Rahul Sharma (Editor)

Surespot

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
Surespot LLC

Website
  
www.surespot.me

Development status
  
Active

Stable release
  
iOS 11 (September 24, 2015; 17 months ago (2015-09-24)) [±] Android 63 (October 9, 2015; 17 months ago (2015-10-09)) [±]

Surespot is an open source instant messaging application for Android and iOS. Surespot is one of the modern messaging apps that has a focus on privacy and security. For secure communication it uses end-to-end encryption by default.

Contents

History

In May 2015, Channel 4 News published an investigation in which they alleged that "at least 115 ISIS-linked people" appeared to have used Surespot between November 2014 and May 2015. In June 2015, a Surespot user wrote a blog post about how the Surespot developers had stopped responding to his repeated questions regarding "governmental demands for information", leading to the user alleging that the Surespot developers were "under a gag order".

Surespot was specifically mentioned in a plea agreement in which a 17-year-old US citizen was charged with providing material support to ISIS.

Reception

As of November 4, 2014, Surespot has a score of 5 out of 7 points on the Electronic Frontier Foundation secure messaging scorecard. It has received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having its code open to independent review (open source), and for having its security design well-documented. It is missing points because past communications are not secure if the encryption keys are stolen (no forward secrecy) and because there has not been a recent independent security audit.

Features

  • Deletion of messages from the receiving device.
  • Offline backup via iTunes (PC or Mac) on the iOS version, or to local device storage on the Android version.
  • One can use multiple identities, for instance for private or business use.
  • Supports sending of pictures.
  • Supports sending of audio messages (after an in-app purchase).
  • Supports Emoji icons.
  • Supports blocking of users.

    • So far there is no support for group messages and sending files other than photos.

    Technology

    Surespot uses 256 bit AES-GCM encryption using keys created with 521 bit ECDH. It is a Public-key cryptography system with public and private keys in order to obtain a shared secret. The shared secret is used to exchange information securely.

    Business model

    The app is free to install and use. Via in-app purchases one can add functionality, such as a voice-message feature. Apart from earning money via in-app purchases, surespot is donationware. Donations can be done via Bitcoins, creditcards or PayPal.

    References

    Surespot Wikipedia
    (Text) CC BY-SA


    Similar Topics