Peerio

Last updated
Developer(s) Florencia Herra-Vega, Anri Asaturov, Samvel Avanesov, Dmitry Chestnykh, Viacheslav Zipunov
Initial releaseJanuary 14, 2015;9 years ago (2015-01-14)
Operating system Windows, macOS, Linux, Android, iOS
Type Security
License Proprietary
Website peerio.com

Peerio was a cross-platform end-to-end encrypted application that provided secure messaging, file sharing, and cloud file storage. Peerio was available as an application for iOS, Android, macOS, Windows, and Linux. Peerio (Legacy) was originally released on 14 January 2015, [1] [2] and was replaced by Peerio 2 on 15 June 2017. [3] The app is discontinued. [4]

Contents

Messages and user files stored on the Peerio cloud were protected by end-to-end encryption, meaning the data was encrypted in a way that could not be read by third parties, such as Peerio itself or its service providers. Security was provided by a single permanent key-password, which in Peerio was called an "Account Key". [5]

The company, Peerio Technologies Inc., was founded in 2014 by Vincent Drouin. The intent behind Peerio was to provide a security program that is easier to use than the PGP standard. [6]

Peerio was acquired by WorkJam, a digital workplace solutions provider, on January 13, 2019. [7] [8]

Features

Peerio allowed users to share encrypted messages and files in direct messages or groups that Peerio called "rooms". [9]

Peerio "rooms" were offered as a team-oriented group chat, allowing administrative functionality to add and remove other users from the group chat. [10]

Peerio allows users to store encrypted files online, offering limited cloud storage for free with optional paid upgrades. [9]

Peerio messages and files persist between logins and hardware, differing from ephemeral encrypted messaging apps which do not retain message or file history between logins or different devices.

Peerio supported application based multi-factor authentication. [9]

Peerio allowed users to share animated GIFs. [11]

Security

End-to-End Encryption

Peerio utilized end-to-end encryption and it was applied by default to all message and file data. End-to-end encryption is intended to encrypt data in a way that only the sender and intended recipients are able to decrypt, and thus read, the data.

Taken from Peerio's privacy policy:

"Peerio utilizes the NaCl (pronounced "salt") cryptographic framework, which itself uses the following cryptographic primitives:

Additionally, Peerio uses scrypt for memory-hard key derivation and BLAKE2s is used for various hashing operations.

For in-transit encryption, Peerio Services used Transport Layer Security (TLS) with best-practice cipher suite configuration, including support for perfect forward secrecy (PFS). You can view a detailed and up-to-date independent review of Peerio's TLS configuration on SSL Labs." [12] [13]

Code Audits

Prior to Peerio's initial release, the software was audited by the German security firm Cure53, which found only non-security related bugs, all of which were fixed prior to the applications release. [2]

According to Peerio's website, the application was also audited in March 2017 by Cure53. [10]

Open Source

Peerio was partly open source and published code publicly on GitHub [14]

Bug Bounty

Peerio offered a bug bounty, offering cash rewards for anyone who reports security vulnerabilities. [15]

Peerio (Legacy)

The first iteration of Peerio, Peerio (Legacy), was developed by Nadim Kobeissi and Florencia Herra-Vega and was released on 14 January 2015 [1] [2] and was closed on 8 January 2018. [11]

Peerio (Legacy) was a free application, available for Android, iOS, Windows, macOS, Linux, and as a Google Chrome extension. [16] [17] It offered end-to-end encryption, which is enabled by default. The encryption used the miniLock open-source security standard, which was also developed by Kobeissi. [18]

On 15 June 2017, Peerio 2 was launched as the successor to Peerio (Legacy). According to the company's blog, Peerio 2 is purported to be a "radical overhaul" of the original application's core technology. [3] Claimed benefits in comparison to Peerio (Legacy) include increased speed, support for larger file transfers (up to 7000GB), and a re-designed user interface. Peerio also stated an added focus towards businesses looking for encrypted team collaboration software. [10]

Related Research Articles

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

<span class="mw-page-title-main">Pidgin (software)</span> Open-source multi-platform instant messaging client

Pidgin is a free and open-source multi-platform instant messaging client, based on a library named libpurple that has support for many instant messaging protocols, allowing the user to simultaneously log in to various services from a single application, with a single interface for both popular and obsolete protocols, thus avoiding the hassle of having to deal with new software for each device and protocol.

FTPS is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer cryptographic protocols.

In computer science, session hijacking, sometimes also known as cookie hijacking, is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many websites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. After successfully stealing appropriate session cookies an adversary might use the Pass the Cookie technique to perform session hijacking. Cookie hijacking is commonly used against client authentication on the internet. Modern web browsers use cookie protection mechanisms to protect the web from being attacked.

<span class="mw-page-title-main">BBM (software)</span> Instant messaging software

BBM, also known by its full name BlackBerry Messenger, was a consumer-oriented proprietary mobile instant messenger and videotelephony application service originally developed by BlackBerry Limited and later briefly by Indonesian company Emtek under licence. Initially it was included and offered on BlackBerry devices before it was expanded cross-platform. BBM was shut down on 31 May 2019; the company since continues to offer the paid enterprise edition, BBM Enterprise.

<span class="mw-page-title-main">Moxie Marlinspike</span> American entrepreneur

Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.

iMessage Instant messaging service by Apple

iMessage is an instant messaging service developed by Apple Inc. and launched in 2011. iMessage functions exclusively on Apple platforms – including macOS, iOS, iPadOS, and watchOS – as part of Apple's approach to inter-device integration, which has been described by media outlets as a means of achieving vendor lock-in.

<span class="mw-page-title-main">Cryptocat</span> Open source encrypted chat application

Cryptocat is a discontinued open-source desktop application intended to allow encrypted online chatting available for Windows, OS X, and Linux. It uses end-to-end encryption to secure all communications to other Cryptocat users. Users are given the option of independently verifying their buddies' device lists and are notified when a buddy's device list is modified and all updates are verified through the built-in update downloader.

Wickr is an American software company based in New York City, known for its instant messenger application with the same name. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, and are designed for iOS, Android, Mac, Windows, and Linux operating systems. Wickr was acquired by Amazon Web Services (AWS) mid-2021. They discontinued the free version of the app in December 2023.

<span class="mw-page-title-main">ChatSecure</span> Messaging application

ChatSecure is a messaging application for iOS which allows OTR and OMEMO encryption for the XMPP protocol. ChatSecure is free and open source software available under the GPL-3.0-or-later license.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email addresses for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.

Wire Swiss GmbH is a software company with headquarters in Zug, Switzerland. Its development center is in Berlin, Germany. The company is best known for its messaging application called Wire.

<span class="mw-page-title-main">Signal (messaging app)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice calls, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.

<span class="mw-page-title-main">Reception and criticism of WhatsApp security and privacy features</span> Reception and criticism of security and privacy features in the WhatsApp messaging service

This article provides a detailed chronological account of the historical reception and criticism of security and privacy features in the WhatsApp messaging service.

<span class="mw-page-title-main">Bitwarden</span> Open-source password manager


Bitwarden is a freemium open-source password management service that stores sensitive information, such as website credentials, in an encrypted vault. The platform offers a variety of client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. Bitwarden offers a free US or European cloud-hosted service as well as the ability to self-host.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

  1. 1 2 Paul, Ian (15 January 2015). "Peerio hands-on: This secure messaging suite packs dead simple end-to-end encryption". PC World. Retrieved 19 May 2015.
  2. 1 2 3 Greenberg, Andy (14 January 2015). "The Free Encryption App That Wants to Replace Gmail, Dropbox, and HipChat". Wired. Retrieved 19 May 2015.
  3. 1 2 Arora, Saumya (2017-06-15). "The NEW Peerio: A Brand New Architecture. A Brand New Experience". Medium. Retrieved 2018-01-30.
  4. "Peerio Alternatives and Similar Apps".
  5. Lomov, Vladimir (19 September 2017). "PEERIO-2 - THE NEW VERSION OF THE SECURE MESSENGER". te-st.ru. te-st. Retrieved 13 September 2017.
  6. Meyer, David (14 January 2015). "Peerio is a chat and storage service with big security claims". Gigaom. Retrieved 19 May 2015.
  7. "WorkJam acquires secure chat platform Peerio". BetaKit. 14 January 2019. Retrieved 2019-11-19.
  8. Releases, Business Wire News (2019-01-13). "WorkJam Announces Acquisition of Peerio Technologies | Financial Post" . Retrieved 2019-11-19.{{cite news}}: |first1= has generic name (help)
  9. 1 2 3 "Peerio". www.peerio.com. Retrieved 2018-01-31.
  10. 1 2 3 "Peerio". www.peerio.com. Retrieved 2018-01-31.
  11. 1 2 "Peerio". www.peerio.com. Retrieved 2018-01-31.
  12. "SSL Server Test: icebear.peerio.com (Powered by Qualys SSL Labs)". www.ssllabs.com. Retrieved 2018-01-30.
  13. "Peerio". www.peerio.com. Retrieved 2018-01-30.
  14. "Peerio Technologies". GitHub. Retrieved 2018-01-31.
  15. "Peerio". www.peerio.com. Retrieved 2018-01-31.
  16. Morrison, Kimberlee (22 January 2015). "Peerio: Simple Encryption for the Masses". SocialTimes. Retrieved 19 May 2015.
  17. Peerio (15 March 2016). "Android and iOS apps are here!". Peerio. Archived from the original on 21 March 2016. Retrieved 16 March 2016.
  18. Whittaker, Zack (2 March 2015). "Meet the free encryption app that promises to put your privacy first". ZDNnet.com. Retrieved 19 May 2015.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.