Skip to content

OrOrbit is in pre-launch. Downloads, accounts, and sponsorship open at launch.

Never share your identity file.

Your .ororbit-identity file is the key to your entire account. No legitimate person or service will ever ask you for it.

What Your Identity File Contains

Understanding what's inside helps you understand why it must stay private.

Your .ororbit-identity file contains your private signing key — the cryptographic proof that you are you. It's encrypted with your password, but anyone who has both the file and your password has complete control over your identity.

They can sign in as you, send messages as you, join servers as you, and act as you — with no way for anyone, not even a server owner, to tell the difference.

File + Password = Full access to your identity

Why You Should Never Share It

The consequences are severe and often irreversible.

Full impersonation

Anyone with your file and password can become you. They can log into any server you use and act with your full identity.

Messages sent as you

An attacker can send messages, join conversations, and interact with people — all appearing to come from you.

Undetectable

The attacker uses the same cryptographic key as you. No one — not even the server — can tell the difference between you and the attacker.

Race to recover

If someone has your file and password, they can rotate your key before you do — locking you out of your own identity. Speed matters.

How Scammers Might Try to Trick You

Recognize these patterns. Every single one is a scam.

"Send me your file to verify your identity"

A server admin or moderator asks for your identity file to "verify" who you are. Verification happens automatically through cryptographic challenge-response — no one ever needs your file.

"I need your file to add you to a server"

Someone claims they need your file to invite you. Joining a server only requires an invite link, QR code, or Pulsar code. Your file is never part of the process.

"Support needs your file to fix your account"

There is no "OrOrbit support team" that needs your file. Your identity is yours alone — no one can or should "fix" it for you.

"I'll keep your file safe for you"

No one should hold your identity file. Use your own cloud storage, a USB drive, or the desktop app's auto-backup feature. Never trust a third party with this file.

No legitimate person or service will ever ask for your identity file.

The Right Way to Join a Server

Your identity file is never needed for joining. Here's how it actually works.

1

Receive an invite

Someone sends you an invite link, a QR code, or a Pulsar code. These are the only legitimate ways to join a server.

2

Click, scan, or enter the code

Your app opens the invite and begins the join process. You choose whether to accept.

Your app handles authentication

Your app proves your identity to the server using your public key through a cryptographic challenge-response. Your identity file is never shared, uploaded, or transmitted.

What to Do If You Already Shared It

Act immediately. The attacker can do these same steps — speed matters.

If someone has your file and knows your password, they can already use your identity. They could also rotate your key before you do, locking you out. Act fast.

1

Rotate your signing key immediately

Go to Settings → Security → Key Rotation. This is the only way to fully invalidate the leaked file. Once you rotate, the attacker's copy becomes cryptographically useless.

2

Change your password

This re-encrypts your local identity file so the attacker cannot decrypt any future exports, even if they intercept them.

3

Enable two-factor authentication

If you haven't already, set up 2FA (TOTP) in Settings. This adds an additional verification layer on servers that enforce it. This is a server-side setting and does not modify your identity file.

4

Re-export and store safely

Export a new identity file with your new password. Do this last so the export captures your rotated key and new password. Store it in a secure location — cloud storage, USB drive, or the desktop app's auto-backup.

Your identity. Your responsibility.

OrOrbit puts you in control of your identity. That power comes with one simple rule: never share your identity file.

Full Security Overview Download OrOrbit