Cryptpad is all right though it locks you into Cryptpad. If you want to extract your documents you have to use their UI to decrypt them. What I am looking for is a document interface that works with Syncthing. Let syncthing handle the syncing and encryption.
nout · 1h ago
One option for you that's half way there is to use Obsidian on top of markdown files and sync those with Syncthing.
Obsidian has many of the rich editing capabilities, especially when you install plugins. For plus points the files are very portable and there is (almost) no "vendor lock in" because it's all markdown textfiles.
sillyfluke · 4h ago
I came across cryptpad as cryptpad.cz but couldn't figure out who was behind it at the time. At least with this link you can get to at least one seemingly legit dev, which makes me take it more seriously. Is cryptpad.cz a fork of this or vice versa?
Tomte · 3h ago
CryptPad is developed by XWiki as a side project.
sillyfluke · 3h ago
Do you know of any publicized auditing done on the E2E aspect of it? Curious about that since it's part of the name and a prominent publicized feature.
lysace · 1h ago
I've been a heavy Google Docs/Sheets/etc user since they launched almost two decades ago (2006).
I've exported to structured formats a handful of times, out of thousands of documents.
CryptPad really should build this though.
misterdata · 5h ago
So, basically any local productivity tool, saving files in a synced folder.
While this works, Syncthing does not really provide anything for fine-grained collaboration or sharing (you only share full folders). Encrypted peers do allow storing files on a machine that you don’t have to trust.
righthand · 5h ago
I don't need anything from Syncthing for fine grained collaboration, the text editors do that.
andai · 3h ago
What are you looking for? I used to use Notational Velocity in an encrypted volume hosted on Dropbox, but I ended up switching to Obsidian for the mobile support.
righthand · 3h ago
I’m not actually looking, Syncthing solves 90% and I’m hard pressed to believe anyone needs live document collaboration outside of an office context that screensharing doesn’t already solve. Most of the time when everyone “collaborates”, only 1-2 people of the group are doing the typing.
No comments yet
colordrops · 4h ago
Also no easy way to import everything from Google drive.
aaravchen · 2h ago
You have to download everything in your Drive to your local system first, then unzip it all, but then you can upload the entire folder to CryptPad.
Google isn't going to make it easy for a competitor to transfer content, and I'd rather the CryptPad devs work on the product and not a feature users will each only use once at most.
The only annoyance I had was "converting" the uploaded files to the "native" CryptPad format. It doesn't actually have a different native type, it just seems to be a registering with the CryptPad internals which of its predefined types the file is (E.g. Document, Presentation, etc). And you don't have to do it for the file to open and edit just fine. But you have to open each file "as <Type>" from the right click menu, then save it back out and delete the "original" to convert it.
j45 · 1h ago
Onboarding is a big one time feature to get users to first value.
hmsimha · 5h ago
I think there are some issues with cryptpad, most significantly that documents which are shared via their share link (default way of sharing) will effectively be shared with Google, Apple, Microsoft, and so on. I think this is dangerous because some users may be under the impression that Cryptpad secures their documents from the prying of big tech's eyes, but since it's guaranteed that at least some document collaborators will be using those companies' browsers, and browser history is synced, the URLs (which contain the key to decrypt the document after the fragment) to any document which is shared with more than handful of cypherpunks will certainly end up shared with the main browser vendors
Additionally, they've failed to make some architectural and delivery decisions which would protect users from various attacks like a server compromise (for example, a server seized by an adversary may send malicious client code that conducts a document exfiltration), as well as document exfiltration via a malicious browser extension. Both of these can be mitigated somewhat by delivering the frontend as a desktop app or signed browser extension, and setting reasonable CSPs in the decryption modules. This is exactly the reason Signal doesn't offer a web app.
Cryptpad does offer the ability to additionally encrypt documents with shared passwords, and this offers a fair modicum of greater protection against document interception. But this isn't the default document mode, so I doubt most documents are password-protected in practice.
I did share all of the above with the Cryptpad team, and was told they don't intend to address the above issues, so I'd recommend against putting to much faith in them for the time being.
thecrash · 3h ago
Your problem statement is effectively "I want to share access to my documents very informally with people who don't care to have any security practices, but still keep them secure"
There's another way of sharing in cryptpad though, which is for each user to create an identity/account.
Once those you're collaborating with have accounts, documents and folders can be shared by granting access within cryptpad's UI. No secrets have to be circulated.
hmsimha · 1h ago
I've worked with a few orgs which have used cryptpad, and I'm sorry, but Cryptpad doesn't make it possible to share documents securely unless again, everyone in the org is able to follow security protocol to an exceptionally rare degree.
Even you seem to think sharing via identity somehow bypasses the problem, when in fact this just sends them a "notification" with a share link containing the same secret URL (not to mention, as far as I can tell, there's no way for them to add the document to their own drive, so if they want to access it later they either need to save the share link or find it in their notification panel under "notification history" which is super unintuitive).
And again, those secrets are stored in your browser history. In a group I was involved with, the workflow was to create documents and share them with others, or put the share link in a Signal group. Even if one were to try to tell everyone in the group that the link should only be opened in a browser that doesn't share its history with its vendor, clicking the link in Signal will happily just open it in which ever browser is configured as your system default anyway.
Cryptpad effectively gives you the rope and then ties it into the noose around your neck for you, while you're not looking.
Security theater is at best mildly dangerous in a more typical scenario where it's constructed around an application that isn't billed as a secure communication platform. When a tool advertised as user-friendly and privacy-enhancing is the subject of such theatrics, it's even more actively harmful because it instills a false sense of confidence. It would be like a safety helmet that explodes when the user grazes their head.
So to recap, if you care about big tech companies gaining access to your secure documents, the only way to use cryptpad in a remotely secure manner, in a group, is either by password protecting all documents with a strong password, or ensuring no one in your org ever opens a document in a browser with history syncing. And honestly, expecting the latter from 99% of groups that might use cryptpad is unreasonable, which is why I'm saying it's irresponsible of Cryptpad to even allow password-less document creation (without so much as showing users a glaring red danger notice beforehand).
The users are not primarily to blame for incorrect use of a software that's billed as privacy-preserving, when that software drops them off at the happy path and neglects to tell them, "by the way, we've booby-trapped the door to fire a footgun when opened unless you also turn the smaller knob on the far side with your other hand as you open it."
I realize the data exfiltration issues I mentioned are non-trivial to address (though by no means an immense project either), but I can't interpret the link situation as anything other than willful negligence, or worse, a honeypot; consider that users whose adversaries might include nation-state actors (for example, undocumented immigrants sharing resources with one another on how to access services while staying under the radar) are perhaps more exposed, because data brokers are more likely to deny state requests for data that can be seen as overly broad, whereas one specific type of data (browser history) on one domain becomes a pretty tightly scoped request.
rkagerer · 5h ago
...and any document which is shared with more than handful of cypherpunks will certainly end up shared with the main browser vendors
Can you suggest some best practices those cypherpunks can take to mitigate the weaknesses and use it in a secure fashion?
Eg. I don't sync browser history and tend to turn off other cloud-supported features (including "logging into" my browser).
hmsimha · 4h ago
Regarding the URLs containing the decryption key, of course a strong password is a big benefit here, but if you're not syncing history that could perhaps eliminate big tech from the loop (though you may also need to turn off all telemetry by your browser)
Using a browser without extensions installed would prevent against extension-based exfiltration.
The only way to prevent against a malicious server would probably be to build the frontend yourself and use it with the server (I haven't tried doing this)
aaravchen · 2h ago
I really appreciate that the team hasn't rested on their laurels with just creating an encrypted cloud-based OnlyOffice wrapper and they've actively pushed I to the space of filling tool gaps. Their markdown files are a nice addition for a simple note that doesn't need to be a full Document.
weinzierl · 4h ago
There are other free instances available, for example cryptpad.digitalcourage.de is used by many people I know.
See cryptpad.org/instances for a list.
dbbk · 2h ago
This looks awful, is it from the 90s?
ocdtrekkie · 5h ago
Honestly my primary peeve with Cryptpad is the incredible load time... which is justified in scenarios of private documents, but completely unjustified in every single time someone shares a Cryptpad link with me which is certainly intended for public consumption.
mupuff1234 · 5h ago
Why is this dubbed as an alternative to Google suite and not Microsoft suite? They even used the Microsoft icons.
george_perez · 5h ago
I think because it's web-based only, much like Google Docs and the like are. For my Cryptpad replaced Google Docs as a live-collaboration tool.
crtasm · 5h ago
While Google is mentioned in some of the user testimonials I don't think the submitter should have added it to the title here.
rspoerri · 4h ago
Realtime collaborative text editing is afaik something Microsoft is not doing.
FuriouslyAdrift · 1h ago
The webified version of Office goes back years. It used to be a free add-on to SharePoint and allowed up to 64 simultaneous users per document.
I believe the current Office 365 came from that codebase as it has similar features.
okanat · 2h ago
It is there with Office 365 and VS Code live share. They were among the first to make a complete and commercially successful coediting experience.
indigodaddy · 3h ago
Can you not effectively use it as such, however?
crimsoneer · 2h ago
When cryptpad was first launched, MS Office was very much a desktop product and Google was the web first collaboration platform. That's obviously because (a teeny bit) less true.
Obsidian has many of the rich editing capabilities, especially when you install plugins. For plus points the files are very portable and there is (almost) no "vendor lock in" because it's all markdown textfiles.
I've exported to structured formats a handful of times, out of thousands of documents.
CryptPad really should build this though.
While this works, Syncthing does not really provide anything for fine-grained collaboration or sharing (you only share full folders). Encrypted peers do allow storing files on a machine that you don’t have to trust.
No comments yet
Google isn't going to make it easy for a competitor to transfer content, and I'd rather the CryptPad devs work on the product and not a feature users will each only use once at most.
The only annoyance I had was "converting" the uploaded files to the "native" CryptPad format. It doesn't actually have a different native type, it just seems to be a registering with the CryptPad internals which of its predefined types the file is (E.g. Document, Presentation, etc). And you don't have to do it for the file to open and edit just fine. But you have to open each file "as <Type>" from the right click menu, then save it back out and delete the "original" to convert it.
Additionally, they've failed to make some architectural and delivery decisions which would protect users from various attacks like a server compromise (for example, a server seized by an adversary may send malicious client code that conducts a document exfiltration), as well as document exfiltration via a malicious browser extension. Both of these can be mitigated somewhat by delivering the frontend as a desktop app or signed browser extension, and setting reasonable CSPs in the decryption modules. This is exactly the reason Signal doesn't offer a web app.
Cryptpad does offer the ability to additionally encrypt documents with shared passwords, and this offers a fair modicum of greater protection against document interception. But this isn't the default document mode, so I doubt most documents are password-protected in practice.
I did share all of the above with the Cryptpad team, and was told they don't intend to address the above issues, so I'd recommend against putting to much faith in them for the time being.
There's another way of sharing in cryptpad though, which is for each user to create an identity/account. Once those you're collaborating with have accounts, documents and folders can be shared by granting access within cryptpad's UI. No secrets have to be circulated.
Even you seem to think sharing via identity somehow bypasses the problem, when in fact this just sends them a "notification" with a share link containing the same secret URL (not to mention, as far as I can tell, there's no way for them to add the document to their own drive, so if they want to access it later they either need to save the share link or find it in their notification panel under "notification history" which is super unintuitive).
And again, those secrets are stored in your browser history. In a group I was involved with, the workflow was to create documents and share them with others, or put the share link in a Signal group. Even if one were to try to tell everyone in the group that the link should only be opened in a browser that doesn't share its history with its vendor, clicking the link in Signal will happily just open it in which ever browser is configured as your system default anyway.
Cryptpad effectively gives you the rope and then ties it into the noose around your neck for you, while you're not looking.
Security theater is at best mildly dangerous in a more typical scenario where it's constructed around an application that isn't billed as a secure communication platform. When a tool advertised as user-friendly and privacy-enhancing is the subject of such theatrics, it's even more actively harmful because it instills a false sense of confidence. It would be like a safety helmet that explodes when the user grazes their head.
So to recap, if you care about big tech companies gaining access to your secure documents, the only way to use cryptpad in a remotely secure manner, in a group, is either by password protecting all documents with a strong password, or ensuring no one in your org ever opens a document in a browser with history syncing. And honestly, expecting the latter from 99% of groups that might use cryptpad is unreasonable, which is why I'm saying it's irresponsible of Cryptpad to even allow password-less document creation (without so much as showing users a glaring red danger notice beforehand).
The users are not primarily to blame for incorrect use of a software that's billed as privacy-preserving, when that software drops them off at the happy path and neglects to tell them, "by the way, we've booby-trapped the door to fire a footgun when opened unless you also turn the smaller knob on the far side with your other hand as you open it."
I realize the data exfiltration issues I mentioned are non-trivial to address (though by no means an immense project either), but I can't interpret the link situation as anything other than willful negligence, or worse, a honeypot; consider that users whose adversaries might include nation-state actors (for example, undocumented immigrants sharing resources with one another on how to access services while staying under the radar) are perhaps more exposed, because data brokers are more likely to deny state requests for data that can be seen as overly broad, whereas one specific type of data (browser history) on one domain becomes a pretty tightly scoped request.
Can you suggest some best practices those cypherpunks can take to mitigate the weaknesses and use it in a secure fashion?
Eg. I don't sync browser history and tend to turn off other cloud-supported features (including "logging into" my browser).
Using a browser without extensions installed would prevent against extension-based exfiltration.
The only way to prevent against a malicious server would probably be to build the frontend yourself and use it with the server (I haven't tried doing this)
See cryptpad.org/instances for a list.
I believe the current Office 365 came from that codebase as it has similar features.