Frequently asked questions.

No. And that's the point. FGSP cannot prove data exists, and it cannot prove it doesn't exist. The drive looks identical — uniform encrypted noise — whether or not any data has been placed in it. This is called plausible deniability. The absence of proof that data exists is the security property you're buying.

The server holds what looks like a drive full of uniform noise and an opaque token ledger. No Shape Keys. No Coordinates. No user identities. No mapping between payments and storage. Forensically, a seized server produces nothing useful. This is the structural-inability-to-comply property that the architecture is built around.

It's architectural. All cryptographic math — key derivation, panel placement, encryption — runs in the Navigator app on your device. The server never receives a Shape Key, a Coordinate, or any file metadata. It receives and stores opaque ciphertext. The server cannot be anything other than blind because it never receives the inputs required to be anything else.

Standard encryption hides content but not existence. A forensic tool can identify encrypted files, count them, timestamp them, and see that they're there — even if it can't read them. FGSP hides existence. The drive is pre-filled with noise. Your encrypted panels are indistinguishable from surrounding noise. There's nothing for a forensic tool to point to.

Three things. First: endpoint compromise — if your device has malware at the time you access your files, an attacker reads plaintext directly. Second: coercion of you personally — if you're forced to hand over your keys, the data is accessible. Third: loss of your keys with no backup — if both keys are gone with no Drive A, access is permanently lost. The security page covers all of this in detail.

The Shape Key controls the fractal geometry used to navigate your storage — it determines the equation variables that define the fractal's shape and how data is placed within it. The Coordinate is a point in a three-dimensional space that is your starting point within that geometry. Together they define a path through your storage that is unique to you and computationally impossible to guess.

If you've lost both your keys and have no Drive A and no physical backup, access is gone permanently. There is no recovery path. This is the design. Store your keys in at least two physically secure locations before you put anything important into FGSP. See the best practices guide.

Yes. Download the Navigator on any device and use manual entry (Path 1) with your Shape Key and Coordinate. No account. No device registration. Any device with the Navigator and your keys can reach your storage.

Drive A is a pre-provisioned access bundle — a USB or encrypted file — containing a scoped hot-path token. It makes regular access faster because you don't type your keys every time. It's not required — you can always use manual entry with your Shape Key and Coordinate. Drive A is a convenience tool, not a key backup. See the Drive A guide.

The deadman system lets you configure a timed release on individual files. If you stop checking in — because you're unable to, not by choice — an encrypted packet is delivered to a designated recipient who can then retrieve your file. Use cases: journalists who want a trusted editor to receive source material if they go dark, field operators who want information to reach the right people if they're detained, anyone who stores high-stakes material and wants a controlled release if they become unreachable.

No. The release packet is encrypted. Without your Shape Key, it's junk binary. The release proves that a timeout occurred and a packet was sent. It does not prove that data exists on any drive, what the data contains, or who you are. Deniability is preserved even after a deadman fires.

Yes. Deadman is per-file. One file can have a 7-day release window. Another can have no deadman at all. You configure it independently for each file at upload time or afterward.

For the Monero payment path: no name, no email, no phone number. Signup happens via .onion. The operator has no identifying information about you — not by policy, but because none was ever provided. For the Stripe path (Practitioner/Institutional): Stripe requires payment information, and Stripe can be independently subpoenaed. The data architecture is identical either way — the operator still can't read your files. The difference is payment-level privacy.

Yes. Any company can receive a subpoena. The question is what there is to hand over. FGSP's answer is: uniform noise and an opaque token ledger. No Shape Keys. No Coordinates. No user identities. No file metadata. A subpoena compliance response looks like: "We have storage drives containing uniform encrypted noise, and token issuance records with no identity linkage. Here they are." That's the structural-inability-to-comply defense in practice.

Yes. Published quarterly. If the canary disappears, it means a secret order has arrived that cannot be disclosed. Users who rely on FGSP for high-stakes material should check the canary regularly. A missing canary is the signal to treat the service as potentially compromised and transition to another path.

AES-256-GCM for file encryption. AES-256-CTR for drive fill (the noise). SHA-512 for key derivation. HMAC-SHA-512 for authentication. Reed-Solomon error correction (8+1 default) for panel integrity. All cryptographic operations are client-side in the Navigator.

The Mandelbulb fractal equation provides two independently infinite parameter spaces — the coordinate space and the equation variable space (the Shape Key). Infinity in both dimensions simultaneously is what creates the two-infinite-barriers property. Other mathematical structures can provide one infinite space; the fractal construction provides two independently. That's the novel architectural contribution.

Throughput is bounded by Tor — typically 1–10 MB/s on Tor v3 hidden services. FGSP is not designed for backing up photo libraries or large media archives. It's designed for high-stakes small-to-medium files where privacy matters more than speed. Think: documents, evidence files, communications records, sensitive archives. Not: 4K video backups.

Not yet. Independent cryptographic audit comes before open source — the architecture needs a third-party review before public code release. The audit ladder and timeline will be published. When the code is released, the Navigator client will be fully auditable so users can verify the "all math runs client-side" claim independently.