Peerio hands-on: This secure messaging suite packs dead simple end-to-end encryption

The creator of Cryptocat and miniLock is back with yet another encryption tool .

Peerio for Chrome.

Peerio for Chrome.

The brain behind Cryptocat and miniLock is back with yet another tool designed to make your day-to-day life more secure. Peerio, Nadim Kobeissi's latest creation, is a cloud-based, end-to-end encrypted communications suite that lets you send messages and share files as easily as you use Gmail or Skype's IM tool.

For now Peerio is free, but the company does plan to add paid features in the future, such as expanded storage, according to Wired. Users currently receive 1.3GB of free storage space.

Why this matters: Peerio is part of a new breed of encryption tools that are seeking to make secure messaging and file sharing easier. Encryption tools such as Pretty Good Privacy (PGP) have been notoriously difficult to use and really only open to power users. But in light of the Snowden revelations, many developers are stepping up to help provide tools that encrypt and protect your data without extra headaches--making it much more likely that you'll keep using them and convince others to do so as well.

Hands-on with Peerio

Peerio is currently available as a Chrome, Windows, and Mac programs; mobile Android, Blackberry, iOS, and Windows Phone apps are scheduled to follow. Once it's installed, you sign-up for Peerio by providing your name, email address, and selecting a user name. Then you'll be asked to create a passphrase--not a password. It has be much longer than you're probably used to creating, at more than 20 characters.

After that's done, you'll receive a confirmation code in your email. Login, enter your confirmation code, and you'll be asked to take one last step: creating a shorter, device-specific PIN that lets you log in quickly without the need to enter your longer password each time.

The sign-up process is arguably the hardest part of using Peerio. Once that's done you'll see a messaging suite with three tabs: Messages, Files, and Contacts.

Since this is an end-to-end encryption platform, you can only use it to send messages and files to other Peerio users. Adding a Peerio contact is very easy. Just click on the Contacts tab and then the blue Add contact button. Here, add your contact's Peerio username, or invite them to join the service by email or phone. After they accept, you'll be able to send them messages and share files.

Before you can share files with others, you must first add data to Peerio by either clicking the Upload Files button under the Files tab or through a simple drag-and-drop on any page. Files are then encrypted and uploaded to Peerio servers. To send them to others, just select the file, click the paper airplane icon to send it, enter the contact's name, and it's on its way.

Once you send a file it creates a new message under the Messages tab. Once sent, the user on the other end has the option to download the file to their PC in an unencrypted state. Peerio also has a nice feature called Destroy that lets you wipe your file from Peerio's servers and make it unavailable to other users--save those who have already downloaded it, of course.

Peerio's encrypted messaging is also very simple to use and feels like a hybrid between webmail and instant messaging. To start a new message, open the Messages tab, select Compose Message, and create an conversation just as you would in Gmail or whatnot.

After you've sent the first message, Peerio works like IM, with replies appearing in real-time. You'll also receive pop-up notifications in the corner of your screen if you have the Peerio window minimized and somebody sends you a message (at least with the Chrome app).

By default, Peerio has the habit of sending you email alerts every time you receive a new message--handy if you don't have the program active, but annoying if you do.

To turn this off, hover over your name in the upper right corner of the app and select Preferences. In the pop-up window that appears unselect the checkbox under Notifications. The ability to only receive a single email alert for the first message in a new conversation, or the first new message in an existing conversation after a predetermined period, would be a handy feature to include in a future update.


Peerio works similarly to miniLock in the sense that your decryption key is tied to your password. Log out of your app and your key is erased; log back in and decryption is possible again. The beauty of this set-up is that you can log in to Peerio on any device with the same password.

All your files are encrypted on your PC before they are sent to Peerio's servers, making it impossible for the company to peek at your data or allow others to do so.

At least that's what we believe is the case. As with miniLock, we'll offer no judgement on the quality of Peerio's encryption. All we can tell you is that Wired reports the code has been reviewed by Cure53--the same firm that audited miniLock. The security testing firm found no encryption weaknesses in Peerio's code. As this is a beta, Peerio may very well have vulnerabilities that have to be solved. Nevertheless, Peerio appears to be off to a very solid start.

Peerio is available now from the company's website.

Join the CSO newsletter!

Error: Please check your email address.

Tags skypeapplicationssecuritye-mailCryptocatMessagingsoftwareencryption

More about PGPPretty Good PrivacySkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts