惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

AI
AI
WordPress大学
WordPress大学
博客园 - 聂微东
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
V
V2EX
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
V
Visual Studio Blog
The GitHub Blog
The GitHub Blog
IT之家
IT之家
D
Docker
M
MIT News - Artificial intelligence
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
博客园_首页
Y
Y Combinator Blog
F
Full Disclosure
Microsoft Security Blog
Microsoft Security Blog
月光博客
月光博客
C
CXSECURITY Database RSS Feed - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
Vercel News
Vercel News
T
Threat Research - Cisco Blogs
T
Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
L
LINUX DO - 热门话题
T
The Exploit Database - CXSecurity.com
N
Netflix TechBlog - Medium
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
爱范儿
爱范儿
Cisco Talos Blog
Cisco Talos Blog
博客园 - 叶小钗
Latest news
Latest news
C
Check Point Blog
阮一峰的网络日志
阮一峰的网络日志
博客园 - Franky
P
Privacy International News Feed
MyScale Blog
MyScale Blog
Project Zero
Project Zero
Simon Willison's Weblog
Simon Willison's Weblog

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
Marketing Claim Audit — Phantom Chat by Veilus Digital
VeilusDigita · 2026-06-20 · via Hacker News: Show HN

This document maps every technical claim made on veilusdigital.co and inside the iOS app to the specific Swift source file that implements it. Each row reflects what the code actually does — not what marketing copy aspires to. Where a claim is partial or unimplemented, that is noted explicitly. The goal is to make this product easy to fact-check before you write or record about it.

On line numbers: the line references below were accurate when re-verified on the date above. Line numbers drift as code evolves — the file name + symbol/function name is the durable reference. If a line has moved, search for the named symbol in that file. Happy to share the exact commit on request.

If anything here is unclear, contact support@veilusdigital.co and I'll walk through the relevant code or schedule a screen-share.


1. Cryptography

1.1 Post-Quantum Key Exchange (PQXDH / Hybrid Curve25519 + ML-KEM-768)

Claim Every new conversation uses NIST FIPS 203 ML-KEM-768 (Kyber) hybridised with classical Curve25519 — if either survives the next 20 years, messages stay safe.
Status ✅ Verified, executes on every new conversation. Not dead code.
Code path Phantom Chat/X3DHProtocol.swift:64-80 (Kyber-768 keypair generation, integrated into bundle)
Phantom Chat/X3DHProtocol.swift:161-191 (PQXDH hybrid is engaged for both initiator and responder)
Phantom Chat/X3DHProtocol.swift:182PQXDHHybrid.combine() merges classical X3DH with Kyber shared secret via HKDF
Phantom Chat/KeyStore.swift:329-352ensureKyberKey() generates and persists Kyber-768 keypairs (2400 bytes)
Note Implementation is custom Swift, not libsignal. The algorithms (X3DH, Double Ratchet, ML-KEM-768) are standard and publicly documented; the Swift code re-implements them rather than linking the Rust libsignal library.

1.2 Double Ratchet (Signal Protocol)

Claim Every message uses a fresh derived key, rotated automatically per message with a Diffie-Hellman ratchet step on conversation-direction change.
Status ✅ Verified — full implementation of all 5 algorithm components.
Code path Phantom Chat/DoubleRatchet.swift:20-33 (root key + send/receive chain keys + DH ratchet keys)
Phantom Chat/DoubleRatchet.swift:45-46 (skipped-message-keys dictionary for out-of-order delivery)
Phantom Chat/DoubleRatchet.swift:66-88 (encryptMessage() derives the next message key, advances send chain)
Phantom Chat/DoubleRatchet.swift:112-114 (performDHRatchet() step)
Phantom Chat/DoubleRatchet.swift:117-128 (skipped-keys path)

1.3 AES-256-GCM

Claim Messages and media are encrypted with AES-256-GCM.
Status ✅ Verified — used everywhere.
Code path Phantom Chat/DoubleRatchet.swift:71AES.GCM.seal() for message encryption
Phantom Chat/SecureMediaManager.swift:41AES.GCM.seal(data, using: key) for media
Phantom Chat/ChatAPI.swift:978, 1338AES.GCM.SealedBox for decrypt
Phantom Chat/VerificationStore.swift:388 — AES-GCM for stored fingerprint encryption

1.4 Hardware-Bound Identity (Secure Enclave)

Claim Long-term identity key generated inside the iPhone's Secure Enclave; private key never leaves hardware.
Status ✅ Verified — SE preferred on first launch.
Code path Phantom Chat/KeyStore.swift:40, 60, 78, 109SecureEnclave.P256.KeyAgreement.PrivateKey creation and persistence
Phantom Chat/KeyStore.swift:192 — biometric access control on SE key
Phantom Chat/KeyStore.swift:554-580createAndPersistSecureEnclaveKey() and loadSecureEnclaveKey() via SE blob
Caveat Falls back to software key only if the device does not have a Secure Enclave (older simulators, jailbroken devices missing SEP). Software fallback preserved for backward compatibility.

1.5 App Attest (Device Attestation)

Claim Server verifies that the connecting device is a real iPhone running unmodified Phantom Chat code.
Status ✅ Verified — wired end-to-end (client + server).
Code path Phantom Chat/AuthService.swift:329, 410-475AppAttestService instantiates DCAppAttestService.shared
Phantom Chat/AuthService.swift:469service.generateKey() called and cached
Phantom Chat/AuthService.swift:452, 475-485attestKey(keyID, clientDataHash:) + POST to verifyAppAttestKey Cloud Function
Phantom Chat/functions_index_consolidated.ts:1390-1410 — server-side attestation verification

2. Privacy & Anonymity

2.1 Anonymous Sign-up

Claim No phone number, email, real name, or personal information collected at sign-up. Username only.
Status ✅ Verified.
Code path Phantom Chat/AuthView.swift:6@State private var username: String = "" (the only signup field)
Phantom Chat/AuthView.swift:239-241 — signup collects only username, trims whitespace, calls viewModel.signIn(username: name)

2.2 What the Server Stores

Claim The server (Firebase/Firestore) holds only: username, public key bundle (keyBundle), push/FCM token, subscription status, and encrypted message ciphertext while it is in transit. It cannot read message content, contacts, or who you talk to.
Status ✅ Verified, with the two clarifications below.
Code path Phantom Chat/ChatAPI.swift:2820, 2835 — user doc: username + keyBundle written
Phantom Chat/EncryptedProfileStore.swift:82-92 — profile write
Phantom Chat/SignalSessionInitiationView.swift:281-282 — public keyBundle upload
Phantom Chat/IAPService.swift:263 — subscription status
Phantom Chat/firestore.rulesfcmTokens / fcm / tokens subcollections (push token)
Clarification 1 — the username is plaintext The username is stored as a plaintext field, because it is the routing address other people redeem an invite against. It is not encrypted. No phone number, email, or real name is stored anywhere (ChatAPI.swift:2820).
Clarification 2 — diagnostic probes are transient During connection setup the app writes a tiny probe doc to users/{uid}/diagProbes/ to measure write latency, then immediately deletes it in the same call (ChatAPI.swift:316-327). It contains only a server timestamp + the string "diag" — never user content.

2.2b Message Retention — How Long the Server Keeps Ciphertext

Claim Encrypted message ciphertext is removed from the server when its disappearing-message timer expires, or when the account / conversation is deleted.
Status ✅ Verified — and stated honestly: messages are not wiped the instant they're delivered.
What actually happens Ciphertext stays on the server until (a) the per-message expireAt timer fires, or (b) the user deletes their account or conversation. This is deliberate: Firestore re-delivers the message backlog to a device that was offline, which is exactly why the client keeps a persisted seenRemoteIDs dedup set (ChatAPI.swift:508, 608). Throughout, the payload stays end-to-end encrypted and unreadable by the server.
Code path expireAt set on send: Phantom Chat/ChatAPI.swift:1696, 1895, 2168-2170, 2231-2233
expiry honoured on read: Phantom Chat/ChatAPI.swift:1359-1365
account deletion: Phantom Chat/ChatAPI.swift:4395 (deleteAccount())
What we do NOT claim We deliberately avoid saying "deleted from our servers immediately after delivery" or "messages live only on your device." The honest framing is: the server holds only ciphertext it cannot read, removed on timer expiry or account/conversation deletion.

2.3 Push Notifications Carry No Content

Claim Push notifications never include message content — only an opaque wake signal and metadata so the app can fetch and decrypt locally.
Status ✅ Verified.
Code path Phantom Chat/MessagePreviewExtention/NotificationService.swift:30-43 — security comment explicitly forbids sending message content; payload shows only "New Message" + sender pseudonym
Phantom Chat/functions_notifyGroupInvitation.js:107 — push body is "${inviterUsername} invited you to join ${groupName}" (metadata only)

2.4 No In-App User Search / No Public Directory

Claim There is no feature in the app to search for or browse other users by name. Contact discovery is invite-code / QR only.
Status ✅ Verified for the app. ⚠️ See the honest backend note below.
Code path Client-side username-search code removed entirely (commits 2026-05-27).
RedeemInviteView / GenerateInviteView are the only discovery paths.
Phantom Chat/firestore.rules:78-79 — legacy usernameIndex/{hash} read locked to allow read: if false, so the leftover index documents on existing accounts cannot be enumerated.
Honest backend note The users/{uid} profile documents are readable by any authenticated app user (firestore.rules:66-68, allow read: if isSignedIn()). In normal use the app fetches a single profile by a known UID (a get). Because Firestore's read permission also grants list, a determined authenticated client could in principle enumerate the users collection — which would expose usernames and public key bundles only. It would never expose a phone number, email, real name (none are stored) or any message content (end-to-end encrypted). There is no in-app feature that performs this enumeration.

2.5 Invitation Code Discovery (1-on-1)

Claim One-shot invite codes (XXXX-XXXX-XXXXXX) or QR codes are the only contact-discovery method.
Status ✅ Verified.
Code path Phantom Chat/ChatListView.swift:1341+RedeemInviteView + GenerateInviteView
Phantom Chat/functions_index_consolidated.tsgenerateInvitationCode + redeemInvitationCode cloud functions

2.6 Group Invitation Codes (1–500 redemptions per code)

Claim Each group invite code can be redeemed up to 500 times; expiry from 1 day to never; creator can issue multiple codes.
Status ✅ Verified.
Code path Phantom Chat/GroupInviteCodeManagerView.swift:458Stepper(value: $maxJoins, in: 1...500)
Phantom Chat/GroupInviteCodeManagerView.swift:729-746 — expiry options including "Never"
Note There is no per-group total cap in the code; the 500 is per-code. Multiple codes pointing at the same group are supported. The website wording reflects this honestly.

2.7 Metadata the Server Can See (full disclosure)

Claim Message content is end-to-end encrypted and unreadable by us. We are honest that some metadata exists server-side, like every messenger.
Status ✅ Content encrypted. ⚠️ Metadata disclosed honestly below — we do not claim "zero metadata" or "we can't see who talks to whom."
What the server CAN see (plaintext) • 1-on-1 pairing: pairs/{id} stores a plaintext participants:[uidA,uidB] (ChatAPI.swift ~1668-1674).
• Group membership + title: groups/{id} stores plaintext name, participants, createdBy (ChatAPI.swift ~3373-3380).
• Per-message envelope: plaintext senderId, createdAt, expireAt (the body/ciphertext is encrypted).
• Account: username (plaintext), public key bundle, push token, subscription status.
What the server CANNOT see Message text, media, and any conversation content — all AES-256-GCM under the Double-Ratchet/PQXDH session keys, which never leave the devices.
Honest framing "We can't read your messages — there's no content for us to disclose. The minimal account metadata we hold (username, which accounts share a conversation, timestamps, push token, subscription) we minimise and resist requests for." This is the Signal trust model. Reducing metadata further (sealed sender) is a roadmap item.

2.8 Emergency Destruct — exactly what is deleted, and what is recoverable

Claim Emergency Reset / account destruct removes your account, conversations, and media from our servers, and destroys the encryption keys on your device so any residual data is undecryptable.
Status ✅ Accurate with the honest scope/recoverability notes below. We do not claim we can forcibly overwrite data on Google's physical servers (no cloud service can).

On the device — SecureDataDestruction.killSwitch():

  • Calls the server deleteAccount cloud function.
  • Deletes the user's Firebase Storage media (personal / pair / group).
  • Keychain wipeSecItemDelete across all key classes (SecureDataDestruction.swift:158-176). This destroys the encryption keys = crypto-erase.
  • 7-pass DoD 5220.22-M overwrite of every file in Documents/Caches/App Support/tmp, then delete (SecureDataDestruction.swift:222-254).
  • Clears UserDefaults, Firebase cache, overwrites heap memory.

On the server — deleteAccount (functions_index_consolidated.ts:212-740):

  • 1-on-1 pairs: deleted entirely — both halves, all messages, all media.
  • Account: user doc, all sub-collections, username index, push tokens, invites, invite codes deleted; then Firebase Auth account deleted (auth.deleteUser).
  • Groups: the user is removed (sender key + receipts deleted). The group is fully wiped only if no participants remain; otherwise the group persists and messages the user already sent into it remain (encrypted) for the other members (functions_index_consolidated.ts:438-494).

Recoverability — the honest answer:

  • Device: effectively permanent. The Keychain key-destruction is a cryptographic erase — any residual flash data is ciphertext with no key, mathematically unrecoverable. (On iOS flash/APFS a multi-pass overwrite isn't guaranteed to hit the original physical cells; the crypto-erase is the real guarantee, the overwrite is secondary.)
  • Server: the app issues a logical delete — data is removed from the live Firestore database and Storage and is gone from the app, queries, and console. We cannot securely overwrite data on Google's infrastructure; after deletion it follows Google Cloud's deletion process. If Point-in-Time Recovery or scheduled backups are enabled on the project, deleted data is restorable by the project owner for that window (PITR ≤ 7 days). Mitigation: the server only ever held encrypted ciphertext, so any residual copy is undecryptable once the device keys are crypto-erased.
  • Not in scope of destruct: the recipient's device still holds its own decrypted copy of any messages they received (no messenger can reach into another user's phone), and group messages the user contributed remain with groups that still have members.

Honest one-liner: "Destruct deletes your account, 1-on-1 conversations, and media from our servers and crypto-erases your keys on-device, so any encrypted copy that briefly persists in our provider's backups can never be read. We don't claim to physically overwrite Google's disks — no service can."


3. Emergency Account Reset (Three Independent Paths)

3.1 Shake-to-Wipe

Claim Shaking the phone four times in roughly one second surfaces the destruction confirmation.
Status ✅ Verified — uses CoreMotion accelerometer thresholds, not motionEnded.
Code path Phantom Chat/RootView.swift:16-102PanicShakeDetector (4+ reversal peaks within a 1.2s window)
Phantom Chat/RootView.swift:91-92 — peak-count threshold
Phantom Chat/RootView.swift:436-440 — callback sets showPanicConfirm = true

3.2 Lock Screen Widget

Claim A Lock Screen widget that, on tap (Face ID required by iOS), opens the app to the destruction confirmation.
Status ✅ Verified — iOS enforces Face ID on Lock Screen widget delivery.
Code path PhantomPanicWidget/PhantomPanicWidget.swift:51.widgetURL(URL(string: "phantomchat://panic"))
Phantom Chat/RootView.swift:374-397.onOpenURL catches the panic URL, triggers confirmation alert
Phantom Chat/PhantomPanicWidget.swift:8-10 — comment notes Face ID is system-enforced for Lock Screen variant

3.3 Duress Passcode

Claim A separate "duress" PIN entered at App Lock looks identical to the real PIN but silently destroys all data while presenting the decoy persona pack to whoever is holding the phone.
Status ✅ Verified.
Code path Phantom Chat/RootView.swift:526AppPasscodeStore.verify(entered) returns .duress verdict
Phantom Chat/RootView.swift:535-553 — duress branch triggers silent wipe via deleteAccount() while showing decoy UI
Phantom Chat/SettingsView.swift:536-548 — "Set Duress Passcode" UI

3.4 Multi-Pass Secure Deletion (DoD 5220.22-M, 7 passes)

Claim Emergency Destruction overwrites local files 7 times before deletion.
Status ✅ Verified — the code literally performs DoD 5220.22-M (3 random + 3 complement + 1 zero passes).
Code path Phantom Chat/SecureDataDestruction.swift:227-250 — exact 7-pass implementation
Caveat (technical) iOS uses APFS on flash storage with copy-on-write semantics. Multi-pass overwrites of file contents don't necessarily hit the original physical NAND blocks — that is a known property of flash storage, not specific to this app. The cryptographic-erase approach (destroying the data-protection key) is the primary defense; the multi-pass overwrite is a secondary belt-and-braces layer. We do both. The bare minimum guarantee — that the data is no longer cryptographically accessible — is satisfied either way.

4. UI & State Privacy

4.1 App Switcher Blackout (Privacy Overlay)

Claim When the app moves to the background or App Switcher, a solid black overlay covers any sensitive content before iOS takes its snapshot.
Status ✅ Verified, covers both .background and .inactive scene phases.
Code path Phantom Chat/RootView.swift:354-355.onChange(of: scenePhase)
Phantom Chat/RootView.swift:630-690 — three explicit handlers:
.background → sets isScreenObscured = true immediately
.inactive → debounced obscure via 400ms delay (suppresses transient push flickers)
.active → cancels any pending obscure
Phantom Chat/RootView.swift:238-243 — black overlay renders when appState.isScreenObscured && !appState.isLocked

4.2 Screenshot Detection

Claim If someone screenshots a 1-on-1 chat, the other party is notified with a system message.
Status ✅ Verified.
Code path Phantom Chat/ConversationScreen.swift:363 — listens for UIApplication.userDidTakeScreenshotNotification
Phantom Chat/ConversationScreen.swift:801-826handleScreenshot() sends "📸 Screenshot taken" as an actual encrypted message to the peer

4.3 Disappearing Messages

Claim Per-conversation timers that auto-delete messages from both devices after a chosen interval.
Status ⚠️ Range verified. The minimum is 10 seconds, not 1 second. Maximum is ~30 days (1 month = 2.59 million seconds). The website was updated 2026-05-27 to reflect this.
Code path Phantom Chat/DisappearingMessagesView.swift:11-32 — timer options: 10s, 30s, 1m, 2m, 5m, 10m, 15m, 30m, 1h, 2h, 3h, 6h, 12h, 1d, 2d, 3d, 1w, 2w, 1mo

5. Customisation

5.1 76 Alternate App Icons

Claim 76+ alternate app icons available in Settings → App Icon.
Status ✅ Verified — exactly 76 unique icons in the bundle.
Code path Phantom Chat/Phantom Chat/AlternateIcons/*@2x.png — 76 unique base names (each icon has @2x and @3x variants for 152 files total)

6. Coming Soon — Honestly Marked, Not Yet Built

6.1 Tor Relay Routing (Anonymous Tier)

Marketing label "Coming Soon"
Status ❌ Not implemented in shipping build.
Code path Phantom Chat/ChatAPI.swift:29-31 — Tor integration explicitly disabled with comment "DISABLED: Tor integration (types not available)"
Phantom Chat/CURRENT_ISSUES_SUMMARY.md:10-19 — open test failure Code=-1004
Note Framework scaffolding exists in the build but is not functional. "Coming Soon" label on the website is accurate.

6.2 Offline Bluetooth / P2P Mesh (Anonymous Tier)

Marketing label "Coming Soon"
Status ❌ Not implemented. Zero scaffolding.
Code path No MultipeerConnectivity, CoreBluetooth, or mesh implementation in the Swift code. Pure roadmap item.
Note "Coming Soon" label is honest — not even a stub exists yet.

7. Things Removed From Marketing After Code Audit

These claims previously appeared on the website or in the in-app onboarding tour and have been removed because the code does not back them:

Claim removed Reason
"Sealed Sender envelopes" No Sealed Sender implementation exists. (Signal-style "sealed sender" is a specific protocol feature that requires server-side blinding — Phantom Chat does not implement it.)
"iMessage doesn't have post-quantum encryption" Apple shipped PQ3 on iMessage in iOS 17.4 (March 2024). The comparison table was corrected.
"Air-gapped servers" The backend runs on Firebase (Google Cloud). "Air-gapped" — meaning no network connection at all — is provably false for any cloud-hosted service. Replaced with "encrypted-at-rest infrastructure".
"No metadata stored" (in hero) The Privacy Policy enumerates what IS stored (username, push token, subscription). "No metadata" was an overclaim. Replaced with "No phone. No email. No tracking."

8. How to Verify This Yourself

The TestFlight beta is open: https://testflight.apple.com/join/rmSrMch9

For a deeper look:

  • Open Wireshark or a similar tool on a Wi-Fi network with TestFlight running — confirm only encrypted Firestore + APNs traffic.
  • Read the on-device logs — enable Settings → Logs & Support → File Logging, do anything, then tap "Send Logs to Veilus" — the log file shows every cryptographic operation step-by-step.
  • Request the cloud functions source — happy to share functions_index_consolidated.ts (~1700 lines) for review of the server-side claims.

For deeper questions: support@veilusdigital.co.

— Curtis Tunaley Founder, Veilus Digital Western Australia