Demonsaw Promises Free, Secure File Sharing

LAS VEGAS — How do you securely share files on the Internet? One security expert says he has a new way to share files in a secure, private, anonymous and decentralized way. It's called Demonsaw and it's free.

Demonsaw's creator, a hacker going by the name Eijah, unveiled his service at the DEF CON hackers conference here yesterday (Aug. 8). Eijah said he initially created Demonsaw for his own use, in order to share files with friends and family, then decided to make it available to the public.

MORE: 7 Ways to NSA-Proof Your Smartphone

Eijah said Demonsaw is almost entirely anonymous: Users don't need to login or register, and there's no data retention. 

"I don't even know you are using it, and I don't even care," he told the DEFCON audience.

Demonsaw isn't quite peer-to-peer file-sharing, but it isn't cloud storage either. Instead, users can to go to to download router or Web server software in addition to the client software, which turns their devices into part of the Demonsaw network.

To set up a network, you'll need to know the Internet Protocol (IP) address of the machine you'll be using as a client. You then set up a user profile, a passphrase, and the address of the router that will host your network. You then designate the folder on your computer that you wish to share with the network.

Now, others on your network will be able to browse and download from that folder, and you'll be able to browse any other folders on that network. 

Each user profile can also designate an icon. If you do associate an icon with that user profile, then only people with the same icon will be able to exchange files with you. That's because Demonsaw derives an encryption key from the unique image, and adds another layer of encryption to every file exchanged through the network. 

Even without an icon, Demonsaw still uses a modular security approach; the network is segmented and spread across many different servers, routers and clients. Demonsaw servers are essentially encrypted volumes that store all data securely. Eijah said that from an outside perspective, it looks as if the client computer is sending out only small HTTP requests.

Running Demonsaw software requires you to use the Microsoft .NET Framework (a piece of Windows software used to help developers create and run new Windows applications) version 4.5 or higher.

I tried out Demonsaw on my Windows 7 laptop at the conference, and as soon as I tried to run it, my Bitdefender Antivirus Plus 2013 program blocked it and flagged it as potentially malicious. I asked Eijah, and he said that probably occurred because he used a program called ConfuserEx to obfuscate Demonsaw's code. Bitdefender may have flagged this as an anti-disassembly feature, which malware often use to hide from security experts. 

Once it's up and running, Demonsaw's interface is very stark, though if you've used other file-sharing programs, you'll be able to find your way around it. Eijah told me he's still working on a FAQ and other materials to make it more user-friendly.

Windows versions of the Demonsaw software are currently available from Eijah says that versions for Mac, Linux, Android and, later, iOS, are on the way, as well as ports for Chromecast and possibly Plex, to make it easier for people to display content in their homes.

I got to spend only a little time with Demonsaw, as I had other DEF CON panels to attend, but what I saw looked good. It's nowhere near as user-friendly as Google or Dropbox, but Demonsaw is free, encrypted and self-hosted. People who are looking for a secure file-sharing system will want to check this out.

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

  • virtualban
    What happens when the user goes offline? Will all the other users that have downloaded a part of the folder still be available? Can that folder be reconstructed by all the parts available on the network? By what name and address would that reconstructed folder be accessible?
  • Eijah
    Demonsaw is the convergence of a decentralized Cloud application and P2P. Think of it like the offspring of DropBox and BitTorrent. Demonsaw completely hides your IP and safeguards the data that you transfer, making it impossible for anybody to track what you're downloading. As far as your questions go, partial file downloads are fully resume-able and transferable across different clients. This means that clients going offline won't affect the availability of the download as long as the number of available file chunks is high enough (similar to the number of seeds in torrents). The IP that Jill's referring to in the article is actually the router's IP, not the client's. I've written an FAQ and Help that should explain any other questions you might have. @demon_saw
  • Jill Scharr
    Thanks, Eijah! As for virtualban's first question, you'll probably want to host the router and server on a machine that won't be turned off regularly.
  • Eijah
    That's correct. The router must be accessible for clients to perform message-driven activities such as joining groups, searching, browsing, and transfer requests. Once a transfer request has begun the server(s) take over and the router is no longer in the loop. This is cool for a couple of reasons: 1) The abstraction of the message and data exchange allows demonsaw to completely secure your file sharing, and 2) there are tremendous performance gains by offloading transfers to 1:N servers. The demonsaw server software can run as a Windows application or be deployed as a .NET Web Application. Since web hosting costs have decreased in recent years, you can get .NET web hosting now for < $5 per month. This makes for a very inexpensive solution to share large amount of data while piping it all through 3rd parties (and not your home router). Since demonsaw data is encrypted at multiple levels, web hosting companies and 3rd parties will not be able to discern what you're sending across their networks. In fact, not even the router knows what you're transferring - it's that secure. I've been updating with FAQ and Help over the last few days. I should have it completed by the end of this weekend. I'll even make available my full Defcon 22 presentation which explains all of this in detail.