Demonsaw Promises Free, Secure File Sharing

Contributing Writer
Updated


LAS VEGAS — How do you securely share files on the Internet? One security expert says he has a new way to share files in a secure, private, anonymous and decentralized way. It's called Demonsaw and it's free.

Demonsaw's creator, a hacker going by the name Eijah, unveiled his service at the DEF CON hackers conference here yesterday (Aug. 8). Eijah said he initially created Demonsaw for his own use, in order to share files with friends and family, then decided to make it available to the public.

MORE: 7 Ways to NSA-Proof Your Smartphone

Eijah said Demonsaw is almost entirely anonymous: Users don't need to login or register, and there's no data retention. 

"I don't even know you are using it, and I don't even care," he told the DEFCON audience.

Demonsaw isn't quite peer-to-peer file-sharing, but it isn't cloud storage either. Instead, users can to go to demonsaw.com to download router or Web server software in addition to the client software, which turns their devices into part of the Demonsaw network.

To set up a network, you'll need to know the Internet Protocol (IP) address of the machine you'll be using as a client. You then set up a user profile, a passphrase, and the address of the router that will host your network. You then designate the folder on your computer that you wish to share with the network.

Now, others on your network will be able to browse and download from that folder, and you'll be able to browse any other folders on that network. 

Each user profile can also designate an icon. If you do associate an icon with that user profile, then only people with the same icon will be able to exchange files with you. That's because Demonsaw derives an encryption key from the unique image, and adds another layer of encryption to every file exchanged through the network. 

Even without an icon, Demonsaw still uses a modular security approach; the network is segmented and spread across many different servers, routers and clients. Demonsaw servers are essentially encrypted volumes that store all data securely. Eijah said that from an outside perspective, it looks as if the client computer is sending out only small HTTP requests.

Running Demonsaw software requires you to use the Microsoft .NET Framework (a piece of Windows software used to help developers create and run new Windows applications) version 4.5 or higher.

I tried out Demonsaw on my Windows 7 laptop at the conference, and as soon as I tried to run it, my Bitdefender Antivirus Plus 2013 program blocked it and flagged it as potentially malicious. I asked Eijah, and he said that probably occurred because he used a program called ConfuserEx to obfuscate Demonsaw's code. Bitdefender may have flagged this as an anti-disassembly feature, which malware often use to hide from security experts. 

Once it's up and running, Demonsaw's interface is very stark, though if you've used other file-sharing programs, you'll be able to find your way around it. Eijah told me he's still working on a FAQ and other materials to make it more user-friendly.

Windows versions of the Demonsaw software are currently available from demonsaw.com. Eijah says that versions for Mac, Linux, Android and, later, iOS, are on the way, as well as ports for Chromecast and possibly Plex, to make it easier for people to display content in their homes.

I got to spend only a little time with Demonsaw, as I had other DEF CON panels to attend, but what I saw looked good. It's nowhere near as user-friendly as Google or Dropbox, but Demonsaw is free, encrypted and self-hosted. People who are looking for a secure file-sharing system will want to check this out.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.