Security Architecture

To start, let’s get on the same page about the following question:

How can this be safer than Tailscale, RustDesk, or a commercial VPN? (Continued)

Traditional tools require a voluntary network-layer middleman or force you to punch a hole in your firewall. When you use them, you aren’t just sharing a screen—you’re exposing your entire subnet.

Desktap eliminates the network tunnel entirely, isolates the interaction to the render stack, and locks your cryptographic keys down in hardware instead of software RAM.

Here is exactly how the architecture shifts the threat model:

1. The Network Exposure Problem (The “Volunteered MitM”)

Tools like Tailscale, RustDesk, and commercial VPNs act as self-volunteered Men-in-the-Middle at the network layer. While corporate enterprise networks explicitly use this trick to decrypt and monitor work laptops, consumer overlay networks use it to route your traffic through shared relays and TURN servers.

• The Risk: If an attacker compromises a single credential, they don’t just get your screen—they get a lateral movement launchpad into your home network, your NAS, and your local IoT devices. Furthermore, if your provider’s server-side root credentials leak (at the account, instance, or machine level), every “secure” tunnel they manage is wide open.
• The Desktap Approach: Tunnels are for babies who can’t network good. Desktap uses no relays, no TURN servers, and zero extra hops. It utilizes direct, ephemeral streams to turn every interaction into a discrete event. We stay completely off your subnet and strictly on the render stack. Your local network remains completely invisible and independent.

2. A Cryptographic Sticky Session

If an attacker dumps your client-side memory or grabs a snapshot of your storage layer, an unprotected private key is compromised.

Traditional VPNs and overlay networks have a massive architectural flaw: they separate user identity from tunnel security. They might let you log into their app using a secure hardware-backed Passkey, but the actual protocol connection key (like a static WireGuard private key) is managed entirely in software by the application.

They do this to avoid cross-platform constraints and the latency of constantly asking a TPM to sign rapid-fire networking packets. But it introduces severe vulnerabilities:

What they don’t tell you when selling you a VPN:

• The “Zombie” Credential Trap: VPNs frequently issue certificates but leave the burden of rotation on the user. Stale or orphaned certificates—left behind during device transitions or forgotten upgrades—remain valid keys to your front door long after they should have been revoked.

• Device Theft & Profile Extraction: Stolen devices allow thieves to extract network profiles, creating a permanent, invisible tunnel to your home.

• The “Unlocked” Threat: Anyone with physical access to your device can clone your bridge without needing a password.

• Social Engineering: AI agents can be compromised and malicious, tricking someone using your network into sharing private certificates, giving attackers full visibility into your traffic.

• Malware & Reverse Engineering: Advanced malware sitting on your remote machine can reverse-engineer keys directly from memory.

• Server-Side Compromise: If your VPN provider’s root credentials are leaked, every “secure” tunnel they manage is wide open. Note this could happen at the account level, instance level, or at the machine level.

TL;DR: You might say your VPN provider is reputable. I would ask you: is anyone reputable enough for you to type passwords into, journal entries, create documents, back up family photos, and more? Why volunteer them that access when you don’t have to?

3. How Desktap Hardens the Client

The Architecture

No relays. No TURN servers. No extra hops. Desktap App utilizes direct ephemeral streams to turn every interaction into a discrete, hyper-secure event. It’s a faster, flatter, and more secure way to work.

The Defenses

• Atomic Security (HMAC + GCM): Every message is one-time use. We use HMAC to prove the message’s origin before the host even attempts to process it.
• Hardware-Backed Protection: We leverage Hardware-Backed Key Storage (macOS Keychain, Linux/Windows Secure Enclaves) to ensure your keys never touch the disk in plain text.
• System-Level Hardening: By utilizing the “secure heap”, we prevent sensitive data from leaking into swap or core dumps—keeping your secrets safe even if your machine is compromised by a virus. Furthermore, our internal listeners enforce Restricted Permissions (chmod 0600) to ensure local comms are locked down exclusively by their parent process.
• Nonce-Based Invalidation: Every packet is wrapped in a non-repeating “nonce.” Once a command is executed, it is immediately invalidated. Even if intercepted, it’s cryptographically dead.
• Zero-Trust by Design: Desktap stays off your subnet and on the render stack. Your local network remains invisible and independent. Run your VPNs and private calls with zero overlap; what happens on your network stays on your network.

4. Making the Juice Not Worth the Squeeze

We don’t just rely on someone else’s cookie cutter “brute-force” wall. Desktap uses hyper-frequent credential cycling so aggressive that if an attacker snatched a plaintext key and hit “Enter,” that key would already be ~30 generations old. We architect for the worst-case scenario—a total TLS 1.3 failure—and build our defenses upward from that ground zero. With a baker’s dozen of internal guards verifying every layer, we don’t just meet the gold standard; we layer them until the “impossible.”