Staying Safe Online

• Incognito / Private Browsing does NOT make you anonymous. It only clears your local browser history and cookies after the session. Your ISP, employer, the websites you visit, and anyone monitoring the network can still see everything you do. Your IP address is fully visible. It's like closing the curtains but leaving the front door open.
• A VPN does NOT make you anonymous. It moves your trust from your ISP to the VPN provider. If your VPN provider logs traffic (most do, despite claiming otherwise), you've gained nothing. Free VPNs are worse — you're the product. A VPN hides your traffic from your ISP but the VPN company sees everything instead.
• "I have nothing to hide" is not a security strategy. Everyone has something worth protecting — bank details, medical records, private conversations, political views, location patterns. Privacy isn't about hiding wrongdoing. It's about controlling who knows what about you.
• Deleting a message doesn't delete it. Screenshots exist. Forwarding exists. Server backups exist (on other platforms — not HyveHeim). Once you send something, assume it can't be unsent. Disappearing messages help, but they're not a guarantee if the recipient has a camera.
• End-to-end encryption doesn't protect your screen. If someone is looking over your shoulder, has installed a screen recorder, or has accessibility service access to your phone — encryption is irrelevant. They see what you see.
• Tor is not perfect. Exit nodes can monitor unencrypted (non-HTTPS) traffic. Browser fingerprinting can potentially identify you across sessions. Some websites block Tor. Timing analysis by a well-resourced observer can correlate entry and exit traffic. It's the best tool available, but it's not magic.
• Your phone knows more about you than you think. Location history, app usage patterns, WiFi networks you've connected to, Bluetooth devices nearby, accelerometer data (can infer what you're typing), and the microphone. Even with HyveHeim's protections, the device itself is a surveillance platform unless you take steps to harden it (see GrapheneOS below).

• Use strong, unique passwords — 12+ characters, mix of upper/lower/numbers/symbols. Never reuse passwords across services. Consider a password manager (Bitwarden is open source).
• Enable app lock — Set a PIN or biometric lock in HyveHeim. Your messages are encrypted at rest, but only if the app is locked.
• Save your recovery key — Write down your HYVE-XXXX-XXXX-XXXX-XXXX recovery key and store it offline. If you lose your password, this is the only way back in.
• Don't share screenshots — Screenshots of conversations can be forwarded. If someone sends you a screenshot of a chat, assume the entire conversation is compromised.
• Be careful with public WiFi — Open networks can intercept traffic. Use the Tor transport mode in HyveHeim or a VPN when on public WiFi.
• Use a privacy-focused keyboard — Your keyboard sees everything you type. We recommend HeliBoard (open source, no internet permission, no data collection). Google Keyboard (Gboard) sends typing data to Google for "prediction improvement."
• Be cautious with shared media — Images and videos can contain hidden tracking data. HyveHeim strips metadata automatically, but media from public channels comes from anonymous users.
• Don't download files from unknown contacts — Even images can carry exploits. View them in the app's built-in viewer instead of saving to your device.
• Don't click links from unknown contacts — Links can fingerprint your device, reveal your IP, or install malware.
• Enable disappearing messages — For sensitive conversations, set messages to auto-delete after 24 hours.
• Keep your app updated — Security patches are released regularly.

• Enable Tor transport — Route your HyveHeim traffic through Tor. Your ISP will see Tor traffic but not that you're using HyveHeim. The app has an embedded Tor client — no external apps needed.
• Use self-hosted push notifications — Switch to UnifiedPush in settings. Notifications go through our server, not Google's. Google can't see when you receive messages.
• Disable read receipts and typing indicators — These leak your activity patterns. Turn them off in Settings → Security & Privacy.
• Use per-space identity — Different display name per group. Your Trusted contacts see your real name; Social contacts see a pseudonym.
• Don't use the web chat for sensitive conversations — The web browser can't provide screen protection, duress PIN, or embedded Tor. Use the mobile app.
• Consider a secondary phone — A dedicated device for HyveHeim reduces the risk of cross-app data leakage.
• Disable cloud backups — Google Backup and iCloud can access your device storage. Disable them for the HyveHeim app or entirely.
• Review installed apps — Apps with accessibility permissions can read your screen. Audit your installed apps regularly.
• Use trust zones — Compartmentalise contacts: Trusted for family and close friends, Social for internet contacts. Different privacy rules apply to each zone — calls are only available in Trusted, and Social contacts see a pseudonym instead of your real username.

• Enable Maximum security profile — This activates all protections: Tor-only transport, disabled read receipts, maximum chaff traffic, screen security.
• Use Tor transport ALWAYS — Never connect on clearnet. Even brief clearnet connections reveal your IP to the server.
• Enable duress PIN — A secondary PIN that wipes all app data when entered under coercion. Set it in Settings → Security.
• Disable all notifications or use WebSocket-only — Push notifications create metadata trails. WebSocket-only mode means no push infrastructure is involved.
• Don't use biometric unlock — Fingerprints and face scans can be forced. Use a PIN only. The randomized PIN pad in HyveHeim defeats shoulder-surfing cameras.
• Assume your phone is compromised — Use disappearing messages for everything. Set the shortest timer that's practical.
• Use the BLE mesh — For local communication when internet is unavailable or monitored. The mesh works peer-to-peer via Bluetooth.
• Review your device security audit — Open Profile → Device Security Audit in the app. Fix any critical findings before using the app for sensitive communications. The scanner checks for accessibility service keyloggers, screen overlays, root access, USB debugging, and unsafe keyboards.
• Physical security — Don't leave your phone unattended. Use a screen privacy filter. Be aware of cameras.
• If crossing a border — Factory reset the phone before crossing. Reinstall HyveHeim and log in after you're through. Your messages auto-delete from the server within 48 hours. After a factory reset, you start fresh — there's nothing to find on either the device or the server.
• Don't store contacts under real names — Use code names or initials in the Social trust zone.

Note on Kali Linux / Kali NetHunter

Kali is a penetration testing distribution, not a privacy OS. It's designed for offensive security, not defensive use. The mobile version (NetHunter) had reliability issues and the project's status has been inconsistent. We don't recommend it for daily use or as a primary device OS. If you need mobile pen-testing tools, use them on a secondary device.

• Use I2P transport — Multi-layered routing, harder to trace than Tor. I2P traffic is less recognisable to deep packet inspection than Tor. The app embeds an I2P client.
• Enable screen security — FLAG_SECURE prevents screenshots and screen recording by other apps. Turn on in Settings → Security.
• Use the randomized PIN pad — Key positions change every time, defeating shoulder-surfing cameras and pattern recognition.
• Dedicated device — No other apps, no personal accounts, no SIM card (WiFi only through Tor). A used Pixel phone with GrapheneOS is ideal.
• Faraday bag — When the phone is off, store it in a Faraday bag to prevent remote activation of radios. Available for under $20.
• Route ALL traffic through Tor — Not just HyveHeim. Use Orbot (system-wide Tor proxy) or a Tor-enabled VPN for everything.
• Verify safety numbers in person — Before trusting a contact with sensitive information, verify their safety number face-to-face. This confirms you're talking to who you think you are, not an impersonator.
• Use code words — For sensitive topics, agree on code words in advance during in-person meetings. Never discuss the code system digitally.
• Operational security (OpSec) — Compartmentalize your life. The person who buys the phone is not the person who uses HyveHeim. Pay cash. Don't register the device to your name.
• Memorize your recovery key — Don't write it down. Use a mnemonic technique. A written recovery key is a liability if your space is searched.
• Enable auto-wipe — Set the app to wipe after N failed PIN attempts. 5 attempts is recommended.
• Consider dead drops for key exchange — For initial contact setup, physical dead drops (USB drives in agreed locations) avoid any digital trail. HyveHeim's invite system is designed for this — create the invite link on one device, transfer via USB, accept on another device that has never been on the same network.

What HyveHeim does for you automatically

These protections are always active regardless of your security profile. You don't need to configure them.

• End-to-end encryption — X25519 + AES-256-GCM for all private messages
• Post-quantum protection — ML-KEM-768 hybrid key exchange
• Forward secrecy — MLS TreeKEM group key rotation
• Dead drop routing — Rotating opaque channel addresses
• Phantom sender tokens — One-time anonymous send credentials
• Message padding — Fixed-size buckets hide content length
• Blinded membership — Server can't link users to groups
• Zero-knowledge server — Server never sees message content, sender identity, or social graph
• No logging — Server stores zero request logs, IP addresses, or activity data
• Blockchain verification — DAG-based membership verification works even if the server is compromised or offline

What We Store — Complete Transparency

This is everything our server stores. No exceptions, no hidden databases, no "metadata we forgot to mention."

What we store temporarily

What we store permanently

What we NEVER store

• Message content (encrypted in transit, auto-deleted within 48h)
• Who sent a message (phantom tokens + dead drops)
• Who is in which group (blinded membership)
• IP addresses (stripped at the network edge, never forwarded to any service)
• Request logs (disabled entirely — no access logs, no error logs)
• Read receipts or typing indicators (relay-only, never stored)
• Who read what message
• Who viewed whose story
• Activity timestamps with precision (quantized to weekly)
• Social graph or contact lists
• Location data
• Device identifiers
• Analytics, telemetry, or crash reports