BackupPeer

P2P encrypted backup — trade storage with peers, trust no server

BackupPeer is a peer-to-peer encrypted backup system. No central server. No cloud storage provider. You trade storage directly with peers, and cryptography guarantees that neither party can read the other's data.

The architecture

Zero-knowledge by design. Your data is encrypted client-side with NaCl/libsodium before it leaves your machine. Your backup peer stores encrypted blobs they cannot decrypt. You store their encrypted blobs. Neither party needs to trust the other with anything but disk space.

Direct P2P transfer via WebRTC. Files stream directly between peers — no relay server, no intermediary. Data channels handle the transfer in 64KB chunks with streaming encryption.

SHA-256 integrity. Every chunk is checksummed. Corruption is detected immediately, whether from network errors or malicious tampering.

TPM-anchored peer trust. For peers that support it, machine identity is anchored to a TPM. You're not trusting a hostname or an IP — you're trusting a cryptographic identity bound to physical hardware.

Cryptographic proof-of-storage. Challenge-response verification confirms that your peer is actually storing your data, not just claiming to. Regular verification keeps peers honest.

Reputation system. Peers build reputation through successful storage verification, uptime, and reliability. Bad actors get identified and excluded.

How it works

  1. Discover peers on your network or through a lightweight discovery mechanism
  2. Negotiate storage — you offer X GB, they offer Y GB
  3. Encrypt and transfer — your data is encrypted locally, chunked, and streamed directly to the peer via WebRTC
  4. Verify regularly — challenge-response checks confirm data integrity
  5. Restore when needed — pull your encrypted blobs back and decrypt locally

The terminal UI gives you real-time monitoring of transfers, peer status, storage utilization, and verification history.

Why not just use cloud backup?

You can. But cloud backup means your data — encrypted or not — lives on someone else's hardware, subject to their terms of service, their pricing changes, and their jurisdiction's legal requirements.

BackupPeer gives you geographic distribution (your peer can be anywhere) without the vendor dependency. The storage cost is reciprocal — you give what you get. And the encryption is yours, not the provider's.

Current state

Released. Terminal UI with interactive dashboard and real-time monitoring.

Links: GitHub