| Category | CryptPad | Nextcloud |
|---|---|---|
| Primary Purpose | Encrypted collaborative office suite | Private cloud storage and collaboration platform |
| Self-hosting | ✅ Yes | ✅ Yes |
| Hosted Option | ✅ Yes (cryptpad.fr and others) | ✅ Yes (nextcloud.com or third-party providers) |
| End-to-End Encryption | ✅ Default for all content (zero-knowledge encryption) | 🔶 Partial (not default, limited to client-side encryption app and some external tools) |
| Zero-Knowledge Server | ✅ Yes | 🔴 No (admin/server can access unencrypted content unless encryption is explicitly enabled) |
| Default Encryption Scope | ✅ All documents, messages, and files are encrypted end-to-end | 🔶 Optional encryption, limited in scope (E2EE not applied to calendars, contacts, search, etc.) |
| User Authentication | ✅ Pseudonymous accounts possible; no email required | ✅ Full user management; integration with LDAP, SSO, etc. |
| Account Recovery | 🔴 Not possible without backup keys | ✅ Password reset and admin recovery options |
| Document Types | ✅ Rich suite: Rich text, code, markdown, kanban, whiteboard, poll, slideshow, spreadsheet | ✅ Rich suite via Collabora, OnlyOffice, Text, Markdown, Draw.io, etc. |
| File Sync & Storage | 🔶 Limited: some file upload support | ✅ Full file sync (desktop & mobile), sharing, versioning, previews |
| Collaborative Editing | ✅ Yes (real-time) | ✅ Yes (via plugins like Collabora or OnlyOffice integration) |
| Chat & Messaging | ✅ Built-in encrypted chat | ✅ Built-in Talk app (not end-to-end encrypted by default) |
| Calendar & Contacts | 🔴 No | ✅ Yes (CalDAV, CardDAV support) |
| Federation | 🔴 No | ✅ Yes (federated sharing across instances) |
| Offline Access | 🔴 No | ✅ Yes (via mobile apps and desktop sync clients) |
| Mobile Apps | 🔶 Limited mobile usability via browser | ✅ Full-featured iOS and Android apps |
| Plugins & Extensibility | 🔴 Not extensible; limited to included tools | ✅ Highly extensible: large app ecosystem |
| Granular Permissions | ✅ Share per-document, read/write settings | ✅ Granular permissions per file/folder, group access controls |
| Audit Logs | 🔴 No | ✅ Yes (with Audit Log app) |
| Data Residency Control | ✅ Full control if self-hosted | ✅ Full control if self-hosted |
| Third-Party App Access | 🔴 No (privacy-first: closed system) | ✅ Yes (API, OAuth, WebDAV, etc.) |
| Security Design Philosophy | 🟢 Maximum privacy, minimal trust—even the server can’t read your data | 🟡 Flexible sharing and access with admin and plugin extensibility, but less private by default |
| Compliance | 🔶 GDPR-friendly, but limited enterprise features | ✅ GDPR, HIPAA (with setup), enterprise features |
| Codebase | ✅ Open source (AGPLv3) | ✅ Open source (AGPLv3) |
Category: surveillance
If you’re not sufficiently concerned about people using AI tools to create convincing fake audio and video, now the Computer Vision Lab at Nottingham University has developed an AI system capable of creating fairly accurate 3D faces from single photographs. I uploaded one of my own to the demo tool and a few seconds later it produced the following model (a GIF of captured screen video of me rotating the 3D model):
Imagine what AI can do with multiple images and videos of you (from your social media posts, mobile phone’s images and videos library, surveillance images, etc.). Among other possible take-aways is the need for vigilance and cynicism. If you see or hear something in digital media (online or in media sent to you via email, IM, etc.) that is too terrible, wonderful or just shocking to be true, it probably isn’t. For now, at least, it’s still possible to detect forged media (and fake news, but you probably don’t want to) but soon it will require AI tools to spot the work of other AI tools and we’ll then have to decide which AIs to believe. The make/detect forgeries arms race is accelerating.
Okay, still smarting from me suggesting you may not want to detect when the news you enjoy and agree with is fake? Check out the following video and exercise your media literacy by researching cognitive biases.
Related links (interesting examples of cognitive bias and trolling in many of the comments)
- https://www.ipscommons.sg/fake-news-mind-traps/
- https://www.youtube.com/watch?v=4XGTTKJJsEw
- https://www.youtube.com/watch?v=rrkqZfHOvbE
- https://en.wikipedia.org/wiki/List_of_cognitive_biases
Given the increasing license commercial (and non-profit) internet-based services take with our private data, it becomes increasingly important to pay attention to user agreements and privacy policies. It’s challenging enough to read those legalistic tomes once, much less keep track of their frequent changes. Reputable companies and organizations will automatically notify customers and members of changes to policies, but many include clauses relieving them of change notification responsibility. I could find no federal law holding them accountable to secure your acknowledgment of such changes.
Some years ago I found Change Detection, a free web service that allows you to monitor changes to the text content on any publicly accessible (no login) web page. I’ve used it to monitor changes to the user agreements and privacy notices (nearly always public pages) of the services and products I use. When the text on a monitored page changes, Change Detection sends me an email message that identifies the target page and shows exactly how it has changed. This relieves me of the burden of manually monitoring those policies. Change Detection automates the parts of change monitoring that humans perform poorly at—remembering and following through on tedious, boring tasks.
You must be logged in to post a comment.