We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Who needs to know? Private-by-design collaboration

00:00

Formal Metadata

Title
Who needs to know? Private-by-design collaboration
Title of Series
Number of Parts
561
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
It is often difficult to untangle technical choices made when designing systems from the values and implicit assumptions of its those systems' designers. For many developers of open-source software, radical openness and permissionless participation have become the de facto methodology to follow when designing collaboration systems. This ideology has driven the creation of a wealth of information systems and collaboratively curated data sets which could not have been created in a top-down fashion. Consequently, different values, and thus different architectures have remained largely unexplored. This lecture will present CryptPad, a web-based suite of collaborative tools which employs client-side encryption to restrict access to those who possess the cryptographic keys which are unique to each document. I will include an overview of the underlying architecture, and provide insight into its design process and the values that it encodes. This talk was originally proposed by Aaron MacSween.
CollaborationismProduct (business)Software developerInformation privacySource codeBoss CorporationSoftwareClient (computing)ForceBasis <Mathematik>Information privacyPresentation of a groupClient (computing)State of matterCASE <Informatik>Open setSoftwareBitMereologyGraphics tabletFreewareKanban <Informatik>Basis <Mathematik>InternetworkingOpen sourceTerm (mathematics)Online helpProduct (business)Software developerFacebookTrailMultiplication signWikiTelecommunicationLoginRaw image formatData managementBuildingPlastikkarteComputer animation
LeakProduct (business)Information privacyMathematical analysisObservational studyCryptographyCodeSuite (music)Web browserOffice suiteShared memoryEncryptionKanban <Informatik>Domain nameVariety (linguistics)SoftwareSource codeEnterprise architectureSoftwareDemo (music)Graphics tabletEncryptionProduct (business)Range (statistics)Cartesian coordinate systemInformation privacyFreewareCryptographyStrategy gameType theoryCodeMathematical analysisEndliche ModelltheorieCloud computingLevel (video gaming)Server (computing)SpreadsheetText editorPoint cloudWhiteboardOpen sourcePresentation of a groupWikiReal-time operating systemBitGoodness of fitPhysical systemCentralizer and normalizerMedical imagingCore dumpMultiplication signComputer fileCollaborative softwareDomain namePoint (geometry)Information securityTerm (mathematics)MultiplicationBuildingOffice suiteVariety (linguistics)Kanban <Informatik>ImplementationScripting languageObject-oriented programmingComputer animation
Execution unitDemo (music)HypothesisHoaxInclusion mapTouchscreenDemo (music)BitMultiplication signClient (computing)Type theoryCodeRevision controlMedical imagingKanban <Informatik>Patch (Unix)SpreadsheetAlgorithmGraph (mathematics)NumberGraphics tabletMereologyPole (complex analysis)Data storage devicePresentation of a groupWeb browserReal-time operating systemObject-oriented programmingComputer animation
Kanban <Informatik>Demo (music)Execution unitNormed vector spaceCartesian coordinate systemPhysical systemServer (computing)Kanban <Informatik>Type theoryLibrary (computing)Extension (kinesiology)Graphics tabletMappingConnectivity (graph theory)Computer fileOpen sourceEndliche ModelltheorieModule (mathematics)MathematicsRight angleSlide ruleMultiplication signData storage deviceINTEGRALComputer animation
SoftwareSource codeEnterprise architectureInformation privacyMatrix (mathematics)TwitterCodeTerm (mathematics)SoftwareOpen sourceDatabaseComplex (psychology)Service (economics)Type theoryServer (computing)Pay televisionProjective planeStaff (military)Slide ruleInformation privacyPhysical systemOpen setGoogolInformation securityClient (computing)FacebookKey (cryptography)Graphics tabletWikiSuite (music)Mobile appComputer animation
Point cloudCanonical ensembleComputer animation
Transcript: English(auto-generated)
Hi everybody, so we're going to to talk again about privacy and I need to click So who am I so I'm not Aaron McSween which was the person that was supposed to come to the presentation and for
He's home with the flu. And so I'm Ludovic Dubost. So Aaron McSween is a full-time privacy engineer I'm I define myself more as an open source activist Aaron is our researcher at XWiki SIS. I'm his boss And and so Aaron is a full-time Cripad developer and slash product manager slash CTO
Depending so he likes to say it depends how how important he wants to present himself And so I'm more involved in the Cripad communication So I get involved in what Cripad actually does how we communicate about it do marketing or so how we finance it
Because I'm the CEO of XWiki. So we're 40 people at XWiki SIS that is getting its revenue most from building XWiki and in and we're doing full-time open source and so the challenge with open source is also how you Get to pay for it and how to get people to pay for it. I'm also an occasional Cripad contributor
So in Cripad the Kanban was my work actually very proud of it So Actually to try to make a bit the subject I want to talk a little bit about floss. So We all hear
users or Creators of floss software and actually when you look at floss and you try to understand why why do you do floss? Actually, there's one reason which is ethical reasons. So we we do we do floss or we get involved in in floss Because it's empowering users
And it's because it allows the software to be not only for the people that can pay for it and It's important importing the clients and have no lock-in now We also have business reasons and there is also interesting business reasons why companies or people do Floss is that it gives an edge over proprietary software. It gets more help from other people. So we get contribution
so it actually reduces the cost of Building it or making it known and an openness is actually a feature Also in what we do so you'll see a bit why we're coming there Why we're talking about this that if you look at the issue of privacy on the internet today
Which is more and more a big problem. So just explained before Why why privacy is important and if we're talking if we're starting to talk more about privacy because actually privacy is in danger and This the reason privacy, I mean why is privacy in danger is big because basically we're living in in surveillance capitalism
so on one side there is state surveillance But that that's actually one part of the issue around privacy that the states can can know are trying to know more and more about what we do and There's a lot of debate in some cases. We could say I don't care. I trust my state
So it's okay in some other cases. It creates serious democratic problems But there is also a problem of surveillance in the business world in the normal world in in a sense that basically most of the Internet's business is actually surveillance is actually based on advertisement that are based on what we do on the internet and actually when we think about it
For the people that are as old as I am We felt like Advertising on TV. It's it's ah, it's a pain. We get advertising all the time and We'll get every every hour
Advertisement so that we can watch the TV for free, but when we think about it on the internet, it's worse get advertisement everywhere While we're while we're actually reading the stuff we read on the internet and this advertisement Is based on method that are way worse than what we got on TV 20 years ago on TV
They they they study to try to know who is watching the show. Is it woman? Is it guys and we're gonna show advertisement based on that but on the internet They're actually showing other things based on who you are The individual that is in front of it and they're trying to know more and more because it makes more money Exactly who you are
But everything they want to know everything so that they can make the most money out of it and nobody's stopping them Except GDPR which is doing some some work today now the thing is is it is it evil actually Is it evil that we are in this world? Well, the thing is it's just market
A lot of what what my friend Tristan Ito works at quant and is doing a lot of talks about privacy. He says he says basically Google was supposed to be nice. We're not evil But in the end the the tracking they were doing was not that high but Facebook came in and
Doing more and more individual user tracking about who you are what you do, etc. They ended up being out Smarted in terms of competition and making money and they end up doing the same thing So it's actually the market the capitalism market is pushing all these companies to go further and further so what we're what we're trying to say in our own and me is that
The reason is that we've ignored business concerns we've ignored We've ignored the business aspects of why the software so and in the end we get only only software on the internet that is paid by advertisement and that's actually and so We get a lot of stuff for free
but in the end we I Mean the the thing is we forget that there needs to be a way to pay for it And this way today is Advertisement it's targeted advertising. This is creating this privacy problem. So and What we're trying to do at Cripad is okay. Is it possible actually to operate as a need-to-know basis?
Is it possible to say we'll try to do software that? doesn't doesn't look at everything you do so that's not operating on this model of working with advertisement and When we look at this well business technical so
business and So what we're looking at so Why what is the software we're proposing so we need to look at what type of product we're proposing So why do we have what do we have a software that's actually interesting the second thing is okay What what is what data are we are we capturing for people and then okay? What are the risks?
The business risks and the technical risk so if we don't collect the data Can we actually offer that product for free So if we're not getting getting ways to make money of the data well, how do we actually provide that software for free and
What are the consequences if the data is leaked so when we look at this so we do a? Cost benefit and analyze it so how difficult is it to implement something that's fully private is it actually technically possible to build something that's totally private, and how how would it work and
And will people actually be happy with it so Well, that's what we're trying to do with script pad, so we're trying not only to solve the technical problem of Privacy can we actually make a software that allows to protect users privacy
But we're also trying to solve the business issue around it So this is important this this this is why this talk is not only about a technical solution Around crepe and it's also about whether how do how can we as a community or can we as users? Do so that we get software
That is protecting our privacy and so what so what is script pad So our pitch is it's like at the pad But it's encrypted so who knows at the pad here Okay, good. Who knows script pad actually a few okay, so well at the pad or like you could also say like Google Docs
type at the same time But everything's encrypted So that's actually Interesting is it's not easy to do So it's already not easy to do a software where people are typing at the same time So the story of cripad actually is because we're trying to do that for its wiki
So for the X wiki software we needed we needed real-time editing, and we've done we work with researchers to do that That's the original story of cripad, so it's already not easy to do to have people typing at the same time well It's even harder when you say, okay, let's make so that the server doesn't know what we're doing and so this is
What it is so? to Mention one thing is in the open source world we use licenses to define how data is made public Well in the world of crip pad and and software for security
We're actually using cryptography to define how how? Data can be used in private so and This is a point where we differ a bit with cripad with next cloud next cloud is proposing as a solution for privacy Decentralization so we at the cripad we say yeah, the centralization is interesting is good
But actually we need to go one one step further if you put your server on a cloud Service you need to trust that cloud service that they're not going to look at your data And so we believe that if we want to really be sure That our data is safe. We need to use cryptography
Cryptography is key if we want privacy. We need to go the whole way to Encrypting the data, and so we're using cryptography To define how the data can be used So in the end what is cripad and I'll make a demo So it's actually much more than eta pad because it's a full range of
Collaborative tools it goes from rich text the rich text editor that goes further than then what you get in eta pad It's a full CK editor Editor that you have in cripad, but it's also a pad where you can do markdown or syntax highlighting of code
You can do slideshows. This is actually a cripad document stored on cripadfr You can encrypt you can store encrypted files Which themselves can be used in rich text or in presentations, so we have images in this presentation. They're stored as individually encrypted files in the cripad drive
We have a cripad drive inside that cripad drive We can do shared folders so you can make a folder in your drive that will be shared with other people We have whiteboards polls we have Kanban. We have a messaging between people and we're working on office We just released two days ago Spreadsheets inside cripad and I'll show that in in in the end
We're what we're trying to provide is strategies and technologies that ensure privacy, which can effectively Generalize across a wide variety of application domains. So we're not trying to just encrypt files or secure files. We're trying to Allow to build applications that are secure by design and private by design so that use encryption all the way and that's what is
in the cripad technology inside cripad, they're pretty advanced technology to to to secure documents that are modified in real time by multiple people and so potentially It can go very far in terms of what we can build on top of it
However, there's a lot of work because when you work privacy by design, you kind of have to rebuild everything from there So basically you cannot just adapt other software to become private private by design You have to actually have it in the core of the system that encryption is everywhere because it changes for the mentality
This is why for us it's wiki cripad. It's the same company, but with two different software. They they cannot really work together So, let me demo a bit oops So the best way to demo is to have two screens So here
First thing is a drive. So I have a drive with With folders, so this is my personal drive with a lot of folders. We can have files there. So I'll take up a spreadsheet document and I'll take it on this side to
up a Spreadsheet document here. Actually, it's a bit too long. Yeah Whoops it's not very well zoomed. And so here I can do up Actually 600
Yeah, you can see so I changed the number here My graph was changed in my spreadsheet in real time. It was sent to the other to the other client So actually the way it works is every time we do something in a pad There is a patch that is created encrypted on the client side The key never leaves the browser
The patch that is encrypted is sent to the cripad storage The storage will send it to all the other users that are part of the session and then the patch will be applied on The other client and the cripad algorithm will manage conflicts if there is changes on at the same time from both users There is a way to manage that in the algorithm. So this is our latest spreadsheet document
Then we can show here A document if people have Browsers, they can even join with that URL is that GD cripad for them if they want so you can have an image here
So for example, I can change The size of my image it will change on the other side. I can type here It will go on the other side. So you can see the different features we have here So we have the text code
Presentation polls can ban etc. So for example if I create the Kanban document It takes a little second to create it and then I can give the URL here to the other users up and Up and I can start editing the document like that
So the Kanban document is actually a JSON file So every time we make a change here it changes a JSON JSON model that is the JSON model is synchronized over the cripad system and And we can then apply it on the other side So cripad is actually quite extensible new new document types can be created. The only thing that is needed is
JavaScript JavaScript application so Cripad can only work with JavaScript modules. You need something that works only on JavaScript For example, there are JavaScript libraries that can edit mind maps. We can integrate mind maps in cripad
We want to integrate Kanban. We've used the JavaScript library Oh, it would have been nice to use WeCan which is a very well known actually well known open source Kanban system. The problem is everything is based on the server so you can't do it So basically the the requirement for integrating something in cripad is that it needs to be built client-side
It needs to have no server component Basically, the server is only doing is only doing storage is only storing encrypted data I'm finishing up Get back to the slides
So now what is the business aspect of cripad? So if we don't sell the data There is a question. How do we actually make the software so we could sell it Well, the thing is we want to do open source at XWiki and not cripad And the other thing is that if we believe that if you really want to do
Security software software that is secured you need to have it auditable So it needs to be shown to the world that the world can verify. There's a few things We haven't done in cripad. So cripadfr is a service run by us Everything on our servers is encrypted. The thing is how do you actually verify that? It's true
How do you actually as a user verify that we're not injecting code in the JavaScript? We're sending from cripadfr That would read the data on the client-side and then send it to us So the problem is that there is a few more steps to get to full privacy So right now if you want very good privacy
You take the code of cripad from github you install it on your own server. You know what you're running and You know that the data on that server is encrypted even if somebody is stealing that database Nothing he can do is it because the keys are on your client. You need to secure your client So there's a few things that so we believe that
Secure software needs to be open source. And now the thing is if it's open source, how do we sell it? We don't read the data. We don't sell advertisement on the data So what how do we do to sell it? So we we can do we're doing paying subscriptions So on cripadfr you can actually pay For an account that goes over 50 megs
We can sell into price support. We haven't started to do that. We can do research projects. We're doing that we're Candidating and so cripad is actually born out of research project that is financed by by France And we're looking at European fundings to continue to fund that and then there is crowd funding
So we actually have an open collective where where you can chip in and it's actually important for us So right now we're mostly we believe that in the next year We're going to mostly finance cripad through through the research projects And we also have people that are buying subscriptions because they actually go over the 50 megs and that cripadfr is an interesting service
Now the thing is if we really want to have enough money to pay for the actual Complexity of everything that needs to be built and like if we want to do everything that Google does On the Google App Suite, there is a huge amount of work And so before we can fund this with paying subscription
we will have we will have to have way more users than we have today and so We believe that we're going to finance this with research projects short term But actually crowdfunding and paid subscriptions are really important to us because they allow us to show to the people that are funding the research project that There's actually people interested in the software and that I believe that it's important that we get this type of software
Working so What what I want to point out and this is goes back to the business aspect of Software and privacy. Well if we don't want the world where everything is paid by advertisement And and and made with systems like Facebook. Well, we need to think
About paying the our software last slides you can try out what we do and And so try it out on cripadfr and you can also take the code from From github. This is our staff to show that there is a lot of people
Visiting what we do and here is our contacts if you want to talk to us