Z-TEXT has published its full security threat model and launched a paid bug bounty program as the privacy-focused messaging platform prepares for public release. The move comes as founder Eric Pierrot argues that openly disclosing security limitations is essential for building trust in privacy technologies that increasingly serve journalists, activists, nonprofits, and communities operating in high-risk environments.
Z-TEXT Opens Its Security Model to Public Scrutiny
Z-TEXT, a Wyoming-based technology company, has released a public threat model detailing how its blockchain-based messaging platform works, what threats it is designed to protect against, and where its limitations remain.
The company also launched a 7 ZEC bug bounty program, offering rewards of up to 3 ZEC for critical vulnerabilities discovered by independent researchers.
The platform combines encrypted messaging, password management, and cryptocurrency wallet functionality within a single application. Built on the BitcoinZ blockchain, Z-TEXT uses a 24-word seed phrase to recover user data and advertises a privacy-first architecture that does not require phone numbers, email addresses, or traditional user accounts.
Founder Eric Pierrot said the decision to publish the threat model before launch reflects a philosophy of transparency that remains uncommon in the privacy technology sector.
“Publishing our limitations publicly is how we earn trust,” said Pierrot.
The announcement follows a growing trend among cybersecurity firms and privacy-focused platforms that increasingly rely on bug bounty programs and public security reviews to identify weaknesses before widespread adoption.
Radical transparency means acknowledging limitations
While many privacy platforms focus their marketing on security claims, Z-TEXT’s threat model also details areas where users remain exposed. Pierrot told Charity Journal that the platform protects message content and blockchain-level metadata but cannot completely hide a user’s internet connection from network providers.
According to the company, internet service providers and other network-level observers can still detect that a user is connecting to the BitcoinZ network, even if they cannot access message content. Z-TEXT also discloses its reliance on two infrastructure components: a lightwalletd node and a license server.
“We believe radical transparency about limitations builds more trust than overclaiming,” Pierrot said.
That disclosure addresses a growing challenge in digital privacy. Security experts increasingly warn that privacy tools often create unrealistic expectations among users who may assume complete anonymity when practical limitations still exist at the network level.
For nonprofit organizations, journalists, human rights advocates, and civil society groups operating in restrictive environments, understanding those limitations can be just as important as understanding a platform’s protections.
Bug bounties become part of a long-term security strategy
Alongside the threat model, Z-TEXT is inviting external researchers to test its defenses through the newly launched bug bounty program.
The initial reward pool stands at 7 ZEC and is funded entirely by the company. According to Pierrot, the pool will expand over time through revenue generated from software licenses as the platform approaches its planned lifetime cap of 50,000 licenses.
The goal is to attract independent security researchers capable of identifying vulnerabilities before they can be exploited. The approach reflects a broader shift across the cybersecurity industry, where organizations increasingly view external security testing as a critical layer of defense rather than a public relations exercise.
As encrypted communications become more important for nonprofits, advocacy groups, journalists, and communities concerned about surveillance, developers face growing pressure to demonstrate not only strong security claims but also a willingness to subject those claims to public scrutiny.
For Z-TEXT, the public threat model and bug bounty program represent an attempt to do both before the platform reaches a wider audience.