Rumble Product Security

Report a Security Issue

If you have identified a security issue in the Rumble product or related infrastructure, please get in touch by email. To encrypt the contents of your message, please use PGP Key ID AE96EC3E8E1F27C6.

TLS Encryption

The Rumble agent encrypts all communications with the Rumble infrastructure using TLS. You can find the SSL Labs report cards for critical services below:

Binary Verification

Rumble uses an Extended Validation Authenticode certificate to sign all Windows executables. All Rumble executables also contain an embedded ED25519 signature, which can be verified with the Rumble Verifier.

Multi-factor Authentication

Rumble supports multi-factor authentication (MFA) for the Rumble Console through FIDO2-compatible (WebAuthn) security tokens, such as the Yubico YubiKey and the Google Titan key.

Data Location & Encryption

Rumble uses AWS (us-east-2) for all infrastructure. All storage is encrypted at rest using AWS-managed keys. User credentials are hashed using bcrypt and encrypted using AES-256 in GCM mode with an encryption key stored separately from the database.