Silent Signal is more than just a submission form. It’s a fortified civic platform β€” engineered to protect whistleblowers, investigative reporters, and truth-tellers from tracking, surveillance, or reprisal. This page outlines the multilayered defense architecture powering our mission.

🧠 Why a Defense Layer?

Truth is fragile. Those who report it often face censorship, intimidation, or worse. Silent Signal exists to give them a quiet, encrypted line β€” guarded from prying eyes, from the browser to the storage vault.

πŸ” Client-Side Safeguards

  • OpenPGP Encryption: Messages and attachments are encrypted in-browser before being transmitted. Server never sees plaintext.
  • SHA-256 Integrity Receipt: After encryption, a unique hash is shown to the sender for verification and future audits.
  • No Trackers: No analytics, cookies, third-party assets or JavaScript libraries.
  • Honeypot Field: Invisible to users, catches bots without CAPTCHA or friction.

πŸ”’ Server-Side Security

  • No Logging: We do not store IP addresses or any identifying headers.
  • Rate Limiting: Prevents brute-force or abuse via strict IP-based rate rules.
  • Encrypted Storage: Encrypted blobs are written to ghosthub/submissions/, never processed until decrypted manually offline.
  • Decoupled Review: Admin decryption uses decrypt.py in an isolated, offline environment.
  • SMTP Relay (Optional): Auto-forward to secure inbox using local Postfix over ProtonVPN, with headers stripped.

πŸ“‘ Network & Metadata Privacy

  • DNS Protection: Local DNS queries routed through DNSCrypt/CoreDNS on port 5354.
  • Secure Transport: Cloudflare Tunnels proxy HTTPS traffic without exposing origin IP.
  • Optional .onion Mode: Future plans include hidden service deployment over Tor.
  • No Referrers: Site headers are scrubbed for leak prevention.

βš–οΈ Legal & Ethical Shielding

  • No User Accounts: No sessions, no registration, no identifiers.
  • Minimal Attack Surface: Static site with hardened Flask backend.
  • Journalistic Integrity: Platform design aligns with protected civic reporting, not criminal use.

🧩 Coming Defense Features

  • Client-Side File Wiping: Zero-knowledge attachment destruction post-submit.
  • PGP Key Rotation & Transparency Log: Auto-revoked keys and public fingerprint verification.
  • Blockchain Receipts (optional): Immutably record SHA-256 hashes of received submissions.

β€œThe most powerful truths are often spoken in silence.” β€”Silent Signal