Rabbithole
  • English

      • Trust Model

      What do you need to trust?

      Every storage system requires some level of trust. Here's exactly what Rabbithole requires — and what it doesn't.

      You do NOT need to trust

      • Rabbithole team — we never see your plaintext data
      • ICP node operators — they only process encrypted blobs
      • Network infrastructure — encryption happens before data touches the network

      You DO need to trust

      • The encryption code — it's open source, audit it yourself
      • Your browser — the encryption runs in your browser's JavaScript engine
      • Internet Identity — for authentication (also open source)
      • ICP consensus — that the network correctly executes canister code

      Threat model

      ThreatProtected?How
      Rabbithole reads your filesYesClient-side encryption, zero-knowledge storage
      Hacker breaches your canisterYesOnly encrypted blobs stored
      Man-in-the-middle attackYesIC certified responses + HTTPS
      ICP node operator peeks at dataYesData encrypted before reaching IC
      Government requests your dataYesRabbithole has nothing to hand over
      You lose your devicePartialRe-authenticate with recovery on Internet Identity
      Malicious code updateMitigatedOpen source, canister upgrade requires controller (you)

      Rabbithole vs Traditional Cloud

      Comparison with other solutions

      SolutionDecentralizationTrust RequiredData Sovereignty
      Google DriveHighNone
      DropboxHighNone
      TresoritMediumPartial (E2E, but company controls infra)
      IPFS + EncryptionHighMediumPartial (no built-in encryption)
      RabbitholeHighLowFull (you own the canister)
      No system is perfect

      Rabbithole minimizes trust assumptions, but no system can eliminate them entirely. We believe in transparency: if you find a weakness, report it.