v0.1 // ENCRYPTED OFFSITE PROTOCOL
STORE / ROUTE / PAY
Backups nobody can read — not us, not your ISP, not anyone who breaks in, not a future owner of this company.
// PROTOCOL_LAYERS
Stacked privacy. Each layer fails closed.
RESTIC // crypt
AES-256 + Poly1305 client-side. Keys never leave your device. The blob is encrypted on your machine. Server only ever holds opaque ciphertext — wherever the operator parks the bits is irrelevant, they cannot decrypt them.
TOR // ghost
Onion-routed transport. Three hops between you and us. Origin IP unknowable on both sides.
mTLS // ident
Your client cert is your account. SHA256 of the cert is your only ID. No password, no email, no recovery flow. Lose the cert, lose the archive.
XMR // settle
Pay-as-you-go in Monero. Balance burns down as you push bytes. Top up when needed. No subscription, no invoice trail. Subaddress per client, stealth addresses, ring signatures — the chain forgets who paid.
// THREAT_VECTORS
What we are designed to survive.
| VECTOR | STATUS |
|---|---|
| Network observer (ISP / transit) | CONTAINED — tor + tls |
| Server compromise | CONTAINED — ciphertext only |
| Disk seizure | CONTAINED — opaque blobs, no keys |
| Insider with admin access | CONTAINED — no keys, no plaintext, no PII to leak |
| Loss of your client cert | FATAL — archive lost |
| Loss of your passphrase | FATAL — data lost |
// DEPLOY
JACK_IN.
Open source. Reproducible builds. Zero PII, zero analytics, zero phone-home.