Send in your ideas. Deadline October 1, 2024
Help translate
More info available :
Theme fund: NGI0 PET
Start: 2019-04
End: 2019-04


Real-time collaboration with client-side encryption

Cryptpad is a secure and encrypted open source collaboration platform. The CryptPad teams project will fund the development of a number of group-focused features to Cryptpad. We'll improve our current implementation of encrypted shared folders to display the permissions possessed by team members for different documents. The capacity to remove a member from a group is difficult in an encrypted system, as the knowledge of encryption keys cannot be taken away once given. We'll implement key-rotation protocols, and develop encrypted mailboxes to facilitate the delivery of new keys to authorized members. The same mailbox system will enable the development of notifications, allowing users to request additional permissions for documents, to invite new members to a group or session, or to inform friends that a document has been updated. Teams organize in many ways, and with the technical components available we'll focus on interfaces which support different modes of coordination, whether the team is hierarchical or self-organizing. Overall, we hope to make it so that the most intuitive way to collaborate is also the most secure.

Why does this actually matter to end users?

Collaboratively writing a document together in real-time with others is still a bit magic. Someone else, perhaps on the other side of the planet, is typing something. And within a fraction of a second, the text magically appears on your screen. If you insert some text in the text just typed, this travels to all people you are in the session with. This amazing technology is the ideal companion for say an online meeting - everyone can contribute, and correct any flawed minutes without much effort.

For this kind of collaboration in real-time, there is a limited set of options in the market you can use. Most available services in the market like Google Docs, Microsoft Office or LibreOffice Online share one very undesirable characteristic: you need to fully trust the company running the service you use. Whomever has access to the servers used to connect everyone together, can read everything you have written - and deleted. That means that if you need to work on something confidential like an important contract, you may want to reconsider using the service. If you by accident cut and paste a password in the wrong window, you probably need to change it.

Especially if you write about sensitive topics like corruption, money laundering or state surveillance this open backend you cannot control is a really significant problem. If the server is located in another jurisdiction, you probably want to watch carefully what you write - you may inadvertently violate some laws you are literally unaware of.

Cryptpad is different: it is free and open source software you can run anywhere you want yourself. This means you can choose someone you really trust, rather than being forced to trust. But even better, CryptPad will make everything you do undecipherable to the outside world before anything is sent to the service to be distributed among all the participants. The infrastructure is consciously left ignorant of anything having to do with the content you write: it just diligently routes all the different contributions from you and your fellow collaborators across the internet. It cannot look inside the traffic. All of this is done without bothering the user. From a user perspective it works as any other application. That means CryptPad puts you square back in control. In the project, the researchers will make it more easy to work with CryptPad as a team rather than as an ad hoc group - adding advanced group management capabilities to the system. This will allow you to add and remove collaborators, and thus to improve operational security when you use the software intensively.

Run by XWiki SAS

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.