Remote File Destruction Question

Comments

8 comments

  • Official comment
    Avatar
    Skylar Nagao

    Hi George,

    Users can only destroy files they have uploaded themselves, so no one besides you will be able to destroy files you have uploaded.

    If you have received a file from another user, that user can destroy their file to remove it from all of Peerio, including from your account.

    You can see who is the owner of a file by going to the "Files" tab and looking under "Owner" at the right side of the window.

    To see how to destroy a file, see this how-to: https://peerio.zendesk.com/hc/en-us/articles/203699905-How-do-I-destroy-a-file-

  • Avatar
    George Gillan

    Skylar - thank you.

    I looked at that link and it really does not answer my question. I understand the context of wanting to delete files that you have uploaded (and therefore that you own). It's the other side of the equation that I am asking about. There are some concerns that I think are worth considering, but in any case certainly worth understanding.

    Suppose:
    - A shares a file with B.
    - B downloads the file to B's device (PC, tablet, or whatever should all be the same, but let's say it's a PC in this example).

    What is the status of the copy that B downloaded to B's own PC? Can A delete that copy of the file on B's PC?

    What if B had modified the file on B's own PC (maybe it was a spreadsheet) - can A delete the modified copy of the file on B's PC?

    Once the file is downloaded to B's PC, is there anything that prevents B from making a copy that peerio does not know about/cannot find?

    Of course there are many ways that people could (and will) use a service like peerio. Some purely personal information that a person wants to be able to delete. Some collaboration where a recipient makes changes and does not want the sender to delete them. Or even some documents that have some kind of legal significance that the recipient might not want deleted without their assent.

    There are also the technical implications for security leaks if the software is able to reach into a recipients PC (or other device) to delete files.

    Of course, I might be misunderstanding the way that peerio works. Your clarifications would be greatly appreciated!

    George

  • Avatar
    Skylar Nagao

    Hi George,

    Thanks for such a thorough response and elaboration of your concerns.

    In the current state, Peerio's file destruction is specific to Peerio's servers. If a contact downloads a file, Peerio cannot access their computer to delete a file stored locally. Ideally, you are able to trust your Peerio contacts, but we understand the desire to fully eliminate or control access to your files. We have been considering additional security measures we can put in place to address these issues.

    We plan to add download notifications, to let the file's owner know when a user has downloaded their file.

    We also plan to add self-destruct timers to files and messages, to only leave a certain window of time for users to have access.

    We will be considering share limitations, so that a file can only be shared with specified users.

    We are also working on document previews within Peerio, which would allow for read-only copies of files that can be viewed in Peerio but not downloaded.

    Lastly, and of course the most complete option, we are researching the possibility of self-destructing files, that can lock or be deleted after a period of time. This option is ideal, but requires substantial research to protect the security and privacy of all users involved.

    I hope this provides a better and more complete answer to your questions and concerns, and helps clarify where Peerio is currently at, and what we are working towards in the future.

  • Avatar
    George Gillan

    Skylar,

    I'm glad to hear about the careful thoughts and plans that are going into this aspect of the service. There is no perfect solution, because 'party B' could always use a camera to photograph their screen with the document displayed! Even self-destruct files have to be considered with caution, because any sort of executable going onto a recipient's PC (or other device) could be opening up unintended security holes. The bottom line is, as you said, you must be able to trust the people you are sharing with. Thanks for sharing your time by giving me these answers.

    George

  • Avatar
    Simon Borek

    I'd like to express my opinion on the considered self-destruct and read-only features:

    Technically it isn't possible to prevent anyone, who can view a file, from making a copy. And, as far as I know, such features are usually much harder to develop than to overcome. It seems apps featuring this are popular this time, but I'm not sure if it eventually does any good. Don't you think, these features would just give users false sense of security?
    Well, it's a way how to tell the recipient, I really don't want him to save the file, but I think I can just write this to him/her.

  • Avatar
    Skylar Nagao

    Hi Simon,

    Peerio's goal is to offer usable security features to all users, whether novice or professional. These features are being discussed as means to prevent potentially unwanted distribution or editing of material.

    For example, you may want to send someone a sensitive document to review, but do not want them to save the document on their computer. You may trust this person, but you don't want to risk them leaving the document unprotected on their computer.

    It is situations of these sorts that these features could prove useful.

  • Avatar
    Simon Borek

    Hi Skylar,
    thank you very much,
    in this use case it seems very handy - a possibility of viewing content without need of saving it to a drive in plaintext or using third party tools. I also appreciate features that let me easily manage my files on-server (delete them after certain time period and so on). I'm just afraid, that novice users might think, some auto-destruction, or read-only view will definitely stop their recipients, after they have already acquired the message/file, from doing whatever they want with it. They should be referred to the fact, that once the content is viewed, it can be also saved, shared, whatever, if the viewer really wants to (and it doesn't require extreme technical knowledge), and that prevention of this isn't the primary goal of these security features.

  • Avatar
    Skylar Nagao

    Hi Simon,

    As we develop new features, we always are also considering the potential security risks of the given use-case, as well as the expectations of users. For these sorts of features, we would certainly also develop notifications and provide resources to help users understand the extent to which Peerio is able to protect their privacy.

Please sign in to leave a comment.

Powered by Zendesk