

Peerio – Secure messaging and file sharing - diafygi
https://www.peerio.com/

======
handsomeransoms
Been using this for a minute, it's quite nice! Kudos to Nadim & team for a
friendly and mostly intuitive UI, with some creative new ideas in the context
of email/messaging.

A few initial questions:

1\. Is any part of the communication forward secure? I can't imagine how the
multiparty chat would be.

2\. Using the avatar to verify cryptographic identity seems weak, mostly
because I don't expect users will check it (it's only in the Contacts view,
and it's unclear that it has that use). It resembles the placeholder avatars
used on Github among other sites, which seems to suggest that it is not
meaningful. So - can the Peerio server silently MITM my communications?

3\. I'm not quite sure how the search works (still reading the code), but it
seems like it must be searching the plaintext stored in the client's memory.
How well will that scale?

------
drallison
The installation procedure apparently snarfs your contacts and spams them to
get them to load Peerio. Several observers on Farber's Interesting Persons
list have noted that the sign-up procedure is a significant security hole as
well as being decidedly unfriendly because of the spam. To track the thread
see
[https://www.listbox.com/member/archive/247/](https://www.listbox.com/member/archive/247/)

~~~
Maxmo74
Couldn't find anything on list box. I will investigate deeper later. Anyway
seems to be interesting. Anyone had the time to review the code yet? AFAICS
there's just the client source code, like on telegram... Any complete and
really free solution out there yet?

