At a Glance:
Peergos is an open-source, peer-to-peer encrypted filesystem with fine-grained access control, designed to enable secure file storage and sharing, a private messenger, and a social network, all while keeping metadata and friendship graphs hidden from servers.
Overview:
Peergos is building a private web platform centered on a peer-to-peer, encrypted global filesystem. It is designed to give end users control over their data, ensuring web apps are secure by default and cannot track them. The system includes an encrypted messenger, an email client, and a private social network where sharing permissions are enforced cryptographically. Peergos is intended for individuals who want to securely store and share files without exposing metadata like who shares what with whom, and for developers looking to build or host apps in a sandboxed environment that prevents data exfiltration. A user's server is designed to be trustless, meaning data and metadata remain inaccessible even if the server is compromised.
Key Decision Points:
Self-hosting and local access: You can run a Peergos server on your own machine or log in to a remote instance via a local proxy, with options for CLI, FUSE, or WebDAV access. The web interface can be used over localhost for users who do not trust the public TLS CA architecture.
Cryptographic privacy model: All encryption happens client-side. The platform uses cryptographic blinding to hide who is sharing with whom and is designed so servers cannot deduce file sizes or view sharing graphs.
Friend-based sharing mechanism: File sharing is built on a social layer where users must follow each other. Sharing is controlled through a cryptree-based system, and secret links can be generated that do not leak file contents to the network.
Post-quantum resistance state: Files not yet shared are already resistant to quantum computer attacks. Shared files are currently vulnerable if initial follow requests are intercepted, with a plan to replace the asymmetric algorithm once a post-quantum candidate is chosen.
Core Features:
Client-side encryption: All strong encryption is performed on the user's machine using TweetNaCl, with each 5MiB chunk of a file encrypted independently using two random symmetric keys.
Cryptographically blinded social network: A "follow request" protocol allows users to build a friend network where the target's server cannot see the sender's identity, designed to eventually hide the entire friendship graph.
Fine-grained access control: File access leverages a cryptree-based system, extended to protect metadata such as file names, sizes, thumbnails, and directory structure.
Sandboxed web apps: Web applications can be loaded and run directly from Peergos in a sandbox that prevents data exfiltration, with permissions granted by the user.
Multi-interface access: Users can interact with Peergos through a web interface, a CLI, a bi-directional sync client, a FUSE mount, or a WebDAV bridge.
Use Cases:
Individuals seeking private file storage: Securely store files in a peer-to-peer network where the storage server cannot view content or deduce metadata about the stored data.
Private social networking and sharing: Share files and communicate with others without exposing the friend network or file metadata to the server operator or network observers.
Self-hosting a personal communication platform: Run a Peergos server on a home machine to create a personal, self-hosted storage space, messenger, and social platform with a secure web interface.
Open-Source Alternative Value:
As an open-source platform, Peergos offers a transparent architecture for a self-hostable, private web environment where cryptographic control over data and metadata is a core design principle. Developers and technically inclined users can inspect the Java-based server and the cross-compiled web interface, run their own instances without reliance on the central TLS CA trust architecture, and choose local access methods like FUSE or WebDAV. This provides an alternative to centralized cloud storage and social platforms, with the specific design goal that servers remain trustless and unable to access user data or sharing information even if compromised.
