If you discover a security vulnerability in Echo, please report it responsibly.
We take security seriously - especially given the nature of this project — and appreciate your effort to disclose issues properly.
Please DO NOT open a public issue.
Instead, report vulnerabilities via:
- Email: mkafonso.dev@gmail.com
Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Proof of concept (if applicable)
- Potential impact
- Initial response: within 72 hours
- Status update: within 7 days
- Fix timeline: depends on severity and complexity
We ask that you:
- Give us reasonable time to investigate and fix the issue
- Avoid public disclosure until a fix is available
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
This project explores concepts such as Esteganografia and distributed storage across public platforms.
Relevant vulnerabilities include (but are not limited to):
- Data leakage
- Weak encryption or key derivation
- Predictable seed generation
- Detectable encoding patterns
- Reconstruction attacks
- Platform-specific weaknesses
- Issues caused by third-party platforms (e.g., account bans, content removal)
- Misuse of the tool
- Violations of platform Terms of Service
Echo is designed under the assumption of a hostile environment.
If you find a way to:
- detect stored data,
- reconstruct it without authorization,
- or break its guarantees,
we definitely want to know.