Peerio was a cross-platform

end-to-end encrypted End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, malicious actors, and eve ...

application that provided secure messaging, file sharing, and cloud file storage. Peerio was available as an application for iOS,

Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...

, macOS, Windows, and Linux. Peerio (Legacy) was originally released on 14 January 2015, and was replaced by Peerio 2 on 15 June 2017. The app is discontinued. Messages and user files stored on the Peerio cloud were protected by end-to-end encryption, meaning the data was encrypted in a way that could not be read by third parties, such as Peerio itself or its service providers. Security was provided by a single permanent key-password, which in Peerio was called an "Account Key". The company, Peerio Technologies Inc., was founded in 2014 by Vincent Drouin. The intent behind Peerio was to provide a security program that is easier to use than the

PGP PGP or Pgp may refer to: Science and technology * P-glycoprotein, a type of protein * Pelvic girdle pain, a pregnancy discomfort * Personal Genome Project, to sequence genomes and medical records * Pretty Good Privacy, a computer program for the ...

standard. Peerio was acquired by WorkJam, a digital workplace solutions provider, on January 13, 2019.

Features

Peerio allowed users to share encrypted messages and files in direct messages or groups that Peerio called "rooms". Peerio "rooms" were offered as a team-oriented group chat, allowing administrative functionality to add and remove other users from the group chat. Peerio allows users to store encrypted files online, offering limited cloud storage for free with optional paid upgrades. Peerio messages and files persist between logins and hardware, differing from ephemeral encrypted messaging apps which do not retain message or file history between logins or different devices. Peerio supported application based multi-factor authentication. Peerio allowed users to share animated GIFs.

Security

End-to-End Encryption

Peerio utilized end-to-end encryption and it was applied by default to all message and file data. End-to-end encryption is intended to encrypt data in a way that only the sender and intended recipients are able to decrypt, and thus read, the data. Taken from Peerio's privacy policy: "Peerio utilizes the NaCl (pronounced "salt") cryptographic framework, which itself uses the following cryptographic primitives: * '' X25519'' for public key agreement over elliptic curves. * '' ed25519'' for public key signatures. * ''XSalsa20'' for encryption and confidentiality. * '' Poly1305'' for ensuring the integrity of encrypted data. Additionally, Peerio uses '' scrypt'' for memory-hard key derivation and '' BLAKE2s'' is used for various hashing operations. For in-transit encryption, Peerio Services used Transport Layer Security (TLS) with best-practice cipher suite configuration, including support for

perfect forward secrecy In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key e ...

(PFS). You can view a detailed and up-to-date independent review of Peerio's TLS configuration on SSL Labs."

Code Audits

Prior to Peerio's initial release, the software was audited by the German security firm

Cure53 Cure53 is a German cybersecurity firm. The company was founded by Dr. Mario Heidrich, a client side security researcher. After a report from Cure53 on the South Korean security app Smart Sheriff Smart Sheriff ( ko, 스마트보안관) is a Sout ...

, which found only non-security related bugs, all of which were fixed prior to the applications release. According to Peerio's website, the application was also audited in March 2017 by Cure53.

Open Source

Peerio was partly

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

and published code publicly on GitHub

Bug Bounty

Peerio offered a Bug bounty program, bug bounty, offering cash rewards for anyone who reports security vulnerabilities.

Peerio (Legacy)

The first iteration of Peerio, Peerio (Legacy), was developed by Nadim Kobeissi and Florencia Herra-Vega and was released on 14 January 2015 and was closed on 8 January 2018. Peerio (Legacy) was a free application, available for

, iOS, Windows, macOS, Linux, and as a Google Chrome extension. It offered end-to-end encryption, which is enabled by default. The encryption used the miniLock open-source security standard, which was also developed by Kobeissi. On 15 June 2017, Peerio 2 was launched as the successor to Peerio (Legacy). According to the company's blog, Peerio 2 is purported to be a "radical overhaul" of the original application's core technology. Claimed benefits in comparison to Peerio (Legacy) include increased speed, support for larger file transfers (up to 7000GB), and a re-designed user interface. Peerio also stated an added focus towards businesses looking for encrypted team collaboration software.

References

{{reflist Cryptographic software Internet privacy software Privacy software Open standards