I heard about a new free application called Peerio that reportedly enables users to send messages and share files...
with end-to-end encryption. What are the benefits of this service? Should it be considered for enterprise use?
Tools for encrypting files and messages like Pretty Good Privacy have always been notoriously difficult to use. This has put many users off from trying to secure their data, but the Snowden revelations have increased everyone's concerns about online privacy and have led to various initiatives that are looking to create secure online communication tools that are easier to use. One such application is the recently launched Peerio, an end-to-end encryption service trying to make secure messaging and file sharing easier.
Initially launched as a Windows and Macintosh app as well as a Chrome plug-in, Peerio offers cloud storage with a messaging platform, allowing users to keep files online and share them securely. The app lets users upload and share end-to-end encrypted files of up to 400 MB with other Peerio users, and provides confirmation when messages and files have been delivered, read or downloaded. Registration requires a one-off creation of a very long passphrase that's used to locally generate private keys for each session. Each time a user logs in, their passphrase generates a short-term private key; when the user logs off, that key is destroyed. Once a user has logged in with the passphrase on a device, they can create a device-specific PIN or use two-factor authentication to make future logins easier.
This approach to managing encryption keys means that users can log in to their Peerio account from any device without having to first install their private key, unlike most PKI solutions where users are required to keep the file with their private key secure but always on hand. Key management is a task that many users struggle with, but Peerio's solution removes the hassle. This, combined with a straightforward interface and easy-to-use tools, should make it appealing to those technophobes that want to start encrypting their online files and documents.
Those behind Peerio are not new to encryption and have hopefully learned from the problems an earlier encryption-based chat product called Cryptocat suffered when a bug was found that allowed an eavesdropper to decrypt private group chats.
Peerio's code is open source and available on Github, and a security testing firm who was paid to review the code found no obvious encryption weaknesses. However, it is too soon to consider this service ready for enterprise use. Its end-to-end encryption only protects the contents of communications, not the metadata about who contacted whom and when. Also, as with any end-to-end encryption system that is controlled by one entity, users are reliant on the integrity of its staff and systems.
Peerio does a good job at making encryption easy to use, making it much more likely that people will start to secure the files they want to share. Time will tell whether it becomes the go-to app that everyone uses and trusts, and can be adopted for secure enterprise messaging and file sharing.
Ask the Expert:
Perplexed about application security? Send Michael Cobb your questions today. (All questions are anonymous.)
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.