Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Cryptpad is all right though it locks you into Cryptpad. If you want to extract your documents you have to use their UI to decrypt them. What I am looking for is a document interface that works with Syncthing. Let syncthing handle the syncing and encryption.


I'm from the CryptPad team.

We hope to be able to give an API in the future but there are a few concerns to allow sync tools to operate:

- server load and volume of data when syncing large volumes of data, especially for our flagship instance. CryptPad is currently used for realtime editing not for large data sync. We already host 6TB of data and it's unclear were that would lead us. - version compatibility with apps not upgraded to the latest version of the API

These are similar reasons that kept us away from federation.

Our team is small and already a lot of work. Hiring is limited by our funding.

Ludovic


I feel you, but Drive is borderline useless and I can't sell any potential users on "you put all your data here but documents go there (but it still looks like you could put other stuff here but that's an illusion) unless you manually export them and then everything gets weird" - I'll count myself lucky if I can finish the sentence before they renew their existing cloud service.


Drive might be 'useless' to you in it's form because you want more from CryptPad (more features in it, more local sync, more anything), but it is very useful to organize your docs that you work on in CryptPad. It also allows shared folders and so on.

What's interesting is that surveying our users did not show local sync as hugely demanded. Mobile access comes up the highest.


> What's interesting is that surveying our users did not show local sync as hugely demanded.

Well, obviously. I won't be an user until Drive actually does work the way its name implies.


Just sharing in case it's helpful to you. For someone like me, a feature rich API that can do nearly anything the UI can do is a major selling point and something that gets me to open my wallet. I am no doubt a niche case, but figured I'd share for what it's worth


We do believe having an API is valuable and a good selling point. It's also a great way to get an ecosystem to help us extend the product. Now it's also more responsibility to maintain compatibility. We want to be able to continue to upgrade services (in particularly cryptpad.fr). Apps using the API would need to continue to function or by security be locked out. This is a lot more work for the small team.

Ludovic from the CryptPad team


Hey Ludovic, just to give a shout of appreciation for your hard work over the years.

Keep rocking!


Thanks on behalf if the team.

Ludovic


Synching is for syncing your files across several devices of yours. CryptPad is for working with other people, possibly at the same time on the same document.

The tools donc comapte, the needs are very different, and you might find them both useful in different situations.

It seems to me syncthing simply doesn't need anything more, you just use the desktop application of your choice for editing your documents.

And yes, you are kinda locked into CryptPad if you don't export your documents as you go. The server not having your documents at a central place and all the documents having different decryption keys means it's hard to provide a simple "take out" zip export. I guess some automation tool accessing your browser profile could be built to help with this.


The problem is cryptpad pretends to solve the problem with its "drive", but it's just a (not very) fancy browser for your documents. I can't make a folder with a cryptpad document in it and also all the reference material I want to use. Or any other workflow that involves multiple kinds of files of different types. Manually copying over everything between cryptpad and syncthing is a consistency nightmare.


We never pretended the drive has local syncing. The drive is extremely useful for people to organize their documents inside CryptPad.

It is possible to create folders with any file types in it. Shared folders can be also created.

The workflow you describe with syncthing involves local synching.

We are not saying that syncing locally is not interesting. It's just a lot more work on top of the editor work, the online sharing, the e2ee, etc.. We work with the capacity we have. Also as I said, syncing opens the door to version compatibility issues, risks of mistakenly deleting data of your drive and high volume just for storage. This means for our hosting service (cryptpad.fr) management of much higher volumes. We are not even sure the 1gb free storage policy is sustainable for that use case. But we are working on a path towards this as we have plans for a CryptPad API.

Ludovic, from the CryptPad team


I've been a heavy Google Docs/Sheets/etc user since they launched almost two decades ago (2006).

I've exported to structured formats a handful of times, out of thousands of documents.

CryptPad really should build this though.


I had to export all of our documents and sheets out of Google Drive. I used something called Google Take Out, that packages everything and puts it somewhere where you can download zip files. It took a few days for it to be available. Except it didn’t do what it said it did. It didn’t export even half the files. I unpacked and compared with what was online.

In the end I had to download folders by hand. Took me half a day. And make sure they weren’t too big, because then it wouldn’t include everything.


I'm not sure which export you are talking about ? We have xlsx/docx/pptx import export (one by one).

What we don't have is local syncing with your computer.

Ludovic, from the CryptPad team


That's all I wanted. I'm sorry that I was misled to indicate that you lacked this.


One option for you that's half way there is to use Obsidian on top of markdown files and sync those with Syncthing.

Obsidian has many of the rich editing capabilities, especially when you install plugins. For plus points the files are very portable and there is (almost) no "vendor lock in" because it's all markdown textfiles.


I'm building a plugin for Obsidian called Relay that makes Obsidian real-time collaborative [0].

It isn't end-to-end encrypted (yet), but you can self host the document collaboration server on a private network (like tailscale).

If you're like me and you need real-time collaboration and privacy but e2ee isn't a strict requirement for your collaborative docs then you might enjoy it.

I also use Obsidian sync for e2ee device sync -- it is a fantastic product.

[0] https://relay.md


I love this setup. I've now synced between my phone and laptop, with a backup on a cloud server, and it deserved a post on my fledgling blog: https://blog.sahil.ink/obsidian-and-syncthing/


Or just use Obsidian's built-in E2E encrypted syncing.

https://obsidian.md/sync

But yeah, since it stores everything as flat markdown files, you can sync or archive your Obsidian docs folder with anything.


I came across cryptpad as cryptpad.cz but couldn't figure out who was behind it at the time. At least with this link you can get to at least one seemingly legit dev, which makes me take it more seriously. Is cryptpad.cz a fork of this or vice versa?


cryptpad.cz seems to be one of the many instances of CryptPad. I don't know who is behind.

CryptPad.org is the official website of the project (and cryptpad.fr an instance maintained by the original devs).


CryptPad is developed by XWiki as a side project.


I feel like side needs to be precised a bit. Although it admittedly doesn't generate nearly as much revenue as XWiki, several people are paid full time to work on it, and it receives public grants. It is an important project for XWiki SAS.

(I work for XWiki, on XWiki though)


Do you know of any publicized auditing done on the E2E aspect of it? Curious about that since it's part of the name and a prominent publicized feature.


I'm from the CryptPad team

There is our white paper on the security features of CryptPad: https://blog.cryptpad.org/2023/02/02/Whitepaper/

In terms of audits, we don't have the funding for formal audits but a couple years ago the European Community paid a bug bounty https://commission.europa.eu/news/european-commissions-open-...

We received some interesting reports but not as much on the cryptography than on web related issues

Ludovic


Thanks. Isn't vouching for other online instances a bit risky? Wouldn't you have to constantly verify the source is unmodified in an automated fashion for those instances you don't control?


Interesting point. We should add some warnings about this.

Ludovic, from the CryptPad team.


So, basically any local productivity tool, saving files in a synced folder.

While this works, Syncthing does not really provide anything for fine-grained collaboration or sharing (you only share full folders). Encrypted peers do allow storing files on a machine that you don’t have to trust.


I don't need anything from Syncthing for fine grained collaboration, the text editors do that.


What are you looking for? I used to use Notational Velocity in an encrypted volume hosted on Dropbox, but I ended up switching to Obsidian for the mobile support.


I’m not actually looking, Syncthing solves 90% and I’m hard pressed to believe anyone needs live document collaboration outside of an office context that screensharing doesn’t already solve. Most of the time when everyone “collaborates”, only 1-2 people of the group are doing the typing.


I'm from the CryptPad team

This workflow works for you ! Great !

Unfortunately, most users don't know how to setup the tools you are talking about. Additionally they end up having to share some document at some point or another. They end up with browser based tools and a shared server. Google most of the time for individuals. Most users want their data in one place for all use cases.

Network effects make it so that only tools that allow you to invite anybody to your document (guests without accounts included) end up gaining traction. Desktop apps might be able to achieve this using some web proxy so who knows, it might change in the future.

Our goal at CryptPas is to make it familiar for them to move from Google while having e2ee here to protect their privacy, which also gives them a reason to switch

The more people can get out, to any open alternative, the more alternatives can then decide to fight each other.

In the mean time, we should not try too much to get the rest of the world on our own workflow, just let all the different approaches strive.

BTW maybe CryptPad's API ( https://github.com/cryptpad/cryptpad-api-examples ) could help you solve the case where you do need to edit a document collaboratively from your computer. Would you be interested in a tool allowing to create a session for editing with CryptPad allowing to sync back changes or save the end result back to your computer ?

Ludovic


Also no easy way to import everything from Google drive.


You have to download everything in your Drive to your local system first, then unzip it all, but then you can upload the entire folder to CryptPad.

Google isn't going to make it easy for a competitor to transfer content, and I'd rather the CryptPad devs work on the product and not a feature users will each only use once at most.

The only annoyance I had was "converting" the uploaded files to the "native" CryptPad format. It doesn't actually have a different native type, it just seems to be a registering with the CryptPad internals which of its predefined types the file is (E.g. Document, Presentation, etc). And you don't have to do it for the file to open and edit just fine. But you have to open each file "as <Type>" from the right click menu, then save it back out and delete the "original" to convert it.


Onboarding is a big one time feature to get users to first value.


True.. Now for "first value" we have "create a pad in one click to work with your friends", also 1gb data for free.

There is Google Takout + Folder import to do mass imports.

There is work possible to improve but also through the browser it's tricky to make large volume imports reliable. Best path is an API which would also allow backup tools and down the line local syncing.

Overall for people wanting more of CrytpPad, think about donating on OpenCollective https://OpenCollective.com/cryptpad

Ludovic from the CryptPad Team




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: