What Datamorpho aims to protect
- controlled disclosure of hidden states
- clear separation between public declaration and private reconstruction
- state-specific reconstruction semantics
- attack-cost increase through structure and layout strategy
Datamorpho is a security-oriented protocol project, but it does not claim magical invulnerability. This page explains what the project is trying to protect, what remains out of scope, and how to report issues responsibly.
When the public create and reconstruct tools go live in browser form, Datamorpho.io will clearly disclose that successful demo-tool use may log original file hashes, result file hashes, and reconstruction objects for security and abuse-response reasons. Users who need privacy should run the open-source tooling locally instead of using the public demo.
Use public GitHub issues or discussions for non-sensitive problems such as wording errors, specification clarity problems, implementation bugs without security sensitivity, documentation fixes, and example inconsistencies.
Report potentially sensitive issues privately by email when public disclosure would create meaningful risk, such as exploitable implementation flaws, unsafe reconstruction handling, or severe cryptographic misuse in live tooling.
For security-sensitive reports, contact g@evvm.org. Include a clear description of the issue, affected component, reproduction steps if possible, and why you believe the issue should be handled privately first.
When the public create and reconstruct tools go live in browser form, Datamorpho.io will clearly disclose that successful demo-tool use may log original file hashes, result file hashes, and reconstruction objects for security and abuse-response reasons. Users who need privacy should run the open-source tooling locally instead of using the public demo.
Datamorpho should be understood as a layered resistance architecture. It is strongest when the protocol, tooling, examples, operational handling, and cryptographic decisions are all treated seriously instead of relying on any one mechanism alone.
The project is still in its first public specification and tooling phase. Early implementations should be treated carefully and reviewed critically. Correctness, clear semantics, and public review matter more right now than feature breadth.