With the end of the year nearly upon us I am keeping up my tradition of writing a retrospective of what the CryptPad team has done over the past twelve months and an overview of our plans for the next twelve.

The year in retrospect

NGI research

We’ve been very fortunate to have received continued support from the European Commission’s Next Generation Internet Initiative. We completed two research projects funded by NGI0 PET and launched a new project funded by NGI DAPSI which will wrap up in January.

We released the last components of the CryptPad for Communities project which made the platform quite a bit easier to set up and administrate. We deployed our administrator guide, added a variety of configuration options on the admin panel, and developed an instance diagnostics page to automatically detect common configuration issues and suggest remediations.

NGI0 also funded this year’s Dialogue project which comprised of a new Form app and a variety of supporting features, including a new calendar app, an internal reminders API, and more admin panel features for broadcasting instance-wide announcements.

In our April status update we introduced the DAPSI-funded INTEROFFICE project, through which we’ve aimed to improve interoperability with other platforms through the use of common file extensions. Unlike most online platforms which convert between formats on their cloud infrastructure, we’ve had to develop new methods which process data entirely in your browser so that your private data is never revealed to anyone.

A graph of desired workflows for conversion between different formats based on the results of our user studies

Our October status update went further, announcing our integration of OnlyOffice’s Document and Presentation editors. These are fully open-source and available to anyone self-hosting the platform but remain in early access for premium users on CryptPad.fr. This phased release model is new for us, but so far it’s been very effective as a means to solicit quality feedback from a few active users without us getting overwhelmed by duplicated bug reports.

Community contributions

Each new feature we add to the platform requires text in the form of labels for buttons, descriptions of the effects of different account and document settings, and of course various warnings, prompts, and error messages. CryptPad is hosted on hundreds of different servers all around the world and used by people who don’t necessarily speak English or French. As such, all that text needs to be translated.

For the past few years, German-speaking members of our community have very reliably kept up with all the new text we’ve added, and have even gone as far as to translate our user guide. This year they’ve been joined by native speakers of Japanese, Russian, and Brazilian Portuguese to make the platform more accessible to a much broader range of people.

Status of CryptPad's translations as of December 2021 with six languages at least 99% complete

Project maintenance and administration

Revenue from premium accounts on CryptPad.fr goes towards answering premium support tickets first. Any funds that are left over are combined with donations to our OpenCollective campaign to fund all the work that isn’t covered by our research grants. That allows us to review translations, keep our documentation up to date, write detailed release notes, triage bug reports, and answer questions submitted via email or social media.

This year there have been multiple occasions when a new version of a major browser broke support for critical features, forcing us to drop whatever we were doing at the time and find alternative solutions for these regressions. When code isn’t simply rotting out from underneath us, there are always critical security notices that need to be attended to, most recently with the sudden disclosure of vulnerabilities in the log4j library.

This year we saw an increasing number of subscriptions and donations from our supporters which allowed us to keep up with these surprises and to catch up on a bit of a backlog of maintenance. It helped that 2021 was overall somewhat less surprising than 2020, but we don’t want to rely on that continuing to be the case.

What the future holds

Our general plan for the coming year is to scale back the proportion of our budget which is covered by European research grants and to focus more heavily on projects sponsored directly by clients. To that end, we’ll soon add a number of pages to our project website (CryptPad.org) which will differentiate the open-source project from our commercial offering on CryptPad.fr. We’ll list various support packages tailored for education, enterprises, and NGOs.

Screenshot of CryptPad.org, providing general information about the open-source project

Earlier this year we included options in the platform’s admin panel to allow administrators to mark their instance as intended for public usage, and to opt-in to inclusion in a directory of public instances. We wanted to wait and see if there was sufficient interest in such a listing before we went to the trouble of building it. The good news is that at this point 11 operators have opted in, so it seems worthwhile to build. The bad news is that a number of these don’t seem to be configured correctly. We plan to reach out to these administrators in the near future to rectify these concerns before including them in the directory.

Wrapping up our the INTEROFFICE project

The last remaining milestone for our INTEROFFICE project is to publish our client-side office conversion utilities as an open-source software library usable outside of CryptPad. After that our work and that of the other grantees will be evaluated by NGI DAPSI’s expert reviewers, but this won’t be the end of our efforts to improve office functionality.

Local computation (executing functions on your device instead of one in the cloud) is a critical component of privacy-respecting software, but there are other clear advantages to it. It enables more functionality to continue to operate when you are offline or on an unstable network connection. It also makes it feasible to host web services on less powerful devices, potentially making network infrastructure accessible to a wider audience. We hope that these diverse interests will align more developers to work toward the same goals for the public’s benefit.

We plan to present the results of this project at FOSDEM in early February and hopefully to continue working with the broader community to make this approach the norm.

Stronger and more diverse authentication measures

Many administrators of third-party instances will be happy to hear that we’re going to start working on adding support for identity provider services like LDAP and SSO. This will allow them to restrict who can access their services, adding an extra layer of security for existing users of their service.

We’ll complement this top-down approach to security with another bottom-up method, employing various second-factor authentication methods to give individual users more control over access to their account. We hope to introduce both app-based TOTP and emailed magic links. We’ll publish a survey in the near future to determine how to prioritize these and possibly other methods.

Better support for offline access

With all of our pending research projects wrapping up we’re going to revisit some promising prototypes which we developed in late 2020. We experimented with using the Service Worker API to cache CryptPad’s browser code, allowing it to be loaded as normal even while fully offline. The basic concept is pretty simple, but it required a lot of additional controls in the UI to choose to operate offline, to update the cached version, to allow persistent storage on the device to be used, and so on.

Solving these basic usability problems related to offline functionality will provide a solid basis for us to develop CryptPad to be more like a mobile or desktop application, paving the way for more advanced (and highly requested) features like filesystem synchronization.

Accessibility

We’ve corresponded with a number of groups that aim to improve the state of accessibility in open-source software, but we’ve lacked the time to follow through on their recommendations in a meaningful way. This is going to be a clear priority for our team with dedicated time on our roadmap in the new year.

Hiring

There’s a lot more that we would like to do in 2022, but realistically the work described above is likely to take a lot of time to get right. In order to accomplish more of our goals we’ll need to hire additional team members, possibly as many as three.

If you are a web application developer with an interest in privacy and usability we want to hear from you. Our team works remotely, but for accounting purposes we’d prefer candidates from within the EU. We offer flexible working hours, competitive salaries for western Europe, four-day weeks every second week, and the opportunity to serve the public interest through free software.

If you think you could help us accomplish our goals, send us (jobs@cryptpad.fr) a brief introduction and a CV or resume indicating your relevant qualifications or experience. We tend to receive a disproportionate number of applications from certain demographics. To account for that bias, we’d like to encourage members of communities that are underrepresented in the tech industry to overcome their hesitation and apply. We want to hear to from you!

Get ready!

We’ve gotten this far because we’ve had your help. You’ve introduced CryptPad to friends, family, and colleagues. You’ve written great bug reports that have helped us find and fix stubborn problems. You’ve boosted, retweeted, and liked our updates. You’ve translated the platform for your community, subscribed to a premium subscription, donated to our cause, all of which have had a tremendous impact.

We’re extremely grateful for all your support, proud of what we’ve created together, and excited to continue this journey with you in the new year!

See you in 2022!

This month we released some minor fixes with 4.12.1. We have been busy making preparations for the upcoming upgrade to OnlyOffice 6.4.2. This will include the much-requested conditional formatting in Sheets and dark mode support. We have also spent time considering strategy and long-term goals as we prepare the project website, which brings us to:

Call for project site testimonials

As we have mentioned before we are currently working on a project website for CryptPad. This will be used to promote the project and to better communicate the distinction between CryptPad and cryptpad.fr (the flagship instance).

The new site will include a public instance list, new pricing for hosted instances, and pages tailored to various sectors such as NGOs, education, and enterprise.

We are planning to include testimonials on the site. If you use CryptPad and have a few minutes to share some words of support using our new survey, that would be much appreciated.

Recent and upcoming talks

Ludovic presented CryptPad at the Campus du Libre on 6th November in Lyon. We don’t have video (yet) but the slides are online (in French).

David will present CryptPad to a healthcare and free software audience on December 10th as part of GNU Health Con 2021.

Promotion image for CryptPad at GNU Health Con 2012

That’s it for this month. We are looking forward to launching the new OnlyOffice editors, you will probably read about that in the next status update.

This month we released CryptPad 4.12 with some much anticipated new applications.

NGI DAPSI Pitch Day

On the first day of the month we took part in the DAPSI Pitch Day. All of the funded projects gave updates on their progress. We were in very good company alongside Delta Chat, postmarketOS, and many more. All projects were succesful in moving to phase 2.

Tweet from NGI DAPSI about the pitch day

We were happy to present the progress on INTEROFFICE, our project to improve the import/export of popular office formats to/from CryptPad. Most of the technical work on Web Assembly converters is done. This means all conversions happen in the browser (rather that on the server like in most other tools) and we can do this without seeing any of the content that is being converted.

Part of the project is to release this work as open-source packages so other projects can benefit from this work. We are planning to do this in December once the libraries have been thoroughly tested on CryptPad.

Preview of the new "Open in..." feature. Right clicking a compatible file in the drive shows this menu

CryptPad users will benefit too, with new functionality becoming available on the platform. Files in popular formats such as .docx, .xlsx, .pptx, .odt, .ods, and .odp are no longer being treated only as static files once they are uploaded to CryptPad. A new menu item called “Open in …” makes them editable in the corresponding application. Which brings us to:

Two new app releases

We have long been planning to add OnlyOffice’s Document and Presentation applications to CryptPad, completing the suite that started with Spreadsheet in 2019. The improved inter-operability we built with INTEROFFICE makes this a good time to finally release these applications, to make the most our of the new imports and exports. As part of the 4.12 release we launched these new apps as “early access”, which means only subscribers on cryptpad.fr can create new documents and they are available on other instances if administrators opt-in. We wrote about this in more detail in our last post.

Preview of the new Document application.

Preview of the new Presentation application.

This launch made us reconsider our current release schedule. We may revisit this in the near future and move towards a slower pace where each release would have bigger changes. This would potentially come with a more readable naming scheme as well, perhaps taking a leaf out of Canonical’s playbook where Ubuntu releases are time-stamped rather than numbered. We will come back to this, likely in the new year, and write about any changes here.

NGI0 PET coming to an end

This month marks the end of the NGI0 Privacy Enhancing Technologies program (previously known as NLnet PET), that will wrap up on October 31st. CryptPad has benefited a lot from this funding, with 3 projects over 3 years. To name but a few, these are some of the major features that were made possible through this support:

• Teams (incl. team drive, roles, etc)
• Full documentation for users, administrators, and developers
• Calendars
• The Form application

We are very thankful for this ongoing support. NGI0 created an approachable way for development teams like ours to access funds from the European Commission, creating real impact with minimal red tape. The fund was established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

This concludes this month’s updates. Next up for the team is some thorough testing of the new applications and fixing any issues that get reported by early-access testers. Besides this we will be continuing with work on INTEROFFICE towards the project conclusion in January 2022.

Today we are beginning to roll out some major new features for CryptPad. We have integrated the two remaining OnlyOffice editors for text documents and presentations into CryptPad’s real-time encrypted collaboration engine. This completes the OnlyOffice suite, as spreadsheets have been available for some time. Like our spreadsheet editor, these two new applications only rely on OnlyOffice’s client-side components, not its server.

This work is combined with our ongoing efforts to improve import and export of documents funded by NGI DAPSI. As a result CryptPad will be much more inter-operable with existing office suites and their file formats, for example with the ability to import and export docx, pptx, and xslx files, as well as the open document formats odt, odp, and ods. Additionally, documents in these formats that are uploaded to CryptPad will no longer be treated only as static files. A new “Open in” menu makes them editable in the corresponding CryptPad application.

Preview of the new Document application.

Preview of the new Presentation application.

When we launched OnlyOffice spreadsheets at the beginning of 2019 we were inundated with support tickets as teething issues inevitably surfaced. As a team of three people handling both development and the administration of cryptpad.fr, support is a key part of our work but also the most time consuming. With two new OnlyOffice applications included in this launch we are very conscious of the risk that our effort to provide an accessible service interferes with our practical ability to improve its underlying technology. The solution we have settled on is to launch the new Document and Presentation applications as early access.

On cryptpad.fr this means that — at least for now — only people with a subscription will be able to create new documents and presentations in the new applications. They will see a warning that these applications are experimental and should not yet be trusted with important data. Anyone else will be able to open and/or edit these documents as normal when they are shared. Based on how this initial period goes, we’ll decide how and when to relax these limitations.

To be clear, CryptPad is free software and will remain as such. The code for these new integrations is freely available, and will be available to all other CryptPad instances if the administrators choose to enable early-access applications.

We think this gradual rollout will result in a smoother launch and ultimately in a better experience with CryptPad for everyone. We are not interested in putting paywalls around various parts of the platform but we do have to find ways to manage our workloads in order to continue developing it. Projects such as NGI DAPSI come with deadlines that have to be met in order for us to receive their funding.

Early access means that everything remains open-source, and eventually will be available to everyone. It rewards people who support the project with a first view of much anticipated applications. This is a new thing for us, but we believe this delay to access new applications is a relatively minor step. The bigger picture is that we are working towards the long-term success of CryptPad. This involves being fully funded by our users while they currently account for only 1/3 of our budget (subscriptions on cryptpad.fr and donations combined). EU research projects such as NGI DAPSI currently cover the remaining 2/3. We have more ideas to encourage people to support the project, and to involve them in the future of the platform. One of them is giving subscribers a vote on our roadmap to decide which new features get prioritized. We will come back to this in due course.

Everyone benefits from sustainable open-source. Our recent work has advanced the state of the art in document conversion in the browser, rather than on the server where user data is exposed. This will be released independently of CryptPad so other projects can reuse it. If you are eager to see this in action, and to test the new Document and Presentation applications, please consider subscribing to a plan on cryptpad.fr to help make CryptPad sustainable for everyone.

September is always a busy month for us as many people return from holidays to their regular schedules. Along with the changing of the physical seasons, we’re marking a number of project milestones as well.

Dropping support for Internet Explorer

Microsoft’s Office365 platform officially stopped supporting Internet Explorer 11 in August, and we decided it was a good time to do the same. Up until our 4.11 release we were careful to maintain compatibility with this browser that had not received any new features since 2013. Moving on from IE lets us rely on modern functionality, simplifying our code and making CryptPad smaller and faster to load.

End of NLnet PET

As described in our toots and tweets on September 9th, 4.11 also included significant improvements to our Forms app. With this second round of changes deployed we are nearly ready to close our third and final NLnet PET project before NLnet foundation concludes their NGI0 Privacy-Enhancing Technologies program.

NLnet’s advocacy for open-source software and direct support of its developers has had an incredible impact on our project and hundreds of others like it. If you haven’t already done so, now is a great time to skim through the list of projects they’ve funded to count how many of them you personally use!

DAPSI Phase 2

We’re also approaching a milestone for the NGI DAPSI project that we’ve been working on in parallel. We’ll present our latest research into client-side file format conversion, including some prototypes that we hope to deploy later in the year and our findings from the survey on file format conversion requirements that closed earlier this month. If all goes well we will receive a second round of funding to continue with the proposed work plan.

A brief pause in our regular release schedule

The next few weeks are likely to be quite intense for us. We’ll be focused on wrapping up our current projects and preparing to launch a new round of projects for 2022. There are several very promising opportunities on our horizon and it looks like we’re going to have to hire to be able to follow through on all of our plans.

We’ll announce exactly what positions we’re looking to fill within our team and provide updates to our roadmap as soon as a few more details are finalized. A number of important deadlines happen to coincide in a short timespan, so we’ll take a short break from our regular release cycle and resume our usual pace later in October.

Until then, thanks to all our supporters!