May 2021 status: Communities wrap up and initial work on Forms

This month we released CryptPad 4.5.0, featuring the public debut of the Calendar application that was in beta since 4.4.0.

We reached a couple of milestones this month with over 100K registered users on cryptpad.fr, the end of the Communities project, and the start of Interoffice (DAPSI).

The calendar application shown in dark mode, now ready for public use!

Wrapping up the Communities project

Besides Calendars, CryptPad 4.5.0 also introduced restricted registrations for administrators who want to limit access to their instance.

On the documentation side, version 4.5.0 was in fact the first complete release with all three guides: User, Developer, and the new Administrator guide with instructions to install and maintain a CryptPad instance in production. Additionally, admins can now check that their installation is complete and well configured with an improved /checkup/ page.

The documentation GitHub repo remains open for feedback and/or contributions, and please see Weblate for translations of the User Guide (note that the developer and admin guides are in English only to keep translation of the user guide manageable).

Restricted registrations and the admin guide were the remaining two deliverables for the Communities project. For a summary of all features implemented for this project over the last few months, visit our public roadmap and filter with the “communities” tag.

While we are on the topic of wrapping up projects, Aaron took part in the 6th NGI TRUST Results Webinar and summarised our work for that project which we completed last February

Preparations for Forms

With some projects completed we can now turn another major milestone ahead: the Dialogue project and a new app: Forms. This will allow for the creation of surveys and questionnaires with use-cases ranging from finding a meeting date to conducting research in a secure and private manner. We are only in the initial stages of development but once completed the Forms app will gradually replace our current Polls and their many shortcomings (such as anyone being able to modify anyone else’s answers). If you use Polls currently, rest assured that the new app will provide the same functionality and more. The migration strategy remains to be finalised but existing Polls will remain available through the transition.

Coverage

Finally, the team took part in a couple of events this month. Ludovic Dubost was interviewed about INTEROFFICE, our upcoming project as part of the DAPSI grant.

CryptPad was featured as part the of the 3rd Workshop on Obfuscation, a fascinating online event running on open-source software. We presented the poster below in the exhibition space. Click for the PDF version.

The CryptPad poster presented at the workshop

April 2021 status: Calendars and a major new research project

This month we released CryptPad 4.4.0, and 4.5.0 is just around the corner. From a user perspective, these two releases bring some major new functionality in the form of a calendar app. We have also made some improvements for instance administrators by introducing instance-wide “broadcasts”. Finally there are some exciting things on the horizon as we have secured funding for a new research project.

Calendar

The new calendar app made its debut as a BETA preview in 4.4.0 and will be fully released in 4.5.0. This application is not directly funded by any of our current research projects, but rather makes the most out of the Dialogue project funded by NLNet/NGI Zero. For Dialogue, we have planned a full re-write of our current Polls app as well as a new Survey app (see our roadmap for more details). Both of these include a Reminders API to notify authors, for example when surveys are completed. Rather than limit this API to the upcoming apps, we took this as an opportunity to bring full calendar functionality to CryptPad. When it is released, the calendar app will include the following features:

  • Creation of calendars and events for CryptPad users and teams.
  • A typical calendar UI with month, week, and day views, drag and “resize” events, etc thanks to Toast UI.
  • Sharing calendars similarly to any other CryptPad document (access rights, sharing with contacts, via a link, etc).
  • Import/Export of .ics files for interoperability with other calendar apps.
  • Setting reminders for events, and receiving reminders as CryptPad notifications.

A beta preview of the calendar application

We are aware that some features are missing, such as recurring events. This is likely to generate some “feature request” messages from users that we will have no funded time to address. However our hope is that this initial feature set still brings enough benefits to CryptPad users on the whole to make it worthwhile.

Admin Broadcasts

Another part of the Dialogue project is to enable administrators to broadcast messages to all users on their instance. This is now possible as of version 4.4.0, with the following use-cases available in the Broadcast tab of the Administration panel:

  • Maintenance: to notify users of planned work that may disturb their use of the platform. Admins enter a start and end time and users receive notifications prior and during the planned maintenance.
  • Survey: to direct users to a survey via an external link. Admins enter the survey URL and users receive a notification and a survey link in the user menu. Users of cryptpad.fr can make use of this with our new survey to gather feedback on their usage.
  • Custom message: to send any message as a notification to all instance users. The message can be translated in all languages available on CryptPad, and will be seen by new users registering as long as it remains active.

Instance administrators are set to receive more support as we wrap up our Communities project. The last of our 3 documentation guides will cover instance installation and administration, and the only remaining feature of the project will allow admins to restrict registration on their instance.

While we are on the topic of administration, we have added one line to the example Nginx configuration for CryptPad.

1
+ add_header Permissions-Policy interest-cohort=();

This opts the instance out of Google’s FLoC network, we encourage all administrators to make this change.

INTEROFFICE for DAPSI

Finally, we are delighted to announce that we have secured €100K in funding from the NGI Data Portability & Services Incubator (DAPSI). Our project is called INTEROFFICE: INTER-operable Office File Formats Integrated with Client-side Encryption.

Our focus in this project will be to develop solutions for converting documents to/from popular office formats (.xlsx, .docx, .odt, .csv, etc). There are, of course, already solutions to this problem but none that operate solely in the browser which makes them unsuitable for CryptPad. Our experience with .xslx import/export in CryptPad Sheets has been useful to us in scoping out this space, and in confirming how lacking it currently is. Our goal with INTEROFFICE is to bring multi-format document conversions to the client, and to CryptPad, which we hope will:

  • Address a common barrier to the adoption of CryptPad (unsupported office formats).
  • Make it easier for users to retain local copies of their documents, integrate them in broader office workflows, or simply leave the platform with their data.
  • Make CryptPad more versatile and useful.
  • Make it easier for anyone else working in this space to do client-side document conversions since we plan to release this work as open-source modules.

We are excited to start work on this, and will use future monthly status posts to keep everyone updated on progress.

March 2021 status: Public roadmap and Spreadsheet updates

This month we released two versions of CryptPad, 4.2 and 4.3. Both improved CryptPad’s stability and performance:

  • Version 4.2 saw Offline mode extended to Teams, shared folders within teams, and files. Summary on Mastodon
  • Version 4.3 focused on improving “intensive” use cases, defined as 1200+ concurrent viewers on the same document, or 10+ editors all writing at once. Summary on Mastodon

In this status we’ll focus on long requested updates to Spreadsheets and on other activities of note for the month.

Spreadsheet updates

We made a couple of important updates to the Spreadsheets application this month. First we enabled OnlyOffice’s Strict collaboration mode, in addition to the Fast mode that was already integrated. In Fast mode, which remains the default, new edits are synchronized automatically between users as they are made. In Strict mode, users “lock” cells as they edit them and they have to manually save their changes in order for them to be sent to other users. The benefit of Strict mode is that it allows users to Undo their unsaved changes. The lack of undo in sheets has been a recurring point in user feedback. This goes some way towards addressing these requests, at least within the constraints of OnlyOffice collaboration. There are more details on how to switch between modes in our Spreadsheet documentation.

The other notable change is the update to OnlyOffice 6.2 in our 4.3 release. Aside from small user-interface polish, this update introduces pivot tables and improved graphs.

Open Tech Will Save Us

David presented CryptPad on the monthly Open Tech Will Save Us Matrix/Element meetup. Episode 11 was an art & design special with a great lineup:

Public Roadmap

We have been working to make more use of CryptPad itself to communicate about the project. The first major step in this direction is the introduction of our Public Roadmap Kanban where we detail all of the research projects we are currently working on. We summarise each project, funding amount, and associated features. Using the tags feature to filter one project gives an overview of its completion status. We find this very useful and hope you will find it informative.

The Public Roadmap Kanban

The next steps planned in this direction include a review of the onboarding document (the first document that is placed in new user’s CryptDrives), as well as a rewrite of the Privacy Policy for cryptpad.fr. This last one is nearly complete and will be published as a rich text document.

Cleaned up translations

We have started an effort to reduce the amount of work needed to translate CryptPad. As the development team we maintain English and French, and an active German speaking community maintains the German translation in near real-time for which we are very grateful. We want to encourage people to translate CryptPad in other languages, and to complete the many languages where the translation has been started but not completed.

Past efforts towards this have included moving the Frequently Asked Questions out of the platform to a dedicated page in the documentation. This month we have taken further steps with automated scripts to detect un-used translations. These were left over from previous versions of CryptPad and were sometimes hard to detect in the code. There is now less work for translators, and better assurance that no time will be wasted translating text that isn’t actually used in the product.

We are keeping this in mind for future versions and will do our best to facilitate the work of community translators as much as we can. If you are interested in translating CryptPad, please head over to our Weblate instance.

This wraps up our monthly status update. There is more to look forward to in April as we move to complete our Communities project, and exciting things on the horizon for CryptPad’s interoperability with office formats.

Feb. 2021 status: Dark mode and organisation plans

This is a new format of post we are starting on the blog: publishing the monthly updates that were until now only circulated in the internal XWiki newsletter. This will be an opportunity to regularly catch up on new features, research projects, funding/budget updates, and any other relevant news.

FOSDEM presentations

Aaron and David presented different aspects of CryptPad at FOSDEM 2021. Please see the updated blog post for videos of both presentations.

Dark mode

This month we followed up on the rebranding started with version 4.0 by thoroughly refactoring how styles, especially colors, are applied across CryptPad. This allows for better maintainance and easier customisation. The first custom theme is the long requested dark mode.

CryptPad will now follow the browser or operating system preference by default, and switch to a dark theme accordingly. The theme can also be set manually in Settings > Appearance.

The CryptDrive in dark mode

Following the introduction of the dark theme in our 4.2 release, we noticed a few problems and got to work on correcting them. The most noticeable issue was the use of a dark background for rich text documents. Wanting to offer a “true” dark mode, we had intially switched the editor itself to a dark background, and made the default text color contrast with that automatically. It soon became apparent that this was a problematic choice in rich text documents where users are able to set colors for text. It may lead to text being un-readable depending on the theme used. One particularly painful example was a document about making web content accessible written in black text on a dark background. We reverted our decision and opted for a light background in the editor even when the rest of the interface is dark. There is a reason mainstream editors such as Microsoft Word do it this way. You can expect more polish on the dark theme in the upcoming 4.3 release.

Web accessibility guide shown with black text on a dark background

The web content accessibility guide that prompted us to revert our decision on the dark theme rich text editor. The guide is by AccessiBloc.

Organization plans

On cryptpad.fr, another long-awaited feature were the Organization plans. We have been communicating this pricing on request for the last few months but the plans are now live in the cryptpad.fr interface. These bigger plans have the additional option to download a personalised signed Data Processing Agreement (DPA) for organsations that need to demonstrate they operate according to the GDPR.

These plans come with 1 business day support and increased storage shared between a number of user accounts, priced as follows:

  • 25 Users with 100GB of storage for 500€ a year (ex. VAT)
  • 100 Users with 150GB of storage for 1000€ a year (ex. VAT)

An additional On Premises option is available for organizations that require their own CryptPad instance, with installation and maintainance support by the development team.

We were happy to welcome the first couple of subscribers on these plans and hope that they will contribute to making CryptPad financially sustainable in the longer term.

The new organization plans on cryptpad.fr in dark mode.

We had an unexpected spike in traffic early in the month after the following tweet linked to a toolkit made on cryptpad.fr.

This brought a lot of traffic to the service, as illustrated by the spike below. While this was a surprise, our infrastructure was prepared for it and held up very well.

graph showing a big spike in visits to CryptPad.fr

Delivered: NGI Trust project: Secure Mobile Collaboration

We have wrapped up this exploratory project about using CryptPad on mobile devices. There will be dedicated posts about this project in the near future. This project allowed us to scope out, in depth, the options available to make CryptPad work as an “app”. As a summary of our findings, here is what we plan to include in the new Frequently Asked Questions section of our documentation that will be part of the next release:


FAQ: Are you planning a mobile app?

We are not planning a dedicated mobile application for the following reasons:

  • It would dramatically increase the amount of code that has to be developed and maintained, effectively creating other “versions” of CryptPad for iOS and Android.
  • CryptPad is open source and can be hosted by anyone who wants to offer the service. Therefore, users of a mobile application would have to specify which CryptPad instance they want to connect to, which would be confusing. To complicate things further, each instance may be running a different version of the software, depending on whether or not the latest updates were applied by the administrators.

To address these problems, the development team is working on making CryptPad a “Progressive Web App”. This means that it can be used on mobile through the web browser, behaving like an application while being the same software that runs on desktop browsers. This has the benefit of turning every CryptPad instance into a web app provider, rather than putting the burden of choosing the right instance on the user.


This approach has already started to inform new developments for CryptPad, for example the use of IndexedDB for caching documents which is already deployed. Further improvements will follow, including a full “offline” mode.

This wraps up our first monthly status post. In March we will be shifting back to our NLNet Communities project and attempt to finish the outstanding deliverables around documentation for developers and instance administrators.

CryptPad at FOSDEM 2021

(this post was edited on 24th Feb. 2021 to include links to videos and corrections)

The CryptPad team is taking part in the 2021 online edition of FOSDEM. We will use this opportunity to reflect on the past year from a couple of different perspectives.

Aaron MacSween’s presentation is about the technical challenges faced by the team this year. The massive influx of users working from home pushed us to scale CryptPad to accomodate an additional 60K weekly active users. This was made easier by the platform’s unique architecture, where most of the “expensive” work involving cryptography happens on the client rather than the server. Additional challenges involved a 27 hour outage due to a cooling malfunction at our hosting provider. While the outage itself was out of our control, it brought into sharp relief that our procedures to mitigate uncertainty had not scaled with our user-base. Aaron will speak about what we plan to do to avoid such situations in future.

In the design devroom, I will reflect on my first year as the designer on the CryptPad team. My work has been spread across many different areas, from UI design to answering support tickets, writing the product and documentation, as well as visual identity. All of these elements boil down to one thing: communication. I will show some examples of work produced this year as attempts to improve how CryptPad communicates, from onboarding to daily-use. I will conclude with one of the challenges for the year ahead: accessibility. Communication is all well and good, but of no use if it cannot be heard on a screen reader.

Talks are pre-recorded and will be aired on Saturday 6th February. For more information, abstracts, and broadcast time with Q&A session, see the indications below.

This blog post will be updated with video embeds once these are available.

Living on the edge with CryptPad

  • Speaker: Aaron MacSween

Due to unforeseen circumstances, Aaron was unable to include his presentation in the FOSDEM track. However he still recorded it so we are making it available here and on our PeerTube channel.

Watch on the CryptPad Peertube channel

Communicating CryptPad

Watch on the CryptPad Peertube channel