Безопасность Anonymaze
Обновлено: April 28, 2026
How we keep your data private — by removing as much of the trust surface as we can. The desktop app processes everything offline on your Mac. The online demo encrypts in transit, processes in memory, and writes nothing to disk. This page documents the threat model, audit history, and how to report a vulnerability.
Threat model
Anonymaze is designed around one assumption: every byte of your document is sensitive. We treat the user's text content as a hot potato and minimise the time, surface, and number of components that ever touch it.
We protect against three classes of failure: passive observers on the network (mitigated by TLS 1.3 and the desktop offline path), accidental retention by us (mitigated by zero-storage architecture and in-memory-only processing), and dependency compromise (mitigated by pinning open-source NLP libraries we don't modify, plus dependency audits).
We do NOT claim protection against: a compromised endpoint device (if your Mac is rooted, no app can save you); side-channel attacks on the AI service you paste anonymized text into (that is the AI vendor's responsibility); or attacks where the user uploads the wrong file. The point of Anonymaze is to make the right choice the easy choice.
Data flow
Desktop (offline)
User selects a file → SwiftUI front-end reads it from disk → spawns a local Python NLP subprocess via Process + Pipe → subprocess returns JSON to stdout → SwiftUI renders the result.
No network calls are made during processing. The only outbound traffic the desktop app ever generates is (a) the Sparkle update check (transmits app version + macOS version, no document data), and (b) opt-in license validation for paid tiers (transmits license key + hashed device ID, no document data).
We verify this two ways: (1) we read the Swift sources in `desktop-macos/` and the Python sources in `python_engine/` — neither imports an HTTP client beyond the update + license paths; (2) we run the app under Little Snitch / Network Monitor with a non-trivial document and observe zero connections during anonymisation.
Online demo
Browser → POST /api/v1/anonymize/text (TLS 1.3) → FastAPI in-memory handler → fresh Anonymizer instance per request (no shared state) → JSON response → browser renders.
Server-side: the request body is processed in memory only — no disk write, no database insert, no log entry of body content. The response is returned, the worker recycles, and the request lifetime ends. We log only method, path, status code, and elapsed milliseconds.
Rate-limited to 5 requests / minute / IP via slowapi. IP addresses in logs are hashed (SHA-256, first 16 hex chars) — non-reversible. Server logs are retained 30 days.
Encryption posture
| In transit (online demo) | TLS 1.3 |
|---|---|
| At rest (server) | No persistent storage of submitted text — nothing to encrypt |
| Server logs | Anonymized IP (SHA-256, first 16 hex), 30-day retention |
| Authentication | bcrypt for passwords, JWT (HS256, 24 h expiry) for sessions |
| Payments | Stripe Checkout (PCI DSS Level 1) — we never see card numbers |
| Webhooks | Stripe signature verified via stripe.Webhook.construct_event |
| Desktop (offline) | Client-side only. No data leaves the device. |
App Sandbox status
The macOS app is currently distributed as a Developer ID-signed and Apple-notarized DMG. The full App Sandbox (the OS-enforced entitlement system used by Mac App Store apps) is on the post-MVP roadmap — it requires reworking how the bundled Python subprocess is spawned and how user-selected files are read, neither of which adds security value at this stage of the product.
Today's posture is therefore: code-reviewed clean (every file the app reads is selected by the user via NSOpenPanel; every subprocess it spawns is the bundled Python engine; no scripted file enumeration outside user choice), with OS-enforced sandboxing tracked under the `MAS-SANDBOX` epic for v1.x.
What “100% offline” means precisely
When we say the desktop app is offline, we mean: zero outbound HTTP requests originate from the document-processing path. We verify this by source review of the two repos that comprise the desktop product — `desktop-macos/` (Swift UI shell) and `python_engine/` (NLP subprocess). Neither imports a network client in the path between “user drops file” and “user sees anonymised result.”
Two ancillary network paths exist and are documented: Sparkle update checks (you can disable them in Settings) and license-key validation (only fires when a paid license is activated, and never includes document content). Both are off by default in the closed-beta build.
Audit history
| Date | Scope | Finding |
|---|---|---|
| 2026-04-12 | Backend security baseline (request logging, temp files, memory isolation, headers, rate-limit, auth, payments, retention, CORS, deps) | Pass — internal security audit. HSTS to be set at proxy level for production. |
| 2026-04-28 | Internal review by PM + frontend + nlp agents prior to docs-portal publication | Clean — no unresolved high or critical findings. |
Responsible disclosure
If you believe you have found a security vulnerability in Anonymaze, please do not file it as a public GitHub issue. Email us first and we will work with you to confirm, triage, and fix the issue, and to coordinate disclosure timing.
We commit to a 90-day disclosure window: we will respond within 5 business days, and unless you tell us otherwise we will publicly credit you in the audit-history table once a fix is shipped.
Email: security@anonymaze.ai
PGP key: published shortly. Until then, please use TLS-encrypted email to security@anonymaze.ai.