FreeTime uses a defense-in-depth model. This document describes the design principles at a high level.
Sender Server Receiver
│ │ │
├─ Generate per-file key ─────► │
├─ Encrypt media locally │ │
├─ Send encrypted_file + ─────►│── Blind storage ───────────►│
│ encrypted_key │ │
│ ├─ Store (no plaintext) │
│ ├─ Forward to recipient │
- Per-file random encryption keys (AES-256-GCM)
- Server never has access to plaintext media
- Unique IV per encryption operation
- Android Keystore (hardware-backed on supported devices)
- AES-256-GCM via Google Tink for authenticated encryption
- Session tokens and credentials encrypted at rest
- TLS 1.3 for all API and WebSocket communication
- JWT-based auth tokens with auto-refresh
- Device tracking to prevent concurrent session abuse
Note: The server code included in this repository (
master-server/andpeer/) has been sanitized for public release. All production domain names, IP addresses, and credentials have been replaced withCHANGE_MEplaceholders or generic values (YOUR_DOMAIN.com,YOUR_SERVER_IP). The peer-to-master authentication domain and API keys are intentionally censored — configure your own inconfig/.envwhen self-hosting.
- Production server domain names and IP addresses
- Real JWT secrets, API keys, and passwords
- Peer-to-master authentication challenge-response details
- SSL/TLS private keys and certificate paths tied to production infrastructure
- Firebase service account credentials
All omitted values are replaced with clearly marked placeholders in configuration files.