I have noticed an increase in groups using CryptPad for collaborative documents for reasons of more privacy and less dependence on/support of Google. These are great goals and I’m all for using it. It is possible to use tools like CryptPad in ways that don’t really enhance privacy, though, so I wanted to write up some suggestions.

The official CryptPad blog has a great post, “The Most Secure Way To Use CryptPad.” I definitely recommend reading that if you want a more complete picture and some explanation of the technology. I’ll quote some key parts from that and try to explain my suggestions without a lot of tech jargon.

What is End-to-End Encryption?

That blog post describes End-to-End Encryption (E2EE) in part with an analogy:

“...you distribute open locks (the public encryption key) to everyone and keep the (secret decryption) key to yourself. Then, if someone wants to send you a message, they put it in a box and close a lock on it. Thus, only you can open it while anyone can produce a locked box for you.”

— “The Most Secure Way To Use CryptPad”

Managing those encryption keys is usually the hardest part of using an E2EE system. The keys are based on complex math so they’re usually rather long bits of gibberish text that you need to keep safe on your computer. If you lose them, you can no longer unlock those boxes that were locked for you.

Revoking Access Can Be Tricky

If you are using the link-sharing method in CryptPad, it is handling some of that complexity by including the secret key directly in the link. This means that once the link is shared, access to the document cannot be revoked, short of destroying the document. Consider that the link could easily be shared beyond the intended recipients, even accidentally. I don’t recommend this method unless you are alright with the document being (or becoming) publicly available.

Password Protection and Document History

One option to make sharing more secure is to add a password to the document. That password should be shared through a secure method like CryptPad’s own contact system (see more below) or Signal (which is, itself, end-to-end encrypted). Email is not a secure method to share the password.

Document passwords can be changed, so it is possible to revoke access that way. However, when you change the password, CryptPad warns you that it will delete the document history. My recommendation is to make a copy of the document, share the copy with a new password, then destroy the original document.

When you share a document, the full edit history will be available as well:

“Note that CryptPad documents contain the full edit history by design. It is easily accessible to anyone from the user interface. If you made a manipulation error, such at past [sic] some text you didn’t want to share, while producing the document before sharing it, we recommend that you copy-paste the version you want to share for collaboration in a new pad before sending it to sanitize the history (it also helps to track changes afterward).”

— “The Most Secure Way To Use CryptPad”

CryptPad Accounts and Contacts

CryptPad’s own recommendation is to create an account and add contacts you want to collaborate with. Then each document can be shared with specific people/teams, without links ever leaving the encrypted platform. There are a couple important notes about CryptPad accounts:

1. Your username is not guaranteed to be unique
2. There is no “forgot my password” tool

The first point makes it a bit harder to add contacts. Instead of me telling you “Add gRegorLove on CryptPad,” I would need to link to you to my CryptPad profile page. If I am an internet rando to you, how do you actually know that profile is me and not someone else who happens to have the same username? The way to verify it is actually me is to have me confirm what my public key is, usually through another method of communication. Then you can use the “Copy Public Key” button on the profile and compare to make sure they match. You can see how this gets more complicated than a typical friend request on other apps, especially since the public key is mostly a bunch of gibberish.

Aside: I am experimenting with linking to both my CryptPad profile page and my public key from my Follow page. This means if you trust that gregorlove.com is actually run by me and has not been hacked, the claim that is my CryptPad profile can be verified pretty reliably.

The second point means that it is very important that you store your password securely and have backups. If you can’t remember it, you won’t be able to access any of your documents again. From that blog post:

“All security mechanisms are only as strong as your password is. If your password is easily guessable, attackers can get full access to all your data stored on CryptPad. We recommend you to either generate a random password using a password manager or to choose multiple words in case the password needs to be memorizable. Use this password only for CryptPad to avoid other services leaking it.”

— “The Most Secure Way To Use CryptPad”

More Reading

• CryptPad’s official User Guide
• Electronic Frontier Foundation’s (EFF) Surveillance Self-Defense Guide
• I mentioned Signal above briefly. EFF also has a guide for using Signal if you’d like to learn more.
• If you really want to get into the details of the cryptography, see their whitepaper: CryptPad: End-to-End Encrypted Collaboration Suite

What a long year January 2025 was.

Even if we expected destabilizing chaos and power grabs out of the gate from this president, actually experiencing the “shock and awe” of these past few weeks has been scary and exhausting. It can easily be overwhelming. That’s in large part the point of it all for these authoritarians. If we are in shock and overwhelm, we freeze. With enough chaos, things will slip through the cracks. The outrageous thing from 7 days ago may not seem “as bad” as the one from today. And thus things start to get normalized.

None of this is normal.

“It doesn’t have to be this way” — Andre Henry

I’ve not been immune to the overwhelm at times, but I have been trying hard to stay grounded in a few things. I want to cultivate a long-term mindset for myself and my community: to help protect each other, meet needs, preserve joy, and do it all in a more sustainable way so we don’t get burnt out. I firmly believe interdependence is a cornerstone of our fight against authoritarianism.

I keep coming back to what Leah said:

“Settler colonialism thrives on fear and separation. And so every time we have faith and every time we lean in for connection, we are resisting this system. So I wanted to remind us this because when we do our resistance in this way, in this generative way, it keeps our bodies safer, our community stronger, and it means we can keep it up for a lifetime.”

(Full quote in my November post)

I will not be finding joy or satisfaction when everyday people who voted for this are eventually hurt by it. I think that plays into the authoritarians’ hands. We everyday people are much closer to each other than we are to these authoritarians and oligarchs.

Some people have caused real harm and I’m not suggesting that should simply be swept under the rug in the name of “unity.” I do want to hold open paths for accountability, growth, and change, though.

I want to continue to lean in to mutual aid networks and learn more. I will finally read Let This Radicalize You which has been on my TBR list for too long... and just read more in general.

I started this post in early February to help me sort through the overwhelming feelings and only now as I’m wrapping it up do I realize it fits in perfectly with this month’s blog carnival topic, Affirmations. I am sure I will have more to write on all this, but February is already half gone and I figured this was a good starting point.

Ava started a Bear Blog question challenge this month and Kev adapted them to be a bit more generic. Several indieweb pals have posted their responses. I miss these kind of meta posts, so here are my responses:

1. Why did you start blogging in the first place?

I don’t remember the exact inspiration, but it was probably when I came across Blogger or maybe it was a Xanga blog. I had been tinkering with my GeoCities site since the late 90s, but that was more of a general collection of pages than a “weblog.”

In 1999, I decided to get this domain in part because I was coming around to the “gRegorLove” nickname that my friend Phil had given me. I thought it would be funny to set up a wife application (archived) on my own site. I also wanted to experiment with things like Blogger. I remember thinking it was so cool to be able to publish posts by FTP.

Sometime in 2000 I started posting more blog-type posts. It seemed so novel and was cool to be able to share text like that in my little corner of the web.

2. What platform are you using to manage your blog and why did you choose it?

I have been using the ProcessWire CMS/framework for almost ten years now. Before that I used Nucleus CMS for a long time. And before that I briefly experimented with B2evolution and Blogger.

I switched to ProcessWire because official development on Nucleus had stopped, unfortunately. I really enjoyed Nucleus’ extensibility and I made some of my first open source contributions there, but I wasn’t in a place to take on being one of the few remaining contributors.

I had used ProcessWire professionally for several sites and I really enjoyed its flexibility for building any type of site, not just a blog system that could be hacked into other types of things. ProcessWire is built entirely on custom fields and custom templates, so it allows a lot of creativity and not just a timeline of reverse chronological posts.

3. Have you blogged on other platforms before?

I posted on Xanga for quite a while. I think most of those posts still exist on my site, though. The phrase “Publish on your Own Site, Syndicate Elsewhere” (POSSE) didn’t exist then, but I definitely had the desire to keep the original posts on my site and cross-post them.

4. How do you write your posts? For example, in a local editing tool, or in a panel/dashboard that’s part of your blog?

Half the time I will write in the ProcessWire editor (like now). The other half of the time I will use Sublime Text or Obsidian. I have used Writemonkey in the past because I enjoyed the ability to type in full-screen with no distractions. It has optional typewriter sound effects, too, which was fun. I think my use of that mostly dropped off because ProcessWire has a decent visual editor.

5. When do you feel most inspired to write?

Whenever I see that the last post was a month or two ago? 😂 Though seriously, I updated my homepage to show the full content of the latest article for the first 45 days. After that, it changes to just the title + link under the “Other Recent Articles” heading. That can serve as a little visual nudge for me to write something if I notice that.

Inspirations vary. Sometimes I want to document everyday things for myself to look back on. Sometimes I want to put together various bits of information in one space and (hopefully) make it easier to digest, e.g. with some of my posts about health and safety. Sometimes I just want to vent.

6. Do you publish immediately after writing, or do you let it simmer a bit as a draft?

Most posts I am pretty casual about. I might let a draft sit overnight and re-read it to tweak some phrasing. My longer or more important (to me) posts will definitely be drafted and re-written over time, like “Four Years of Blank”.

7. What’s your favorite post on your blog?

Oof, this question is unfair. You saw that I’ve been posting for almost 25 years, right? 😂I think I might have to stretch the rules on this one and give some favorites in entirely arbitrary categories.

• Favorite look back/in-the-feels: “Ten Years On”
• Favorite short fiction: “Drabble: A Paradox”
• Favorite visual creative stuff: “Don’t Multitask with Fire”
• Favorite weird: “Top Five Worst Ways to Refer to Human Hair”

8. Any future plans for your blog? Maybe a redesign, a move to another platform, or adding a new feature?

I have thought several times that I should bring back and modernize the wife application. That was some good silly fun.

I have been pretty pleased with the design I’ve had since 2011. It’s definitely the longest period I’ve gone without a full redesign. I have added a lot of different types of posts since then, so the navigation probably needs some updates. I have made updates to the homepage to try to highlight some of those, like photos and notes. I don’t think I want the homepage to strictly be a reverse chronological feed of everything, though. Short notes would drown out the blog posts, so I still want to promote the blog posts by “pinning” them or something.

One of my favorite things about the design is the picture of me in the footer. That was taken in Chicago at Lake Michigan quite a while ago. Now that I live in California, I have thought about getting an updated version of that shot, but at the beach instead. I need to ask Al about that.

Bonus round: tag/nudge some other people to fill this out

This is my little addition to the prompts. If you blog, I’d love to read your responses as well. If you don’t, maybe this is a good time to start!

I’d like to nudge: Sheryl, Isha, Rachelskirts, and Tyler.