Threat model
This page describes how iCallU.online is designed to protect against different threats.
Last updated:
Assumptions
- Users run a modern browser/OS with current security updates.
- Transport security (TLS/HTTPS) is in place between clients and servers.
- Endpoints are not already compromised (malware/hostile extensions).
Out of scope (not claimed)
- Compromised devices, malicious browser extensions, or screen recording on endpoints.
- Physical access to an unlocked device or a user sharing links/credentials.
- Metadata exposure inherent to internet routing (timing/IP routing visibility).
Threat matrix
| Attacker / Risk | Mitigated? | How |
|---|---|---|
| Server operator reading call content | Yes (with E2EE) | With E2EE, media is encrypted end-to-end; servers cannot decrypt call content. |
| Cloud provider / hosting vendor inspection | Yes (with E2EE) | With E2EE, encryption keys stay on user devices; relayed frames remain opaque. |
| Network observer (ISP / public Wi-Fi) | Yes (content) | Traffic is encrypted; observers may still see metadata like timing and routing. |
| Account takeover / weak passwords | Depends (user security) | Authentication controls reduce risk, but endpoint compromise can defeat E2EE locally. |
| Compromised device / malicious browser extension | No | If an attacker controls the endpoint, they can access plaintext on that device. |
| Denial of service (spam signaling/calls) | Partial (availability) | Rate limits and abuse controls can reduce impact but cannot eliminate DoS risk. |
For related definitions (including logging/retention), see the Security Hub and Logging policy.