Skip to content

7. Security and Privacy

ermoluk edited this page Jun 28, 2025 · 2 revisions

Security and privacy are foundational principles of the FreeFlow network. In environments where users depend on decentralized, censorship-resistant communication — often under adversarial or surveillance conditions — FreeFlow is designed to preserve anonymity, prevent tampering, and ensure trust without exposing identity or relying on central authority.

Threat Model

FreeFlow is built to withstand the following real-world threats:

Network Surveillance: ISPs, governments, or private actors monitoring network activity

Censorship & Kill-Switches: National-scale internet shutdowns or filtering

Sybil Attacks: Malicious actors injecting large numbers of fake nodes

Spoofing & Replay Attacks: Imitating or replaying legitimate traffic

Man-in-the-Middle (MITM): Interception and manipulation of unencrypted data

Device Seizure or Forensics: Physical compromise of user devices

Privacy Protections

1. No Central Identifiers

Users are identified only by rotating, pseudonymous NodeIDs derived from public-private key pairs. There are no usernames, accounts, or emails.

2. Session Isolation

Every connection creates a new SessionID, unlinkable from past or future sessions, unless explicitly chained by the user.

3. Local-Only Logging

All activity (contacts, relays, storage) is recorded locally and encrypted. Logs are not automatically uploaded or exposed without user action.

4. End-to-End Encryption (E2EE)

All payloads are encrypted using the recipient’s public key before leaving the sender’s device. No intermediate node can read the content.

5. Onion Routing by Default

Messages pass through several hops, each encrypted in layers. Nodes only know the previous and next hop, not the origin or final destination.

6. Metadata Minimization

Messages and logs avoid including IP addresses, GPS data, or other identifying metadata unless explicitly allowed by the user.

Security Architecture

Signed Proofs: All network interactions (PoC, PoR, PoS) are signed by both parties to prevent forgery.

Tamper-Evident Logs: Event logs use cryptographic hashes and timestamps. Any modification breaks verification.

Ephemeral Caching: Temporary data is stored in volatile memory or auto-deletes after timeouts to reduce forensic risk.

No Root of Trust: There is no central certificate authority or “master node.” Trust is earned through verified interaction.

Resilience to Sybil Attacks: Credit systems rely on cross-verification from multiple nodes. A single node cannot unilaterally validate its own events.

Optional Enhancements

Pluggable Transports: Support for Tor, I2P, or VPN-like tunnels for bridge nodes

Decoy Traffic: Random packet generation to obscure real traffic

Trusted Zones: Optional encrypted sub-mesh groups with shared pre-keys

Zero-Knowledge Proofs (Future): For private credit redemption and anonymous participation

Clone this wiki locally