AnonChatX takes security and privacy seriously.
If you discover a security or privacy vulnerability, please report it responsibly and privately.
- Do not open a public GitHub issue
- Do not discuss the issue publicly (issues, PRs, forums, social media)
- Do not test exploits against users or production infrastructure
Please report vulnerabilities via email:
- You may use PGP if needed
- You do not need a GitHub account
- Anonymous reports are accepted
Provide enough detail to allow us to:
- Understand the issue
- Reproduce it safely
- Assess impact and scope
If available, include:
- Affected component or repository
- Steps to reproduce
- Potential impact
- Any mitigations you are aware of
This security policy applies to:
- All AnonChatX applications
- Services, tooling, and infrastructure code
- Protocol design and implementation
- Documentation errors that could lead to unsafe use
If you are unsure whether something is a security issue, err on the side of reporting it privately.
We aim to:
- Acknowledge valid reports in a reasonable timeframe
- Work toward a fix before public disclosure
- Credit reporters when appropriate (if desired)
Please allow time for investigation and remediation before any public discussion.
AnonChatX is designed for users who may operate under adversarial conditions.
Security decisions prioritize:
- User safety over convenience
- Minimal metadata exposure
- Defensive design over growth
- Transparency without compromising users
We appreciate responsible research that respects these principles.
Thank you for helping keep AnonChatX safe.