived from PBKDF2. Encryption happens entirely in your browser—the server only sees ciphertext.

  • Room keys derived using PBKDF2 with 100,000 iterations
  • AES-256-GCM with unique nonce per message
  • Keys never leave your device
  • Server cannot decrypt messages

Anonymous Identity System

Your identity is a client-generated random ID. We hash identifiers server-side so even moderators can't trace you.

  • Anon IDs generated client-side with cryptographic randomness
  • Only SHA-256 hashes stored server-side
  • Identity rotation creates completely new identifiers
  • No link between old and new identities

Invite-Only Access Control

No public registration. Every user was vouched for by an existing member, creating a web of trust.

  • Invite codes are single-use by default
  • Codes expire after configurable time
  • Optional domain restrictions for teams
  • Codes hashed before storage

Transport Security

All connections use modern TLS with strong cipher suites. We enforce HTTPS everywhere.

  • TLS 1.3 with forward secrecy
  • Secure cookies with SameSite restrictions
  • CSRF protection on all actions
  • Content Security Policy headers

Threat Model

We believe in honest security communication. Here's our assessment of various threats:

ThreatOur MitigationStatus
Server CompromiseMessages are E2EE—attacker gains only ciphertext. Anon IDs are hashed. No IP addresses in logs.Protected
Traffic AnalysisRoom participation is minimally logged. We use rotating device tokens that change every 24 hours.Mitigated
Insider ThreatAdmin access is key-based with audit logging. Admins cannot read encrypted content or see real identities.Protected
Client CompromiseIf your device is compromised, your current session keys may be exposed. Use secure mode with passphrase for additional protection.Partial
Metadata AnalysisWe minimize metadata. Message timestamps exist but are not exposed to other users. Room membership is not persisted.Mitigated

Honest Limitations

  • Device compromise: If someone has access to your unlocked device, they can read your messages.
  • Room secret sharing: If you share a room secret, those people can decrypt messages.
  • Screenshots: Nothing prevents a room member from taking screenshots.
  • Browser vulnerabilities: We rely on browser crypto APIs; their security is our ceiling.

Technical Specifications

Encryption

Algorithm: AES-256-GCM

Key Derivation: PBKDF2-SHA256

Iterations: 100,000

Nonce Size: 12 bytes

Hashing

Identity Hash: SHA-256

Invite Code Hash: SHA-256

Device Token: CSPRNG (192-bit)

Token Rotation: 24 hours

A
ANONTEA

An invite-only sanctuary for private conversations. No emails, no phone numbers, no tracking. Just encrypted messages between trusted people.

Privacy PromiseSecurityCommunity RulesStatus

© 2025 ANONTEA. Privacy-first by design.

All systems operational