Secret is founded on the principle that people can be more authentic, empathetic and self-aware among friends, notably when identity is removed. It's a new and interesting problem that we've set out to solve. However, all technology contains bugs, and we believe security is most effective if we work together.
Secret values the work done by researchers in identifying anything that may have been overlooked. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities and will make every effort to quickly correct any vulnerability. We encourage the community to participate in our responsible reporting process.
- Make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our services
- Do not access or modify data that does not belong to you
- Do not make any information public until the issue has been resolved
- If you are wanting to flood our servers with requests, please let us know first at firstname.lastname@example.org.
While we're interested in hearing about any issue you believe may negatively impact your experience with Secret, issues that may threaten an individual's anonymity are taken most seriously.
We aim to respond swiftly (less than 15 hours, but usually far faster) to any and all reported vulnerabilities.
At this point, we just want to work with great people and learn from others. We will send gifts to those that help. Furry, stuffed fox anybody?
Having said that, there are more generous and sizable rewards for any vulnerabilities that might lead to the de-anonymization of other users.
We believe in being transparent with how our service protect your privacy. Please take a moment to review some of our core components. https://medium.com/secret-den/12ab82fda29f