Screenshot of CryptPad's rich text editor
CryptPad is a Zero Knowledge realtime collaborative editor. All data is encrypted in the browser so neither the backend server, the administrators, nor any third party can read it without the user's decryption key. Regarding its privacy and security, refer to this snippet from their repository:
CryptPad is private, not anonymous. Privacy protects your data, anonymity protects you. As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things in a CryptPad such as an image which reveals your IP address when your browser automatically loads it or a script which plays Rick Astleys's greatest hits. It is possible for anyone who does not have the key to be able to change anything in the pad or add anything, even the server, however the clients will notice this because the content hashes in CryptPad will fail to validate.
Still there are other low-lives in the world so using CryptPad over HTTPS is probably a good idea.
Things to know
Refer to the FAQ for most questions
- Users have 1 GB of storage available
- Pads that have not been added to a registered user's drive expire after 30 days
- "Deleted" data is archived for 15 days in case of accidental deletion. Following the 15th day, the data is permanently deleted.
- Inactive accounts are removed after 90 days
- Upload limit per-file is set to 20MB