Whom Do You Trust? Privacy and Collaboration in CryptPad | Theo von Arx

In the security devroom, our colleague Theo talks about CryptPad, our end-to-end encrypted open-source collaboration suite, and how it seeks to reconcile collaboration and privacy. Users make changes to documents and these are encrypted by their client (web browser) before being sent to the server for real-time synchronization. In this talk I will detail CryptPad's privacy definition and introduce the assumed threat model of an honest-but-curious server. While users have to trust the server to not actively attack their privacy, they can nevertheless protect themselves against a passively sniffing server. I will show why end-to-end encryption is not enough, but must be combined with open source to achieve reasonable privacy in this model.