The Protocol
How FGSP works.
Plain language. No jargon. Everything you need to understand why this is different — and why it holds up.
The Core Problem
Every encrypted storage system has the same weakness. The data is still provably there. Someone can look at your drive and say: there is encrypted data on this device. You can be pressured to unlock it. The device can be seized. An account can be subpoenaed. Even if they can't read it, they know it exists — and that's enough leverage.
FGSP solves a different problem. Not "can they read it" but "can they prove it exists." The answer is no. That's a fundamentally different guarantee.
What the drive looks like
Before your data ever touches FGSP, the entire storage drive is filled end-to-end with encrypted noise. Every single block — all 64KB chunks across the entire drive — looks identical: uniform, high-entropy, indistinguishable from random data. There are no headers, no directory structures, no low-entropy markers. Nothing to scan for. Nothing to point to.
What this means in practice
A forensics tool pointed at an FGSP drive sees the same thing everywhere it looks: noise. There is no starting point for an investigation. No structure that says "file system here." No evidence that the drive is anything other than unformatted storage.
Two infinite barriers
Your data is hidden inside that noise field using fractal mathematics as the guidance system. Two keys control everything — and both must be present. Neither one alone is sufficient. Neither one is ever transmitted to a server.
The Coordinate
A point in an effectively infinite three-dimensional space. This is your starting point for placing data inside the noise field. The coordinate space is so vast that guessing is not a strategy — it's a mathematical impossibility.
The Shape Key
Controls the fractal geometry used to navigate the noise field. The fractal equation has effectively infinite configurations based on its variables. Without the exact Shape Key, the path through your data does not exist.
Both barriers must be defeated simultaneously. Defeating one gives an attacker nothing — the second barrier is fully independent. This is the architectural foundation that makes everything else meaningful.
The four steps
Drive is pre-filled with encrypted noise
At provisioning, the entire storage drive is filled with AES-256 encrypted noise. Every block looks identical. There is no "empty" space — just noise from edge to edge. This happens once, before any of your data ever touches the system.
Your files are shredded into panels and placed inside the noise
When you upload a file, it's encrypted and cut into 64KB panels. Each panel is placed at a specific location inside the noise field — locations calculated by walking the fractal geometry derived from your two keys. The panels are indistinguishable from surrounding noise. The placement math runs entirely on your device.
The server stays blind — always
The server stores what looks like a drive full of noise. It receives no Shape Keys, no Coordinates, no file metadata. All the cryptographic math runs client-side on your device. The server cannot identify users, cannot locate data, cannot decrypt anything — even if compelled by law.
You retrieve from anywhere with your two keys
To retrieve a file, the Navigator app recomputes the fractal path using your Coordinate and Shape Key, locates the panels, reassembles them, and decrypts. Everything runs on your device. The server is a passive noise store. Access is cloud-based and Tor-routed — no account, no identity, no IP address logged.
Login paths
There are two ways to access your storage. Both are available to every user at all times.
Manual entry — Path 1
Type your Coordinate and Shape Key from memory into the Navigator app. Nothing is stored anywhere. The app computes everything on the fly from what you type. This is the always-available path — it works from any device, anywhere, with no physical dependency. It's also the recovery path if you ever lose Drive A.
Hot-path token — Path 2 (Drive A)
Drive A is a pre-provisioned bundle — a USB or encrypted file — that contains a scoped access token. Plug it in, open the Navigator, and you're in without typing your keys. Faster for regular use. Configurable scope: upload-only, download-only, or both. Can be set to burn its token after a single use.
No account recovery exists
This is not a limitation — it is the design. There is no "forgot my password" flow. No operator-side recovery. No backup on any server. If you lose both your keys and your Drive A with no other backup, access is gone. Read the best practices guide before you start using FGSP.
How FGSP compares
vs. Standard cloud storage
Dropbox, Google Drive, iCloud — the provider can read your files, identify you, and comply with subpoenas. FGSP's server cannot do any of these things, by architecture.
vs. Encrypted cloud (Tresorit, etc.)
Files are encrypted but provably present. FGSP eliminates provability — the drive is noise regardless of whether data is present. Structurally different guarantee.
vs. VeraCrypt / hidden volumes
VeraCrypt is local-disk only and has a detectable container structure. FGSP is cloud-accessible, the entire drive is indistinguishable from random data, and there is no structure to detect.
vs. SecureDrop
SecureDrop is a newsroom intake tool — the existence of the dropbox is publicly known. FGSP is personal sovereign storage with deniable-existence. Different problem, different solution.