igor - Fotolia
I heard about a new free application called Peerio that reportedly enables users to send messages and share files with end-to-end encryption. What are the benefits of this service? Should it be considered for enterprise use?
Tools for encrypting files and messages like Pretty Good Privacy have always been notoriously difficult to use. This has put many users off from trying to secure their data, but the Snowden revelations have increased everyone's concerns about online privacy and have led to various initiatives that are looking to create secure online communication tools that are easier to use. One such application is the recently launched Peerio, an end-to-end encryption service trying to make secure messaging and file sharing easier.
Initially launched as a Windows and Macintosh app as well as a Chrome plug-in, Peerio offers cloud storage with a messaging platform, allowing users to keep files online and share them securely. The app lets users upload and share end-to-end encrypted files of up to 400 MB with other Peerio users, and provides confirmation when messages and files have been delivered, read or downloaded. Registration requires a one-off creation of a very long passphrase that's used to locally generate private keys for each session. Each time a user logs in, their passphrase generates a short-term private key; when the user logs off, that key is destroyed. Once a user has logged in with the passphrase on a device, they can create a device-specific PIN or use two-factor authentication to make future logins easier.
This approach to managing encryption keys means that users can log in to their Peerio account from any device without having to first install their private key, unlike most PKI solutions where users are required to keep the file with their private key secure but always on hand. Key management is a task that many users struggle with, but Peerio's solution removes the hassle. This, combined with a straightforward interface and easy-to-use tools, should make it appealing to those technophobes that want to start encrypting their online files and documents.
Those behind Peerio are not new to encryption and have hopefully learned from the problems an earlier encryption-based chat product called Cryptocat suffered when a bug was found that allowed an eavesdropper to decrypt private group chats.
Peerio's code is open source and available on Github, and a security testing firm who was paid to review the code found no obvious encryption weaknesses. However, it is too soon to consider this service ready for enterprise use. Its end-to-end encryption only protects the contents of communications, not the metadata about who contacted whom and when. Also, as with any end-to-end encryption system that is controlled by one entity, users are reliant on the integrity of its staff and systems.
Peerio does a good job at making encryption easy to use, making it much more likely that people will start to secure the files they want to share. Time will tell whether it becomes the go-to app that everyone uses and trusts, and can be adopted for secure enterprise messaging and file sharing.
Ask the Expert:
Perplexed about application security? Send Michael Cobb your questions today. (All questions are anonymous.)
Learn more about the security concerns of file sharing and how to combat them
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading