Skip to content

11. Security & Privacy

Jump to bottom
Nicolás Baier Quezada edited this page Jun 5, 2026 · 1 revision

11. Security & Privacy

DIRD+ is built around one principle: patient data never leaves the device. There is no backend, no telemetry, no remote inference, and no accounts. See also PRIVACY.md and SECURITY.md.

At-rest encryption

Layer Mechanism Where
Local database SQLCipher (AES-256) src-tauri/src/db.rs (rusqlite, bundled-sqlcipher-vendored-openssl)
.dird exports AES-256-GCM + authenticated header v2.0 src/lib/export/dird-container.ts
Key derivation Argon2id, OWASP 2025 params (m=64 MiB, t=3, p=4) src-tauri/src/crypto.rs

The derived raw key is passed to SQLCipher via PRAGMA key = x'…', bypassing SQLCipher's internal PBKDF2.

Dual-password model

Two distinct passwords, set up in the first-run wizard (src/components/onboarding/FirstRunWizard.tsx):

  1. Application password — unlocks the encrypted database at login.
  2. Export passphrase — encrypts .dird containers (separate, so exported files can be shared on a different trust boundary).

There is no password-recovery mechanism (Signal/Bitwarden posture): if the password is lost, the encrypted data cannot be recovered. This is acknowledged explicitly in the wizard and documented in PRIVACY.md.

An encryption badge (src/components/layout/EncryptionBadge.tsx) is always visible in the header, showing the database is encrypted.

No data leaves the device

  • No telemetry — the app collects no usage metrics, crash reports, or analytics.
  • No remote inference — ONNX detection runs in WebAssembly; the optional LLM runs in-process via llama.cpp. After the one-time model download from GitHub, nothing is sent out.
  • No accounts, no server. The legacy remote backend (token service, contribution upload, installation beacons) was fully removed; the app is single-operator and offline.

Downloads (the only outbound traffic)

The only network activity is user-initiated downloads:

  • ONNX models from Debaq/dird_models.
  • Optional LLM weights (GGUF) from the curated catalog.

No clinical data is ever included in these requests.

Reporting a vulnerability

GitHub Security Advisories / private vulnerability reporting is enabled on the repository. See SECURITY.md for the disclosure process.

DIRD+ Wiki

README · Models

Clone this wiki locally