Security

Periphery performs its analysis locally on your machine, no remote services are used to aid analysis. This quick guide will show you how to validate this claim yourself.

Network Activity

To validate that Periphery does not depend upon any remote services, you can simply disconnect your network before running Periphery - you'll see that it produces the same results regardless. However, if you'd like a more in-depth approach, you can use nettop (preinstalled with macOS) to monitor network connections.

Before running Periphery, in a new terminal run:

nettop -p periphery

nettop will begin monitoring for network connections by processes matching the name 'periphery'. Now run Periphery in another terminal. Once Periphery is finished, you should see a single TCP connection to github.com on port 443 (HTTPS). Periphery connects to GitHub to check for new releases in order to notify you. Specifically, Periphery uses the GitHub API to query the releases hosted at peripheryapp/releases.

Open Files

To see which files Periphery (and its dependencies) open, you can use opensnoop which also comes preinstalled with macOS.

Before running Periphery, in a new terminal run:

sudo opensnoop -n periphery

opensnoop will begin monitoring for files opened by processes matching the name 'periphery'. Now run Periphery in another terminal, and you will begin to see file paths printed as they are accessed.