Is Surespot the Latest Crypto War Victim? 26
George Maschke writes: Patrick G. Eddington writes in a Christian Science Monitor op-ed about indications that the government may be snooping on users of Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants. He writes in the piece: "Has encrypted chat service Surespot been compromised by the US government? Surespot user and former Army intelligence officer George Maschke recently published a provocative theory suggesting the answer is yes. Mr. Maschke’s key pieces of evidence are intriguing. In May 2014, he e-mailed 2Fours LLC, which is Surespot’s parent company, asking whether the company had ever received a National Security Letter (NSL), a court order to provide information, or other government request to cooperate in an investigation. He was assured in writing that 2Fours had received no such requests. That changed in November 2014, when Surespot’s founder, Adam Patacchiola, told Maschke via e-mail that 'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.'"
Re:Military whistleblowers? (Score:4, Insightful)
Re:Military whistleblowers? (Score:5, Insightful)
it's all compromised (Score:5, Insightful)
Proven by the Lavabit case (Score:3, Insightful)
If they're still in business, they're compromised:
http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email
Re: (Score:2)
?OTRv2?
Encrypted messaging app (Score:2)
What a waste! The only thing even close to being secure are the Sunday classifieds and the Hollywood tabloids... Like they say, just broadcast it wide open, nobody will see it.
And then? (Score:5, Informative)
If you're going to end your summary with something that happened in November 2014, you could at least hint that there are further developments to be read about in the article, even if you can't be bothered to copy-and-paste those into the summary itself.
TL;DR: no-one at Surespot is answering questions about whether or not they've had any Gubmint interference, and someone who used to work there, but doesn't any more, won't talk to anyone about it either.
Re: (Score:3)
So about a year or so ago when I was working for a company that doesn't comment on requests, I had the process explained to me.
Essentially, it's illegal to say that you have received a request -- which is something you learn when you get a request. If you haven't had a request however, there is nothing illegal about saying it hasn't happened to you. He'd suggested saying something like "We haven't received any requests this month" to alert people.
After all the BS is said and done, there's a very high like
serving subpoenas on an Internet company? (Score:3)
hey, just tape it to the side of your computer. it'll get there if it's supposed to. trust me.
Re: (Score:2)
I gotta admit, I thought that was funny...
'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.
"Oh...you want to subpoena me and you don't know where to send it? Sure, I'll help. My address is 1600 Pennsylvania Avenue, Washington DC..."
They're an intelligence agency and they don't know where to send the subpoena?
Silent Alarm (Score:1)
Ironic warrant canary is ironic.
Endorsed (Score:2)
Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants.
Endorsed by people who trust it with their lives.
Surespot was compromised from the start. (Score:1)
The company was started by the NSA. There was never a need to breach them.
Keep your secrets off the internet (Score:2)
No exceptions.
The really important stuff should be kept among confidants, and discussed as little as is necessary.
Important records can still be kept in hard copy if you really need to write stuff down.
Assume everything you say may be taken out of context and without including your sarcastic tone.
Psychological warfare (Score:1)
Or maybe the opposite is true... maybe Surespot is secure.. .thus an attempt to discredit it.
This is the world of "intelligence". Until people wise up their is nothing "intelligent" about the current path of spening billions destroying data security rather than creating it.. we'll get our wish of insecure systems. Not a single computer with commodity components on the Internet today is safe because of these attitudes. Wish I could point to only one country's government as being the problem but its really mo
Re: (Score:2)
Re: (Score:2)
Poor ECC impl (Score:3)
Surespot is most likely toast now. I see two possible attacks from someone who controls the servers: