Home / Security
Security model
Axion is built on a simple premise: your messages, your keys, your identity. This page explains, in plain language, what we encrypt, what we never see, and what we publish for independent review. Audit-grade detail under signed NDA on request.
Encryption guarantees
- End-to-end encryption is the default on every direct chat, group chat, and call. We use the Matrix Megolm/Olm protocol stack (Double Ratchet + Megolm group ratchet) for messages, and end-to-end encrypted SFU for calls via LiveKit.
- Server cannot read message content. Our Synapse homeserver stores ciphertext only. Even with full server compromise, an attacker recovers no plaintext for E2EE rooms.
- Forward secrecy & post-compromise security. Keys rotate per-message via Double Ratchet; group keys rotate on membership change. Past sessions stay readable to participants but not to a future attacker.
- Cross-signing & device verification. Users verify devices with QR codes or emoji SAS; cross-signed identity keys are protected by a recovery secret that the server never sees.
Identity
- No phone number required. Sign up with a username and recovery secret; no MSISDN, no SIM, no carrier metadata.
- No real-name policy. Pseudonyms are first-class. Display names are user-chosen.
- Federated. Your identity is
@you:axionchat.chatby default but the protocol is open Matrix — talk to users on any federated homeserver, including your own. - Anonymous quickstart available — see the homepage flow. No email, no phone, 192-bit auto-generated password.
Transport
- TLS 1.2/1.3 only. Weak ciphers refused. HSTS preload, two-year max-age, includeSubDomains.
- Onion-Location header set. Tor users are advertised the v3 hidden service automatically:
ucywlekgn744zex3rvb4dlpypywjdsf5kfaic7iyzi7zvkhphlw4lgqd.onion. - Tight CSP on the landing surface (
script-src 'self', no inline scripts, no external trackers). - Cloudflare in front for edge caching, WAF, and DDoS — but Cloudflare cannot read E2EE content, only TLS metadata.
What the server sees
Even though message content is encrypted, the homeserver inherently sees certain metadata to route traffic:
| Visible to the server | Not visible |
|---|---|
| Account existence and federation server | Message text, files, audio, video |
| Approximate message timing | Recipient identity within E2EE group calls |
| Room membership | Call participants beyond admission control |
| Connection IP (unless via Tor) | Cryptographic key material |
We minimise what we log from this metadata. See the Privacy Policy for retention and processing details.
Disclosure programme
Axion participates in the Aevrix Group vulnerability disclosure programme. Researchers acting in good faith have full safe harbour. See /vrp/ for Axion-specific scope and the Aevrix policy page for the canonical version.
Direct contact: security@axionchat.chat.
Threat model
We design for these adversaries:
- Passive network observer — sees only ciphertext + minimal metadata. Defended.
- Active network adversary — cannot MITM TLS (HSTS preload + CT) or downgrade E2EE (cross-signing detection). Defended.
- Compromised homeserver — recovers no plaintext for E2EE rooms. Defended.
- Compromised endpoint — game over for that user, like any messenger. Out of scope; we recommend hardware-backed device security and disk encryption.
- Forced legal demand — we publish counts at /transparency/ and a warrant canary.
Related
- Vulnerability reporting & scope
- Technical architecture
- Transparency report & warrant canary
- Incident history
- Privacy policy
- security.txt
Direct line: security@axionchat.chat