Linkfire is serious about security. We encourage anyone to privately and responsibly report possible vulnerabilities and incidents to us so that we can address these issues quickly. If you have discovered a security incident or wish to report a vulnerability in our product, please send us an email at security@linkfire.com (use Keybase.io or our PGP key to encrypt any sensitive data). We request that you do not disclose any risks publicly until we have been able to understand the incident and develop a mitigation plan. We’ll be sure to keep all information confidential and work with you to make sure we understand the issue and address it as quickly as possible. All issues reported to the Linkfire Security Team will promptly be addressed. 

  • We will acknowledge any submission in a timely fashion (usually within 72 hours).
  • We will assess the issue fully. (We may keep this information from the public until the issue is fully addressed to prevent any further risk to Linkfire products.)
  • Once the issue is fully addressed and resolved, we will alert any affected customers.

 If possible, please send the following information:

  • Steps to reproduce, preferably in txt format.
  • Demonstration of the risk, this includes URLs and any parameters.
  • Any relevant details of your system’s configuration, such as any browser or user-agent information.
  • In order to coordinate with our logs, please share your Linkfire account.
  • Please do not send any binary/executable attachments.
  • If the information is sensitive, please encrypt your communication with Keybase or our PGP key.

 We ask that you use common sense when seeking out security bugs. Do not attempt to compromise other users or accounts on Linkfire or attempt to impact the stability of our infrastructure (Denial of Service attacks, etc).  Vulnerabilities should be disclosed to us privately and we should be given reasonable time to respond. Running security scanning tools tend to create more noise than useful information. While we appreciate research and disclosure, we kindly ask that you do not use scanners to find vulnerabilities. Thank you for working with us.We respect the talented people that locate security issues and appreciate all efforts to disclose responsibly. 

Linkfire Security Team Keys

Keybase.io

Link to Linkfire Keybase

Keybase.io/linkfiresec
Keybase.io is our way of proving who we are and our respective keys. You can use it to verify Linkfire’s PGP Key and send us encrypted communications.

PGP

Fingerprint: D830 CC89 409D 7466 DF68  B288 982D 31DD 1F01 60A0

ID: Linkfire Key: 4096R/[1F0160A0]

Type: 4096 Bit RSA       

—–BEGIN PGP PUBLIC KEY BLOCK——

mQINBFrGKB8BEACo23x9V4RUTYRJHhQEoyEAk3Ttqq88leSdGcnDaDblUmk9DHZYj8JcC53XOQnqbOKHulIK/iZ0dJiLUnVFAlbKg6eFi5YBwKqIWEmscABZTiU+/Hm39Xsm02Vlygt4V1BTS+UtOUb1srcbqzElW711h+r4UyFhNUb08oaCY6TxhuUozzdAetIwbz8cHp/y2e8VHi5KqsypL3eSoLLOqfWCRa0Es2MkNv884NoA+C5UfHdVfu48WJU3fROiC7EYfjCtc11UTXHfwptAdKElVA4PSbQFPdHvHpEJNHZ6qBihnUgoEoCopqQ1RB4aQGVwTb2JcD8SFUAzxSIHz4F+b8huvsYmDzBMdH7chzLD0geKa0LgaaoSBAFeP8n01RM18lhW/IlDXY++xIh2dgfPL3Wc1zqvQRkqFsXugcYhoRFxR6dWI00kFo4a9GfcY3t5FLsFEkF3sDQmh2VjeGvjNbSCwZa9Yw4vchaDOBJakmvmbZj2P6LcKbpwNfSVXdcG4zOIn9SLPqV6G7JCY/HZSFXkI1+2yx51yuxYD2brZFcdzL2kg3DdqYUraOQ7osszpCg8NE4rn5upfwjZ8RLp940e/3Rr2j3N99Bd6zE7IPk0vQzxnHIDVVBcXZaL+77g2q+phaeAR1uT4IdOcpNHp0TWGMU7yoDbuQdkjbwdKqN9NQARAQABtCBMaW5rZmlyZSA8c2VjdXJpdHlAbGlua2ZpcmUuY29tPokCTgQTAQgAOBYhBNgwzIlAnXRm32iyiJgtMd0fAWCgBQJaxigfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJgtMd0fAWCg2NIP/A0DWyYaQaDhF7mia2zHcD+/eQiwZsaLtjbPaR6H2Ni0g6d4Dfy/S6a9b9IMX/HBBjO5oywedofqCrO2lxfyh9G9Hhk/xURi6lSRwei9Jetv7AsC8jY9th0hAXupKusm/INZdZ2IGxtU/AA1a/L9g2Wke4+MKdbcS1y3IFF6Q/Mu9RvGewPm2T3icNTYXMl1lPDnJtiv467A6hXCUr2AgoRTd1/l/yT9bGjD27Lp6zkwoLe6gh0B+90B3muQnor6Ed21ytYlCdnADpFNa/Xrkmg17mYInCnr4JoM7eXT+m0qOb6D4mjk7jIHX0YBWeh6EGUGZT4NEXVHZA+LuwX0FN0zurtm42Kcfox/z+mpRM36P6VBQvp4sKNMWZXwGob/t1LAMD5ZyU4tZrDaE2ehtMz52ec4hzA/tZRp38sRiiYR9ZBJ0ob2eDMNV7w4kkMpLdNuEaliL+w0SlBOE+LOc03/LXrfS+pMc60+NBAUBG4jLhpGa2OcTtB9mtSeb6Dztjd6oEJTKjK+pBc+byUG5zEfdHzMz3TrkCThsSyElNGk/7lmwU3e/f8Kb5R1SVEU+fH7YrcRTEDXvH7ICc4fTvPdsioU0diKPphCRAM+8UN4/zo46wfXHNeF2qZXA41phZgGy+MSmiSCkivmN/6FMFEFmU2oDTHrO8f7Zxo9fZ/euQINBFrGKB8BEAD9S68FnhocbOPkYjcTW+798HupPt9Rt2yaZY5n3IB3C3p2iEIEut/7QW5APcKTLHM+jogZqeCwZNW8GPdHEioOVg5nmNDLNJSG5STC758xQufnoeweE4/a5PZ5Mbe95q1qEHRysgTMOJDc+PH5FvK8YghGM6aNGablvXbSGnBJ3l1EqMco5M+xhiUVql1zovE2U47zCnlT0DdBumqEFzRdeC4tyYXkGEtK+9uHU+nC5GFeLFaSRpPaNDdyIIgVwcO8Q8lBoP5/htZ7N4DHugFZLG/54dObyFh001MJwfQX/S5TY9rl3eQLqn7r+6wNXL062fUYHD/buINGeI7MrMOZK/f4Y4kMwXtA99F2Py5piF8qfTSwIYgBftxb7jiD6z7VmIOGhPN20Tle4/k4NpCdbc7gf+880uD71W1CuPtE8qiK6oG6DNv+q7iIV7kaETfrZolYrHVUq95HoA4/IKfHZI6rfOIkIImdMhh7XTwe9rvQ2fA6TB1xo7x/pXlg0k363PMRscH3L6qUPwUm6v+fhUP9pSdZzd0Vn00weGFAf38ww1cC2Kkkh2ThgfVh2zTE4qrCFlNy+kYk4DZ30n2GGedrXrUGy93suyUUWQxNR+MyY4Bg68i1u/uf08+F0eBz8acKV2SHllHC6wIfYTsC0Y1soFjXq7zMlv4bnhFRqQARAQABiQI2BBgBCAAgFiEE2DDMiUCddGbfaLKImC0x3R8BYKAFAlrGKB8CGwwACgkQmC0x3R8BYKDahw/7B9KpY5gVoEUfbEiROHqlbyBiSHuwFUb2I0unndgoJ2nZhsPB1Lk8yGY6sSnwTHEuIDrpYFavn20JeYcD1I2KZa35oANQ19D4Q65w+MUfkXxEIQz3uDsBT2zCajpBQBKyj7nvioJYzVrl9iHqcj4PF8uVYYi7optVWngyX1bah6DuykRXword7xMf0JAJ9n7jXss+IVWFpImp9+8nprAfObgd1uR+TMd0xg4apUW89Ysk1keBsvfzwTf059nN2utqpfSXJc2AJVBQz7d9EUDJiUTa5Mxn34BK3D0Ihjh18c7XZP1eXDCwusBbqxdPUowaJNr49SL+ZJk7DoWP4iErIXIJCL415E2nlccXFa6UnIlwIyMkWT64gofglI1sPKptUdX9+11+ilPvDenCVRnql3tg7rILBRHo2+6wYVpJyNjGs0TCE+u4LNdKSgVppO7UIVtI6gj2easTauOoxnMNhilbeFm3c8i5+hle+kaW6gq1IPdvdTm2mtrKVafx6gyovgoP5Ggq/jgVj8jDynk0jYvZp0YZJccCuQQMAwCmg3SOBCUkKsUWRKFVyk50I9Fl2/fBrQ0L+JgGnzYoYUJq48XRHMEXdpOGAweqavUYAdh2bSKB5tyo93t5QatpQ1Gl26e4QNtJ8A2t8Fez7afN1G0NzCGTfI8cdFaJGbUrkSk==Y1eh

—–END PGP PUBLIC KEY BLOCK—–