Security & Privacy

Enterprise-grade security architecture protecting your identity and votes

100% Open Source & Verifiable

Forum is built on transparency. Every line of code, every smart contract, and every cryptographic proof is open source and publicly auditable. We believe trust comes from verification, not promises.

View Source Code on GitHub Audit Smart Contracts

Continuous Review

Community-driven code review

Public Audits

All security audits published

Verifiable Builds

Reproducible from source

Security at a Glance

100%

Open Source

256-bit

Encryption

Zero

Data Breaches

Public

Audit Reports

Core Security Principles

Device-Only Processing

All sensitive data processing happens exclusively on your device. Passport photos, biometric templates, and personal information never leave your phone.

Local NFC chip reading

On-device biometric processing

Client-side zero-knowledge proof generation

Zero-Knowledge Architecture

Prove your eligibility to vote without revealing any personal information. Advanced cryptographic circuits ensure complete anonymity.

Plonk proof system

Anonymous credential verification

Unlinkable vote receipts

Cryptographic Security

Encryption Standards

AES-256 for data at rest • TLS 1.3 for data in transit • ECDSA for digital signatures • Poseidon hash for ZK circuits

Key Management

Hardware security modules • Secure key derivation (BIP-32) • Multi-signature wallets • Regular key rotation

Zero-Knowledge Proofs

Groth16 & Plonk circuits • Trusted setup verification • Circuit constraint validation • Proof aggregation

Infrastructure Security

Blockchain Security

Ethereum Layer 2 deployment • Immutable smart contracts • Consensus mechanism protection • MEV protection

Network Security

DDoS protection • Rate limiting • Geographic distribution • CDN security

Operational Security

24/7 monitoring • Incident response team • Regular security audits • Penetration testing

Privacy Protection

Data Minimization

Only necessary data collected • Automatic data purging • Pseudonymization techniques • Privacy by design

Anonymous Voting

Vote-identity unlinkability • Mixing networks • Temporal decorrelation • Metadata protection

Threat Model & Mitigations

Potential Threats

Sybil Attacks

Malicious actors creating multiple fake identities

Vote Buying

External parties attempting to purchase votes

Coercion

Forcing voters to vote in specific ways

State Attacks

Government surveillance or intervention

Our Mitigations

Social Graph Verification

2-of-3 vouching prevents mass fake account creation

Anonymous Receipt System

No way to prove how you voted to third parties

Zero-Knowledge Privacy

Impossible to link votes to specific individuals

Decentralized Architecture

No central point of failure or control

Verify Everything

Don't trust, verify. All our code is open for inspection, from the mobile app to smart contracts. Check our implementations, review our cryptography, and validate our security claims yourself.

Mobile App Source Code Zero-Knowledge Circuits Smart Contracts

Community Verified

Our growing community of developers and security researchers continuously review our code. Join our contributors who help make Forum more secure every day. Every commit is reviewed, every change is tracked, and every security concern is addressed transparently on GitHub.

Security Contact

Found a security issue? Please report it responsibly to our security team.

Email: security@forum.online

Encrypted communication available

Response Time: Within 24 hours

Forum

Forum voting platform built on Ethereum Layer 2