Secured by Design  

Peakto Connect was built with strict security and privacy principles to ensure your data remains safe and under your control:

• No External Servers or Cloud Storage: Neither your pictures/videos nor their metadata are sent or copied to external servers or cloud infrastructure. All data stays local.

• Personal Data Stays on Your Device: Your personal data is stored exclusively on your device, which acts as the server to share data securely when needed.

• Encrypted Data Exchange: All data transfers between your Mac and other devices are encrypted, ensuring secure communication. Additionally, authentication mechanisms verify that only authorized users can access the shared content.

This approach guarantees that your media and personal information remain private, giving you full control over your data without relying on third-party services.

Local Mode  

When sharing your Peakto content in Local Mode, all devices must be connected to the same network to access your pictures. No data ever leaves your private network. Even in Local Mode, we enforce strict security measures, such as encryption and authentication, to protect your privacy. These safeguards ensure that even if an attacker gains control of a device on your network, your data remains secure.

What About Public Mode?  

In Public Mode, Peakto configures your internet router to establish a secure connection between an external device and your Mac running Peakto.

What We Can't Guarantee  

1. The Security of Your Network  

By design, local networks can be vulnerable to attackers:

• They often include many connected devices, such as smart plugs, lights, TVs, phones, and game consoles, which may lack robust security measures.

• Home or small business networks typically lack dedicated IT and security teams to monitor and protect against threats.

To minimize risks, all devices on your network must be secured with strong passwords, regular updates, and proper configurations. However, we cannot control the overall security of your network environment.

2. The Security of Your Mac  

Your Mac could be compromised by malware or backdoor attacks. Many personal devices are infected with malicious software that can open unauthorized access points to your computer. If your Mac is infected, attackers may gain access to your pictures (which are not encrypted).

To protect your Mac, ensure it is updated regularly, avoid downloading untrusted software, and use reliable antivirus tools. Despite these precautions, we cannot guarantee the security of your Mac if it becomes compromised.

Annexes  

Security mesure take by Cyme.  

We are implementing a development process that prioritizes security at every stage. From the beginning, we define security requirements and integrate secure design principles into our architecture. During development, we follow secure coding practices, conduct regular code reviews, and use automated tools to identify vulnerabilities early. Our testing process includes both functional and security tests, such as penetration testing and automated scans, to ensure robust protection. Post-deployment, we monitor systems for threats and continuously update our tools and practices to address emerging risks. This approach ensures that security is a core part of our development lifecycle.

We choose every components we use with care. Here is a list of our trusted components that are used in peakto to let the user access to its data from another computer:

Detailed Package List 

Below is a detailed overview of the packages used in our product:

1. Vapor

• Role: Vapor is a server-side Swift framework used to build web applications and APIs. It provides features like routing, middleware, and database integration.

• Security: Vapor includes built-in support for authentication (Basic and Bearer tokens) and middleware for security headers. VaporSecurityHeaders enhance protection against common vulnerabilities like XSS and CSRF.

2. GRDB

• Role: GRDB is a Swift library for SQLite database management. It supports raw SQL queries, migrations, concurrency, and database observation.

• Security: Its concurrency model ensures thread safety, reducing risks of data corruption or race conditions.

3. Appwrite SDK

• Role: Appwrite SDK simplifies backend services like authentication, database management, file storage, and more.

• Security: Appwrite employs strong measures such as HTTPS/TLS encryption, permission systems, dynamic API keys, and compliance with standards like GDPR and SOC 2. Proper configuration of collection-level permissions is critical to prevent unauthorized access.

4. JWTDecode

• Role: JWTDecode is used to decode JSON Web Tokens (JWTs), commonly used for authentication and authorization in modern apps.

• Security: JWTDecode is secure as long as tokens are signed using robust algorithms (e.g., RS256) and validated properly. Avoid exposing sensitive claims in the payload and ensure token expiration is enforced.

5. Moya

• Role: Moya is a networking abstraction layer built on top of Alamofire. It simplifies API requests with features like endpoint definitions and request chaining.

• Security: Secure usage involves enabling HTTPS for all requests and validating SSL certificates to prevent man-in-the-middle attacks. Moya inherits Alamofire's robust security practices.

6. Algorithms

• Role: This package provides efficient algorithms and data structures for Swift development.

• Security: While it does not directly handle sensitive data, its reliability ensures that performance-critical operations are implemented securely without introducing vulnerabilities.

7. upnplib

• Role: A library for managing Universal Plug and Play (UPnP) devices, often used for device discovery or network communication.

Best practices to secure the access of my pictures  

Best Security Practices for macOS  

Securing your macOS device is critical to protect your data, privacy, and system integrity. Below are some of the best practices categorized into key areas:

1. macOS Configuration

• Enable FileVault Disk Encryption: Use FileVault to encrypt your Mac's storage. This ensures that sensitive data is protected even if the device is lost or stolen. Enable it in System Settings > Privacy & Security.

• Activate the Built-in Firewall: Turn on the macOS firewall to block unauthorized incoming connections. For advanced control, consider third-party firewalls like Lulu for monitoring outgoing connections.

• Disable Remote Access: Unless necessary, keep remote access features like "Remote Login" and "Screen Sharing" disabled to prevent unauthorized access.

• Limit Data Sharing with Apple: Adjust privacy preferences to minimize data sharing with Apple and third-party apps under System Settings > Privacy & Security.

• Auto Logout After Inactivity: Configure your Mac to log out automatically after a period of inactivity via Advanced Privacy Settings.

2. Software Updates

• Keep macOS Updated: Regularly install macOS updates to patch vulnerabilities. Enable automatic updates in System Settings > General > Software Update.

• Update Applications: Ensure all installed apps are updated, especially those from the App Store or trusted developers, as they often contain security fixes.

• Backup Before Updates: Use Time Machine or other backup solutions to create a full backup before performing major updates.

3. Email Security and Phishing Prevention

• Enable Mail Privacy Protection: This feature hides your IP address and prevents senders from tracking when you open emails. Activate it in the Mail app under Mail > Settings > Privacy.

• Avoid Clicking Unknown Links: Be cautious of links in unsolicited emails. Verify sender information before interacting with attachments or links.

• Use Email Authentication Protocols: For enhanced security, ensure that email accounts use protocols like DMARC, SPF, and DKIM to prevent spoofing and phishing attempts.

• Two-Factor Authentication (2FA): Enable 2FA for email accounts to add an extra layer of security.

4. General Security Practices

• Antivirus Software: Although macOS has strong built-in protections, consider using reliable antivirus software for additional protection against malware.

• Avoid Torrents: Downloading files via torrents can expose your Mac to malware. Stick to official sources for software and media downloads.

• Regular Backups: Encrypt backups using Time Machine or other tools to ensure data remains secure even if accessed by unauthorized parties.

• Be Wary of Third-party Software: Only download software from trusted sources or developers' official websites. Avoid unverified downloads that may contain malware.

Your home configuration  

Securing your network and router is essential to protect against unauthorized access, data breaches, and cyberattacks. Below are the best practices for configuring your network and router securely:

1. Change Default Credentials

• Router Admin Login: Change the default username and password for your router's admin interface. Default credentials are often publicly available, making them a target for attackers.

• Wi-Fi Password: Use a strong, unique password for your Wi-Fi network. Combine uppercase and lowercase letters, numbers, and symbols to make it harder to guess.

2. Enable Strong Encryption

• WPA2 or WPA3: Use WPA2 or WPA3 encryption protocols for your Wi-Fi network. These provide strong protection against unauthorized access.

• Avoid WEP: Do not use WEP encryption as it is outdated and easily compromised.

3. Update Router Firmware

• Regularly check for firmware updates from your router manufacturer to patch vulnerabilities. Enable automatic updates if supported.

4. Disable Unnecessary Features

• Remote Administration: Turn off remote access to your router unless absolutely necessary to prevent unauthorized external access.

• WPS (Wi-Fi Protected Setup): Disable WPS as it can be exploited by attackers to gain access to your network.

• SNMP (Simple Network Management Protocol): Disable SNMP to prevent attackers from collecting information about your network configuration.

5. Configure Network Visibility

• Change SSID Name: Rename your Wi-Fi network (SSID) to something non-identifiable, avoiding personal or device-related names.

• Disable SSID Broadcast: Hide your network name to make it less visible to potential attackers scanning for networks.

6. Secure all your devices, like smart plugs and smart TVs

• Change Default Credentials: Always change the default username and password for each device's admin settings. Use strong, unique passwords to prevent unauthorized access.

• Separate Networks: Set up a dedicated Wi-Fi network or enable a guest network for your smart devices. This isolates them from your primary devices, such as laptops and smartphones, reducing the risk of cross-device attacks.

• Enable Encryption: Ensure your Wi-Fi network uses WPA2 or WPA3 encryption for secure communication between devices.

• Regular Updates: Keep the firmware of all smart devices up to date. Manufacturers often release updates to patch vulnerabilities and improve security.

• Disable Unnecessary Features: Turn off features like remote access or file sharing if they are not required, as they can create additional vulnerabilities.

• Monitor Device Permissions: Review what data your devices collect and share. Avoid granting unnecessary permissions, especially those related to location or camera access.

• Purchase Trusted Brands: Invest in devices from reputable manufacturers that provide long-term software and security support, as some brands may stop updates after a short period.

• Secure Physical Access: Keep devices in secure locations and use lock screens or physical protections for those with touchscreens or reset buttons.