I won't respond in detail, at least today, to all your criticism of our work but I will say two things:
CryptPad might not be at the level of privacy or security you want (which one do you want BTW ?), but with such discourse you are sending users to stay handling their data on Google which seems to be the opposite of what you seem to want. We will of course consider on our end that CryptPad greatly enhances privacy and security compared to the situation where everybody's data is in clear at Google or Microsoft.
You mentioned " I did share all of the above with the CryptPad team, and was told they don't intend to address the above issues". If you can dig out our response it would be helpful ? At least my position as CEO is that we intend to solve the issues we can solve with the funding we have. As an example, we have always been interested in finding a solution to the "code attack". However the desktop app or code signing does not fully solve the issue as you still need to trust who builds the desktop app or signs the code, even when signed. Full trust requires audit of the code at every change. Can you name me one app that you can fully trust ? Have you audited it ?
I'm not saying improvements cannot be done and we'd love to do a desktop app but we have to choose our battles. We would still have to see if people install and use it ? Signal is a mobile app.. How many have it on their computer ? How many use slack instead ? (When a billionaire gives 100M$ to CrytpPad, we'll be happy to have our choices challenged compared to those of Signal). If one is listening our OpenCollective is here https://OpenCollective.com/cryptpad
We'd love to do more both for privacy and security and ease of use, but for that we need more funding.
Our belief is that privacy and security will be won again on the Internet step by step by getting users to any non BigTech tools including CryptPad and then improve them step by step. If we have the users, we have higher chances to have the funding to improve the tools.
Your vision seems to be more extreme and would likely fail to bring anybody to such a platform as it would lack ease of use (at least with the level of funding we have).
Until now, your criticism is not helping getting the users out of Google or Microsoft.
We have started work on this through sponsoring of openDesk:
https://apps.nextcloud.com/apps/openincryptpad
This allows editing of diagrams stores in Nextcloud using cryptpad. However the files are not e2ee in Nextcloud.
Integration with the new web version of e2ee of Nextcloud could be possible now but we don't have capacity to develop this. Integration with other e2ee tools is also technically feasible.
What type of integration are you looking for ? We would be interested to understand the workflow you would find interesting.
So to be clear, for very specific purposes I'm thinking of, I don't know that it's even better for users to use Cryptpad (without document passwords) than to use Google, etc, that's how bad it is.
This is conjecture on my part, but I'm assuming a user information request which asks for all of a user's cloud documents is considered broader than a request for a user's browser URL history scoped to one URL, and therefore the former is less likely to be granted, even though the latter can grant access to all of the cryptpad documents a user has accessed via share link.
And even if the above conjecture doesn't hold, the latter request would be much more likely to reveal sensitive information, which is why I think it's so dangerous that nation-state actors can access e.g. Chrome Users' cryptpad documents at least as easily as those same users' Google documents.
> CryptPad might not be at the level of privacy or security you want (which one do you want BTW ?), but with such discourse you are sending users
Ideally both, and to be clear, I'm recommending people who need secure document collaboration to use cryptpad only with document passwords. Even though I'd really like to be able to recommend Cryptpad without that caveat, I think we can all agree Cryptpad with a password is probably going to be more secure from third-party access than Google Docs.
> You mentioned " I did share all of the above with the CryptPad team, and was told they don't intend to address the above issues". If you can dig out our response it would be helpful ? At least my position as CEO is that we intend to solve the issues we can solve with the funding we have. As an example, we have always been interested in finding a solution to the "code attack". However the desktop app or code signing does not fully solve the issue as you still need to trust who builds the desktop app or signs the code, even when signed.
It was ticket 9SNPEQVkca if you're interested. I did offer some ideas on mitigating extension-based exfiltration attacks and server compromise, though your team may have already had some similar ideas in the past.
I completely understand the issues of funding. The nice thing about Cryptpad being an open source project is that community members such as myself can also make contributions towards improvements, though the roadmap still lives and dies with the company, because people generally aren't going to work on features/fixes that maintainers won't merge.
The signing issue is a fair one also. The fact is coordinating releases for extensions, desktop apps, mobile apps adds a lot of work that might be prohibitive with current resources. Mobile app stores can also be annoying gatekeepers. At least publishing apps as open source makes it so users can build their own version at any point if they'd like, and then actual version updates could be fewer and further between.
> Full trust requires audit of the code at every change. Can you name me one app that you can fully trust ? Have you audited it ?
I mean trust is really something we grant in degrees. But I do often look at software I use, and that's how I came to recognize the issues with Cryptpad I ended up reporting.
> Signal is a mobile app.. How many have it on their computer ?
I realize there are many mobile-only users, but among the people I know. it's very common to primarily use the Desktop app. Of course, their whole device syncing story opened up some issues, so...[1]. But I do tend to agree with them that delivery as a traditional server-hosted web app opens up additional avenues for exploit which the app distributor can't mitigate against. Perhaps these will be mitigated with updates to the CSP and resource integrity standards in the future, but right now there is more control over Desktop apps
> (When a billionaire gives 100M$ to CrytpPad, we'll be happy to have our choices challenged compared to those of Signal). If one is listening our OpenCollective is here https://OpenCollective.com/cryptpad
I would love to see more funding for Cryptpad, and Signal for that matter. Both could really use bug bounties also.. can those be crowd sourced?
> Our belief is that privacy and security will be won again on the Internet step by step by getting users to any non BigTech tools including CryptPad and then improve them step by step. If we have the users, we have higher chances to have the funding to improve the tools.
> Your vision seems to be more extreme and would likely fail to bring anybody to such a platform as it would lack ease of use (at least with the level of funding we have).
Signal has sacrificed ease of use in favour of security by refusing to release a web app for some time.. they're doing pretty OK in terms of number of users. I think it's also fine to choose a different balance and favour ease of use more, but concessions to security based on your team's priorities should at least be acknowledged.
> Until now, your criticism is not helping getting the users out of Google or Microsoft.
My criticism of Cryptpad is intended to raise awareness of the issues, so that users and prospective users can make more informed decisions about what technologies are appropriate for their concerns
And honestly if people are turned off of using cryptpad because of an issue I'm highlighting, that's also an indication of what needs to be improved to win those users back.
"Signal has sacrificed ease of use in favour of security by refusing to release a web app for some time.. they're doing pretty OK in terms of number of users. I think it's also fine to choose a different balance and favour ease of use more, but concessions to security based on your team's priorities should at least be acknowledged."
Again you mention Signal, a org bootstrapoed with a promise of 100m$ and way more funding than us. They have apps for iOS, Android, Linux, Mac, Windows. Are you realizing the comparison you do ?
You say our concessions to security should be acknowledged. Check our white paper.. We do mention code hacking on the server. When did we say we protect you from your computer setup ?
You want us to warn users about links more visibly. Fine, make reasonable proposals ?
You want us to make desktop apps.. We want that too.. We tell you it does not fully solve the issues you mention.
You want us to drop web apps like Signal who does not do that. We tell you this would kill CryptPad.
Yes the way you overstate the issue instead of telling activist to run their own servers, with a browser they control on an OS they control, is indeed hurting. You mention users are not knowledgeable. This FUD reduces the trust in our work. Sure I understand you are trying awareness.. Which for us ends up being social pressure.
Open Source is simple.. Don't complain, code... Contribute...
Our main promise to our users is that server operators cannot read the users data.
About code alteration attacks, we have mentioned them here in an article exposing ways to use CryptPad in secure ways https://blog.cryptpad.org/2024/03/14/Most-Secure-CryptPad-Us...
I won't respond in detail, at least today, to all your criticism of our work but I will say two things:
CryptPad might not be at the level of privacy or security you want (which one do you want BTW ?), but with such discourse you are sending users to stay handling their data on Google which seems to be the opposite of what you seem to want. We will of course consider on our end that CryptPad greatly enhances privacy and security compared to the situation where everybody's data is in clear at Google or Microsoft.
You mentioned " I did share all of the above with the CryptPad team, and was told they don't intend to address the above issues". If you can dig out our response it would be helpful ? At least my position as CEO is that we intend to solve the issues we can solve with the funding we have. As an example, we have always been interested in finding a solution to the "code attack". However the desktop app or code signing does not fully solve the issue as you still need to trust who builds the desktop app or signs the code, even when signed. Full trust requires audit of the code at every change. Can you name me one app that you can fully trust ? Have you audited it ?
I'm not saying improvements cannot be done and we'd love to do a desktop app but we have to choose our battles. We would still have to see if people install and use it ? Signal is a mobile app.. How many have it on their computer ? How many use slack instead ? (When a billionaire gives 100M$ to CrytpPad, we'll be happy to have our choices challenged compared to those of Signal). If one is listening our OpenCollective is here https://OpenCollective.com/cryptpad
We'd love to do more both for privacy and security and ease of use, but for that we need more funding.
Our belief is that privacy and security will be won again on the Internet step by step by getting users to any non BigTech tools including CryptPad and then improve them step by step. If we have the users, we have higher chances to have the funding to improve the tools.
Your vision seems to be more extreme and would likely fail to bring anybody to such a platform as it would lack ease of use (at least with the level of funding we have).
Until now, your criticism is not helping getting the users out of Google or Microsoft.
Ludovic, CEO of XWiki SAS