I have been working on an essay about 'Personal Digital Infrastructures,' a concept of infrastructure that seeks resilience and durability for personal data at a level we typically only see in banks or state institutions. In other words, an infrastructure that can protect your personal data in the face of disasters such as big tech account cancellations, fund blocking, imprisonment, bankruptcy, death, etc. The flagship instance of Cryptpad is the service that comes closest to this idea of infrastructure. The free plan gives you 1GB of storage for files, which is more than enough to store essential data for the continuity of businesses, families, communities, etc. E2E encryption plus zero trust in a free tier is something that should be valued and used to our advantage. Cryptpad is a very powerful resource and should be more appreciated.
Cryptpad is all right though it locks you into Cryptpad. If you want to extract your documents you have to use their UI to decrypt them. What I am looking for is a document interface that works with Syncthing. Let syncthing handle the syncing and encryption.
<a href="https://elpa.gnu.org/packages/crdt.html" rel="nofollow">https://elpa.gnu.org/packages/crdt.html</a><p>is much more fun and, obviously, vastly more powerful.
I tried cryptpad and it was good, with the main issue being inviting new users is really complicated. Users needed to register and then send their own "invite me" link, because the system encrypted their email address, so you can only use the link to invite them.
This turned out too complicated for normal people (ok for computer users)
I think there are some issues with cryptpad, most significantly that documents which are shared via their share link (default way of sharing) will effectively be shared with Google, Apple, Microsoft, and so on. I think this is dangerous because some users may be under the impression that Cryptpad secures their documents from the prying of big tech's eyes, but since it's guaranteed that at least some document collaborators will be using those companies' browsers, and browser history is synced, the URLs (which contain the key to decrypt the document after the fragment) to any document which is shared with more than handful of cypherpunks will certainly end up shared with the main browser vendors<p>Additionally, they've failed to make some architectural and delivery decisions which would protect users from various attacks like a server compromise (for example, a server seized by an adversary may send malicious client code that conducts a document exfiltration), as well as document exfiltration via a malicious browser extension. Both of these can be mitigated somewhat by delivering the frontend as a desktop app or signed browser extension, and setting reasonable CSPs in the decryption modules. This is exactly the reason Signal doesn't offer a web app.<p>Cryptpad <i>does</i> offer the ability to additionally encrypt documents with shared passwords, and this offers a fair modicum of greater protection against document interception. But this isn't the default document mode, so I doubt most documents are password-protected in practice.<p>I did share all of the above with the Cryptpad team, and was told they don't intend to address the above issues, so I'd recommend against putting to much faith in them for the time being.
I really appreciate that the team hasn't rested on their laurels with just creating an encrypted cloud-based OnlyOffice wrapper and they've actively pushed I to the space of filling tool gaps. Their markdown files are a nice addition for a simple note that doesn't need to be a full Document.
There are other free instances available, for example cryptpad.digitalcourage.de is used by many people I know.<p>See cryptpad.org/instances for a list.
How does this compare with the French/German <a href="https://github.com/suitenumerique/docs">https://github.com/suitenumerique/docs</a> ?
Honestly my primary peeve with Cryptpad is the incredible load time... which is justified in scenarios of private documents, but completely unjustified in every single time someone shares a Cryptpad link with me which is certainly intended for public consumption.
After reading both the HN discussion and the testimonials on CryptPad's site, it's clear that privacy-focused collaboration tools are gaining traction. While some users prefer the flexibility of markdown-based workflows with tools like Obsidian and Syncthing, CryptPad seems to fill a unique niche for those who want a Google Docs-like experience without sacrificing privacy. The fact that you can collaborate in real time, share documents without accounts, and even self-host if needed, makes it a compelling option for teams and individuals who value both usability and security. I hope more projects continue to push the boundaries of privacy-first productivity!