This file is the GitHub-recognised entry point for reporting vulnerabilities. For the threat model, intentional gaps, and the full S-item catalogue, see docs/security.md.

Reminder. This software is for educational review only. The LICENSE preamble forbids operational use. Reading the code

• the privacy stack to learn from them is the point; running the bot against any third-party service is not. Vulnerabilities in the audit infrastructure (privacy stack, integrity check, sandboxing) are in scope. Vulnerabilities in "things the bot does when actually used" are not — please do not exercise the bot against live targets to find them.

Please do not open a public issue for security problems. Two private channels:

1. Preferred: GitHub Private Vulnerability Reporting (PVR). On the repository page → Security tab → Report a vulnerability. PVR routes the report straight to repository maintainers in a private advisory thread. No account-level setup required from your side.
2. Fallback: a GitHub security advisory draft. If PVR is not enabled when you read this, open a draft advisory from the same tab. Maintainers will pick it up.

We will acknowledge within 14 days and either confirm the issue or explain why we believe it's out of scope. A coordinated- disclosure window of 90 days applies after we acknowledge, unless a fix lands sooner.

When reporting, include:

• The repository commit (or release) you tested against.
• A minimal reproduction or proof-of-concept that does not rely on running the bot against a live third-party service.
• Your assessment of impact (what an attacker gains).
• Optional: a suggested mitigation.

In scope:

• Anything that defeats the privacy stack described in docs/privacy.md — DNS leaks, WebRTC leaks, telemetry endpoints re-enabled, fingerprint cloaks bypassed, Tor bypass that isn't the documented per-host exception.
• Code-execution paths from a malicious page through the hardened Firefox profile (Marionette socket abuse, XPCOM surface, NoScript bypass on the bundled profile, etc.).
• Integrity-check holes — a way to swap one of the bundled binaries (runtime/python/python.exe, geckodriver.exe, tor.exe, the NoScript XPI) without bw/integrity.py surfacing the swap.
• Sandbox escapes — anything that lets a co-process on the same Windows account read in-RAM secrets we claim to wipe, or resurrect deleted state we claim to have shredded.
• Supply-chain risks in the embedded runtime: poisoned wheels in vendor/wheels/, a tampered Python distribution, hash manifests that can be spoofed.
• Documentation that misleads about a defence — e.g. a doc claims an attack class is covered but the implementation doesn't actually cover it. Documentation bugs that produce a false sense of security are security bugs.

Out of scope:

• Bot behaviour against any live third-party service. The LICENSE preamble disallows operational use; please do not send reproductions that require it.
• Findings that depend on the user disabling privacy defaults the bot ships with (BW_TEST_ENABLE_WEBRTC=1, BW_USE_SYSTEM_PYTHON=1, etc.). Those flags exist for developers and are documented as footguns.
• Items already listed in docs/security.md Part 2 as deliberately not implemented. If you have a strong argument for re-opening one, that's a feature issue, not a security report.
• Threats from a privileged adversary that the threat model explicitly excludes (nation-state global passive, cold-boot RAM attacks, hardware DMA, etc.).

• Credit: by default we add a one-line credit to the advisory with a handle of your choice (no real name required). Tell us if you'd prefer anonymous.
• Embargo: we will not pre-announce a fix to third parties before the public advisory unless you ask us to coordinate with someone specific.
• Bug bounty: there is none. This is an audit-grade educational project, not a commercial product.

Not currently published. GitHub PVR is end-to-end private between the reporter and repository maintainers, which covers the realistic threat model for this project. If you have a strong reason to send PGP-encrypted email, open a public issue saying so (no details) and we'll provide a key.