Vizava.pro | Documentation

Core Principles

The architecture of privacy in a surveillance state.

Vizava is not just a tool; it is a defensive countermeasure. In an era where metadata is weaponized and digital footprints are permanent, Vizava provides a client-side first environment for data anonymization and ephemeral communication.

Our core philosophy is simple: We cannot lose what we do not have. We design our systems to know as little about you as possible, pushing the heavy lifting of encryption and processing to your local device before data ever touches the network.

The Artifacts

The Artifacts engine is a browser-based image processor designed to strip identifying data and disrupt automated image recognition systems (facial recognition, reverse image search).

Automatic Sanitization:

Metadata scrubbing is mandatory and automatic. The moment an image is loaded into the Artifacts engine, all EXIF, GPS, and device fingerprint data is permanently stripped before processing begins. There is no option to disable this protection.

Technical Specifications

Processing Local (Canvas API)

Sanitization Binary Strip (EXIF/XMP)

Output PNG / JPEG / WEBP

Privacy Shield (Sanitization)

When the Privacy Shield is engaged, Vizava bypasses standard image rendering and reconstructs the image byte-by-byte. This ensures that hidden data is not just hidden, but physically removed from the file structure.

Geo-Tags: Latitude, Longitude, Altitude, GPS Timestamp.
Device Fingerprints: Camera Make, Model, Lens Serial Number, Software Version.
Contextual Data: Date Taken, Light Source, Metering Mode.

The Bunker

The Bunker provides ephemeral, encrypted text storage. It uses a "Secure Exchange" methodology where the decryption key is passed via the URL anchor or user input, never stored in the database.

Encryption Standards

All data is encrypted client-side before transmission. We utilize PBKDF2 for high-entropy key derivation and AES-256-GCM for authenticated encryption via the native Web Crypto API.

Encryption Logic (v2.1)JS

                            // 1. Derive Key (PBKDF2 + SHA-256)
                            const key = await crypto.subtle.deriveKey(
                                { name: "PBKDF2", salt: salt, iterations: 600000, hash: "SHA-256" },
                                passwordKey,
                                { name: "AES-GCM", length: 256 },
                                ...
                            );

                            // 2. Encrypt (Authenticated AES-GCM)
                            const encrypted = await crypto.subtle.encrypt(
                                { name: "AES-GCM", iv: iv },
                                key,
                                encodedText
                            );
                        

Burn Mechanisms

Vizava implements a dual-layer destruction protocol to ensure data ephemerality.

1. Instant Burn

If "Burn Immediately" is enabled by the sender, the decryption client issues a hard delete command to the server the moment the data is retrieved. This prevents replay attacks.

2. Server-Side Cleanup Agent (Failsafe)

To prevent "Zombie Data" (data read but not deleted due to network error or malice), an automated administrative process scans the database every minute. Any encrypted artifact older than 10 minutes is permanently purged from physical storage.

The Terminal

The Terminal is a strictly offline, browser-local encryption environment. Unlike the Bunker, which facilitates data transfer, the Terminal is designed for cold storage and local text encryption without triggering any network requests.

OFFLINE ENVIRONMENT

The Terminal operates in a logical air-gap. Javascript functions for this module are isolated from the fetch API to ensure zero data leakage.

Enhanced Encryption

Standard encryption uses 600,000 PBKDF2 iterations. Enabling "Enhanced Encryption" increases this to 2,000,000 iterations, creating a significant computational cost for brute-force attacks against the output file.

Environment Local (No Network)

Iteration Cost 600k / 2M (Enhanced)

Output JSON Blob

Security Architecture

Threat Model: Trusted Server

While client-side encryption protects content, metadata (IP address, access times) is visible to the infrastructure providers (Cloudflare & Google). Use Tor or a VPN if metadata obfuscation is required.

Rate Limiting & Abuse Prevention

To maintain service availability and prevent storage flooding, the API enforces strict rate limits on anonymous sessions via Cloudflare Edge protection.

Method Token Bucket

Limit 50 Secrets / Session

Reset On Session Terminate

API Reference

For detailed endpoint documentation, please visit the dedicated API Reference Page.