Peerio hands-on: This secure messaging suite packs dead simple end-to-end encryption
The brain behind Cryptocat and miniLock is back with yet another tool designed to make your day-to-day life more secure. Peerio, Nadim Kobeissi's latest creation, is a cloud-based, end-to-end encrypted communications suite that lets you send messages and share files as easily as you use Gmail or Skype's IM tool.
For now Peerio is free, but the company does plan to add paid features in the future, such as expanded storage, according to Wired. Users currently receive 1.3GB of free storage space.
Why this matters: Peerio is part of a new breed of encryption tools that are seeking to make secure messaging and file sharing easier. Encryption tools such as Pretty Good Privacy (PGP) have been notoriously difficult to use and really only open to power users. But in light of the Snowden revelations, many developers are stepping up to help provide tools that encrypt and protect your data without extra headaches—making it much more likely that you'll keep using them and convince others to do so as well.
Hands-on with Peerio
Peerio is currently available as a Chrome, Windows, and Mac programs; mobile Android, Blackberry, iOS, and Windows Phone apps are scheduled to follow. Once it's installed, you sign-up for Peerio by providing your name, email address, and selecting a user name. Then you'll be asked to create a passphrase—not a password. It has be much longer than you're probably used to creating, at more than 20 characters.
After that's done, you'll receive a confirmation code in your email. Login, enter your confirmation code, and you'll be asked to take one last step: creating a shorter, device-specific PIN that lets you log in quickly without the need to enter your longer password each time.
The sign-up process is arguably the hardest part of using Peerio. Once that's done you'll see a messaging suite with three tabs: Messages, Files, and Contacts.
Since this is an end-to-end encryption platform, you can only use it to send messages and files to other Peerio users. Adding a Peerio contact is very easy. Just click on the Contacts tab and then the blue Add contact button. Here, add your contact's Peerio username, or invite them to join the service by email or phone. After they accept, you'll be able to send them messages and share files.
Before you can share files with others, you must first add data to Peerio by either clicking the Upload Files button under the Files tab or through a simple drag-and-drop on any page. Files are then encrypted and uploaded to Peerio servers. To send them to others, just select the file, click the paper airplane icon to send it, enter the contact's name, and it's on its way.
Once you send a file it creates a new message under the Messages tab. Once sent, the user on the other end has the option to download the file to their PC in an unencrypted state. Peerio also has a nice feature called Destroy that lets you wipe your file from Peerio's servers and make it unavailable to other users—save those who have already downloaded it, of course.
Peerio's encrypted messaging is also very simple to use and feels like a hybrid between webmail and instant messaging. To start a new message, open the Messages tab, select Compose Message, and create an conversation just as you would in Gmail or whatnot.
After you've sent the first message, Peerio works like IM, with replies appearing in real-time. You'll also receive pop-up notifications in the corner of your screen if you have the Peerio window minimized and somebody sends you a message (at least with the Chrome app).
By default, Peerio has the habit of sending you email alerts every time you receive a new message—handy if you don't have the program active, but annoying if you do.
To turn this off, hover over your name in the upper right corner of the app and select Preferences. In the pop-up window that appears unselect the checkbox under Notifications. The ability to only receive a single email alert for the first message in a new conversation, or the first new message in an existing conversation after a predetermined period, would be a handy feature to include in a future update.
Peerio works similarly to miniLock in the sense that your decryption key is tied to your password. Log out of your app and your key is erased; log back in and decryption is possible again. The beauty of this set-up is that you can log in to Peerio on any device with the same password.
All your files are encrypted on your PC before they are sent to Peerio's servers, making it impossible for the company to peek at your data or allow others to do so.
At least that's what we believe is the case. As with miniLock, we'll offer no judgement on the quality of Peerio's encryption. All we can tell you is that Wired reports the code has been reviewed by Cure53—the same firm that audited miniLock. The security testing firm found no encryption weaknesses in Peerio's code. As this is a beta, Peerio may very well have vulnerabilities that have to be solved. Nevertheless, Peerio appears to be off to a very solid start.
Peerio is available now from the company's website.