Blog: Peerio

Testing with CucumberJS: a team endeavour to create code quality

By far the most exciting days at Peerio are Wednesdays. We not only gather to internally test the product update that’s about to ship, but we do it playing trivia. That’s the essence of our testing approach: an accessible activity where everyone participates.The tools allowing us to do so are the Gherkin language and the Cucumber testing framework. A language for collaboration Gherkin enables us developers to communicate with designers, project managers, stakeholders, and users.

Ask Floh: How Secure is G Suite?

In this episode of Ask Floh, we dive into the pros and cons of using G Suite, what to watch out for, and when you may need to use a more secure product. 5 key takeaways are: Google has a world-class security team and handles a lot of different kinds of compliance. Google has a huge ecosystem that wasn’t built for privacy. They let the developers of the third party extensions access your data so there are lots of security holes and attack surface.

Ask Floh: Why the Facebook breach is so spooky and how it could haunt us for years

Worried about Facebook’s recent data breach? Wondering how it could affect you? To wrap up Cybersecurity Awareness Month, we’ve got a special Halloween spooktacular edition of Ask Floh. In this episode, we learn why the latest Facebook breach is so spooky, how it could haunt us for years to come, and a couple tips on what you can do to protect yourself. Got a question? In a business context, there is a strategy you could use to mitigate your vulnerability to highly personalized phishing and business email compromise.

Ask Floh: How to build a good security culture at work

Too many “restrictive” security rules at work messing with your productivity? Having a bad security culture is not only harmful to workflow, it can also be bad for security itself. In this week’s Ask Floh, we take a look at what makes a security culture work well, why building a good workplace security culture is important, and three ways to make your security culture better. A good security culture means that everyone owns security and everyone understands what the security risks are.

Ask Floh: Why you don’t need to change your password every 30 days

Do you really need to change your passwords every month? Nope. This common “password security tip” has been debunked. In fact, frequent password changes can actually make things worse. In this week’s Ask Floh, we learn why you should stop changing your passwords and make stronger ones instead. We at Peerio believe in strong passwords. Our Peerio app uses computer generated passwords (account keys) because we need users to have strong passwords to generate strong cryptographic keys, and to ensure users are protected from any attempts to guess their account keys.

Ask Floh: Why oversharing on team messaging could be a problem

Has your company ever shared sensitive data on team chats like Slack? In this week’s Ask Floh, we hear about the risks and learn how to securely share sensitive data on chat. Transcript: Alright, hello. Welcome to Ask Floh. I’m here to answer all of your security questions and help you survive in the digital world. So today, there’s a question from Ajay in Toronto. And he asks:

Embedded server-side spy chips not a risk for Peerio users’ data

Yesterday, a Bloomberg Businessweek article exposed a possible supply chain compromise on many cloud platforms. Attackers embedded hidden spy chips into server hardware during the manufacturing process, which allowed them complete control of the server and access to data passing through and stored on those servers. The provider of our server infrastructure denies that any of their servers were compromised in way mentioned in the Bloomberg’s article, but even if they were compromised, this should not worry Peerio users.

Ask Floh: How to protect against Business Email Compromise

How did a “Nigerian Prince” trick businesses out of millions? With Business Email Compromise (BEC). This scam is on the rise, up 80% according to a recent report by Mimecast. In this episode of Ask Floh, find out how this threat works and how to protect against it. Transcript: Hello and welcome back to Ask Floh where I share some tips and tricks and answer all your burning security questions.

Ask Floh: How to get started with cybersecurity in the workplace?

Need to protect yourself from cyber attackers at work or in your business? Overwhelmed? Wondering how you even get started? You’re not alone. We’re kicking off Cybersecurity Awareness Month with Ask Floh, a new video series that offers practical advice on cybersecurity and cyber hygiene in the workplace. In our premiere episode, Floh (CTO of Peerio) gives you the first step you need to take in evaluating your digital security needs and your cyber threats.

How WhatsApp's Latest Security Bug Could Gaslight You

The latest WhatsApp vulnerability could let hackers impersonate you and gaslight your chat group buddies. Should you be worried? In the video below, our CTO Floh explains how the flaw works and why using end-to-end encryption is still a good thing. Transcript: Right. So WhatsApp has a gaslighting problem. Or rather, they have a vulnerability. That means that messages can be tweaked in a way that makes them seem like they’re possibly something other than what the sender intended them to be.

Filesystem Upgrade (or Unearthing the Hidden Excitement of Strong Foundations)

Within the next thirty years, there’s a 99% chance that California is hit by an earthquake so strong, it’s classified as “major”. How can 40 million Californians possibly deal with such a forecast? One possibility is to design earthquake-proof buildings. The strongest aspect of any structure designed to withstand a natural disaster of that magnitude lies it’s foundation. A properly engineered base transmits the charges of each seismic wave to the nearby land; this allows the building’s structure to adapt to the shaking earth, ensuring safety and stability even through tremors.

How to Build a Billion Dollar Password in 2018

We use passwords to defend our banking information, medical records, and personal communications, but how much do you really know about this little string of characters you trust to protect your data? Most people’s familiarity is limited to what they are told when signing up for a new service, something like “must be at least 8-characters long”, “include a number”, and “mix upper and lowercase characters”. And why would you want to know more?

Why Passphrases are worse for being better

Following the publication of How To Build A Billion Dollar Password, I spent an embarrassing amount of time diving deeper down the password rabbit hole. I conducted very deep research, ended up presenting at a conference dedicated to passwords, and then motioned to remove passphrases from Peerio entirely. Here’s how that happened and why passphrases are still pretty useful. Our passphrases worked. Originally we allowed users to select their own passwords.

Be Curious

“I have no special talent, I am only passionately curious.” – Albert Einstein Hi, I’m Jennifer, an ex cruise ship aerialist who has major FOMO working at a tech startup. Being a non-technical n00b working in cybersecurity gives me the opportunity to discover a whole new world. As the Community Advocate for Peerio, my job is to build and maintain long-lasting relationships with our users, ensure flawless onboarding experiences, and acting as a lifeline between you and the rest of the Peerio team.

Designing Secure Group Chat in Peerio

Last week, researchers from the Ruhr University Bochum released a paper revealing weaknesses in WhatsApp’s security design. Specifically, they discovered that WhatsApp’s servers have complete control over the user list in a group chat, meaning a malicious server could add members to the group. This effectively defeats the goals of end-to-end encryption, as anyone who’s able to access the servers — attackers, WhatsApp staff, or authorities able to legally prompt action from WhatsApp — could discreetly add whoever they want to an existing group.

3, 2, 1... Saying Goodbye to Peerio Legacy

We’re approaching the final countdown, the end of a year and a legacy. On January 8th, we will be shutting down Peerio Legacy permanently and launching into the future with Peerio 2!

4 Reasons to Move Your Data to a True Secure Cloud

In addition to being a true end-to-end encrypted collaboration and communication platform, Peerio is also an effortless secure cloud storage solution for your personal and work files. Whether you are at work or play, your data belongs only to you. Here’s why you should consider upgrading from your current storage solution provider. 1. Never Lose Your Files Keep a secure backup of your files in Peerio. Anything you upload will be encrypted on your device before being transferred, then stored, in at least three separate data centres.

Creating a Secure Workspace: Peerio Rooms

In today’s globalized economy, online communication has become indispensable for businesses. But online communication platforms also bring unprecedented risks that can seriously endanger your company. Business owners bombarded with the growing number of news reports about data breaches can often feel like they need to choose between communication and security. And for a long time, those sacrifices were unavoidable. But now, with end-to-end encrypted Peerio Rooms, you can finally create a secure space for your team to collaborate and work together.

Encryption Basics

"When you send something to your friend Rabbit, your message doesn't actually go directly to him." Lots of companies say that they encrypt data, but it’s important to know just what type of encryption they use. Unless companies specify that they use end-to-end encryption, they’re most likely only encrypting data in-transit and at-rest. Here’s how messaging apps generally work. When you send something to your friend Rabbit, your message doesn’t actually go directly to him.

The New Peerio: A Technical Deep Dive

Last week we released a complete rewrite of Peerio — our end-to-end encrypted messaging, email, file management and team collaboration platform. Our team has been working extremely hard over the past months to bring you a better, faster, more secure application. After touting the exciting benefits of our new architecture, we have now also published a detailed whitepaper. This document contains a deep dive into the keys and permission schemes of our KegDB system.

What is a Cryptographic "Backdoor"?

It’s been an exciting few months for Peerio as we approach our second anniversary this summer. We’re preparing to launch mobile clients for Android and iOS, professional plans for our heavy users, and we have a slew of features in the pipeline to improve overall user experience. As our team continues to grow, we’ve been accelerating development of a collaborative end-to-end encryption tool to ensure that everyone has access to a simple and secure platform to share private messages and files in the cloud.