Buy TET
Secure By Design
Tetrix aims to be a truly decentralized communication tool – eventually removing all third parties and minimizing the attack vectors for malicious actors.
The true benefit of Web3 is the ability to transact and communicate on our own terms – without middle men. In order to enjoy this type of free communication, we must be confident that our messages, transactions, identities, and funds are safe and secure. Learn more about Tetrix' approach to security below.
Secure Messaging at Tetrix
Secure
Messaging
Messages are not censored, blocked, and they remain pseudo-anonymous if the user chooses so. Only intended recipients are able to view messages.
Secure Financial
Transactions
Sending, storing, and receiving cryptocurrencies or tokens within the Pitaka is safe from attack. Private keys are never exposed. Transactions are only processed when initiated and confirmed by the owner of the private keys.
Secure
Browsing
When browsing Web3, end user data and browsing information is not accessible by any third parties without consent. Any transactions made while using the Tetrix browser implement the same security standards and best practices used in the Pitaka.
Secure Identity
Your identity in Tetrix starts with a locally generated cryptographic keypair, which is then protected via a password. That's all that is required. The user then has the ability to add information to their profile to build up who they are in Tetrix. At all times the user has full control over their information, and who has access to it. The end user can be as public or private as they want.
Peer-to-Peer Messaging Protocol
Tetrix uses the Waku protocol for peer-to-peer (p2p) communication. Waku relies on a network of peers to route messages to each other. Each message sent is broadcast to the entire network, and encrypted for only the intended recipient to open. By removing centralize choke points, the content of your messages and the metadata remain your own. However, Tetrix and Waku are not entirely peer-to-peer yet as mailservers are used to manage messages when a peer is offline. A Waku mailserver is a Waku extension that stores messages and delivers them when the peer comes back online.
End-to-End Encryption by Default
All private messages sent in Tetrix are encrypted end-to-end by default. When you create a Tetrix account, a cryptographic keypair is generated to encrypt your messages and stored locally on your device. When you add a new contact in Tetrix, you exchange public keys so that that person can decrypt your messages when received over the network.
Perfect Forward Secrecy
PFS is a feature of specific key-agreement protocols which provide assurances that your session keys will not be compromised even if the private keys of the participants are compromised. Specifically, past messages cannot be decrypted by a third-party who manages to get a hold of a private key. It builds on the X3DH and Double Ratchet specifications from Open Whisper Systems, with some adaptations to operate in a decentralized environment. Perfect Forward Secrecy is an added layer of security for all of your 1:1 private chats.
Pseudo-Anonymous Account Generation
When you create a new account on Tetrix, you will never be asked for third party verification such as an email or phone number. This means you can sign up for and create a Tetrix account and remain pseudo-anonymous. When you create an account, it is simply you and your keys. This also means that two factor authentication and password recovery are not features within Tetrix - so be sure to remember your password and mnemonic phrase and store them offline somewhere extremely safe.
Secure Browsing
The Tetrix browser is designed to keep the end user informed and their funds safe. Browser Privacy mode is enabled by default. This means that DApps will be required to ask permission before connecting to your wallet, and it may cause some DApps to break (if they are not compatible with this security measure). Finally, the Tetrix browser implements EIP712 which aims to improve the usability of off-chain message signing for use on-chain. We are seeing growing adoption of off-chain message signing as it saves gas and reduces the number of transactions on the blockchain. Currently signed messages are an opaque hex string displayed to the user with little context about the items that make up the message.
How does Tetrix protect my cryptocurrency?
Tetrix is built with a non-custodial wallet, giving you full control over your funds without the use of a server. The private keys are stored in an encrypted manner on your device. Your money is under your control, and cannot be accessed by anyone without the private key. Therefore, if you lose your mnemonic phrase, you will never be able to restore access to your funds. So keep your private keys somewhere safely offline.
Signing Phrase to protect from phishing attacks
Tetrix implements a signing phrase required to confirm and “sign” all transactions. The signing phrase is a 3 word phrase randomly generated for you and stored locally on your device that is presented each time you attempt to send a transaction. You will be presented your signing phrase and be required to accept it before a transaction will be confirmed. If you do not recognize your three words, or are not presented with the three words at all, cancel the transaction, log out of Tetrix and report the issue to security@tetrix.xyz
Rigorous Auditing
As we reach major milestones in development, after rounds of internal review and auditing, we reach out to industry leading, third-party auditing firms to verify our sanity, and double/triple check the work that we do. These security audits are not guarantees of security in the projects they pertain to. They are additional checks from objective third parties to help bolster confidence in the security of intended functionality.
For information and details on all external audits, please see the security repository.
If you find a bug or vulnerability in our code, please report it to security@tetrix.xyz.
Educate yourself to stay safe
Decentralized, serverless products such as Tetrix remove a number of unnecessary intermediaries, enabling you to chat, transact, and browse without fear of surveillance, censorship, and data leakage. This is because you are in control of your data and your own digital safety. Therefore, it is important you understand how to protect yourself. Learn more about how to stay safe with this Tetrix Security Best Practice Guide.
Security Support
We're here to help. If you have any questions or concerns about security, send an email to security@tetrix.xyz or reach out to us in the Tetrix Security Public Channel #tetrix-security.
Bug Bounty Program
If you are a security researcher or developer and want to report a vulnerability, please contact security@tetrix.xyz regarding the Tetrix Bug Bounty Program. We also have a campaign with HackerOne, a bug bounty program that incentivizes hackers to look at projects. We're actively ramping up our private campaign, and will open it to public disclosures soon! For more information on the Bug Bounty Program, please contact security@tetrix.xyz.
Beta Audit
Protect Yourself
Tetrix is built with state of the art technology to ensure the product is a secure as possible. When it comes to navigating Web3, you are in control. See our list of security best practices and take control.
