Best Practices
Follow these guidelines to maximize your privacy and security on KayakNet.
For All Users
1. Keep Software Updated
Always run the latest version:
./kayakd --auto-updateUpdates include security patches and improvements.
2. Protect Your Identity Key
Your identity.key is your identity. If compromised, an attacker can impersonate you.
Do:
Back up to encrypted storage
Use strong device encryption
Delete if identity is burned
Don't:
Share with anyone
Store in cloud unencrypted
Use same identity for sensitive and non-sensitive activity
3. Use Strong Device Security
KayakNet can't protect you if your device is compromised:
Full disk encryption
Strong passwords/biometrics
Keep OS and apps updated
Don't install untrusted software
4. Separate Identities
Use different nodes/identities for:
Personal vs sensitive activity
Different personas
Testing vs production
5. Be Careful What You Share
Even with encryption:
Don't share real names, photos, locations
Assume messages may be saved by recipients
Be vague about identifying details
For Chat Users
Private Rooms
For sensitive discussions:
Create a private room
Only share name with trusted participants
Use unique room names (not guessable)
Verifying Contacts
Before sensitive conversation:
Verify Node ID through separate channel
Use code words or shared secrets
Be suspicious of identity claims
Message Hygiene
Enable auto-delete for sensitive chats
Clear history when done
Don't quote sensitive messages
For Marketplace Users
For Buyers
Check seller reputation - Read reviews
Start small - Test with small orders first
Use escrow - Never pay outside escrow
Verify addresses - Double-check crypto addresses
Document everything - Save order details
For Sellers
Secure crypto wallets - Hardware wallet recommended
Accurate listings - Prevent disputes
Ship securely - Don't reveal return address
Good communication - Respond to buyers
Separate business wallet - Don't mix with personal
Escrow Safety
Never release funds before confirming receipt
Open disputes promptly if issues arise
Provide evidence in disputes
Don't accept payment outside system
For High-Security Users
Additional Layers
Consider adding:
VPN (before KayakNet)
Tor (as transport)
Dedicated hardware
Air-gapped devices
Operational Security
Use public WiFi (carefully)
Vary your patterns
Assume you're being watched
Have plausible deniability
Compartmentalization
Different devices for different activities
Don't cross-contaminate identities
Separate digital footprints
For Node Operators
Secure Your Server
If running a public node:
Minimal installed software
Regular security updates
Firewall configuration
No unnecessary services
Logging Policy
Disable all logging
Don't retain connection metadata
Secure any necessary logs
Physical Security
Encrypted drives
Secure facility
Protection from seizure
Common Mistakes
Don't
❌ Use same identity across networks ❌ Connect to KayakNet without encryption ❌ Trust unverified contacts ❌ Store sensitive data unencrypted ❌ Use weak passwords ❌ Ignore software updates ❌ Share personal information ❌ Use KayakNet on compromised devices
Do
✅ Keep software updated ✅ Use strong device security ✅ Verify contacts ✅ Separate identities ✅ Back up keys securely ✅ Use private rooms for sensitive chats ✅ Always use escrow ✅ Report security issues responsibly
If Compromised
Signs of Compromise
Unexpected messages from your identity
Account settings changed
Unknown transactions
Peers report strange behavior
Recovery Steps
Stop using compromised identity
Generate new identity (delete
identity.key)Notify trusted contacts through other channels
Review device security
Consider hardware replacement
Reporting Security Issues
Found a vulnerability?
Don't disclose publicly
Email: [email protected]
Include detailed reproduction steps
Allow 90 days for fix
Coordinate disclosure
We appreciate responsible disclosure!
Last updated