GHOSTPORT
← Back to Dev Log

Teachable Security

No hidden magic. Not for the user. Not for an attacker.
April 21, 2026 • GhostPort Technologies

A privacy router is only useful if the person holding it can tell what it's doing.

That sounds obvious. In practice, most "security" products do the opposite. They present a green checkmark and a lock icon and ask you to trust it. If something breaks, you find out from a support ticket or a news story. If something is silently turned off, you never find out at all.

This week's work pulls in the other direction, from both sides. The user-facing side got per-region in-app help so you can read what every control actually does, standing right in front of it. The adversary-facing side got a sudo hardening pass that cuts down what any single compromised account is allowed to do. Same philosophy in two different rooms: no hidden magic.

Part 1: Help Buttons Where You Need Them

Four of the most-used desktop apps got a small ? Help button in the corner. Click it and a dialog opens with collapsible sections explaining each region of the app — not a glossary page, not a YouTube link, just plain-English explanations of the specific things on screen.

BULKHEAD
Firewall
Explains the protected-rule lock icon (why some rules can't be deleted), what the packet and byte counters are counting, and the quiet gotcha where switching privacy modes can overwrite rules you added in another mode. That's the kind of thing a user will eventually discover by breaking it. Better to read it first.
CROW'S NEST
Intrusion Detection
Explains the THREAT LEVEL bands and, more importantly, what normal internet noise actually looks like. A calibrated expectation prevents the two worst outcomes: panicking at background scans, or tuning out real alerts because the dashboard is always yellow.
ANCHOR
VPN Kill Switch
Walks through when to arm it and, just as important, when not to. A kill switch is a safety net that can also lock you out of your own network if you flip it at the wrong moment. We'd rather explain that up front than ship a feature that quietly hurts people.
DRAGNET
Packet Capture
Covers BPF filter syntax, auto-stop limits so a capture doesn't eat your disk, and the difference between capturing on a physical interface versus a tunnel interface versus a mesh interface. Those three see very different traffic, and guessing wrong wastes an hour.

Two design calls worth naming. First: text, not screenshots. Screenshots go stale every time a button moves. Text explains the concept and survives UI tweaks. Second: the help lives next to the thing. There is no separate documentation site you have to leave the app to find. You open the app, you click the question mark, you read.

A companion long-form tutorial exists for Bulkhead for users who want to learn the firewall end-to-end, and more will follow for the other apps. But the baseline guarantee is that every surface has a help button, every region on that surface has an explanation, and the explanation is written for someone who has never done this before.

Part 2: A Smaller Blast Radius

The second piece of work looks less like a feature and more like a cleanup, but it matters more in the long run.

GhostPort runs with a built-in admin account for system tasks. Until this week, that account had blanket root privileges via a catch-all sudo rule — meaning if an attacker ever compromised that account (a stolen SSH key, a dashboard passcode guess, a browser vulnerability), they had free run of the whole device. Convenient for us. Convenient for them.

We replaced that blanket rule with a scoped allowlist of exactly 40 rules, covering the specific binaries and flag combinations the system actually uses to do its job. If the command isn't on the list, it doesn't get root. Every privileged call is logged by the kernel's audit subsystem under a dedicated tag, so the audit trail exists even if the attacker tries to cover their tracks.

1 → 40
BLANKET RULE → SCOPED RULES
17
BINARIES ALLOWED
0
DENIALS IN SMOKE TEST
1 line
ROLLBACK IF NEEDED

What this buys you in practical terms: a compromise of the admin account no longer means root. The attacker is constrained to the allowlist. They can't read the sudoers configuration to learn what they're allowed to do, and they can't clear their own audit trail. The game gets a lot harder.

What this doesn't buy you: we're not claiming the device is unexploitable, or that the allowlist is the final version. The proposal document has a section at the bottom titled "wildcards remaining" that lists the rules we didn't tighten this pass — broader-than-ideal patterns we need to break into more specific rules in a later round. We'd rather publish the honest tech-debt list than pretend it's done.

Why These Two Together

The help buttons and the sudo rewrite don't look like the same project. One is UX. One is a hardening pass. But they share a single principle, and it's the thing we want this product to be known for.

A user should be able to see what every button does. An attacker should find every action logged and every shortcut closed. Both of those sentences describe the same commitment: this device doesn't get to keep secrets from the person who owns it, and it doesn't get to hand secrets to someone who compromises it.

Security without explanation is magic. Magic breaks trust. We'd rather build something a skeptical user can read end-to-end and poke at until they believe it works.

That's the bar. This week moved two steps closer to it.

Related Articles

→ 632 Packets Dropped in 10 Hours → 30 Vulnerabilities. 4 Rounds. 0 Mercy. → GhostPort Phantom OS: Privacy Router Meets Private Desktop → How We Secure AI-to-AI Communication

No hidden magic. Not for you. Not for an attacker.

ghostporttechnologies.com
Privacy you can actually read.
GHOSTPORT TECHNOLOGIES • 2026 • YOUR NETWORK. YOUR RULES.
A+
TEXT SIZE
🎨
ACCENT COLOR