Average computer users are in a terrified state today.
Trapped between the Scylla of anonymous hackers from around the world and the Charybdis of government spy agencies, countless computer users have abandoned all hope in the privacy and security of their computer messages and files.
The precarious situation would seem ripe for an explosion in the use of encryption, right?
And yet encryption has failed to take off in a noticeable way.
Only a tiny fraction of computer users (probably 0.000001%) leverage strong encryption for their messages and file storage.
The only reason encryption has not become ubiquitous in an increasingly dangerous world is that it’s impossibly hard to use by average Joes.
The mere mention of private keys and public keys has average computer users scurrying for cover.
That’s why the venerable PGP encryption has never taken off beyond a small group.
Enter a Montreal startup called Peerio Technologies with an ambitious open source project to make encryption technology “as easy as e-mail” for cloud storage and messaging.
Peerio builds off the miniLock encryption technology developed by the startup’s lead software engineer and security expert Nadim Kobeissi.
Combining cloud storage with messaging, Peerio promises end-to-end encryption that will ensure messages and files are encrypted before leaving your computer and read only by you and intended recipients.
Peerio simplifies key management by leveraging passphrases instead of passwords. The service lets users pick a username that can be made public, and then Peerio suggests a secure passphrase that generates private keys locally. Apparently, the keys are never sent to the Peerio server and when the app is closed so is the key.
Having Peerio provide the passphrase seems like a terrible idea to me from a privacy and security perspective.
But the company defends its decision stating that users sometimes forgot their passphrases and, further, it could not be certain they were picking secure passphrases.
Peerio developers attempt to allay concerns by saying they’re working on a ‘complex feature’ that will allow users to revoke previous passphrases and set up new ones. This ‘complex feature’ is supposedly in the works and will be ready soon.
As a second line of defense, Peerio offers two-factor authentication. So even if a passphrase is compromised, an attacker would still need the user’s mobile device to gain access to the account.
Other Peerio features include remote file destruction, real-time delivery notification and swift and secure transfer of large files.
As an open-source project, Peerio is publishing its code publicly and asking programmers and security experts to review and test its security.
Currently in “beta”, Peerio is now available for Windows and Mac computers and Google’s Chrome browser.
Visit GitHub to review Peerio’s code.
Peerio intends to extend support for mobile devices in the near future.
Once the Peerio technology is available for iPhone, Android, Windows phones and Blackberry, users should be able to sync their data across all devices.
The Android and iOS beta should be ready at the latest by early April.
Version 220.127.116.11 of Peerio debuted March 2, 2015 with improvements to the user interface, changes to signup and bug fixes
Peerio plans to make money by offering paid plans for both individuals and groups once its encryption technology is stable.
If you’re keen on test driving Peerio’s beta, you can download the software from its web site.