Peerio's security is related to both its technology and its design.
Peerio end-to-end encrypts all your messages and files by default. This means your data is encrypted locally on your device, before ever being sent to our servers. This data is then encrypted again while in-transit over our servers — which is sort of like putting your data in a safe and then hiring an armored transport company to deliver that safe. Even if someone managed to intercept your data in transit, it would still be locked in the safe with a key only you have.
This differs from most internet services who often depend on reading users' data to sell personal information or advertising space to third parties. These services will only encrypt your data in-transit between your computer and their network. Once your data is on their networks, you're trusting their network of employees to manage and protect your data — where one mistake might make your data vulnerable.
Services that profit from user data will often keep your data on their networks for months, or even years, extending the window of vulnerability. In this time, criminal, corporate, or state-sponsored data thieves can target employees, servers, or your contacts in attempts to steal your personal data.
With Peerio's end-to-end encryption, your data is encrypted not only from your computer to the network, but also in the cloud. Your data is truly yours, and only those you share it with will have access. Since you hold the keys, even we cannot access your files.
You can learn more about Peerio's crypto at our GitHub.
End-to-end encryption has existed for over 20 years, yet very few people use it. Worse, many who use it, use it incorrectly. This can result in a "less-than-zero" scenario, where someone thinks they have sent an encrypted message, but have actually sent their sensitive data over a very insecure channel. This problem is largely due to the poor design of existing end-to-end encryption options. PGP, or GPG, encrypted email is probably most notorious here, and its poor usability has been documented over the years (here and here).
Good-security requires more than good crypto, it must be easy for people to use and understand. We designed Peerio with this in mind, and integrated strong security practices into a friendly user-interface to ensure users of any skill-level can communicate securely.
Peerio operates within a secure ecosystem, where everything users do is encrypted, and there is no chance for accidentally sending your data without protection. With features such as computer generated passphrases, two-factor authentication, visually-based contact authentications, and built-in security alerts, Peerio aims to provide exceptionally high levels of security and usability.