Skip to content

Faction Help Center

Overview

Faction Help Center

Home
Getting Started
Getting Started
- Overview
Security
Security
- Overview Overview
  Table of contents
FAQ
FAQ
- Common Questions
Customer Portal
Customer Portal

Faction Security Overview¶

Faction is built on a zero-trust architecture with end-to-end encryption.

Key Principles¶

Zero Configuration — Security is automatic, not optional
End-to-End Encryption — All traffic encrypted via WireGuard tunnels
Per-Faction Isolation — Each faction operates independently with its own encryption keys
No Cloud Dependency — Devices communicate directly through encrypted tunnels
Zero Anonymity — Every device in a faction is cryptographically identified

Encryption¶

All faction traffic uses WireGuard with Curve25519 key exchange, ChaCha20-Poly1305 encryption, and BLAKE2s hashing.

Pod Security¶

Factory credentials are replaced during adoption — default passwords never persist
Firmware is built on a read-only squashfs base with overlay for configuration
Factory reset restores the Pod to adoption-ready state without exposing credentials