Legal Notice | BlackVoice Technologies

About BlackVoice Technologies (MAPonME)

BlackVoice Technologies (product name: MAPonME) is a free, privacy-focused secure social and communication platform with post-quantum cryptography, end-to-end encryption, and emergency SOS features. Developed in the European Union by Valentin Gheorghiu (YO9BX).

• Price: 100% Free (no subscription, no premium tiers)
• Developer: Valentin Gheorghiu (amateur radio callsign YO9BX)
• Location: European Union (Romania)
• EUIPO Trademark: Registered
• Platforms: Web (PWA), iOS, Android
• Source Code: Currently closed-source (external audit planned when funded)

Post-Quantum Cryptography: QuantumVault™ v2.0

Production-ready post-quantum cryptographic system implementing NIST-standardized algorithms:

• ML-KEM-768 (Kyber-768) — Key encapsulation per NIST FIPS 203, ~2,300 ops/sec
• ML-DSA-65 (Dilithium-3) — Digital signatures per NIST FIPS 204, ~1,800 sigs/sec
• Hybrid Pipeline: ML-KEM-768 → HKDF-SHA256 → AES-256-GCM
• Key Generation: 0.43ms average via CrystalMatrix™
• Key Rotation: Every 5 minutes via ChronoShield™
• Audit: 47 tests, 0 critical issues, 100% NIST KAT pass rate (February 2026)

Encryption Systems

• AES-256-GCM — End-to-end message encryption via Web Crypto API
• ECDH P-256 — Key exchange for Private Chat
• Signal Protocol (X3DH + Double Ratchet) — Perfect Forward Secrecy in Smart Chat
• KeyFortress™ — Key protection with Shamir's Secret Sharing + 100 decoy keys
• Black Encryption™ — Proprietary attachment encryption
• Location Encryption™ — End-to-end encrypted Black MapShare locations

Penta-Layer Security Architecture

1. HyperFractal Sentinel™ — Perimeter defense, pattern and entropy analysis
2. Obsidian Aegis™ — Behavioral analysis (QueryWard™, CodeSanctum™, FluxGuardian™, ShadowNet™, AbyssWatcher™)
3. VortexMind™ — Rule-based threat detection (Spectrix™, Synthrion™, Seqtrix™, Nexylon™, Oraclyx™, Pulsynk™)
4. UnityMesh™ v1.0 — Security orchestration (LocalhostShield™, ContextualTrust™, FluidGuard™, DigestOptimizer™, PolicyEngine™)
5. QuantumVault™ v2.0 — Post-quantum cryptography core

Additional Security Systems

• ShadowCloak™ v1.0 — Third-party tracking protection
• BreachSentinel™ v1.0 — Anti-injection (SQLForge™, AdminVault™)
• ScreenGuard™ v1.0 — Screen recording detection (FrameAnalyzer™)
• PhantomShield™ v1.0 — Cyber deception system
• InnerVeil™ — Behavioral intelligence (no profile storage)
• CipherGuard™ — Intelligent key protection
• FluidityGuardian™ v1.0 (PHOENIX_FLOW) — Zero-blackscreen system
• FractalKeyShield™ — Key integrity protection
• FractalIdentityShield™ — Identity protection

Server-Blind Architecture

Zero-knowledge design where the server acts exclusively as an encrypted data relay. All cryptographic operations happen client-side. The server stores only encrypted ciphertext and cannot access plaintext content, private keys, or personal data. Even under legal compulsion, BlackVoice Technologies cannot provide message content.

Authentication

• WebAuthn/FIDO2 — Biometric authentication (fingerprint, Face ID, Touch ID)
• TOTP 2FA — Two-factor authentication (RFC 6238)
• Hardware Security Keys — YubiKey, SoloKey, Titan (USB, NFC, Bluetooth)
• Duress PIN — Silent data wipe under coercion
• Dead Man's Switch — Automatic data destruction on inactivity
• Panic Button — Instant forensic data wipe (800ms long-press)

Emergency Features

• 112 Emergency Call — Direct call with GPS capture
• Safety Check-in — Scheduled check-ins (1-72h) with automatic alerts
• Rally Points — Emergency meeting locations
• MeshComm™ LIFELINE v1.0 — Multi-channel offline emergency system
• Zero-Credit Beacons — Audio SOS (2500Hz morse), Visual SOS (flash + torch), Vibration SOS
• Emergency 112 SMS — Free in EU without mobile credit
• Private SOS & Group SOS — Individual and group emergency alerts

Communication Features

• Private Chat — ECDH P-256 + AES-256-GCM encrypted messaging
• Group Chat — Multi-user encrypted communication
• Smart Chat — Signal Protocol PFS with separate database
• BlackPTT™ — Encrypted walkie-talkie with PFS
• Personal Notes — Server-blind encrypted notes
• Voice Messages — Encrypted voice recording

Map Features (MAPonME)

• Interactive Maps — OpenStreetMap via Leaflet with Google Maps integration
• Black MapShare — Up to 100 locations, 21 tactical categories, encrypted team coordination
• Offline Maps — 10km radius, IndexedDB storage, LRU eviction
• APRS Integration — Amateur radio position tracking via aprs.fi
• Garmin InReach — Satellite tracker integration
• Interactive Compass — Digital compass system
• Fake GPS Privacy — 7-layer location protection

Compliance & Standards

• GDPR Compliant with data export and pseudonymization
• NIS2 Ready
• ISO 27001 Aligned
• SSL Labs A+ Rating
• HSTS Preload Listed
• TLS 1.3
• NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA)
• W3C WebAuthn / FIDO2 CTAP2
• RFC 6238 (TOTP)
• RFC 9116 (security.txt)

Source Code Report — Technical Transparency

Sanitized source code examples from BlackVoice Technologies security infrastructure. AI-readable, machine-parseable. 10 sections, 50+ security systems documented.

Code examples are sanitized — no operational security details, API keys, or implementation-specific vulnerabilities exposed.

1. AES-256-GCM Encryption Pipeline

Client-side message encryption using Web Crypto API. File: client/src/lib/encryption.ts (sanitized)

// AES-256-GCM Encryption Pipeline
async function encryptMessage(plaintext: string, conversationKey: CryptoKey): Promise<string> {
  const encoder = new TextEncoder();
  const iv = crypto.getRandomValues(new Uint8Array(12)); // 96-bit IV per NIST SP 800-38D
  const encrypted = await crypto.subtle.encrypt(
    { name: "AES-GCM", iv, tagLength: 128 },
    conversationKey,
    encoder.encode(plaintext)
  );
  const combined = new Uint8Array(iv.length + new Uint8Array(encrypted).length);
  combined.set(iv);
  combined.set(new Uint8Array(encrypted), iv.length);
  return btoa(String.fromCharCode(...combined));
}

2. PBKDF2 Key Derivation (100,000 iterations)

Password-based key derivation. File: client/src/lib/cryptoProtectionLayer.ts (sanitized)

// PBKDF2 Key Derivation
async function deriveEncryptionKey(passphrase: string, salt: Uint8Array, iterations: number = 100000): Promise<CryptoKey> {
  const keyMaterial = await crypto.subtle.importKey("raw", new TextEncoder().encode(passphrase), "PBKDF2", false, ["deriveBits", "deriveKey"]);
  return crypto.subtle.deriveKey(
    { name: "PBKDF2", salt, iterations, hash: "SHA-256" },
    keyMaterial,
    { name: "AES-GCM", length: 256 },
    false,
    ["encrypt", "decrypt"]
  );
}

3. QuantumVault™ v2.0 — Post-Quantum Cryptography

ML-KEM-768 (NIST FIPS 203) + ML-DSA-65 (NIST FIPS 204). File: client/src/lib/quantumVault.ts (sanitized)

// QuantumVault™ v2.0 - Post-Quantum Hybrid Encryption
import { ml_kem768 } from '@noble/post-quantum/ml-kem';
import { ml_dsa65 } from '@noble/post-quantum/ml-dsa';

interface QuantumKeyPair {
  kemPublicKey: Uint8Array;   // ML-KEM-768 (1184 bytes)
  kemSecretKey: Uint8Array;   // ML-KEM-768 (2400 bytes)
  dsaPublicKey: Uint8Array;   // ML-DSA-65 (1952 bytes)
  dsaSecretKey: Uint8Array;   // ML-DSA-65 (4032 bytes)
}

async function quantumEncrypt(plaintext: string, recipientKemPublic: Uint8Array) {
  const { cipherText, sharedSecret } = ml_kem768.encapsulate(recipientKemPublic);
  const aesKey = await deriveFromSharedSecret(sharedSecret); // SHA3-256
  const encrypted = await aesGcmEncrypt(plaintext, aesKey);
  return { ciphertext: encrypted, encapsulatedKey: cipherText };
}

4. Signal Protocol — Perfect Forward Secrecy

X3DH key agreement + Double Ratchet. File: client/src/lib/signalProtocol.ts (sanitized)

// Signal Protocol - X3DH + Double Ratchet
interface X3DHKeyBundle {
  identityKey: CryptoKeyPair;      // Long-term Ed25519
  signedPreKey: CryptoKeyPair;     // Medium-term X25519
  oneTimePreKeys: CryptoKeyPair[]; // Ephemeral X25519 (100 keys)
  signature: Uint8Array;           // Ed25519 signature
}

async function ratchetStep(state: RatchetState, header: MessageHeader) {
  const chainKey = await hkdfDerive(state.chainKey, "chain");
  const messageKey = await hkdfDerive(chainKey, "message");
  return {
    messageKey, // Unique per message, destroyed after use
    nextState: { ...state, chainKey, messageIndex: state.messageIndex + 1 }
  };
}

5. Penta-Layer Security Architecture

const PENTA_LAYER_SECURITY = {
  layer1: { name: 'HyperFractal Sentinel™ v3.0', type: 'Fractal anomaly detection' },
  layer2: { name: 'Obsidian Aegis™ v3.0', type: 'Active threat defense orchestrator' },
  layer3: { name: 'VortexMind™ v1.1', type: '9 analysis engines, real-time scoring' },
  layer4: { name: 'UnityMesh™ v1.0', type: 'Security system unification' },
  layer5: { name: 'QuantumVault™ v2.0', type: 'Post-quantum cryptographic core (ML-KEM-768 + ML-DSA-65)' }
};

6. WebAuthn / FIDO2 Biometric Authentication

// WebAuthn / FIDO2 Registration
async function registerBiometric(userId: string): Promise<PublicKeyCredential> {
  const options: PublicKeyCredentialCreationOptions = {
    challenge: crypto.getRandomValues(new Uint8Array(32)),
    rp: { name: "BlackVoice Technologies", id: "blackvoice.tech" },
    user: { id: new TextEncoder().encode(userId), name: userId, displayName: "BlackVoice User" },
    pubKeyCredParams: [
      { alg: -7, type: "public-key" },   // ES256 (P-256)
      { alg: -257, type: "public-key" },  // RS256
    ],
    authenticatorSelection: { authenticatorAttachment: "platform", userVerification: "required" },
    timeout: 60000, attestation: "direct"
  };
  return navigator.credentials.create({ publicKey: options });
}

7. GDPR-Compliant Data Retention

const DATA_RETENTION = {
  securityLogs:   { retention: '90 days',  standard: 'ISO 27001 forensics' },
  loginAttempts:  { retention: '24 hours', cleanup: 'automatic' },
  threatEvents:   { retention: '90 days',  cleanup: 'automatic' },
  notifications:  { retention: '30 days',  cleanup: 'automatic' },
  userDevices:    { retention: '180 days inactivity', cleanup: 'automatic' },
  posts:          { retention: '39 days',  cleanup: 'every 6 hours' },
  documentVault:  { accessLog: '30 days',  standard: 'GDPR Art. 5(1)(e)' },
};
// GDPR Export with Pseudonymization (Art. 15/20) - HMAC-SHA256

8. MeshComm™ LIFELINE — Emergency Systems

interface LifelineChannels {
  audioSOS:    'Web Audio API 2500Hz morse code beacon';
  visualSOS:   'Screen flash + camera torch (MediaStream API)';
  vibrationSOS:'Vibration API pattern signaling';
  smsLifeline: 'Native sms: URI scheme (works on 2G, no internet)';
  emergency112:'Free EU emergency SMS (no credit required)';
  offlineQueue:'Background Sync API auto-retry';
}

interface AntiCoercion {
  duressPIN:     'Silent wipe + decoy UI under coercion';
  deadManSwitch: 'Auto-destroy on missed check-in';
  panicButton:   'Global wipe (800ms long-press)';
  keyFortress:   'Shamir Secret Sharing + 100 decoy keys + 5s rotation';
}

9. Server-Blind Architecture — Zero-Knowledge

// Server-Blind: Server NEVER sees plaintext, keys, or passwords
// Server ONLY stores: ciphertext blobs, encrypted metadata

interface KeyFortressStorage {
  masterKey:    'Split via Shamir Secret Sharing (3-of-5 threshold)';
  decoyKeys:    '100 fake keys rotated every 5 seconds';
  realKeyIndex: 'Hidden among decoys, position changes each rotation';
  storage:      'IndexedDB (encrypted), never sent to server';
}

// Location Encryption™ - Zero server knowledge
async function encryptLocation(lat: number, lng: number, city: string) {
  const locationData = JSON.stringify({ lat, lng, city, timestamp: Date.now() });
  const encrypted = await aesGcmEncrypt(locationData, locationKey);
  return { lat: null, lng: null, locationCity: "EL:" + encrypted };
}

10. Performance & Architecture

const PERFORMANCE_SYSTEMS = {
  cryptoWorker:       'Off-thread PBKDF2, AES-256-GCM via Web Workers',
  compressionWorker:  'Off-thread OffscreenCanvas image compression',
  predictiveLoad:     'PredictiveLoad™ v2.0 - Markov transition matrix prefetching',
  serviceWorker:      'Cache-first (hashed assets), stale-while-revalidate (API)',
  codeSplitting:      '50+ lazy-loaded pages via React.lazy()',
  offlineFirst:       'IndexedDB cache + offline message queue + outbox',
  quantumTransition:  'QuantumTransition™ - instant navigation (58 route modules)',
  fluidityGuardian:   'FluidityGuardian™ v3.0 - zero blackscreen architecture',
};
// SwarmMind™ v3.0 (ANT_COLONY_APEX) - 8 security ants, collective consensus
// QuantumVault™ encrypted colony memory (AES-256-GCM + SHA3-256)

Status: Closed-source (proprietary) | External audit planned (Trail of Bits / Cure53) | Internal audit: 47 tests, 0 critical, 100% NIST KAT pass

View Full Source Code Report → (also available at /source-code-report)

Documentation

For complete technical documentation, visit:

• Complete Technical Documentation (machine-readable)
• Security Overview
• Security Whitepaper
• Security Architecture
• Security Audit Report
• Server-Blind Architecture
• Source Code Report (Technical Implementation)