1.7 KiB
| title | sidebar_position |
|---|---|
| Security | 50 |
Application Security
Open Technology Funds’s Security Lab partner Assured Security Consultants performed a white box audit of Link between October 7 and October 22, 2024. A white box audit provides the tester with privileged access to the source code, testing infrastructure, and documentation. The audit included the Link application itself, its integrations with chat networks Signal and WhatsApp, as well as the deployment and hosting infrastructure underlying a typical Link instance. Auditors performed a verification test in December 2025 to validate fixes and mitigations in response to the original test.
Infrastructure Security
Our Link instances run on SR2's vetted-access cloud, which in turn is hosted on servers rented from Hetzner Online GmbH. The datacenter runs on 100% green electricity and has stringent security measures in place to prevent unauthorised access. Hetzner holds an ISO 27001 certification relating to the security measures in place, and there are no exclusions from the scope in regard to measures mentioned in Annex A.
SR2 exclusively and manages the servers from Scotland via mutually authenticated, end-to-end encrypted channels. All CDR Link helpdesk data is stored on a LUKS-encrypted volume with a per-instance key to protect the data at rest. Hetzner staff have physical server access, but strict controls are in place to prevent unauthorised access.