Skip to content

Security: guobosheng/Faceless

Security

SECURITY.md

Security

Vulnerability disclosure

Disclose bugs and vulnerabilities for Faceless

Project description

# Why we build this

We believe that anonymous messaging should be an integral part of our communication tools. Powerful frameworks and applications must guarantee that people's experience with anonymity is as positive as possible.

Faceless is [available via Google Play](http://www.delight.im/get/faceless) as an Android application.

# Scope of bugs

We are interested in all (security-related) bugs, but the following three categories show what's most important to us and our users:

 * intercepted and manipulated HTTP traffic between the app and the API on the server
 * bugs that may help to identify the author of a message or comment
 * weaknesses that expose information which is not otherwise visible during "normal" usage of our service
 * vulnerabilities that let you fake information or take up false identities

# Public disclosure

We'd like to disclose any bug publicly, if you agree with that. We don't want to hide our mistakes and want to be open about the bugs.

# Bounties and rewards

Unfortunately, we cannot offer any financial rewards right now, as this project is without any revenue. We hope that public credit and the feeling of having done good may be gratifying.

There aren’t any published security advisories