About dComms
dComms provides decentralized communication solutions in regions experiencing authoritarian censorship and surveillance. The platform helps users in these contexts create their own communication networks, such as secure messaging systems and social networking services. Unlike cloud-based platforms, self-hosted networking solutions offer a resilient alternative by providing shutdown-resistant infrastructure capable of functioning independently of global internet connectivity.
Audit Description
OTF’s Security Lab partner 7ASecurity conducted a “whitebox” audit of the dComms platform in October and November 2025. A whitebox audit is a form of testing in which the auditors have complete knowledge of the item being tested. The goal was to review the dComms solution as thoroughly as possible to ensure dComms users are provided with the best possible security.
Scope
Auditors reviewed the following:
- Security Audit of Docker Orchestration and Configuration
- Deployment Surface and Censorship Resistance Review
Findings
7ASecurity found four vulnerabilities; two were deemed “high-risk” and included potential detection of dComms installation via Certificate Transparency logs and inadequate container network segmentation (if a container is compromised, an attacker may attempt to access the main host network or cloud metadata endpoints).
Other less-severe vulnerabilities included a lack of signatures for Docker images (which could lead to data tampering), and backend IP address exposure via Mastodon link previews. Access the full report below to learn more details.
Overall, auditors found that the dComms components defended themselves well against a broad range of attacks.
Remediation
The auditor retested and verified that both high-level vulnerabilities have been fixed.
You can read the Audit Report HERE
You can read OTF’s Blog HERE
