I came across cryptpad as cryptpad.cz but couldn't figure out who was behind it ...

jraph · 2025-05-09T22:06:49 1746828409

cryptpad.cz seems to be one of the many instances of CryptPad. I don't know who is behind.

CryptPad.org is the official website of the project (and cryptpad.fr an instance maintained by the original devs).

Tomte · 2025-05-09T16:19:57 1746807597

CryptPad is developed by XWiki as a side project.

jraph · 2025-05-09T22:16:52 1746829012

I feel like side needs to be precised a bit. Although it admittedly doesn't generate nearly as much revenue as XWiki, several people are paid full time to work on it, and it receives public grants. It is an important project for XWiki SAS.

(I work for XWiki, on XWiki though)

sillyfluke · 2025-05-09T16:31:25 1746808285

Do you know of any publicized auditing done on the E2E aspect of it? Curious about that since it's part of the name and a prominent publicized feature.

ldubost · 2025-05-10T00:39:01 1746837541

I'm from the CryptPad team

There is our white paper on the security features of CryptPad: https://blog.cryptpad.org/2023/02/02/Whitepaper/

In terms of audits, we don't have the funding for formal audits but a couple years ago the European Community paid a bug bounty https://commission.europa.eu/news/european-commissions-open-...

We received some interesting reports but not as much on the cryptography than on web related issues

Ludovic

sillyfluke · 2025-05-10T14:48:15 1746888495

Thanks. Isn't vouching for other online instances a bit risky? Wouldn't you have to constantly verify the source is unmodified in an automated fashion for those instances you don't control?

ldubost · 2025-05-12T05:34:54 1747028094

Interesting point. We should add some warnings about this.

Ludovic, from the CryptPad team.