Learn the words

Security writing loves words that keep people out. Here are the ones that matter for YGOOW, in plain language — and, for each, what it actually means for you.

Metadata

The data around your message rather than its content: who, when, how often, how big. You can encrypt every word and still leak everything through metadata. For you: YGOOW’s relay stores no “who talks to whom”, and Tor hides “from where”. What remains — that some traffic exists, with a timing and a size — we name openly in the whitepaper.

End-to-end encryption (E2E)

Only the people at the two ends can read the message; nothing in the middle — not the network, not the server — can. For you: the relay carries sealed blocks it cannot open.

Forward secrecy

If your keys are stolen today, messages you sent yesterday stay unreadable — because the key that sealed them was used once and erased. For you: a later compromise does not reach back into your history.

Post-compromise security (PCS)

The other direction in time: after a compromise, can a conversation heal so future messages become safe again? Only by mixing in fresh secret material the attacker never saw. For you, honestly: YGOOW’s locked-content modes do not depend on this — their secrecy lives in a key the channel never holds, so a seized channel still cannot read the content. We do not pretend PCS is free or automatic everywhere.

Tor and onion services

Tor routes your connection through several independent relays, each peeling one layer, so no single point sees both who you are and what you reach. An onion service is a server that lives inside that network — you reach it without ever learning, or revealing, an ordinary IP address. For you: on by default, so the server never learns your address.

Entropy

A measure of how unguessable a secret is. A coin flip is 1 bit; a strong passphrase is 60+ bits; a public photo anyone can download is close to none. For you: YGOOW measures the real entropy of whatever key you pick and tells you the truth about it — because “your key is anything” does not mean “anything is a good key”.

KDF / Argon2id

A key derivation function turns a human secret into a cryptographic key. Argon2id is a deliberately slow, memory-hungry one, so guessing a billion passwords costs a billion times the pain. For you: weak secrets are stretched before use, buying back some of the strength a short password lacks.

Quorum (Shamir’s Secret Sharing)

A secret split into N shares so that any K of them rebuild it, and any K−1 reveal nothing. For you: a message that only opens when K of N people combine their keys — one infiltrator with one share learns nothing.

“No oracle”

An oracle is any signal that tells an attacker whether a guess was warm — an error message, a key hint, a different kind of failure. For you: a wrong key, a missing key, and a message never meant for you all produce the same locked block. Nothing to ask, nothing to learn. The long version is in “no oracle”.

Deniability

Not being able to prove what something was — or that it was anything at all. For you: because the same room can be text to one person and a lock to another, you cannot be made to prove which a given block was.

Threat model

The honest list of who you are defending against, and what you are not. A security claim without a threat model is marketing. For you: ours fits on one page — the trust model.

Your key, your rules — everything else is redacted.