Funding CryptPad

CryptPad started as a novel idea:

provide a means for people to collaborate on the web, without their data being exposed to the server that connects them

Since its conception as one developer’s hobby project, this idea has grown organically into a team of core developers, a community of contributors, and a growing number of people who collaborate with CryptPad every day.

How we’re able to do this work

CryptPad is a part of the OpenPaaS-NG project, which is funded by BPIFrance. As mentioned in our April 1st post, this funding only applies to 50% of our expenses. I joked that the other 50% was being covered by our new partners (the NSA), but in fact, the remainder is still covered entirely by XWiki SAS.

We have a fair amount of autonomy when it comes to deciding what features we will develop. With that in mind, however, there are some long term goals that come as a part of OpenPaaS, some that stem from XWiki, and some that come from feedback from our userbase.

We recognize that however people’s goals may differ, ultimately everyone with an interest in the project would like to see it continue to receive attention.

By operating as part of an established company that has a history of building open source software, we’re able to leverage experience and resources that would not be as readily available if we were to attempt to build the same thing in our free time. Our ability to solicit research funding means that individuals who wish to see the project prosper are not solely responsible for its livelihood.

Since the OpenPaaS-NG project is only funded until 2019, we’ve been searching for other means of funding. Until 2019, any additional revenue would serve to ease the load on our employer. We hope that by the time the project finishes, we will have solidified a stream of income which is stable enough to make CryptPad entirely self-sustaining.

Our new funding strategies

Many of the largest web companies operate by offering free services to anyone who wants to use them. They offset the costs of these services by selling user data to whoever will buy it, or by selling ad space to anyone who wants to sell to their market.

We’ve chosen not to pursue either of these options. Instead, we want to appeal to those who value the work we’re doing, and provide options for supporting it, so that we can continue to improve CryptPad. We’re willing to bet on a trend that other privacy-conscious enterprises have demonstrated, that people are willing to pay not to be a product themselves.

To be perfectly clear, we will continue to develop our code in the open. Anybody who wants to install CryptPad for themselves will still be able to do so. Additionally, the features CryptPad now offers will continue to be available under the current terms. Going forward, however, we will offer certain additional functionality as premium features. hosts an ever-increasing amount of data. So far, this hasn’t been a concern, but as more people take interest in the project this won’t be something that we can sustain.

In many cases, people create a pad as a test of the software, and forget about it once they understand how things work. In other situations, people use CryptPad to collaborate on reports, code, or presentations. At some point, those projects are finished, and those documents are forgotten.

To address this problem, we’ve implemented pinning, which is a way of telling the server that you want a pad to continue to be available. Anonymous pads, that is, those which aren’t pinned by a registered user, are liable to be removed after 90 days of not having been read or modified. We believe this time is sufficient to distinguish valuable information from that which is safe to remove.

  • Pinning will only be available to registered users.
  • Pinning will take effect following our next release, on April 25th, 2017
  • Everything that is in your drive will be automatically pinned.
    • new files will be pinned once you add them to your drive
    • removing a file from your drive’s trash will unpin it
  • Unpinned files which have not been accessed for at least 90 days will be removed
    • effective July 24th, 2017 (90 days from April 25th)
  • Registration is free, but we plan to offer users a limited amount of storage space for pinning.
  • For additional storage, you’ll have the option of paying a modest fee for an increased quota.
  • We’ll have more information about pricing soon.

Support contracts for private installations

If you’ve decided to host CryptPad yourself, we fully understand. Like you, we use free software, and know the benefits of taking responsibility for your own infrastructure.

If you’re using CryptPad to host critical information, however, you might consider purchasing a support contract. We’re still figuring out the details of our support contracts, however, this approach has proven to be of valuable to XWiki’s many customers in the past. You can see an example of XWiki’s pricing here.

If you plan to use CryptPad for your business, consider that it might be more time and cost effective to have us install and configure everything than to learn to administrate it on your own. Otherwise, if you find that you’re comfortable setting everything up in a basic configuration, but you’d like help configuring your server to behave in a special way, we’ll be there to help.

If there’s a particular feature you’d like to see implemented within CryptPad, we’re able to dedicate development time to build it into the software in the best way possible.

Sponsored development allows us to build features to suit particular users’ needs. By integrating those features into the official, open source version of CryptPad, we ensure that they will be used by as many people as possible. This helps us refine those features to be even more useful for you, and ensures that they will continue to be supported well into the future.

What’s next

Since we announced our bi-weekly release schedule, we’ve tried to make sure that each release contains an exciting feature. This time around, we’ve had to set some time aside to implement pinning, as well as code for reporting the size used by any one user’s drive. We realize this isn’t especially interesting for most of you, but it will be necessary for some more advanced features which we hope to share with you soon.

By providing a quota system for our registered users, we will be able to offer encrypted file upload capabilities. You’ll be able to upload images, and embed them in presentations and pads, a process which has been somewhat difficult so far. Our decision to limit users’ upload capacity is intended less to make a profit, and more to limit abuse.

We recognize that disk space is getting cheaper all the time, and that cloud hosting services will be able to offer more competitive pricing. Our aim isn’t to compete with the giants in the cloud industry, but simply to finance our ongoing research into privacy-friendly collaboration. There is still much to do, but working together, we can accomplish great things.

What is Zero Knowledge

We have gotten a lot of questions about the concept of Zero Knowledge, the vision and ethics as well as the exact meaning.

  • What is Zero Knowledge?
  • How can encryption in the browser be secure?
  • What about metadata?
  • Most importantly: How to know if a service is Zero Knowledge?

I wanted to write a blog post to clarify what Zero Knowledge is all about. Zero Knowledge has two meanings, it can refer to a Zero Knowledge Proof, an obscure mathematical construct with few real-world uses but it can also refer to something with a very real-world meaning: web services which encrypt your content so that they themselves cannot read it. You may be wondering how this can be secure when a web administrator can quietly change their site to an unencrypted version at any time. This is a real problem, there is currently no way to verify the content (and code) of a website, but we need not despair. Even though we cannot prove that a website is secure, we can check that they are promising to make themselves blind to your content and they make that promise knowing if break it they might get caught.

Security is probabilistic

Consider the security software you use every day such as your web browser with HTTPS, your phone and your computer’s operating system. Have you ever stopped to check that software for “backdoors” (intentionally inserted which break your security)? If you have then you are one of the tiny group of heroes who dedicate their time to making the world a bit more robust and I salute you for it. If you’re like the rest of us, you just hope that the authors of that software were honest enough and protective enough of their reputations to avoid inserting a backdoor when it means potentially getting caught. Zero Knowledge is based on the same logic, just as software makers can surreptitiously add a backdoor to their software, Zero Knowledge websites can serve a backdoor to the user. However, just as software makers who insert backdoors in their software risk getting caught, Zero Knowledge web app providers who insert backdoors in their website also risk being caught.

The metadata question

Metadata is a serious issue. Former CIA director Michael Hayden said of the agency: “We kill people based on metadata”. I don’t want to belittle the importance of data which is not the actual content, but at the same time we must recognize that there is a huge uphill climb fix this issue. While the CryptPad project tries not to collect metadata when it can be avoided, we also recognize that other cloud providers may collect more or less metadata than us in order to provide their services. Fundamentally, we accept that a service qualifies as Zero Knowledge as long as the content is protected from the server operators. We are committed to studying ways to develop new, more secure solutions to the metadata issue but the spirit of Zero Knowledge is about more ethical solutions which are immediately actionable.

How to know if a service is Zero Knowledge

Zero Knowledge is about trust, nobody can read over and verify all of the code of all of the Zero Knowledge services available, but there are some heuristics which you can use when choosing a service.

1. Is it primarily Open Source ?

Services which are primarily Open Source are easier to evaluate both for accidental security mistakes and for potentially nefarious behavior. Furthermore, when a company commits their software to Open Source they make a statement that they are in the business of being an ethical provider for the long term and are not just riding the wave of a popular term.

2. Were you warned about losing your password ?

True Zero Knowledge services must protect your data from themselves using something you know and they don’t, such as your password… In the event that you lose your password and you are using a true Zero Knowledge service, your content will be inaccessible to you and to the service - the locks that keep them out will keep you out as well. Check for this warning.

3. Does it claim to be Zero Knowledge or End-to-end Encrypted ?

This is perhaps the most important question, because when a service provider makes the public statement that they are Zero Knowledge, they show they are prepared to risk their reputation if they are discovered to be storing your content in a way they can access. Some Zero Knowledge providers prefer the term End-to-end Encrypted which has gained significant popularity with messaging apps. There is no functional difference between a Zero Knowledge application and one which advertizes End-to-end Encryption.

Talk to us

CryptPad is developed by a team of 3 people with generous financing from BPIFrance through the OpenPaaS::NG Research Project. Our mission is to make Cloud Computing more ethical by promoting Zero Knowledge Cloud Services and show young entrepreneurs that it is possible to make a living while being ethical with peoples’ data. Meet us in our IRC/Matrix channel on Freenode and at:

Security growing pains

Update: The issue mentioned in this blog post was assigned CVE-2017-1000051 by Distributed Weakness Filing, thanks Martin Gubri for applying for the number.

To sum things up:

  1. Martin Gubri volunteered to help us with security testing and found multiple XSS vulnerabilities
  2. We learned things and improved our security in multiple ways and we have plans to build even further improvements
  3. Update all the things

Exactly what happened

Late Tuesday night after work, I got an email from Martin Gubri telling me that he had found multiple XSS vulnerabilities in CryptPad. This is not fun news for anybody, but as the browser stores encryption keys, it is especially bad news. I want to reiterate what I said in our first blog post, CryptPad is just a regular web app but with provable ethics, it is not designed to provide military grade security.

Though we could have waited until our next release to fix this issue, we decided that we could not feel good working on new features while knowing about an issue which could harm our users. However, we wanted to fix the systemic issue which caused XSS to be possible in the first place, not just the symptoms which we became aware of.

CryptPad uses a modern web feature called Content Security Policy to prevent attacks such as this one. Content Security Policy allows a web server to mandate that javascript can only be loaded from domains which are explicitly authorized. Unfortunately, CKEditor makes heavy usage of inline scripts (scripts which are written directly into the HTML file), so we had made an exception for inline script which represents the most common type of XSS. When Martin did a review of our application, he found multiple places where we had not been properly escaping HTML content and sadly all of these were attackable despite our Content Security Policy.

How we reacted

For me, a security bug does not come alone, it is always the result of multiple failures at different levels. Zero Knowledge is about resilient software for resilient society and we allowed ourselves to rely entirely on proper escaping.

On Thursday, March 6th, 2017, we deployed and released a set of patches to our previous Bunyip release, which we’re calling 1.1.1 Bunyip’s Revenge. This not only sanitizes XSS in places where we know about but it also implements a strong Content Security Policy everywhere except inside of the CKEditor iframe, which insists on injecting script tags.

It is important to upgrade as soon as possible because XSS attacks can potentially give an adversary access to all of your pads. If you’re using on the website then there’s nothing you need to do, everything is fixed.

Moving forward

We want to find and pioneer better ways of protecting your data on CryptPad. We also hope to foster a whole movement of Zero Knowledge web services which feature layered security, protecting users from external threats as well as the mistakes that developers are sure to make.

Spurred on by the revelation of our own errors, we have reinvigorated a conversation about moving each of the apps such as CKEditor into a sandboxed iframe where they would be unable to access any of the cryptographic keys or other pads. This introduces some difficulty on our end, as we want to provide a resilient platform while making Zero Knowledge an approachable subject for web developers.

Finally I would like to also publically thank our friend kpcyrd for finding another XSS issue back in early December of 2016, before we had official releases or a blog where we could give him credit for his work.

Announcing biweekly releases

When I joined the research team at XWiki a little over a year ago, CryptPad was very much an experiment. We had ideas of what we wanted to accomplish, but we didn’t know whether it would work at all, let alone how we were going to get there.

We’ve come a long way since then. Having proven that zero knowledge, real time collaborative editing in the browser was possible, we’ve been thinking about an even more difficult task:

How do we make this something that anybody can use?

How we’ve gotten here

We’ve built CryptPad from a number of small pieces. In some cases, we were lucky enough to find existing software libraries which solved our problems. We love when this happens because it keeps us from having to reinvent the wheel, leaving more time for unsolved problems.

When you try to build something that nobody has built before, however, you run into problems that nobody else cares about. We’ve had to build a lot of our own components, and some of them have been incredibly complicated.

Some bugs only become obvious under very odd circumstances, when users with different browsers do very specific sequences or combinations of actions. Our growing userbase has been critical in helping us to identify these kinds of issues, and things have been improving steadily.

What we’ve learned

Our longest delays have come from working on tough problems that managed to get tangled up with smaller bug fixes, which kept them from reaching our users. At the end of 2016, however, most of these big, complicated issues were coming to a close. Our team took some much-needed vacation time, and upon returning we started working to release and deploy a tagged version of our codebase.

Our newest features went live to on Tuesday, the 14th of February. Some of them are big enough that we’ll probably dedicate entire blog posts to them, but the release notes are on GitHub.

Our new release policy

In the interest of getting feedback from our users more quickly, we’ve decided to adopt a two week release cycle. We’re going to focus on delivering features that directly improve your experience.

The live site will run code from our latest master branch, while the upcoming release will be on the staging branch.

Each release will come with a set of notes detailing what we did, and known issues that didn’t quite make it into that version. We’ll work on getting those issues fixed in the following cycle.

Whenever we deploy these big updates, we’ll announce when we expect the next one to arrive. Since we started on a Tuesday, we expect to deploy again on Tuesday, February the 28th, 2017.

Codenamed releases

Since it’s difficult to remember versions of the software if they have names like 1.0.0, we’ve decided to give each one a more memorable codename. With there being 26 letters in the Latin alphabet, and 26 two week releases in the year, we started looking for alphabetical lists from which we could choose names. We didn’t look for very long until we thought of Cryptids

an animal whose existence or survival is disputed or unsubstantiated, such as the yeti

We quickly settled on picking a name from this list every two weeks, starting with the letter A, and proceding through the alphabet. For version 1.0.0, we went with Agogwe.

There won’t necessarily be much significance to the name we choose, but we hope that nobody will worry if we choose a particularly frightening cryptid for a given release. Some of the code is bound to be difficult and scary to write, but we want your experience to be as easy as possible.

As always, if you have any feedback you’d like to share, we want to hear it! Contact us and let us know how you use Cryptpad.

If you aren’t using CryptPad yet, give it a try at!

Time to Encrypt the Cloud

From typing a business letter to taking pictures with friends, the internet has changed every part of our lives. We don’t just share information with people, we also want it synced across our computers, tablets, and phones.

Modern technology allows us to do this, but it does so by sending all our data to the Cloud.

A lot of what we think of as the Cloud is owned by multinational corporations like Google. Though they may seem like innocent custodians of our data, behind the scenes they are often using it to target us with advertising.

There is little that one person can do

Terms of service are long, vague documents which usually don’t address knowledge derived from your data. More sinister: you can never really know if they’re cheating. Ad networks don’t tell you how they know or even what they know. They just show you ads, based on what they discovered about you… somehow.

What’s your personal information worth?

  • Normally $0.0005 - $0.0021 per person
  • Pregnant in your second trimester? $0.11 (52 times as much)
  • Have a specific health condition? $0.26 (123 times as much)

This is only going to get worse. Artificial Intelligence technology is maturing and Silicon Valley is using it to derive even more value from _us_, its most valuable products.

The result of this will be a veritable weapon of mass manipulation. The tragedy is, manipulating people to get what you want is not that complex. We don’t need to wait for the AI singularity, all we need is a deep mind with the cleverness of a spoiled 5 year old.

All data, over time, approaches deleted, or public.

–Quinn Norton

While we must seek to use services with ethical foundations, we must also recognize that once we give up our data, we are at the mercy of economics. Companies which don’t extract maximum value from our data will eventually be acquired by those which do.

Zero Knowledge

Fortunately we don’t have to go back to the typewriter age. Using basic cryptography, the cloud can make information available across your devices without being able to read the data which it stores.

We do this by adding a hash character (#) to a link. By design, browsers don’t share anything after this character. That means we can share encryption keys just by sharing links. Furthermore, a username and password can be made into a secret key which allows a person’s private data to be kept encrypted using their login credentials.

How do we know you’re secure?

Zero Knowledge web apps are not intended to make you secure, they’re intended to be provably ethical. This cannot be overstated, for too long we have been forced to choose between “James Bond” security protocols which are too difficult to use, and slick web apps which monetize your data.

Our promise to you is that our business model is not to spy on you, and it never will be.

We hope that the security community will join us in building user-friendly, Zero Knowledge services. Privacy is a social problem as much as it is a mathematical one, and it is time we take that seriously.

What we’re going to do

We are going to show the world that web apps can be elegant and usable while still respecting privacy in a verifiable way. We cannot easily prove that we’ve never collected any data but we can prove we’re not doing it systematically.

To start off this conversation, we have developed CryptPad, the first ever Zero Knowledge Realtime Collaborative Editor. We are aiming to make it the most user friendly, most productive collaboration tool available, and still Zero Knowledge.

Finally, we have chosen to make the CryptPad project Open Source. We did this not only because Open Source is in our culture, but also because we want Zero Knowledge web apps to become the universal standard.

The plan in four steps

  1. Develop the most user friendly collaboration tool available which is also Zero Knowledge.
  2. Use this tool to explain the problem and show that an alternative is possible.
  3. Open Source the work we do so that others can also build Zero Knowledge apps.
  4. Foster a culture where privacy by default is a baseline expectation.

How you can help

  • Use CryptPad and other Zero Knowledge services evey day, tell us what you like and what we can do better.
  • Show your support: Buy an upgraded account (coming soon) from us, the people who are developing the code.
  • If you install the Open Source code of CryptPad on your own servers, consider buying a support contract.
  • Talk to your friends and colleagues about Zero Knowledge, show them CryptPad and explain that this is what the cloud can be.
  • If you’re a web developer, think about Zero Knowledge for your next web app.

Other Zero Knowledge Services

Open Source


While we value Open Source, the need for Zero Knowledge Cloud is paramount and we respect the decision of some organizations to keep parts of their codebases proprietary.

An important one which we forgot? Get in touch!


  • August 9, 2017, Wire is now fully Open Source, yay