Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Surespot the Latest Crypto War Victim?

Posted by samzenpus on from the lets-see-what-you're-doing dept.

George Maschke writes: Patrick G. Eddington writes in a Christian Science Monitor op-ed about indications that the government may be snooping on users of Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants. He writes in the piece: "Has encrypted chat service Surespot been compromised by the US government? Surespot user and former Army intelligence officer George Maschke recently published a provocative theory suggesting the answer is yes. Mr. Maschke’s key pieces of evidence are intriguing. In May 2014, he e-mailed 2Fours LLC, which is Surespot’s parent company, asking whether the company had ever received a National Security Letter (NSL), a court order to provide information, or other government request to cooperate in an investigation. He was assured in writing that 2Fours had received no such requests. That changed in November 2014, when Surespot’s founder, Adam Patacchiola, told Maschke via e-mail that 'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.'"

17 of 26 comments (clear)

  1. it's all compromised by turkeydance · · Score: 4, Insightful

    and we act accordingly.

    1. Re:it's all compromised by bill_mcgonigle · · Score: 1

      ?OTRv2?

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. Encrypted messaging app by fustakrakich · · Score: 2

    What a waste! The only thing even close to being secure are the Sunday classifieds and the Hollywood tabloids... Like they say, just broadcast it wide open, nobody will see it.

    --
    “He’s not deformed, he’s just drunk!”
  3. Proven by the Lavabit case by Anonymous Coward · · Score: 3, Insightful

    If they're still in business, they're compromised:

    http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email

  4. And then? by wonkey_monkey · · Score: 5, Informative

    If you're going to end your summary with something that happened in November 2014, you could at least hint that there are further developments to be read about in the article, even if you can't be bothered to copy-and-paste those into the summary itself.

    TL;DR: no-one at Surespot is answering questions about whether or not they've had any Gubmint interference, and someone who used to work there, but doesn't any more, won't talk to anyone about it either.

    --
    systemd is Roko's Basilisk.
    1. Re:And then? by Prien715 · · Score: 2

      So about a year or so ago when I was working for a company that doesn't comment on requests, I had the process explained to me.

      Essentially, it's illegal to say that you have received a request -- which is something you learn when you get a request. If you haven't had a request however, there is nothing illegal about saying it hasn't happened to you. He'd suggested saying something like "We haven't received any requests this month" to alert people.

      After all the BS is said and done, there's a very high likelihood they have received a request based on inability to confirm or deny. And once you get one, there's always more where that came from.

      --
      -- Political fascism requires a Fuhrer.
  5. serving subpoenas on an Internet company? by swschrad · · Score: 2

    hey, just tape it to the side of your computer. it'll get there if it's supposed to. trust me.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
    1. Re:serving subpoenas on an Internet company? by R3d+M3rcury · · Score: 1

      I gotta admit, I thought that was funny...

      'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.

      "Oh...you want to subpoena me and you don't know where to send it? Sure, I'll help. My address is 1600 Pennsylvania Avenue, Washington DC..."

      They're an intelligence agency and they don't know where to send the subpoena?

  6. Endorsed by penguinoid · · Score: 1

    Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants.

    Endorsed by people who trust it with their lives.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  7. Surespot was compromised from the start. by Anonymous Coward · · Score: 1

    The company was started by the NSA. There was never a need to breach them.

  8. Keep your secrets off the internet by Moof123 · · Score: 1

    No exceptions.

    The really important stuff should be kept among confidants, and discussed as little as is necessary.

    Important records can still be kept in hard copy if you really need to write stuff down.

    Assume everything you say may be taken out of context and without including your sarcastic tone.

  9. Re:Military whistleblowers? by jargonburn · · Score: 3, Insightful

    I do not think "protect our freedoms" means what you think it means...

  10. Re:Military whistleblowers? by jthill · · Score: 4, Insightful

    That's what they're doing.

    --
    As always, all IMO. Insert "I think" everywhere grammatically possible.
  11. Psychological warfare by Anonymous Coward · · Score: 1

    Or maybe the opposite is true... maybe Surespot is secure.. .thus an attempt to discredit it.

    This is the world of "intelligence". Until people wise up their is nothing "intelligent" about the current path of spening billions destroying data security rather than creating it.. we'll get our wish of insecure systems. Not a single computer with commodity components on the Internet today is safe because of these attitudes. Wish I could point to only one country's government as being the problem but its really most of them.

    1. Re:Psychological warfare by gweilo8888 · · Score: 1

      Exactly. There's about an equal chance it's compromised or not, and there's no way to no. It could be a double bluff, it could be a triple bluff. The only thing we know absolutely for sure is that we're not getting the whole story, because if you'd really compromised it, it'd be a valuable source of data and you wouldn't want to let the other side know. Unless, that is, you're hoping they'll think it's a double-bluff...

    2. Re:Psychological warfare by gweilo8888 · · Score: 1

      no way to know, even. Blast these useless sausage fingers of mine!

  12. Poor ECC impl by Meneth · · Score: 2

    Surespot is most likely toast now. I see two possible attacks from someone who controls the servers: