Skip to main content

Security and Privacy

Linkr is designed with security and privacy as core principles. This document describes our approach to protecting user data, securing communications, and maintaining the integrity of the network.

Security Principles

Defense in Depth

Multiple layers of security protect the system:
  1. Network layer: TLS encryption, firewalls, DDoS protection
  2. Application layer: Authentication, authorization, input validation
  3. Data layer: Encryption at rest, access controls, audit logging
  4. Operational layer: Monitoring, incident response, regular audits

Least Privilege

All components operate with minimum necessary permissions:
  • Services only access the data they need
  • API keys are scoped to specific operations
  • Operator access is limited to their own hotspots
  • Internal tools require role-based authentication

Zero Trust

No implicit trust between components:
  • All service-to-service communication is authenticated
  • Network location doesn’t grant access
  • Every request is verified independently

Authentication

User Authentication

Users authenticate using email and password:
  • Passwords are hashed using Argon2id
  • Minimum password requirements enforced
  • Optional two-factor authentication (TOTP)
  • Session tokens expire after 30 days of inactivity

API Authentication

API access uses bearer tokens: 
curl -H "Authorization: Bearer lnkr_sk_live_..." \
  https://api.linkr.network/v1/hotspots
  • Tokens are generated through the dashboard
  • Each token has configurable scopes
  • Tokens can be revoked at any time
  • Usage is logged for audit purposes

Hotspot Authentication

Hotspots authenticate using device credentials:
  • Unique device key generated during linking
  • Keys are stored securely on the device
  • Challenge-response protocol prevents replay attacks
  • Compromised keys can be revoked remotely

Encryption

In Transit

All network communication is encrypted:
ConnectionProtocolNotes
Client to APITLS 1.3HSTS enabled, certificate pinning in mobile apps
Hotspot to APITLS 1.3Certificate validation required
Service to servicemTLSMutual authentication between internal services
User to hotspotWPA2/WPA3Standard Wi-Fi encryption

At Rest

Sensitive data is encrypted in storage:
  • Database: Transparent data encryption (TDE)
  • Backups: AES-256 encryption
  • Object storage: Server-side encryption
  • Secrets: Hardware security modules (HSM) for key storage

Privacy Model

User Data

We collect only the data necessary to operate the service:
Data TypePurposeRetention
Account infoUser identity, authenticationAccount lifetime
Location (operators)Hotspot placement on mapAccount lifetime
Session dataConnection tracking, quality metrics1 year
Usage analyticsService improvementAggregated indefinitely

What We Don’t Collect

  • Traffic content: We don’t inspect or store the contents of your internet traffic
  • Browsing history: We don’t track which websites you visit
  • Precise user location: We know which hotspot you connected to, not your exact position
  • Device identifiers: We don’t collect hardware IDs from connecting devices

Data Anonymization

Analytics and aggregate data use anonymization techniques:
  • User IDs replaced with random identifiers
  • Location data generalized to grid cells
  • Small populations suppressed to prevent re-identification
  • Differential privacy applied to sensitive aggregates
We never sell user data or share it with advertisers. See our Privacy Policy for full details.

Hotspot Security

Network Isolation

Hotspots should isolate Linkr traffic from private networks: 
Internet


┌─────────────────────────────────────┐
│            Router/AP                │
│  ┌─────────────┐ ┌─────────────┐   │
│  │  Main Net   │ │  Linkr Net  │   │
│  │  (Private)  │ │  (Isolated) │   │
│  └─────────────┘ └─────────────┘   │
└─────────────────────────────────────┘
Operators are strongly encouraged to:
  • Use a separate VLAN or guest network
  • Enable client isolation (prevents users from seeing each other)
  • Apply bandwidth limits to prevent abuse

Abuse Prevention

Multiple mechanisms prevent hotspot abuse:
  • Rate limiting: Per-user and per-hotspot connection limits
  • Anomaly detection: Unusual patterns trigger review
  • Reporting: Users can report problematic hotspots
  • Suspension: Abusive hotspots are suspended pending investigation

Threat Model

We design against these threat categories:

External Threats

ThreatMitigation
DDoS attacksCDN-based protection, rate limiting, traffic filtering
Credential stuffingRate limiting, account lockout, breach monitoring
API abuseScoped tokens, rate limiting, usage monitoring
Man-in-the-middleTLS everywhere, certificate pinning

Internal Threats

ThreatMitigation
Unauthorized accessRole-based access, audit logging, MFA for staff
Data exfiltrationDLP controls, access logging, separation of duties
Insider abuseLeast privilege, mandatory review for sensitive operations

Network-Level Threats

ThreatMitigation
Rogue hotspotsLocation verification, anomaly detection, user reports
Spoofed telemetryCryptographic authentication, consistency checks
Reward manipulationChallenge-response proofs, multi-factor verification
Sybil attacksIdentity verification, economic incentive alignment

Incident Response

Detection

Automated monitoring detects security events:
  • Failed authentication attempts
  • Unusual API usage patterns
  • Anomalous telemetry data
  • User reports and complaints

Response Process

  1. Triage: Assess severity and scope
  2. Contain: Isolate affected systems
  3. Investigate: Determine root cause
  4. Remediate: Fix the vulnerability
  5. Communicate: Notify affected users if required
  6. Review: Post-incident analysis and improvements

Disclosure

We follow responsible disclosure practices:
  • Security issues can be reported to security@linkr.network
  • Valid reports are acknowledged within 48 hours
  • We don’t pursue legal action against good-faith researchers
  • We provide credit in security advisories (if desired)

Compliance

Linkr maintains compliance with relevant regulations:
RegulationScopeStatus
GDPREU user dataCompliant
CCPACalifornia user dataCompliant
SOC 2 Type IISecurity controlsCertified

User Controls

Users have control over their data:
  • Export: Download all your data in machine-readable format
  • Delete: Request account deletion and data removal
  • Opt-out: Control what analytics data is collected
  • Notifications: Choose what communications you receive

Best Practices for Operators

Operators can improve security by:
  1. Keep firmware updated: Apply security patches promptly
  2. Use strong passwords: For router admin and Linkr account
  3. Enable 2FA: On your Linkr account
  4. Isolate networks: Keep Linkr traffic separate from private networks
  5. Monitor activity: Check your dashboard for unusual patterns
  6. Report issues: Alert us to any suspicious activity

Next Steps

System Overview

Architecture overview

API Reference

API security and authentication