Theo von Arx on the working experience at CryptPad

12 Apr 2023 5 min read

Theo joined our growing team six months ago with the scope of analyzing and documenting the security of Cryptpad. We are thankful for his contributions that will pave the way for future developments. The Cryptpad whitepaper is already published if you want to read it.

Before finishing his fixed-term contract and starting a new quest in life (Ph.D. program), we were curious to find out what his working experience was like and what lessons will he take with him.

in 5 things
  • Favorite artist: The photographer Nan Goldin after having seen the amazing movie "All the Beauty and the Bloodshed"
  • Best book ever read: "A Woman’s Battles and Transformations" by Louis Eduard
  • Dream destination: Scandinavia
  • Quote you live by: "Computers are useless. They can only give you answers." - Pablo Picasso
  • At the office or remote? At the office.

The working experience

How did you find out about CryptPad and what made you choose it to work for?

I discovered CryptPad during a university lecture where it was used to share questions and answers (COVID-19 times). A few months later, I used CryptPad to organize documents within a collective I'm part of.

After finishing my studies in Cyber Security, I wanted to gain some practical experience and also work abroad. I decided to contact companies that do security things that I considered ethical. Having their software released as open-source was obviously one important criterion.

What was your working experience like?

During the last 6 months, I worked on a fixed contract basis on Blueprints. I've applied my cryptography expertise to CryptPad to both document how it currently works and to pave the way for future developments.

I very much enjoyed the open spirit and the autonomy at XWiki. One thing I definitely liked was the possibility to choose my working tools (operator system and whatsoever) myself. Learning and understanding how CryptPad is built was difficult, but taught me how to deal with a large code base.

What did you find to be the most interesting and challenging tasks?

The most interesting task was definitely to shape the plan for a future version of CryptPad. While many problems look not too difficult at a first sight, many difficult challenges are hidden in the details. It was fun to discuss with other team members how we can solve them, and how we can find a good balance between security, usability, and performance. Another challenge was my talk at FOSDEM: I've never spoken in front of 150+ people before. Even though I was nervous, the overall experience was good and definitely a highlight of my time at CryptPad.


Theo together with the XWiki team on their way to FOSDEM 2023.

And what about integration into the environment? How easy, or difficult was it for you?

The people at the office definitely helped me to get integrated into the new environment, without them it would have been much more difficult! Another big plus was the four-day week once every two weeks that allowed me to flexibly take some days off and discover Paris.

Open-source impressions

Was open source something you had an interest in before CryptPad?

Yes, definitely! I used GNU/Linux and other open-source tools already for a few years. So it was definitely cool to also contribute to the code base of a larger open-source project.

What's the open-source value you identify with the most?

Empowering people: I think it is really important to allow people to host and modify the software they rely on. I felt the importance of this value on a daily basis as I worked on CryptPad.

People want to self-host a CryptPad instance to control the documents they are collaboratively working on. The impression got ever deeper at FOSDEM as we got to actually see and speak with people using CryptPad. Here, I definitely felt that we are not programming an isolated "product" to make money with, but contributing to a broader community.


Lessons learned

What would you say is the most valuable lesson you learned during your time at CryptPad, so far?

Coming with a more theoretical background, I quickly learned that there are many challenges and limitations coming from the user experience. And similarly, you cannot fix everything with cryptography; while we aim for the best-achievable security, there are a lot of other components. The code must be open-source so that people can self-host it and do not need to trust us for keeping the service alive. We also need to be in touch with the community over many different channels to not only hear their needs but also to inform them about potential problems.

In the end, there are so many human-related components and people that need to work closely together for such a project.

The CryptPad experience in one word

Finally, if you had to describe your CryptPad experience in one word, what would it be?


You may also be interested in: