I tried cryptpad and it was good, with the main issue being inviting new users is really complicated. Users needed to register and then send their own "invite me" link, because the system encrypted their email address, so you can only use the link to invite them.
This turned out too complicated for normal people (ok for computer users)
The normal way to invite people to a CryptPad document is to give them the shared link. No need to register or involve emails. Then, they just need to follow the link and it should just work. CryptPad is specifically designed with nontechnical users in mind, because if you want something to be secure, it needs to be simple, and it is not desirable for privacy to be limited to technical users only.
Sorry I should have been more specific, I was trying to invite a user to a team (can't remember the right terminology) so that they could read and write into a directory, creating as many document as they wanted.
We are a small team of 5, but I'm the only tech-able person, other older users felt extremely disoriented.
Which is frustrating, because to me Cryptpad did everything we needed in a very, very secure way (all encrypted)
Note that you can also invite people by sending them a link to a document and then connect to them from the user sidebar. They don't really need an account to access documents.
The main reason for the lack of simpler invitation using email is that we don't really want users to give us the mail of other users to invite. This goes against the "privacy" we are promising users.
We are essentially a group of people (home-owner association but for condos, in Canada). None of these are tech people, they also might not own a computer, but just a tablet and a phone.
The main issue was trying to invite them to a team. I had all their email addresses already, because our main form of communication is email, but I had to go to them one by one and ask them for a link (ID? I can't remember) to give to me so that I could invite them.
Essentially, I get the privacy concern, but I already had all their email addresses, so it was protecting data and making a workflow more complicated, for a use-case we didn't have.
We even implemented links that can be used multiple times before an expiration date.
Concerning the privacy of emails, YOU had the emails, but the SERVER ADMIN does not.. To send an email from the server, the server would need to receive the emails in clear.
As a side note, when you invite somebody to a service by letting the service send the email, you are leaking their email to that service, so to be respectful of people's privacy, we should not send the invite without their consent receive first. I get that nobody does that and there is a sort of implicit consent and that the risks of misuse of the email ate low.. If we ever implement that feature we would have to show a warning.
I understand that, but in this case the server admin and myself were the same people, on my home server, so there wasn't anything leaking anywhere really.
That being said, this was about a year ago. Invite links that you can send manually by email and people can join the team would be more than sufficient, I don't need the system to send the email for me, I just need an invite link.
The problem was the reverse, I needed each user to send me an ID (I think it was an Id) so that they could be invited.
