Problems & Solutions
Trust & Identity AI Fakes & Deepfakes Duplicate Accounts & Bots CAPTCHA: Prove You're Human Passwords, Spam & Phishing
Content & Discovery Invisible Content Data You Don't Own Better Apps Don't Win
Control & Freedom Censorship & Manipulation Platform Lock-in Cognitive Decline & Feeds Internet Centralization
Comparisons
IPFS Nostr ActivityPub AT Protocol ToIP Secure Scuttlebutt Qortal HyperMesh BitTorrent
Framework
Economy Trust Security Governance Database Identity Verification Why Nothing Less Works
Docs FAQ Roadmap About
Join us on Discord
Framework

Security

Atlas treats security as a full chain: protect the real key, let apps borrow only limited power, make data prove who it belongs to, and build on cryptography meant to last.

The Goal

Security that's calm and solid

Most internet security still feels like juggling sharp objects. You keep typing secrets into apps, services keep inventing their own login flows, and every server has to bolt on its own filters, rate-limits, and DDoS protection after the fact.

Atlas starts from a simpler idea: the most valuable key should stay protected, apps should only receive temporary delegated permission, and network traffic should carry proof before it gets to behave like a trusted participant.

That way, security is not just something hidden in one app or one company. It becomes part of how the whole network works.

Why The Web Feels Weak

Today's internet keeps adding defenses too late

The web usually starts with open requests and scattered accounts, then tries to patch security in later. That leads to familiar problems:

  • Your strongest secret leaks into too many places. Apps often ask for more access than they really need.
  • Raw internet traffic says very little by default. Every service has to invent its own anti-spam and anti-DDoS rules.
  • Cheap identities make bot swarms cheap too. Without stronger proofs or human context, abuse scales easily.
  • Cryptography is chosen for today only. If a protocol should still matter in 10 or 20 years, it has to think ahead now.

Atlas responds by building security into identity, transport, reputation, and cryptography together.

How Atlas Secures The Stack

Atlas security is layered from the inside out: key custody, delegated permissions, identity-bound transport proofs, network-wide attack signaling, identity verification, and quantum-resistant cryptography.

Your real key stays in one safe place

Custodian + Delegated Keys

In Atlas, your main private key can live inside specialized secure hardware or with a dedicated provider called a custodian. The custodian's role is intentionally narrow: keep an encrypted copy of the key and help authorize use of it. By design, it should never need to handle that key in plaintext.

When a client app needs access, it sends the encrypted key material together with the passphrase or other approval input needed for that session. The custodian's job is to recognize you, apply the rules you chose, and let you decide how much permission the app gets and for how long.

After approval, the app receives a delegated key. That means it can operate under your decentralized global identity without ever owning your root secret.

1 Encrypted root key Stored in secure hardware or a custodian.
2 You approve Passphrase, hardware action, or other allowed input.
3 Scope is chosen Permissions and expiry are defined for that app.
4 Delegated key issued Temporary power, not permanent control.

Every request carries identity and proof

Signatures + Soft RandomX

Atlas does not treat communication like anonymous raw HTTP. Every request is followed by a public key, a signature proving the holder authorized it, and proofs tied to that identity.

At the transport layer, Atlas uses a soft RandomX proof-of-work approach with time windows. In plain language: identities must keep showing fresh compute commitment. It is not giant mining. It is background friction that makes abuse more expensive and easier to classify.

The stronger the proof, the more kindly registries and the network can treat the traffic. Weaker or noisier traffic can be slowed, deprioritized, or asked for FairShares payment sooner.

Public Key Who is speaking
Signature Was it really them
Time Window Is the proof still fresh
Proof Strength How should traffic be treated
Strong proof Smoother treatment
Weak proof Pay sooner or slow down
Abusive pattern Deprioritize and flag

Attack defense becomes a network behavior

Registry Signaling

Because requests already arrive with identity and proof context, Atlas does not need to lean on the usual pile of custom DDoS tools and one-off rate-limit rules everywhere. Much of that abuse resistance moves down into the protocol itself.

If one registry starts mitigating an attack, the rest of the network can recognize that quickly through signaling. The same attacker identities can be given negative trust, so their traffic becomes easier for others to treat cautiously before the damage spreads.

One defender's work becomes shared intelligence. The network can rapidly shift between lenient and strict behavior by adjusting how it treats unfamiliar identities. This flexibility makes it harder to wear the system down by targeting a single point.

Registry A Spots an attack pattern

Abusive identities and weak proofs get recognized in real time.

Network Shares the signal

Other registries can adjust treatment without starting from zero.

Attackers Lose cheap reach

Negative trust, weaker routing, and earlier payment expectations.

Verified humans stand out from automated swarms

Identity + Bot Reporting

Atlas also repeats an important idea from the other pages: compute alone is not the whole answer. Real humans can earn identity proofs, while suspicious identities can be reported and escalated for further checks.

That gives registries and clients more than just traffic volume to judge. They can ask whether this identity is a verified human, whether others have flagged it as abusive, and whether it keeps behaving like a bot farm instead of a person.

Bots may still exist, but they do not blend in as easily. They face proof costs, weaker trust, and the possibility of public negative trust or renewed identity verification.

Identity proof can raise confidence
Abuse can be reported and escalated
Clients and registries can filter smarter

The cryptography is chosen for the long run

Falcon + X-Wing

Atlas assumes the important question is not if older non-quantum-resistant algorithms will be broken, but when. A protocol that wants to be a serious foundation for more than the next 10 years has to plan for that horizon from day one.

That is why Atlas uses Falcon public keys and X-Wing encryption. The goal is simple: start with a stronger long-term base instead of migrating the entire network later under pressure.

Falcon Quantum-resistant public keys

Identity and signatures are built for a longer threat horizon.

X-Wing Quantum-resistant encryption

Private communication should not assume today's attackers forever.

The Result

Security that starts at the key and ends at the network

1
Root keys stay protected

The most valuable secret lives behind secure hardware or a custodian.

2
Apps borrow power temporarily

Delegated keys limit what each app can do and how long it can do it.

3
Traffic proves more before it asks more

Requests carry keys, signatures, and fresh proof tied to identity.

4
Abuse gets shared across defenders

Registry signals, negative trust, and human checks make attacks easier to isolate.

5
The foundation looks beyond today

Falcon and X-Wing aim for a protocol that can age more gracefully.

Join us. Why Goku?

Protocols belong to everyone

Atlas is open source. Read the docs, run a node, build an app, or just spread the word. The internet deserves better infrastructure.

Star on GitLab Read the Docs