| Category | CryptPad | Nextcloud |
|---|---|---|
| Primary Purpose | Encrypted collaborative office suite | Private cloud storage and collaboration platform |
| Self-hosting | ✅ Yes | ✅ Yes |
| Hosted Option | ✅ Yes (cryptpad.fr and others) | ✅ Yes (nextcloud.com or third-party providers) |
| End-to-End Encryption | ✅ Default for all content (zero-knowledge encryption) | 🔶 Partial (not default, limited to client-side encryption app and some external tools) |
| Zero-Knowledge Server | ✅ Yes | 🔴 No (admin/server can access unencrypted content unless encryption is explicitly enabled) |
| Default Encryption Scope | ✅ All documents, messages, and files are encrypted end-to-end | 🔶 Optional encryption, limited in scope (E2EE not applied to calendars, contacts, search, etc.) |
| User Authentication | ✅ Pseudonymous accounts possible; no email required | ✅ Full user management; integration with LDAP, SSO, etc. |
| Account Recovery | 🔴 Not possible without backup keys | ✅ Password reset and admin recovery options |
| Document Types | ✅ Rich suite: Rich text, code, markdown, kanban, whiteboard, poll, slideshow, spreadsheet | ✅ Rich suite via Collabora, OnlyOffice, Text, Markdown, Draw.io, etc. |
| File Sync & Storage | 🔶 Limited: some file upload support | ✅ Full file sync (desktop & mobile), sharing, versioning, previews |
| Collaborative Editing | ✅ Yes (real-time) | ✅ Yes (via plugins like Collabora or OnlyOffice integration) |
| Chat & Messaging | ✅ Built-in encrypted chat | ✅ Built-in Talk app (not end-to-end encrypted by default) |
| Calendar & Contacts | 🔴 No | ✅ Yes (CalDAV, CardDAV support) |
| Federation | 🔴 No | ✅ Yes (federated sharing across instances) |
| Offline Access | 🔴 No | ✅ Yes (via mobile apps and desktop sync clients) |
| Mobile Apps | 🔶 Limited mobile usability via browser | ✅ Full-featured iOS and Android apps |
| Plugins & Extensibility | 🔴 Not extensible; limited to included tools | ✅ Highly extensible: large app ecosystem |
| Granular Permissions | ✅ Share per-document, read/write settings | ✅ Granular permissions per file/folder, group access controls |
| Audit Logs | 🔴 No | ✅ Yes (with Audit Log app) |
| Data Residency Control | ✅ Full control if self-hosted | ✅ Full control if self-hosted |
| Third-Party App Access | 🔴 No (privacy-first: closed system) | ✅ Yes (API, OAuth, WebDAV, etc.) |
| Security Design Philosophy | 🟢 Maximum privacy, minimal trust—even the server can’t read your data | 🟡 Flexible sharing and access with admin and plugin extensibility, but less private by default |
| Compliance | 🔶 GDPR-friendly, but limited enterprise features | ✅ GDPR, HIPAA (with setup), enterprise features |
| Codebase | ✅ Open source (AGPLv3) | ✅ Open source (AGPLv3) |
Tag: cyber security
Given the increasing license commercial (and non-profit) internet-based services take with our private data, it becomes increasingly important to pay attention to user agreements and privacy policies. It’s challenging enough to read those legalistic tomes once, much less keep track of their frequent changes. Reputable companies and organizations will automatically notify customers and members of changes to policies, but many include clauses relieving them of change notification responsibility. I could find no federal law holding them accountable to secure your acknowledgment of such changes.
Some years ago I found Change Detection, a free web service that allows you to monitor changes to the text content on any publicly accessible (no login) web page. I’ve used it to monitor changes to the user agreements and privacy notices (nearly always public pages) of the services and products I use. When the text on a monitored page changes, Change Detection sends me an email message that identifies the target page and shows exactly how it has changed. This relieves me of the burden of manually monitoring those policies. Change Detection automates the parts of change monitoring that humans perform poorly at—remembering and following through on tedious, boring tasks.