BackupPeer is a privacy-focused peer-to-peer encrypted backup system where you exchange backup storage directly with other users. Unlike rsync or Borg Backup which require central servers or cloud storage, BackupPeer creates mutual backup relationships - you store their files, they store yours, with zero-knowledge architecture ensuring only you can decrypt your data.
⚠️ EXPERIMENTAL VERSION: This is an experimental build with recent improvements to file transfer reliability and connection management. Features may change and stability is not yet guaranteed for production use. Please note; during development the community singalling server will be reset many times... setting your own is essential for now.
- Zero-knowledge architecture - signaling server never sees your data or keys
- End-to-end encryption with Ed25519 signatures and XChaCha20-Poly1305
- Hash-based peer verification with optional TPM integration support
- Client-to-client trust model with no central authority
- Smart file selection with
.backupignoresupport - Priority patterns for critical files (keys, wallets, certificates)
- Resumable transfers with chunk-level state persistence
- File integrity verification with SHA-256 checksums
- WebRTC direct peer connections with STUN/TURN traversal
- Connection caching and automatic reconnection
- Rate limiting and DoS protection
- Scheduled synchronization with peer coordination
- Cryptographic storage commitments with zero-knowledge proofs
- Automated challenge-response verification
- Reputation scoring based on peer behavior
- Multiple trust levels from software-verified to TPM-anchored
cd client
chmod +x setup.sh
./setup.sh# Initialize your peer identity
./bin/backup-peer init
# Start the interactive TUI
./bin/backup-peer ui
# Backup a folder
./bin/backup-peer backup ~/Documents --name "my-documents"
# Include only specific files
./bin/backup-peer backup ~/Projects --files "*.js,*.md" --exclude "node_modules/**"
# Check status
./bin/backup-peer statusCreate .backupignore files to control what gets backed up:
# In your backup directory
echo "*.tmp" >> .backupignore
echo "node_modules/" >> .backupignore┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Peer A │ │ Signaling │ │ Peer B │
│ (Your Data) │◄──►│ Server │◄──►│(Their Data) │
└─────────────┘ └─────────────┘ └─────────────┘
│ │
└──── Direct Encrypted Connection ────┘
(Your data never touches server)
Zero-Knowledge Design
- Signaling server only facilitates WebRTC handshake
- All data encrypted client-side before transmission
- Peer discovery through hashed identities
- No central storage or key escrow
Cryptographic Foundation
- Ed25519 signatures for peer identity verification
- XChaCha20-Poly1305 authenticated encryption for data
- SHA-256 hashing for peer IDs and file integrity
- PBKDF2 key derivation for database encryption
- Exponential backoff reconnection with cached peer data
- Peer connection success rate tracking
- Automatic peer quality assessment
- Cross-server portability via Kademlia DHT
backup-peer init # Generate keys and setup database
backup-peer backup <directory> # Backup folder with smart file selection
backup-peer restore # Receive files from peer
backup-peer ui # Launch interactive Terminal UI
backup-peer status # Show system status and peer connections--files <patterns> # Include file patterns (comma-separated)
--exclude <patterns> # Exclude file patterns (comma-separated)
--priority <patterns> # High-priority file patterns
--max-file-size <mb> # Maximum file size in MBbackup-peer verify <backup-id> # Check backup integrity
backup-peer challenge <peer> # Send storage challenge
backup-peer reputation --list # Show peer reputation scoresMutual Dependency: Both peers lose access if either goes offline permanently. This creates natural incentives for honest behavior and long-term commitment.
No Central Authority: No blockchain, central verification, or third-party trust required. Trust is established directly between peers through cryptographic verification.
Local Reputation: Track peer reliability locally based on successful connections, storage challenges, and data integrity.
- Basic: Encrypted storage with direct IP connections
- Enhanced: Encrypted storage with VPN/proxy connections
- Maximum: All traffic via Tor (future concept)
- Keys generated locally using secure random generation
- Private keys never leave the device
- Stored in
~/.backup-peer/keys/with restrictive permissions - User responsible for key backup and recovery
Protected against:
- Untrusted peers attempting data access
- Network adversaries performing traffic analysis
- Signaling server compromise or surveillance
- Malicious storage providers
- tpm-verified: Hardware-anchored trust (future)
- software-verified: Ed25519 signature verification
- reputation-based: Behavioral trust scoring
- unknown: New or unverified peers
See SECURITY.md for comprehensive security model, threat analysis, and security controls documentation.
- Tor hidden service integration for complete anonymity
- Onion routing for multi-hop backup distribution
- Anonymous peer discovery through DHT networks
- TPM-based hardware security module support
- Hardware wallet integration for key management
- Secure enclave support for iOS/Android
- GUI desktop applications for non-technical users
- Mobile clients with background synchronization
- Team/organization features with shared trust networks
- Post-quantum cryptography migration path
cd broker
npm install
node index.jsnpm pack
npm install -g backup-peer-client-0.1.0.tgzThis project focuses on core peer-to-peer backup functionality with strong cryptographic foundations.
Priority areas for contribution:
- Security audits and cryptographic review
- Connection resilience and network reliability
- Performance optimization for large file transfers
- Documentation and user guides
- Mobile and desktop GUI clients
Development principles:
- Security by design - no shortcuts on cryptography
- User sovereignty - users control their data and keys
- Decentralization - minimize dependencies on central services
- Privacy protection - metadata minimization and traffic analysis resistance
Code standards:
- Comprehensive security documentation for all changes
- Test coverage for cryptographic operations
- Clear separation between networking and crypto layers
- Memory safety considerations for key material
MIT License - Build freely, enhance privacy, strengthen digital sovereignty.
BackupPeer - Encrypted by design, governed by community, built for freedom