Security

Security at Blackhole

WireGuard is the most audited, most reviewed VPN protocol in existence. We build on that foundation and add zero-trust networking on top.

WireGuard Encryption

All mesh traffic uses WireGuard — Curve25519, ChaCha20-Poly1305, BLAKE2s. No legacy ciphers.

Encryption at Rest

All stored data encrypted with AES-256. Private keys never leave your device.

Zero Trust Networking

Each device has a unique Ed25519 keypair. No device can impersonate another.

No Logs Policy

We do not log your traffic. Coordination metadata is minimal and short-lived.

Regular Audits

Quarterly security audits and annual penetration tests.

Vulnerability Response

24-hour initial response SLA for critical issues. Public post-mortems.

Responsible Disclosure

We welcome responsible security researchers. Report vulnerabilities privately before public disclosure. 24-hour initial response, public post-mortems for significant issues.

Contact: security@blackholemesh.dev

Response SLA: 24h critical, 72h high

Terms Privacy