Who’s NGI: Aaron MacSween presents CryptPad, the encrypted collaboration suite

CryptPad is a suite of private-by-design collaboration tools. You can use it to share rich text, spreadsheets, polls, presentations, whiteboard functions and code.   In the current health crisis linked to the COVID-19 outbreak, CryptPad supports remote working. The storage limit for all registered users is increased to 1GB until further notice. Registration is free with no personal data required.

Aaron MacSween explains the origins of CryptPad and the latest developments.

CryptPad is developed by XWiki SAS, a French company with more than 15 years in business producing open-source knowledge management software. I moved from Toronto to Paris in late 2015 for a chance to work on the project. At the time it was mostly a prototype: a multi-user text editor with a basic layer of encryption to prevent the server administrator from being able to read users’ documents. We have had a few team members join and leave over the years, but my colleague Yann Flory and I have been developing the software pretty much full-time since then. More recently we have welcomed David Benqué to the team as a design and ergonomics specialist.

Did you have a concept of your final project idea or did it evolve during the process?

In the early days of the project XWiki was mostly interested in adding our real-time editing functionality to its flagship product. We built everything to run mostly on client devices, partially because it meant a relatively low-resource server could support many users, but also because it was compatible with the layer of encryption that has since become our most notable feature. It was not clear that we would be able to go as far as we have in the early days of the project. It may have helped that I did not know many people when I first moved to Paris, since a lot of the features in CryptPad started off as weekend projects.

Our collaborative editing technology is packaged as an extension for XWiki, albeit with the encryption turned off, but our two products now serve very different use-cases. The wiki software is used for community and corporate intranets as a knowledge base, where search and discoverability are critical for employees to access information. We have similar goals, but we approach it from the opposite direction, making private editing the default while allowing for users to share on a need-to-know basis.

A lot of it comes back to the chilling effect of surveillance, the effects of which has been studied in social media and messaging tools. Our goal is to provide a private alternative to proprietary collaborative tools where people can feel comfortable writing freely. That goal has not changed much, but it has been taken in unexpected directions based on user feedback.

Where does your passion for this subject originate?

The Arab Spring was a big turning point for me. I had been interested in software for some time before that, but I really started diving deep into free software, distributed networks, cryptography, and their relationship with power structures. I have a huge backlog of side projects I would love to explore once we get CryptPad to the point of being self-sustaining.

How did the NGI project support your idea?

NGI has been extremely supportive of our work. In early 2019 we were recognized with the NGI award for Privacy and Trust-Enhanced Technologies, and soon thereafter we received our first NGI grant from NLnet as a part of their NGI Zero: Privacy-Enhancing Technologies (PET) project. Since then we have been awarded two follow-up PET grants which we are actively working on as well as another grant from NGI TRUST.

Having now met and worked with several members of the community, I have been really impressed by the extra attention devoted to ensuring that projects have a lasting impact. NLnet referred us to a number of third-party experts in accessibility and security, resources which help us to succeed as a small business while also ensuring that the public funding we receive goes on to benefit as many members of the public as possible. Beyond this, we have been introduced to a number of cool projects with similar philosophies. There is a lot of really amazing work being done by bright people in Europe and internationally, and it is inspiring to be a part of it.

How is your project supporting remote working during COVID-19 and what is the impact of the current situation?

My wife’s career required the two of us to relocate out of France late in 2019, and so our development team had already transitioned to remote work in advance of the COVID19 pandemic. As prepared as we were to use CryptPad while working from home, we were not quite ready for the number of people that suddenly had to do the same. Daily usage of our instance at CryptPad.fr has quadrupled in the last few months, and many system administrators have set up their own instances for their own businesses and communities. We have reacted by increasing the default storage limit for free users from 50MB to 1GB and improving our server software and infrastructure to handle the increased load. Of course, more users usually means more bug reports and support tickets, so we have been very busy!

Will you be taking the idea further when the support from NGI is over?

We are definitely going to keep going. Our plan is to keep our costs low and transition from relying on grants to sustaining development with revenue from subscriptions and donations, which should happen within two to three years at the current rate. In the meantime we are very proud to be an NGI project!

For more information about CryptPad: https://cryptpad.fr/