Spot-On: A modern encryption suite in the Echo

Scott Edwards explained the “Spot-On” encryption software to us. It is considered the successor to Web of Trust Sharing: e.g. RetroShare etc.

We asked Scott Edwards, who a few years ago created an English-language user manual for the encryption software “Spot-On”, which has been in existence since 2010, in addition to the technical documentation written by the developer Textbrowser on the project site at Github, if he could write a short explanation of the software application Spot-On for us.

We introduce you to this program from applied cryptography, as the software not only contains comprehensive and innovative cryptographic functions:

The Spot-On app can also be considered a successor to Web-of-Trust-Sharing (such as: RetroShare) in some respects. For example, particularly with regard to security for the file transfer area. The file transfers are in RetroShare only encrypted point-to-point and further hops are secured by trust. This trust architecture also led to sueds and warnings ten years ago if copyrighted music files were shared. After that, there was a retroshare release every year or so. But now it hasn’t been released for a long time. So is this low security really retro?

Spot-On is cryptographically more comprehensive and implements true end-to-end encryption, even – and this is central here – across multiple hops and nodes. And with the search function and its encrypted database, which synchronizes with Spot-On P2P or F2F, e.g. a release preDB with URLs can be shared encrypted via F2F (e.g. for release groups if all pre-databases co-admins are integrated into it as a bridge).

So what exactly does Spot-On encryption software do?

Spot-On is software that securely connects two friends via a key exchange: friend-to-friend encrypted connections are established. This makes it an encryption app with several functions that are displayed per tab. The three most important functions are:

Communication for 1:1 chat, and group chat and email. Second, file sharing and file transfers with magnet links, and, third, P2P web search in one database.
Everything encrypted. It is therefore most comparable to RetroShare. But RetroShare only encrypts from friend to friend. Spot-On encrypts end-to-end.

i2p, fbi men

The network works cryptographically. The app is therefore comparable to Tor or I2P , even if you can’t surf via it yet. Possible functions are currently just chat. There is also file sharing with a magnet URLs and a website search function.

The cryptographic protocol used, called Echo, works in such a way that there are no IP addresses of either the sender or the recipient in the data packets. Therefore it is “Beyond Routing” or even “Beyond Cryptographic Routing”. This is also interesting and innovative compared to TCP routing, onion routing, blockchain routing or I2P routing. Whenever a node has forwarded a data packet, everything in the echo is anonymized and proxified.

It is therefore worth taking a closer look not only at the network technology, but also at the cryptographic level, as it is a comprehensive encryption software as a suite – for encryption of chat and email, as well as web searches and file sharing.

In short: It is a chat app, a database search and a torrent-like file sharing app for download with magnet links. With F2F and E2F over multihops in the Echo, file sharing is in a new evolutionary stage and is securely defined.

So what potential does the “Spot-On” software suite offer, which, in addition to encrypted 1:1 chat and group chat, also implements torrent-like downloads with magnet links and a F2F shared search database in an echo network, like Tor and I2P designing a multi-hop environment as a meshed and securely encrypted proxy network? Especially with increasing surveillance, F2F networks with end-to-end encryption will offer greater security in the future.

But now to Scott Edwards‘ article:

Introductory Summary – Spot-On is an Echo application with comprehensive encryption: multi-hop F2F with E2E

The cryptographic application Spot-On from the developer Textbrower is not only open-source (found on Github), but also enables three essential functions of the Internet to be implemented in an encrypted environment, namely: communication (chat and email), file exchange or file sharing, as well as searching for information in an F2F search engine or local database.

The cryptographic functions of the Spot-On software ensure encryption in a friend-to-friend network for communication and web searches, and in addition, all file transfers are always end-to-end encrypted. There is currently hardly any other application that implements F2F with E2E so extensively – but, and this is the point: via multi-hops.

Magnet links, as they are known from the torrent sector, are supported (within the encrypted network) and form a decentralized tracker. The cryptographic software may require a server in addition to the client for a better connection. This is already integrated into the software: In the function for a so-called “HTTP listener” it is very easy to create your own server (e.g. as a magnet tracker or as a chat server) with just a few clicks.


File sharing – as well as chat and all other functions – can also run with Spot-On via Tor: If required as an additional security environment, Spot-On (uses HTTP/S) can be connected via the proxy options with Tor in the local host.

However, this is not a requirement, as the Echo network is completely encrypted and, similar to onion routing, offers a high level of security, if it is not even more sophisticated because of the cryptographic density. Means: the echo protocol used only sends encrypted packets and does not know any routing, so it is “beyond” TCP routing, as the addressing of the individual instances is mapped using cryptographic functions.

This also distinguishes echo from TCP routing (or onion routing): There is no sender or sender information – each encrypted packet only pings in and pings out again at the node or Echo server (to all connected friends or nodes). No information about the data packets remains in the servers, or in the clients, they are highly encrypted (e.g. after a download or in the chat history).

A search function (e.g. for magnet links or URLs and websites) as well as functions for additional file encryption complement this encryption suite, i.e. the URL search database can also be shared F2F and encrypted: websites (or even information from PreDBs) can can be imported with RSS and then found via search. Latest indexings are always listed first in the search if no filtering is applied.

The following article presents key statements about some selected functions in more detail and shows application perspectives when file encryption, transfer encryption, chat and communication encryption as well as encryption of the search for information on the web come together in a security environment.

To be able to transfer a file, all you need to do is have an encrypted 1:1 chat and press the “Send file” button in the window. The program immediately creates a magnet link known from the torrent area and a tracker in the client and sends the link in the chat.

Since the magnet-link in the chat window of the encrypted chats is only shared with one person, the download starts immediately and no further steps are necessary.

However, if the magnet-link is shared in a group, it can also be “swarmed” like a torrent, meaning that many people can upload and download it at the same time, despite the encryption.

No need for a BitTorrent tracker anymore

For a file sharing application with numerous people downloading a file, it is a very simple architecture and no extra tracker is required. Since the encrypted data packets can no longer be assigned after a hop in the Echo network (more on this proxy effect of the Echo below), it is a very secure but also simple design to share files with one person or with a group of people to share.

Since everything works in a F2F network, i.e. friends network with friends, and everything is encrypted, it is very secure.

In addition, and this is what distinguishes Echo from a Web of Trust, the encryption is implemented end-to-end and not point-to-point. In a web of trust across friends, decryption and re-encryption occurs at every node (replacing cryptography with trust). With Spot-On, this is always encrypted end-to-end across all hops, including a multi-hop chain.

If P2P, where each peer connects to another public peer, moved years ago to encrypted connections to friends (F2F), then the third and subsequent stage of evolution is now end-to-end encryption in an encrypted network across multiple friends and servers.

And finally: Before the magnet-link is created, the software asks whether you want to encrypt the file with a password. This function is called “Nova” and sets the well-known AES encryption on the file using a password. A recipient must then enter this password after downloading in order to unzip the file.

The web search function in Spot-On has no query hits and is synced F2F

The search function in Spot-On is a search in a local database. It can be SQL or PostGres. At the beginning, a setup wizard asks whether a database should be created for the search function.

This has the advantage that search queries are only carried out in the local database. So-called “query hits” do not occur in other nodes as in other P2P searches. This secure architecture is a significant foresight into the future, because in addition to data retention and chat control, all search queries and search terms from users are also required to be stored for monitoring purposes.

In each installation, a search database can be created in a distributed architecture or database. A php web interface is also available to bring your own thematic search or database onto the web. On the one hand, the database is fed via RSS. With the RSS tool located under Options, websites and URLs can be imported into the Spot-On P2P web search using the RSS protocol.

And on the other hand, the search database synchronizes with the friends‘ databases. All you have to do is exchange a key. To be able to chat, the other person needs the chat key – and to share the search database, all you need is an exchange of a URL/DB key.

Filters can define that unwanted keywords are not included in the database or that only requested topics fill the database.

Spot-On: Resistant to any surveillance & censorship

The function can synchronize bookmarks from several users in a common pot or – since the website is also saved – export the URL as an HTML website or as a PDF (without advertising and images if they are not as Base64 code in the HTML embedded).

It is also a censorship-resistant sharing of news pages to friends via the encrypted channel.

Foto: Lars Sobiraj.

With the “Spot-On-Pages” sub-project, the websites and search indexes stored in the database can also be exported to (and imported from) a GIT account. This makes it possible to easily store your websites or bookmarks or thematic pages database e.g. on Github. And everyone can read them there on the web or import them back into their Spot-On client. The now on Github?

This means that reading restrictions imposed by Great Firewalls are lifted. You simply read the website or a spot-on collection of thematic websites as a download via a GitHub repository or have a friend doing it, via whose encrypted channel the information is then received locally F2F. Central archives are a thing of the past: Today, websites are also archived in databases and repositories that can be shared decentrally on the web or via friends.

This search function allows every node to participate in the entire database. It is democratic and censorship-resistant and instead of unknown algorithms there are only filters that the searcher defines himself and influences the search results.

Chat & group chat in Spot-On are highly encrypted

The group chat is encrypted and structured like IRC – and is called “Buzz” (slang, for “public talk”). The encryption is symmetrical, meaning it is carried out using AES. Of course, everyone who knows the key can participate in the group chat semi-publicly. A separate Android app also allows you to take part in the group chat.

To do this, a group room must be defined with: name, hash and salt. So three terms or abbreviations: that can also be “Tesla” three times if you want to talk about energy or cars.

Of course, only two people can enter a group room privately. Then it’s a 1:1 chat that runs symmetrically over secure AES. While otherwise the 1:1 chat implements asymmetric encryption with, for example, high RSA. In the Linux version, McEliece is also implemented as a future-oriented algorithm. For McEliece under Win32: Since Qt-Digia and MinGW no longer support compilation after Microsoft announced the end of support for Win32. You would have to use an older Win32 release. Because Spot-On has been around since 2010 – or you can use the Linux version with this algorithm. Download the Windows Version here.

No moderation possible

Moderation of the group chat is not possible because the messages in the network are displayed anonymously due to the echo function. It’s just buzz.

The encryption in the email function cannot be discussed further here. Just this much: The POPTASTIC protocol, the chat via email servers, was implemented here for the first time in 2015 and released in 2016, from which, for example, Spike Chat or Delta Chat with Autocrypt encryption emerged as separate similar projects in 2017 with functionalities and creations have been found.

The 1:1 chat in Spot-On also offers other cryptographic functions such as a so-called “Socialist Millionaire” security function. With which the chat switches from asymmetric encryption (with a public key) to symmetric encryption (with a password) – but without having to transmit the password electronically.

The chat, whether individually or in a group, can easily be used to transfer magnet-links. You can use it to exchange files or communicate with friends in a secure online environment.

Echo Network: How does Echo and its encryption work?

Two Spot-On clients can connect directly. However, there is often a NAT environment or a router setup without port forwarding. There it is easier to establish a connection if an Echo server is installed as a third node. As mentioned, this is possible in the software via a listener.

Like an Echo in the forest, the server only pings the data packets in and pings them out again. To all connected nodes or clients. If we call into the forest and the echo echoes out again, then everyone standing in front of the forest can hear it.

The data packets in the Echo are all (multi-)encrypted. To decrypt a package, the software tries to open it with all of the friends‘ existing keys. If the cipher text has been converted into readable plain text, then the decryption attempt was successful and the message or file is displayed or made available by the program.

Whether the plain text corresponds to the sender’s original text after a decryption attempt is verified using a hash of the original message that is included in the encrypted data packet. Since a cryptographic hash function is not reversible, it is cryptographically secure and the hash can be included in the data packet.

Encryption and decryption

A data packet is decrypted with the key of all, for example, ten friends and the plain text received from the cipher text is hashed and compared with the enclosed hash of the original message. If both hashes match, then it was the correct key of the known friend. (Now you may also know why the developer calls himself Textbrowser in the alias. Every data packet is “browsed” in the Echo. It’s trying to make something readable out of it using all the crypto keys available. But the alias may already have been called that way before the invention of the Echo). There is no RFC description for this echo protocol yet. Maybe someone will define it in the future and it has nothing to do with RFC 862 Echo.

iphone, Verschlüsselung - kann das FBI sie knacken?

The packets have no routing information: This is complexity and chaos research on the topic of “Beyond Cryptographic Routing”. Because: the IP address is not replaced by e.g. a cryptographic string – even if it requires TCP or UDP as a network. The Echo can ultimately supplement this as a new layover layer. As can be read, the developer came up with this innovation “at lunchtime in a canteen in Boston”. It is “beyond” a routing that relied on cryptographic values ​​that still knew crypto string addresses. And it’s an interesting area for those who have previously only thought about IP routing (or onion routing).

What does that mean?

Because every message is sent to every connected client, it is not clear who can successfully decipher which packet with which key. The mesh network is equipped with virtually every data packet. This turns it into a flooding mesh network because every message passes through every node. This means that there is very little metadata with which the Echo can also circumvent data retention.

All instances may then have all packets, but these are well encrypted because of the multi-encryption of the echo capsule. With another hash, packets or duplicates that have already passed by are filtered out.Tthis is the usual “congestion control” and balances the network. No further decryption attempts are made for these doublets.

Reading a message is and remains private in Echo because successful decryption only takes place locally. By connecting Spot-On instances that run on “off-the-internet” operating systems or on “not-calling-home” Linux machines, it is possible to create these “Trusted Execution Environments” (TEE’s) also connected to other Spot-On instances via Bluetooth – and thus, with a protocol change to machines, which take over the Internet insertion of the (now encrypted) data packet.

Such a protocol change is intended to make it more difficult for Trojans to be installed unnoticed. Because chat-controls by Trojans on TEEs without the Internet, where the conversion from plain text to cipher text takes place, are rather unlikely. (Apart from the StuxNet Trojan, which also had to be introduced into the systems via an USB stick).

And on the second machine for Internet insertion – the packets are already encrypted. The Echo has been an interesting architecture paired with modern encryption for more than 10 years. As soon as a node has forwarded a data packet, it is no longer possible to see which previous node this packet came from. Any echo forwarded at a node essentially has a proxy function. If neighbors tell and pass on rumors to neighbors. But these are encrypted, you don’t know which neighbor they come from.

Setting up an echo server


Setting up an Echo server is quickly and easily done with just a few clicks by creating a listener in the listener tab of the software. The port, usually 4710, but freely selectable (i.e. 80 or 443 with HTTPS also goes through firewalls), can usually be forwarded in the router at home. That’s it. With a web server VPS machine, this step is often omitted.

The Echo server does not store any data and only sends all incoming packets out to all connected clients like an Echo or a mirror. So simple. And there isn’t really anything more to say about the Echo server. Except that there is also a server spot-on-light without UX for Linux and one for Android. In addition: It is also a very easy settting up of a chat server.

The last Windows 32 version was from the previous year. The current releases are currently source-only releases and are now regularly offered as binary releases, now at longer intervals. Thanks to the Qt programming environment, corresponding installation packages are available for many operating systems. A small Raspberry Pi computer is enough to use an Echo server as a chat server in your community. This can also be used to securely proxy a magnet-tracker or uploader.

Outlook: “Inner Evelopes” – human proxies in the chat

The chat has another function. You can define not to send a chat message via your own instance, but via a friend. If A sends the message to C via B (without B being able to decipher the message or knowing that the message is from A or intended for C), then, whether the original message from A or B came, is a major research topic not only in information technology.

An inner envelope is included in the encrypted Echo capsule. This is in turn encrypted and marked with a flag that B should now send this copy (without knowing to whom, because C has A’s key and will be able to read it). And the copy is identical to the original. And B doesn’t know whether the message is from A or from a friend of A.

This is neither an “inner-envelope problem” nor an “inner-envelope phenomenon” of human proxies, it is a transdisciplinary research topic!

The above example is still too simple because the Echo does not connect the friends-instance with the IP-address in routing. This means that a data packet is IP-less. In addition, not only because of the cryptographic properties of the Echo. But also because of the proxy effect of flooding across the nodes, hardly anyone can know where a message comes from and from which IP address it is inserted into the network or even: where and to whom it is addressed.

This function of the human proxies was recently implemented, as you can see in the release notes and describe them like this.

Conclusion: Comprehensive cryptographic functions in the Spot-On encryption suite

The Spot-On encryption suite is not only interesting from a cryptographic point of view. It is also in the definition of a new cultural evaluation and shaping of our social culture. The humane proxies design is ethically, legally and socially unresolved in its perspectives and assessments. The Echo is a natural mechanism that we know in a forest. And that dolphins use for orientation, and at the same time the Echo is unorientied in an environment as well as in the IT network.

With the complexity, cryptographic functions and the corresponding chaos in routing, a state of “Beyond Cryptographic Routing” has arisen.

In addition to the respective functions of the Spot-On application – as explained here using the three essential functions of the Internet: communication, search and transfer – there will also be very practical, new use cases that require this security in an encryption suite.

It’s not just about file transfer or file sharing or secret chat or searching for or sharing the latest information. A new era for encryption in practice has emerged with the comprehensive Spot-On application suite. It will keep cryptography and its users serving for a long time to come.


Many thanks to Scott for his summary of the Spot-On encryption application. And also to Claudia, who translated the article into German for us. The detailed English-language documentation from Spot-On can be found electronically in the Github project or in print under ISBN 978-3749435067 .

Lars Sobiraj


Lars Sobiraj fing im Jahr 2000 an, als Quereinsteiger für verschiedene Computerzeitschriften tätig zu sein. 2006 kamen neben noch zahlreiche andere Online-Magazine dazu. Er ist der Gründer von Außerdem brachte Ghandy, wie er sich in der Szene nennt, seit 2014 an verschiedenen Hochschulen und Fortbildungseinrichtungen den Teilnehmern bei, wie das Internet funktioniert.