Postern Labs
MAINNET BETA. Unaudited · relaxed k=4 regime (trivially forgeable) · k=8 hardening reverted, re-activating with a difficulty fix · very few nodes, 51%-attackable · not a security · for evaluation — not to protect real secrets yet. Full disclaimer →

Disclaimer & legal

The full text, in plain language.

This page is the canonical version of every warning on this site. If anything elsewhere ever seems to promise more than this page does, this page wins.

1. Beta software — unaudited, no warranty

Everything Postern Labs publishes today is pre-production beta software, provided “as is”, without warranty of any kind, express or implied, including merchantability, fitness for a particular purpose, and non-infringement — as stated in the MIT and Apache-2.0 licenses that govern it.

No third-party security audit has been performed on any Postern product or on the underlying protocol. An audit is contracted but not done yet — until it is delivered, everything here remains unaudited. Internal review and passing test suites are not an audit. Nothing here is a certified security product.

2. Do not protect real secrets with it yet

This beta exists for evaluation: to be read, built, reproduced, and broken. It does not exist to protect anything you cannot afford to lose. Until the audits gate open:

  • do not store real passwords or secrets in the Vault;
  • do not send sensitive files through the Courier;
  • do not rely on the Messenger, Keys, Panic Lock, or any other component for real operational security;
  • do not treat the OS images or the desktop app as hardened production systems.

If your safety depends on your tools, use established, audited tools. We will tell you — on this page — when that calculus changes.

3. The mainnet beta — what the label does and does not mean

The Bloch-SIS-PoW protocol now runs a mainnet beta. That is a designation, not a security claim: the network is live and persistent, and it is nascent, unaudited, and easy to attack. Precisely:

  • k=8 hardening — activated at block 213,000, then reverted. The relaxed regime (k=4) currently applies — work is trivially forgeable. The canonical k=8 parameters of the Module-SIS gate were activated at block 213,000 as a soft fork but reverted: they multiplied mining difficulty ~4096x and the current solo / low hashrate could not find blocks, so the chain stalled. k=8 will re-activate together with a matched difficulty reduction (so block time stays ~30s). Until then, no security is claimed.
  • The security source is cumulative SHAKE-256 hashcash work. The Module-SIS gate is a structural filter (k=4 today; k=8 on re-activation) that binds work to a lattice form — it is not the security source.
  • Very few nodes and low hashrate → 51%-attackable. A modest adversary could out-mine and reorganize this chain today. Do not treat confirmations as final in any way that matters.
  • Unaudited. A third-party audit is contracted but not done yet; the concrete-security (no-shortcut) analysis and the IACR ePrint publication for open expert review are still outstanding. “Mainnet beta” does not mean those gates have been passed — it means the chain is live while they are pursued.

Nothing on this site calls this network “secure” or “production”. If any other page ever seems to, this section wins.

4. The coin is not a security and not an asset

Do not attach value to the coin. The protocol's native coin exists as a consensus mechanism, not as an investment:

  • No token sale — past, present, or planned;
  • No listing effort, no market-making, no price — and no cooperation with anyone attempting to create one;
  • No promoter — the protocol is ownerless: no foundation, no curator, no official website (see Postern & Bloch);
  • No expectation of profit should be formed from anything Postern Labs says or sells — Postern's revenue is protection and support, never the token.

Coins on the mainnet beta carry no value claim: there is no price and no market, the network is 51%-attackable, and under the relaxed k=4 regime that currently applies (the k=8 hardening was reverted, pending re-activation with a difficulty fix) the PoW remains trivially forgeable. Not for investment. Use at your own risk.

5. The premine, disclosed in full

The single fact a skeptic will weigh against “ownerless”, kept visible on purpose: the protocol's genesis allocates a 17% founder premine, subject to a 10-year cliff and a 40-year vesting schedule, and structurally passive — it confers no governance power, no protocol privileges, and is backed by zero sale and zero listing effort. We state it here so nobody discovers it as a surprise.

6. Built vs designed — what actually runs

Labelled the same way everywhere on this site:

  • Built · tests pass — the Rust product cores (crates/postern-*) compile and their test suites pass;
  • Reference prototype — working front-ends (the self-contained web apps, the Tauri desktop app) that demonstrate the design;
  • Design / spec — documented plans (the daily-driver OS editions, the Android container, the cloud and enterprise editions) that are not running software yet.

If a claim isn't true yet, we phrase it as the plan — and a plan is all it is.

7. Licenses

Postern products are permissively licensed — MIT / Apache-2.0, per crate — with no GPL/AGPL code embedded anywhere in the products. The free build is always buildable from source. The ownerless protocol carries its own licensing in its own repository (gitlab.com/blochsispow-group/BlochSISPoW-project).

8. This website

This site is static, self-contained, and makes no network requests: no analytics, no tracking, no external fonts, scripts, or images, and a Content-Security-Policy that forbids outbound connections. What you just read is everything it does.

Nothing on this site is legal, financial, or investment advice. This disclaimer accompanies a public beta and will be revised as the audit gates are passed — changes will appear here first.