Feature "defense strategy" and the premium model

joni

I like the concept of spectre and have tried it out, but stumbled across the fact that there is a paid subscription, eventho it claims to be 100% free.

Okay, well maintaining it costs money I get that so I was fine with just offering the option of donating some money and getting cosmetic features or maybe even something cool like biometric unlock and autofill. The latter of which I miss the most tbh. In my opinion I think it could lead to a better success for Spectre if those features were free as well and you can still have the option to just donate whatever similarly to other open-source apps. But well that's the dev's decision on how they wanna finance it.

What really caught my eye tho, was the "defense strategy" premium feature. It seems to me like it's some sort of better encryption for the on-device data? But I'm not sure as I couldn't find any other mention of this and was too lazy to look it up in the source code tbh. If it is exactly that, I think it kinda kills the open-source vibe to me. Because paying for cosmetic or "make-your-life-easier" features is one thing, but paying for having the best security feels wrong to me. It's kinda like holding my data hostage and saying "oh you want it to be secured properly? pay me". I also feel like it would drive some users away as well, those that need a good password manager because they are some activist in a pretty strict country where they might get in prison if their accounts got compromised, but they can't afford that extra security in Spectre.

I hope I got my point across and can get some clarification on the what and why, still love that concept and thank you for taking so much time to develop the apps Maarten <3

lhunath

joni

Hi Joni & welcome!

First off, my apologies for the delayed response; your message somehow escaped me.

I appreciate all of your points! I do however need to make an important correction on the last, but I will address each:

Spectre is 100% free in the sense that it is an open-sourced GPL-licensed codebase, available in full from here: https://gitlab.com/spectre.app/. This is exactly what it sounds like: the entire application, including all features, fully available for free & with the freedom for you to make modifications (like you might do your car).

In its distributed form, its primary feature-set is also free to access, although we offer the subscription for ease-of-use features such as system integrations. This is as you have guessed how the project is supported financially and able to provide you with the tool in the first place.

On the topic of the "defense strategy", let me start by apologizing for what has clearly created a confusion.

The purpose of this feature is to allow you to indicate what profile of attacker you are primarily concerned with, and given that profile, the application will supply vulnerability estimations for each password in the app. This will then allow you to assess whether your individual passwords meet the threshold for defence against this attacker or whether you need to increase the entropy of the password in order attain sufficient protection.

Certainly I agree with you that "premium"-level encryption would be a very poor strategy. Spectre is extremely dedicated to open access, equality and decentralization. Different tiers of security would lead to a situation where some populations have access to better protection than others, which is antithetical to Spectre's principles.