Jump to content

Surespot

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Tao oat (talk | contribs) at 08:36, 20 May 2020 (Improve phrasing in first sentence). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Surespot
Developer(s)Surespot LLC
Stable release
Android81 / April 27, 2019; 5 years ago (2019-04-27)[1]
iOS21 / November 29, 2018; 5 years ago (2018-11-29)[2]
Websitewww.surespot.me

Surespot is an open-source instant messaging application for Android and iOS with a focus on privacy and security.[3] For secure communication it uses end-to-end encryption by default.[4]

History

In May 2015, Channel 4 News published an investigation in which they alleged that "at least 115 ISIS-linked people" appeared to have used Surespot between November 2014 and May 2015.[5] In June 2015, a Surespot user wrote a blog post about how the Surespot developers had stopped responding to his repeated questions regarding "governmental demands for information", leading to the user alleging that the Surespot developers were "under a gag order".[6][self-published source]

Surespot was specifically mentioned in a plea agreement in which a 17-year-old US citizen was charged with providing material support to ISIS.[7]

Reception

As of November 4, 2014, Surespot has a score of 5 out of 7 points on the Electronic Frontier Foundation secure messaging scorecard. It has received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having its code open to independent review (open-source), and for having its security design well-documented. It is missing points because past communications are not secure if the encryption keys are stolen (no forward secrecy) and because there has not been a recent independent security audit.[8]

Features

Surespot provides offline backup via iTunes (PC or Mac) on the iOS version, or to local device storage on the Android version. App users can use multiple identities, for instance for private or business use.

The application supports the deletion of messages from the receiving device; the sending of pictures, audio messages (in the past only after an in-app purchase, currently for free), and Emoji icons; and user blocking.

So far there is no support for group messages and sending files other than photos.

Technology

Surespot uses 256 bit AES-GCM encryption using keys created with 521 bit ECDH. It is a Public-key cryptography system with public and private keys in order to obtain a shared secret. The shared secret is used to exchange information securely.

Business model

The app is free to install and use. Via in-app purchases one can add functionality, such as a voice-message feature. Apart from earning money via in-app purchases, surespot is donationware. Donations can be done via Bitcoins, creditcards or PayPal.

See also

References

  1. ^ "surespot encrypted messenger - Apps on Google Play". play.google.com. Retrieved 2019-04-27.
  2. ^ "‎surespot encrypted messenger". App Store. Retrieved 2018-11-29.
  3. ^ "Kurztest Whatsapp Alternativen". Retrieved 2014-11-24.
  4. ^ "Apps to easily encrypt your text messaging". 2014-11-24. Retrieved 2014-11-24.
  5. ^ "Intel fears as jihadis flock to encrypted apps like Surespot". Channel 4 News. 26 May 2015. Retrieved 18 November 2015.
  6. ^ Maschke, George (7 June 2015). "Developer's Silence Raises Concern About Surespot Encrypted Messenger". AntiPolygraph.org. Archived from the original on 29 June 2015. Retrieved 17 November 2015.
  7. ^ "Statement of Facts as to Ali Shukri Amin" (PDF), USA v. Amin (Court Filing), no. 1:15-cr-00164, Docket 7, E.D.V.A., Jun 11, 2015, retrieved Jul 25, 2017 – via Recap at ¶ 11, p. 4
  8. ^ "Secure Messaging Scorecard". Electronic Frontier Foundation. 4 November 2014. Retrieved 5 December 2015.