You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

65 lines
3.0 KiB

6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
  1. <p align="center">
  2. <img src="https://github.com/cjdelisle/cryptpad/raw/master/cryptofist.png" width="60%">
  3. </p>
  4. Unity is Strength - Collaboration is Key
  5. ![and_so_it_begins.png](https://github.com/cjdelisle/cryptpad/raw/master/and_so_it_begins.png "We are the 99%")
  6. CryptPad is the **zero knowledge** realtime collaborative editor.
  7. Encryption carried out in your web browser protects the data from the server, the cloud
  8. and the NSA. This project uses the [CKEditor] Visual Editor and the [ChainPad] realtime
  9. engine. The secret key is stored in the URL [fragment identifier] which is never sent to
  10. the server but is available to javascript so by sharing the URL, you give authorization
  11. to others who want to participate.
  12. To install:
  13. git clone <this repo>
  14. npm install
  15. npm install -g bower ## if necessary
  16. bower install
  17. ## copy config.js.dist to config.js and modify configuration (use your own mongodb instance)
  18. node ./server.js
  19. ## Security
  20. CryptPad is *private* not *anonymous*. Privacy protects your data, anonymity protects you.
  21. As such, it is possible for a collaborator on the pad to include some silly/ugly/nasty things
  22. in a CryptPad such as an image which reveals your IP address when your browser automatically
  23. loads it or a script which plays Rick Asleys's greatest hits. It is acceptable for anyone
  24. who does not have the key to be able to change anything in the pad or add anything, even the
  25. server.
  26. The server does have a certain power, it can send you evil javascript which does the wrong
  27. thing (leaks the key or the data back to the server or to someone else). This is however an
  28. [active attack] which makes it detectable. The NSA really hates doing these because they might
  29. get caught and laughed at and humiliated in front of the whole world (again). If you're making
  30. the NSA mad enough for them to use an active attack against you, Great Success Highfive, now take
  31. the battery out of your computer before it spawns Agent Smith.
  32. Still there are other low-lives in the world so using CryptPad over HTTPS is probably a good idea.
  33. ## Contributing
  34. We love Open Source and we love contribution. It is our intent to keep this project available
  35. under the AGPL license forever but in order to finance more development on this and other FOSS
  36. projects, we also wish to sell other licenses to this software. Before making a pull request,
  37. please read and
  38. [sign the Commons Management Agreement](https://www.clahub.com/agreements/cjdelisle/cryptpad).
  39. ### License
  40. This software is and will always be available under the GNU Affero General Public License as
  41. published by the Free Software Foundation, either version 3 of the License, or (at your option)
  42. any later version. If you wish to use this technology in a proprietary product, please contact
  43. sales@xwiki.com
  44. [ChainPad]: https://github.com/xwiki-contrib/chainpad
  45. [CKEditor]: http://ckeditor.com/
  46. [fragment identifier]: https://en.wikipedia.org/wiki/Fragment_identifier
  47. [active attack]: https://en.wikipedia.org/wiki/Attack_(computing)#Types_of_attacks