Peergos

Self-hosted file storage and social sharing, honestly reviewed. Not just another cloud wrapper — this one was built by cryptographers.

TL;DR

• What it is: A peer-to-peer, end-to-end encrypted file storage, sync, and social sharing platform — with post-quantum cryptography and metadata protection [README].
• Who it’s for: Privacy-conscious founders and individuals who want Proton Drive–level security but want to own the infrastructure and don’t trust any server operator — including themselves [README][website].
• Cost savings: Proton Drive runs $9.99–$29.99/mo for meaningful storage; Tresorit starts at $14.50/mo. Peergos self-hosted runs on a VPS for $5–10/mo and gives you unlimited storage bounded only by disk.
• Key strength: Metadata protection. Most encrypted storage products hide file contents from the server. Peergos hides your contact list, file sizes, and directory structure too — even from the server you run yourself [README][website].
• Key weakness: 2,382 GitHub stars and a small team means this is not the mature, plug-and-play Nextcloud experience. It runs on the JVM, the documentation is technical, and the ecosystem of apps is early-stage. It’s also AGPL-3.0, which matters if you plan to embed it in a commercial product.

---

What is Peergos

Peergos is a peer-to-peer encrypted file system with a social layer built on top of it. The description in the GitHub README is blunt: “A p2p, secure file storage, social network and application protocol.” The website’s pitch is more polished: “Control your data. Control your destiny.” Both are accurate [README][website].

The founding premise is that conventional encrypted cloud storage — even the honest offerings from ProtonMail or Tresorit — only goes so far. The server still sees who you are, who you communicate with, how many files you have, and how large they are. That metadata is often more revealing than the content itself. Peergos was designed from the ground up to protect that layer too.

The technical foundation is IPFS (InterPlanetary File System), a content-addressed peer-to-peer protocol developed at Protocol Labs (one of Peergos’s supporters). Files are stored as encrypted chunks across the network; no single server holds a meaningful view of your data. The encryption is post-quantum — using lattice-based cryptography — meaning files stored today remain private even if a quantum computer is later used to break conventional elliptic-curve encryption [README][website].

What sets Peergos apart from a simple encrypted file sync tool is the application layer. You can run third-party web applications inside Peergos in a sandbox with only the permissions you explicitly grant — like a private app store where no app can exfiltrate your data. There’s also a social network (followers, posts), a secure messenger, and an encrypted email bridge [README].

The project has been security-audited twice: by Cure53 in 2019 and by Radically Open Security in 2024 [website][audit-2024]. It’s supported by NGI-POINTER (the EU’s Next Generation Internet programme), Protocol Labs, FUTO, and the Oxford Foundry. These aren’t vanity logos — they represent real research funding and alignment with the open-internet community.

---

Why people choose it

The case for Peergos sharpens when you understand what the alternatives actually protect.

Versus Nextcloud. Nextcloud is the default answer to “I want to self-host my files.” It has a mature ecosystem, apps for everything, desktop and mobile clients, and 20,000+ GitHub stars. But Nextcloud on your server means you can read every file, every filename, every folder name, and see exactly who shared what with whom. If your threat model includes a compromised server — including your own — Nextcloud doesn’t help. Peergos’s architecture means even the server operator gets ciphertext with no readable structure [README].

Versus Proton Drive. Proton Drive offers genuine client-side encryption and a polished UI. You can’t self-host it; you’re trusting Proton’s servers and Proton’s continued goodwill. It also doesn’t protect metadata at the same level — Proton knows your account, your storage usage, your sharing relationships. Peergos’s trustless architecture makes none of that visible even to itself [README][website].

Versus Cryptomator + your storage of choice. Cryptomator is a popular approach: encrypt locally, sync to any cloud. It protects file contents, but the provider still sees filename patterns, directory structure, and sync timestamps. Peergos wraps all of that in the same encrypted layer [README].

The honest case. Two testimonials on the website are credible signals. Solène Rapenne, a Qubes OS team member and former OpenBSD developer, says: “With Peergos, I can finally store my data without having to trust the backend security.” That quote matters because it comes from someone who reviews infrastructure for a living [website]. The second testimonial — “This is the most important project right now for the free world” — is anonymous and reads like enthusiasm more than analysis. Take it accordingly.

Where Peergos doesn’t compete well is on raw usability and polish. Nextcloud has 20× the GitHub stars, hundreds of third-party apps, one-click installers on every major hosting platform, and years of community tutorials. Peergos has a Java binary, a good tech book, and a Matrix chat room. The tradeoff is clear: maximum privacy architecture in exchange for a steeper setup path.

---

Features

Based on the README and official website:

Core file system:

• End-to-end encrypted file storage with post-quantum cryptography (lattice-based) [README][website]
• Protected metadata — contact list, file sizes, directory structure hidden even from server operators [website]
• Trustless architecture — data is safe regardless of where Peergos runs [website]
• Offline access — login and view recent files without network connectivity [website]
• Portable identity — migrate server without losing data, links, or friends [website]
• Secret links — share files with people who don’t have a Peergos account [website]

Sync and access:

• Desktop sync client for Windows, macOS, Linux [website]
• Android mobile app [website][merged profile]
• Multi-device access — login from any device with username, password, and optional 2FA [website]

Social and communication:

• Private social network with cryptographic access control — you decide who sees what, enforced by the crypto layer, not just a UI permission [README]
• Secure messenger [README]
• Encrypted email client and bridge [README]

Application platform:

• Web apps load and run directly from Peergos in a sandbox with user-granted permissions [README]
• Prevents data exfiltration by design [README]

Infrastructure:

• Docker, brew, apt, and binary deployment [merged profile]
• PostgreSQL and SQLite database support [merged profile]
• Independent of central TLS Certificate Authority trust architecture [README]
• Federation — self-hosted instances can still friend and share with users on peergos.net [website]

Security:

• Two independent security audits (Cure53 2019, Radically Open Security 2024) [website]
• AGPL-3.0 license — all server-side source code auditable [website]

---

Pricing: SaaS vs self-hosted math

Peergos.net hosted (their managed service): The website links to peergos.net for signup and references a paid server, but specific tier pricing was not available from the scraped pages. Based on the project’s positioning (donation-funded open-source, not VC-backed SaaS), pricing is modest. A free tier with limited storage is available; paid plans extend storage capacity. For precise current pricing, check https://peergos.net directly.

Self-hosted (AGPL-3.0):

• Software: $0
• VPS to run it on: $5–10/mo on Hetzner, Contabo, or Vultr with sufficient storage
• Your disk cost scales with how much you store
• The AGPL license means you can self-host for personal or internal use freely; commercial redistribution or embedding in a SaaS product requires care with the license terms

Proton Drive for comparison:

• Free: 1 GB
• Mail Plus: $3.99/mo, 15 GB
• Proton Unlimited: $9.99/mo, 500 GB
• Proton Business: $12.99/user/mo, 1 TB+

Tresorit for comparison:

• Solo: $14.50/mo, 2 TB
• Business Standard: $24/user/mo

Concrete math for a founder with 500 GB of sensitive files: Proton Drive Unlimited runs $120/year. Tresorit Solo runs $174/year. A self-hosted Peergos instance on a $7/mo Hetzner VPS with a 500 GB volume attachment runs approximately $144/year — comparable on price, but with post-quantum encryption, metadata protection, no vendor lock-in, and source code you can audit. If your storage needs are smaller (under 50 GB), hosted Proton Drive is cheaper and easier. If you have more data or higher privacy requirements, self-hosted Peergos wins on both dimensions once you’ve done the initial setup.

---

Deployment reality check

Peergos runs on the JVM. That’s the first thing to know. Unlike Go-based tools (Nextcloud plugins, Caddy, etc.) that compile to a single binary with no runtime dependency, Peergos requires Java installed on the host.

What you actually need:

• A Linux VPS (2–4 GB RAM recommended — the JVM and the P2P layer have meaningful overhead)
• Java 17+ installed
• A domain and reverse proxy (nginx or Caddy) for HTTPS
• PostgreSQL (recommended for production) or SQLite (acceptable for single-user) [merged profile]
• Optional: Docker if you prefer containerized deployment [merged profile]
• Enough storage for your data — Peergos doesn’t compress before encrypting

What can go sideways:

• The JVM startup time and memory footprint surprises people used to lightweight Go binaries. On a 1 GB VPS, you will have a bad time.
• The peer-to-peer layer means initial setup involves understanding content-addressed storage concepts. The tech book at https://book.peergos.org helps, but this is not a five-minute Cloudron install.
• AGPL-3.0 has implications if you’re planning to integrate Peergos into a commercial product or white-label it. Read the license before you build on it.
• Federation works, but if you self-host and your server goes down, your friends on peergos.net or other servers can’t reach you until you’re back up. There’s no graceful degradation documented for extended outages.
• The app ecosystem is thin. There’s no equivalent of Nextcloud’s 400+ apps. The platform primitives are there, but third-party developers haven’t built on it at scale yet.

Realistic time estimate for a technical user: 2–4 hours to a working, HTTPS-terminated instance. This includes understanding the architecture, not just copying commands. For a non-technical founder with no Linux experience: budget a day or hire someone who’s done it before. There are no one-click marketplace installers for major hosting providers as of this writing.

---

Pros and cons

Pros

• Genuine metadata privacy. This is the hardest feature to replicate in the category. Hiding file contents is table stakes; hiding who you share with, file sizes, and directory structure from the server operator (including yourself) requires Peergos’s specific architecture [README][website].
• Post-quantum encryption. Most E2E encrypted products use ECDH and related primitives that a sufficiently powerful quantum computer could break. Peergos uses lattice-based post-quantum cryptography [README][website].
• Trustless architecture. The design assumption is that your server will be compromised eventually. The crypto holds even under that scenario [README][website].
• Two independent security audits. Cure53 (2019) and Radically Open Security (2024) are credible auditors. The reports are public [website][audit-2024].
• Portable identity. You can migrate servers without losing contacts, links, or data. This is rare — most self-hosted tools lock you to the instance [website].
• AGPL-3.0 — fully open source. All code, including server-side, is auditable. No enterprise tier, no proprietary blob, no “open core” bait-and-switch [website].
• Federation. Self-hosted instances federate with the main network. You’re not isolated [website].
• Application sandboxing. Third-party web apps can run inside Peergos without permission to exfiltrate your data — a genuinely novel capability in the self-hosted space [README].

Cons

• 2,382 GitHub stars. This is a real number, not a criticism of the technology, but a signal of ecosystem maturity. For comparison, Nextcloud is at 28,000+. A smaller community means fewer tutorials, fewer one-click integrations, and higher risk that you’re on your own when something breaks.
• JVM runtime dependency. Not a dealbreaker but adds friction versus single-binary Go tools. Memory footprint is meaningful on small VPS instances.
• No one-click installers. No Cloudron app, no Yunohost package, no Hetzner marketplace image. You’re running from a JAR or building Docker yourself.
• Thin app ecosystem. The application platform is architecturally interesting but currently underutilized by third-party developers. You’re not getting the Nextcloud app store experience.
• AGPL-3.0 commercial restrictions. If you want to embed Peergos in a SaaS product or offer it to clients as part of a managed service, AGPL has strings attached that MIT and Apache 2.0 don’t.
• Documentation is technical. The tech book is well-written for engineers. A non-technical founder following it without Linux experience will struggle.
• No independent third-party reviews found. The provided review sources for this article were not about Peergos; community reviews on platforms like Trustpilot or G2 are sparse. You’re largely trusting the primary source documentation and the security audit reports.

---

Who should use this / who shouldn’t

Use Peergos if:

• Your threat model includes a compromised server — you need the data to be unreadable even to yourself acting maliciously.
• You handle sensitive client files, legal documents, or medical data where metadata exposure is as dangerous as content exposure.
• You want post-quantum encryption now, not when the rest of the industry catches up.
• You have a technical person available for setup and ongoing maintenance, or you’re willing to do it yourself with a few hours of ramp-up.
• You want to federate with others without mandating they run the same server.

Skip it (use Nextcloud instead) if:

• You want a rich app ecosystem: calendars, contacts, Kanban boards, collaborative editing.
• Your threat model doesn’t require hiding metadata — you just want file sync without a Google or Dropbox bill.
• You want a mature mobile app with offline-first behavior and broad device support.
• One-click deployment from a marketplace is non-negotiable.

Skip it (use Proton Drive instead) if:

• You’re not technical and you don’t want to run anything on a server.
• You need a polished, consumer-grade UI with genuine end-to-end encryption and don’t mind trusting Proton.
• Storage under 500 GB and the monthly fee is acceptable.

Skip it (use Cryptomator + your existing storage) if:

• You already have an S3 bucket, Backblaze B2, or similar and just want to add encryption as a layer without migrating infrastructure.
• Metadata exposure is acceptable and content privacy is your only requirement.

---

Alternatives worth considering

• Nextcloud — The obvious choice for self-hosted file sync. Massive app ecosystem, mature mobile clients, broad hosting support. Server-side readable; no metadata protection. Use this if you trust your server operator (which in self-hosting means trusting yourself).
• Proton Drive — Managed E2E encrypted storage from a credible privacy company. No self-hosting, less metadata protection, polished UX. For non-technical founders willing to pay for hosted privacy.
• Seafile — Fast, reliable file sync. Not E2E by default (can enable it, but it’s a separate mode with limitations). Lighter on resources than Nextcloud.
• Tresorit — E2E encrypted managed cloud storage. Polished, zero-knowledge, no self-hosting. Similar positioning to Proton Drive but enterprise-focused.
• Tahoe-LAFS — The original distributed encrypted file system concept that influenced Peergos. Technically capable but the UI is 2008-era and it’s effectively in maintenance mode. Not for non-technical users.
• Keybase — E2E encrypted file storage, chat, and social, now owned by Zoom. The acquisition history is a legitimate reason to look elsewhere. Mentioned for completeness.

For the specific audience this article targets — a founder escaping a SaaS bill and wanting private file storage — the realistic shortlist is Peergos vs Nextcloud. Pick Nextcloud if you want a comfortable, well-documented experience and trust your own server. Pick Peergos if you want the strongest available privacy guarantees and are prepared for a technically demanding setup.

---

Bottom line

Peergos is solving a harder problem than most self-hosted file storage tools. Hiding file contents from your server is now table stakes; hiding your contact graph, file sizes, and directory structure from the storage layer is genuinely difficult, and Peergos does it with post-quantum cryptography that’s been independently audited twice. The cost is real: 2,382 stars instead of 28,000, no one-click installers, a JVM runtime, and thin third-party app support. For a founder whose threat model stops at “I just don’t want Dropbox reading my files,” Nextcloud or Proton Drive will be more comfortable. For someone who actually needs the metadata protection — handling sensitive client data, operating in a jurisdiction with aggressive surveillance, or simply not wanting to trust anyone including themselves — Peergos is the only self-hosted option in this category that takes the full problem seriously.

If the setup is the blocker, that’s exactly the kind of infrastructure work that upready.dev deploys for clients. One-time fee, you own the server.

---

Sources

1. Peergos GitHub Repository — README (2,382 stars, AGPL-3.0). https://github.com/Peergos/Peergos
2. Peergos official website — homepage and features. https://peergos.org
3. Peergos Security Audit 2024 — Radically Open Security. https://peergos.org/posts/security-audit-2024
4. Peergos Security Audit 2019 — Cure53. https://peergos.org/posts/security-audit
5. Peergos Tech Book — detailed architecture and feature documentation. https://book.peergos.org