Your keys never leave your device.
Keys are generated in your browser using libsodium. They are encrypted with a password you choose (Argon2id + XSalsa20-Poly1305) before being stored. No Morphit server ever sees them.
Security posture
What we promise, and what that means for you.
Zero tracking, zero logging.
No cookies. No analytics. No third-party scripts. No IP logging. No telemetry. If you look at the Network tab in your browser, every request goes to Morphit and nowhere else.
Chat is end-to-end encrypted.
Every message uses X25519 key agreement plus ChaCha20-Poly1305 authenticated encryption (libsodium primitives) with a fresh ephemeral key per message. Plaintext exists only inside your browser and your trading partner's browser. Morphit's servers, the underlying chain, and anyone in between see only ciphertext. The full protocol — including the deliberate tradeoffs we accept (no per-message forward secrecy) — is in docs/adr/0015-chat-crypto.md.
Reproducible builds.
Every release is tagged; every asset is fingerprinted; SRI protects every script. You can rebuild from source and compare — we publish the hashes alongside each release.
Open-source, open threat model.
The full threat model is in the repo's docs/SECURITY.md. We're explicit about what we protect against and what we don't — because pretending otherwise would be worse than honesty.
Bug bounty program
We run a discretionary security recognition program. Every actionable finding gets reviewed by a real engineer, gets an answer, and — if it materially improves Morphit's security posture — gets rewarded in BLURT (paid from @morphit-fees) or BTC, scaled to severity and the report's quality. No fixed tier table; case-by-case adjudication. Hall of fame credit available even when payment isn't. The full scope, severity guidance, payment workflow, and what we won't do (no NDA, no exclusive disclosure) is documented in SECURITY.md.
Warrant canary
We publish a weekly warrant canary signed with the operator's PGP key. The canary explicitly declares no NSL / FISA / gag-order / backdoor demand has been served. Freshness proofs include a current Blurt chain head, a current Bitcoin chain head, and a current news headline (proves the canary cannot be pre-generated). If the canary stops updating for more than 14 days, treat it as silent: the operator may be under coercive pressure, and you should switch to a different federated operator.