Peerio was a
cross-platform
Within computing, cross-platform software (also called multi-platform software, platform-agnostic software, or platform-independent software) is computer software that is designed to work in several Computing platform, computing platforms. Some ...
end-to-end encrypted application that provided secure messaging, file sharing, and cloud file storage. Peerio was available as an application for
iOS
Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...
,
Android,
macOS
macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
,
Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
, and
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
. Peerio (Legacy) was originally released on 14 January 2015,
and was replaced by Peerio 2 on 15 June 2017.
The app is discontinued.
Messages and user files stored on the Peerio cloud were protected by end-to-end encryption, meaning the data was encrypted in a way that could not be read by third parties, such as Peerio itself or its service providers. Security was provided by a single permanent key-password, which in Peerio was called an "Account Key".
The company, Peerio Technologies Inc., was founded in 2014 by Vincent Drouin. The intent behind Peerio was to provide a security program that is easier to use than the
PGP standard.
Peerio was acquired by WorkJam, a digital workplace solutions provider, on January 13, 2019.
Features
Peerio allowed users to share encrypted messages and files in direct messages or groups that Peerio called "rooms".
Peerio "rooms" were offered as a team-oriented group chat, allowing administrative functionality to add and remove other users from the group chat.
Peerio allows users to store encrypted files online, offering limited cloud storage for free with optional paid upgrades.
Peerio messages and files
persist between logins and hardware, differing from
ephemeral
Ephemerality (from the Greek word , meaning 'lasting only one day') is the concept of things being transitory, existing only briefly. Academically, the term ephemeral constitutionally describes a diverse assortment of things and experiences, fr ...
encrypted messaging apps which do not retain message or file history between logins or different devices.
Peerio supported application based
multi-factor authentication
Multi-factor authentication (MFA; two-factor authentication, or 2FA) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more distinct types of evidence ...
.
Peerio allowed users to share animated GIFs.
Security
End-to-End Encryption
Peerio utilized end-to-end encryption and it was applied by default to all message and file data. End-to-end encryption is intended to encrypt data in a way that only the sender and intended recipients are able to decrypt, and thus read, the data.
Taken from Peerio's privacy policy:
"Peerio utilizes the
NaCl
Sodium chloride , commonly known as edible salt, is an ionic compound with the chemical formula NaCl, representing a 1:1 ratio of sodium and chloride ions. It is transparent or translucent, brittle, hygroscopic, and occurs as the mineral hali ...
(pronounced "salt") cryptographic framework, which itself uses the following cryptographic primitives:
* ''
X25519
X, or x, is the twenty-fourth letter of the Latin alphabet, used in the English alphabet, modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is Wikt:ex#English, ''ex'' (pro ...
'' for public key agreement over elliptic curves.
* ''
ed25519
In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves.
It is designed to be faster than existing digital signature scheme ...
'' for public key signatures.
* ''XSalsa20'' for encryption and confidentiality.
* ''
Poly1305
Poly1305 is a universal hash family designed by Daniel J. Bernstein in 2002 for use in cryptography.
As with any universal hash family, Poly1305 can be used as a one-time message authentication code to authenticate a single message using a sec ...
'' for ensuring the integrity of encrypted data.
Additionally, Peerio uses ''
scrypt
In cryptography, scrypt (pronounced "ess crypt") is a password-based key derivation function created by Colin Percival in March 2009, originally for the Tarsnap online backup service. The algorithm was specifically designed to make it costly t ...
'' for memory-hard key derivation and ''
BLAKE2s'' is used for various hashing operations.
For in-transit encryption, Peerio Services used
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) with best-practice cipher suite configuration, including support for
perfect forward secrecy
In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session ke ...
(PFS). You can view a detailed and up-to-date independent review of Peerio's TLS configuration on SSL Labs."
Code Audits
Prior to Peerio's initial release, the software was
audited
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing al ...
by the German security firm
Cure53
Cure53 is a German cybersecurity firm. The company was founded by Mario Heiderich, a security researcher.
History
After a report from Cure53 on the South Korean security app Smart Sheriff, that described the app's security holes as "catastrop ...
, which found only non-security related bugs, all of which were fixed prior to the applications release.
According to Peerio's website, the application was also audited in March 2017 by Cure53.
Open Source
Peerio was partly
open source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
and published code publicly on
GitHub
GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
Bug Bounty
Peerio offered a
bug bounty, offering cash rewards for anyone who reports security vulnerabilities.
Peerio (Legacy)
The first iteration of Peerio, Peerio (Legacy), was developed by
Nadim Kobeissi
Nadim Kobeissi (; born 28 September 1990) is a French-Lebanese computer science researcher specialized in applied cryptography. He is the author of Cryptocat, an open-source encrypted web chat client. Kobeissi is also known for speaking publicly ...
and Florencia Herra-Vega and was released on 14 January 2015
and was closed on 8 January 2018.
Peerio (Legacy) was a free application, available for
Android,
iOS
Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...
,
Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
,
macOS
macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...
,
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
, and as a
Google Chrome extension
Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
.
It offered end-to-end encryption, which is enabled by default. The encryption used the miniLock open-source security standard, which was also developed by Kobeissi.
On 15 June 2017, Peerio 2 was launched as the successor to Peerio (Legacy). According to the company's blog, Peerio 2 is purported to be a "radical overhaul" of the original application's core technology.
Claimed benefits in comparison to Peerio (Legacy) include increased speed, support for larger file transfers (up to 7000GB), and a re-designed user interface. Peerio also stated an added focus towards businesses looking for encrypted team collaboration software.
References
{{reflist
Cryptographic software
Internet privacy software
Privacy software
Open standards