Our future is collaborative

For anyone that doesn’t have the time or interest to read the rest of this article, the short version is that the CryptPad team has received a 50000 Euro grant from NLnet foundation. This funding will be directed towards the design and development of team-centric features in a project we’re calling CryptPad Teams.

If you’re still reading, I assume you want to know more about our plans and our relationship with NLnet.

Some backstory…

Up until the end of March 2019 our team’s work was funded by the OpenPaaS project, a four-year French research project in which CryptPad was only a minor component. Our role was to produce a set of collaborative editors for the open-source platform. It was never stated that our contributions should be delivered as a standalone platform, but having a self-contained code-base that we could easily update and deploy simplified our job.

CryptPad had already been prototyped as a part of a previous research project, though its scope was considerably smaller than what would be required by OpenPaaS. Since the platform was being developed with businesses and other large institutions in mind, confidentiality was a concern and a stated requirement of the project. Even so, I think it’s fair to say nobody expected us to make privacy such an central part of our design.

In many organizations these design choices might have been seen as digressions. We’ve been fortunate to have had a lot of support from our employer, (XWiki SAS). Consequently, we were able to nurture a prototype such that it grew into a platform, a product, and a community. Still we knew all along that our role in the OpenPaaS project would come to an end, and that without external funding it would be difficult to continue with the momentum we’d established.

Support from our community

As an active member of the community concerned about privacy issues, I know there are a lot of people that are suspicious of government money. While I understand that this distrust is justified by a lot of history, I’m very satisfied with what I consider the European software model of funding work public work with public money, keeping in mind that I’m a Canadian that’s lived in France for the past few years.

Without the social investment we’ve received so far it would have been very difficult to create a product of sufficient quality that anyone would pay for it. I often hear people rebutt this point by saying that a lot of free-software is produced for free by volunteers. Personally I’m in the camp that believes that the people writing that software deserve the same financial stability that is enjoyed by those producing software with proprietary or extractive business models, but that’s a bit beyond the scope of this article.

In any case, before going on to talk about the very generous contribution we’ve received, I wanted to acknowledge the support up until now from individuals and organizations that use CryptPad. Since the end of our last project and the beginning of this new one, we’ve been sustained by a mix of the revenue generated by subscriptions to CryptPad.fr and donations to our OpenCollective campaign. These contributions help to keep CryptPad going in such brief periods when we haven’t secured larger sources of funding as well as providing alternatives should such opportunities cease to be available.

You can expect another post in the near future about the status of our crowdfunding campaign where we’ll go over our crowdfunding campaign in more depth.

NLnet and the Next Generation Internet

You might recall that we recently visited Barcelona to receive an NGI award for privacy and trust-enhanced technologies. Those awards were organized as a part of the NGI initiative, funded by the European Union’s Horizon 2020 research program.

As a part of the initiative, NLnet has been made responsible for distributing a rather large sum of money to smaller projects through the administration of Search and Discovery and Privacy (and trust) Enhancing Technologies. By delegating these enormous tasks to NLnet the EU has recognized their excellent track record for supporting projects that actively contribute towards an open information society.

Naturally we’re very happy to receive the financial support, but beyond that the foundation has offered a variety of other resources which they have at their disposal by way of having played a strong role in the European free software community. They’ve offered expertise in accessibility, documentation, security auditing, internationalization, and legal matters surrounding software licensing, among other things.

Finally, it’s worth mentioning that for all of this support that we’ll receive, the amount of time we’ve spent writing the initial proposal and following up until the point of signing a contract has been remarkably brief. Whether considering the delay between submission and acceptance or the actual time spent on documents and correspondence, they’ve kept the bureaucracy to an absolute minimum. For a small team like ours, this makes a massive difference in our ability to access such funding and to put more of our time towards the activities the money is meant to support.

What CryptPad Teams will entail

This purpose of this grant is to develop technologies which enhance the public’s ability to preserve their privacy. Our contract defines the milestones which we must reach in order to get paid. I voluntarily included a stipulation that we would not consider a goal complete until its components were publicly accessible as source code and in our hosted platform. This was meant to ensure that the outcomes benefit our community of users and developers alike.

Starting with CryptPad 2.23.0 we’ll introduce support for personal encrypted mailboxes for registered users. We’re not looking to replace e-mail or the other platforms which are focused on encrypted messaging, this will just be a simple feature which will allow users to interact with each other more effectively whether or not they are online at the same time.

Our first use-case for this is an improved version of our “friend request” which currently requires that both users be online. You’ll be able to send friend requests from user’s profile pages and they’ll see a notification the next time they visit CryptPad. Going forward we’ll use the same system to offer friends access to documents directly through the sharing menu, instead of having to send URLs over potentially insecure mediums like unencrypted email or messengers. Similarly, friends will be able to request the ability to edit documents that they can view, as well as to request “ownership” over documents which they should be able to delete.

As minor as some of this functionality might sound, we believe they’ll make a positive and significant impact on users’ privacy. We want to minimize how often they have to directly handle the encryption keys which protect the contents of their documents.

After these initial steps we’ll begin offering first-class support for teams within CryptPad, allowing users to define groups of friends so that they can delegate access quickly and effectively. Teams will integrate with shared folders and will eventually offer features targeting various types of groups, whether hierarchical as is customary in many businesses or on a more ad-hoc basis as might be expected with friends or other self-organizing groups. Team members will benefit from better oversight as to who can access particular documents, reducing the likelihood that they’ll accidentally leak private information. We want to offer users better oversight into the activity of documents in their CryptDrives, both to make it easier to quickly join editing sessions with friends, as well as to make it noticeable when access to a document has leaked outside of its intended audience.

The hard part

Different groups have different levels of trust among their members. It’s difficult to build these features in a manner that’s fast to use with friends while still preventing your boss from spying on you. We’re committed to thinking through all of these cases to keep our users safe, and to acting on users concerns if we don’t get it right the first time.

We’re excited to begin this project and grateful to everyone supporting our efforts, financially or otherwise. Teams is the first grant we’ve received explicitly for the development of CryptPad, and we couldn’t have gotten here without help. As always, if you have ideas, concerns, or questions feel free to contact us.

Join the team

We’ve been making a big deal of our funding status for the last while, and for good reason. CryptPad has largely been funded by the OpenPaaS research and development project, funded by BPIFrance. We’re very happy with the results of the past four years of work, but this support will terminate at the end of March 2019.

While this change is a bit scary for us, it also means that we’ll be free to pursue new research projects. Europe is investing in technologies that promote human-centric values, so there are many opportunities that align with our goals. We have been actively seeking funding from a variety of sources, and though things are currently uncertain for us, it’s quite likely that our team will need to expand to prepare for upcoming obligations.

The skills we want

We’re looking for web technologists and product designers with experience in privacy engineering. If you already use CryptPad, encrypted messengers, or other similar communication systems to protect your personal data, that knowledge will be an asset. If you use unencrypted platforms and have a good understanding of the personal and societal trade-offs, that will count in your favour as well.

This field is fairly young, so we’re open to any experience you have, not just what you’ve learned in a professional or academic context.

In terms of technical skills, our daily work typically includes:

  • Clientside Javascript (ES5) and cross-platform browser APIs
  • Nodejs
  • CSS3 and LESS
  • HTML5
  • BASH
  • GIT
  • SSH, information security, and basic system administration

We’re interested in incorporating skills we don’t already have, so don’t panic if you’re unfamiliar with anything listed above.

Perhaps more important than the technical skills are the so-called soft skills:

  • Empathizing with users and prioritizing improvements based on their impact
  • Communicating well within a team (including asking for clarification if your goals are ever unclear)
  • Managing your time well (we avoid micro-managing and working overtime)
  • Reasoning about pragmatic security
  • Consideration of both immediate tasks and long-term goals

What we offer

XWiki SAS has been developing open-source software for the last 15 years, and we rely on the open-source tooling internally. Joining our team means learning how to run a sustainable business while giving away our product for free (without selling user data).

Otherwise you can expect:

  • A relaxed work environment (in Paris, France or Iasi, Romania) with part-time remote work
    • or negotiable full-time if relocation is not possible or desireable
  • To develop portable skills using open-source software
  • International travel (at our expense) when promoting the company or our projects
  • Opportunities for advancement, training, and other benefits
  • The chance to shape the future of an exciting project with your personal view of responsible data handling
  • To become an expert in privacy-enhancing technologies (we’re literally an award-winning team) Awards for XWiki and CryptPad

A special note to researchers

We’re very interested in distributed systems, data science (as an adversary against privacy), and human-computer interaction. If you are knowledgeable about any of these, some intersection, or anything else that might be relevant, that’s great!

If you have recently attained a PhD from an institution recognized by the EU, there are subsidies which can help us pay your salary. We have authored two peer-reviewed papers to date, so we can offer continued involvement in the research community if you desire.

Caveats

Sorting through CVs can be a lot of work, though a little transparency on some issues might help lighten the burden on our side. Below are some things to consider before contacting us.

As stated above, our ability to hire will be based on the status of some pending proposals. We don’t currently know how many positions will be available, and our timeline on when we could hire is fuzzy at best. We’d like to have your profile ready so we can act quickly once we know more.

We can’t compete with the salaries offered by companies in Silicon Valley, though they are comparable to other European businesses. As a consolation, you’ll be directly involved in determining how we move forward, and you’ll gain insight into the exciting European research ecosystem.

Our funding sources tend to place restrictions limiting those funds to residents of European member states. I moved to France from Canada to work on CryptPad several years ago, but things are generally simpler if you’re already here. Don’t let that stop you from contacting us, though!

We understand that talent comes in many forms, and we welcome new ideas. We’re willing to make exceptions for promising candidates, but we’d like to know that you care about the topic. There are probably better options available if you just want a job.

If you are interested…

Contact us at jobs@cryptpad.fr with a recent CV and a brief introduction explaining what you’d bring to the team.

CryptPad funding status March 2019 - Thanks to our 100 backers!

The beginning of the year has been busy. We traveled to Barcelona to officially receive our NGI Award. Spreadsheet functionality was officially released in CryptPad and our funding has been progressing since our last status in November.

We have seen a spike of both new subscriptions and growing usage of CryptPad.fr in the last few months. You can see the numbers in the new spreadsheet function launched in January (though this functionality is still restricted to registered users).

CryptPad funding details

We now have more than 100 backers from 23 countries around the world.

CryptPad funding by country

While this cannot yet fund our two developers we are happy that the funding is progressing. We will reach a first goal of 6k by the end of the OpenPaaS-NG project ending this month. We have also candidated to the NLNet Privacy and Trust Enhancing Technology funding call.

Now we need more help! First we need to be able to sustain our team, but also we need to be able to expand, especially if we want to have Open Source software in the Zero-Knowledge space. Proprietary software providing some form of Zero-Knowledge will probably start growing with extensive funding. If we want independent free-software alternatives for this type of software, then we need to group our effort and fund open source solutions like CryptPad. We have ambitious objectives for CryptPad and we cannot achieve these with only two developers.

On the subject of funding, CryptPad will be presented at the Fund the Code event on March 19th in Paris, with XWiki SAS (CryptPad’s parent company) sponsoring the event.

Since the launch of the campaign we have published a roadmap for CryptPad of what we would like to achieve with the funding. It’s also available on the OpenCollective web site. Check it out and see our ambitious objectives for this project. We are already making progress on this roadmap.

To finish, I’d like to give progress on CryptPad’s usage. We are now reaching close to 250 instances of CryptPad running around the world, and the official cryptpad.fr instance is growing regularly. The growth of CryptPad noticed in November has not stopped and now we have more than 1500 weekly drive users (from 1000 in November), more than 7000 weekly pad users (from 6000 in November).

cryptpad drive stats cryptpad pad stats

A special note to our German users where CryptPad is growing quickly. We have noticed on Twitter that teachers promoting are CryptPad in their community and there are now more users from Germany than from the US, making it the top country representing 25% of the CryptPad.fr users and also of the CryptPad hosted instances.

cryptpad countries

Try CryptPad, love it, take care of it, and even better come help!

Ludovic Dubost & the CryptPad Team

Looking for translators

Our mission is to make privacy-enhancing technologies accessible to people from all over the world. We get a lot of attention for the technology that we build, but that technology may be of limited use to those who can’t understand what it’s doing. I’m not talking about how the cryptography in CryptPad works, but the simple matter of reading the text displayed on the screen.

CryptPad has been translated into nine different languages, but only a third of those translations are complete. Members of the development team are fluent in English and French, so those are easily maintained, but the rest are beyond our ability.

translations status

The other translations were written by contributors, but our required format made them difficult to maintain, so we understand why so many have become out of date. With that in mind, we’ve decided to adopt the open-source Weblate translation platform for our project to make the process more manageable. If you’re familiar with CryptPad and fluent in any language other than English or French, we’d love your help translating the project.

You don’t have to do it alone, and it doesn’t need to be done all at once. Weblate allows translators to change one string at a time in a nice web interface, with issues sorted by type.

Weblate translation interface

Anyone can register an account on our instance (weblate.cryptpad.fr). From there, we can appoint reviewers for each language who will receive notifications any time their language receives a suggested update.

If you’d like to translate CryptPad into a new language, that will require a little more involvement on our part, but we’d be very happy to help. Our translation guide has more detailed information, but you can always contact us if you’d like to help.

Even if your preferred language is already translated, we still welcome improvements to the existing translations. Feel free to sign up and make suggestions, or stop by our chat room if you find any part of the platform difficult to understand.

Heading to Barcelona

There’s a fairly long list of people who have helped make CryptPad what it is today, but on a day-to-day basis its improvements are driven primarily by myself and a colleague who would rather push code than take credit for his work. As privacy engineers we’re most excited about building and deploying new features that help people move away from less private platforms. Even so, it’s important to step away from building new things occasionally to both promote what we’ve done so far and ask people what they think of it.

Since our small team handles everything related to the project (including development, deployment, support, and promotion) the coming release will take place three weeks after our last to allow us to focus on meeting users. As previously announced, we’ve been invited to the NGI awards which will be colocated with the Mobile World Congress in Barcelona.

I’ll be accepting the NGI startup award for Privacy and trust-enhanced technologies along with Ludovic Dubost (my boss and the CEO of XWiki). If you’ll be in the city at the same time I encourage you to reach out to us via Twitter (@cryptpad, @ldubost, @fc00ansuz) or Mastodon (@ldubost, @cryptpad).

I plan to announce our plans for the coming months in a more formal roadmap, however, if we meet in person I’ll be happy to muse about the project’s trajectory in a casual setting. Come say hi, tell me what you’d like to see, and you might see it land in an upcoming release!