Do not open a public issue. Please report security vulnerabilities privately.
Email: teamvoider@protonmail.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (optional)
We will acknowledge your report within 48 hours and provide a detailed response within 7 days.
This policy covers the cryptographic implementation in this repository:
| File | Description |
|---|---|
src/encryption.js |
Core AES-256-GCM + Kyber encryption |
src/streamingEncryption.js |
Chunked streaming for large files |
src/crypto.worker.js |
Web Worker encryption thread |
- Denial of service attacks
- Social engineering
- Issues in dependencies (report to @PaulMillr or relevant maintainers)
| Stage | Timeframe |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 7 days |
| Fix development | 14-30 days (severity dependent) |
| Public disclosure | After fix is deployed |
We appreciate researchers who help keep voider secure. With your permission, we'll credit you on our security page.
Verify this code matches what runs on voider.app:
- Open voider.app in your browser
- Open DevTools → Sources tab
- Navigate to the encryption modules
- Compare the logic with this repository
The encryption implementation is identical. No server-side modifications.