CryptPad in 2022: an overview

19 Jan 2023 5 min read

As we stated at the end of 2021, the general plan for 2022 was to scale back the proportion of our budget which is covered by European research grants, and to focus more heavily on projects sponsored directly by clients, listing various support packages tailored for education, enterprises, and NGOs. We've also had in plan to implement stronger and more diverse authentication measures, offer better support for offline access, improve the accessibility in Open Source software as part of our yearly Roadmap and grow a bigger and stronger team in order to get more work done and improve the product.

Let's see what we have accomplished in 2022.  

Notable features, improvements & milestones that have happened so farEdit

Research projects

In January, we concluded the INTEROFFICE project which was sponsored by NGI DAPSI. We engineered a way to convert office documents in the browser, bringing the functionality that users expect without compromising on privacy. The DAPSI project administrators arranged a final event where all the projects they'd funded summarized their results in brief five-minute pitches. David Benqué, our design lead, managed to fit our most interesting results into this limited time span.

Bug Bounty program

Between mid-January till mid-March, we participated in a bug bounty program coordinated by Intigriti and sponsored by the European Commission, with independent security researchers probing CryptPad's code looking for issues that could negatively impact users. However, we've noticed that relatively few third-party instance administrators have applied security issues updates. Therefore, we shifted our strategy towards making CryptPad harder to configure incorrectly. We have made a number of changes that cause misconfigured instances to abort loading entirely, rather than proceed without the expected level of security.

New list of public instances on the project website

We launched the list back in April along with a set of criteria for administrators to meet to have their instances listed. Also, as of October 2022 CryptPad instances are available in 8 jurisdictions: Germany, Canada, Czech Republic, Netherlands, USA, Austria, Italy, and France.

New Features

Refreshed design

In CryptPad 5.0 (June 2022) we introduced a new, more modern, and minimalist design with rounded corners and simpler colors. Also, the instance home page is now easier to customize with a title, description, hosting location, etc.

Repeating events in Calendar

Starting with CryptPad 5.2, we now have repeating events in the Calendar with the following features:

  • Quick default patterns (daily, weekly, etc.);
  • Custom patterns;
  • Edit this, future, or all events (as you would expect).



Filter by document type in the drive

You can now filter documents by their type in the drive. This feature was developed by Maxime Cesson, our summer intern, and is now available on



In CryptPad 5.2.0 we've brought to life some of the most requested improvements to Forms:

  • Submit multiple times and/or edit and delete past responses;
  • Notifications for form owners;
  • Form authors can delete all responses;
  • JSON export.


Team drive

We've also included in the latest release onboarding improvements:

  • Invite links can now be used a set number of times instead of only once;
  • You can now set the initial role for links instead of inviting everyone as a viewer and promoting manually.

New blog design

This year we implemented a refreshed design for our blog. In addition to providing a clearer overview of recent posts, our blog now supports dark mode, gives us more control over the content of the RSS feed, and it is overall much easier to maintain than the previous setup. We are grateful to Eleventy for providing such a great and open-source static site generator!


Features for instance administrators

Throughout the year we have added features for instance administrators such as adding tests to the /checkup/ page, ensuring that security recommendations are correctly implemented. We have also made more aspects of an instance customizable from the admin panel and improved moderation tools.

Talks & conferences & press

On top of all the work done and constant improvements brought to CryptPad, the team has also taken part in various (virtual and physical) events and conferences.


  • FOSDEM 2022 - As per tradition, we started the year with FOSDEM, where our UI/UX designer, David Benqué, summarized our work on INTEROFFICE and how it allows for CryptPad to be vastly more interoperable while preserving end-to-end encryption;
  • Capitole du Libre - After two years of a break due to the pandemic, we can say that it was good to be back in Toulouse for this Open Source community-based event. We have also been thrilled to meet many individuals already using CryptPad either self-hosted or on;
  • Bitwarden Open Source Security Summit - Our colleague, David, did a quick presentation of CryptPad at the Open Source Security Summit 2022 organized by Bitwarden on the 8th of December. The individual speaker videos should be available on their YouTube channel in the following weeks.


Our hard work is being recognized and this couldn't make us happier. This year we've been featured in:

We were also happy to see the French national newspaper Le Monde use CryptPad to share the sources of an article. This enables their journalists in the field in Ukraine, as well as anyone accessing the content, to protect their privacy.

We stood up against #chatcontrol for end-to-end encryption and privacy

The office of the European Commission's' Directorate-General for Migration and Home Affairs announced in May 2022 new legislation, so-called #chatcontrol, which would mandate that online platforms scan user-generated content like text, images, and videos to detect instances of child sexual abuse materials (CSAM) and grooming behavior. We've extensively discussed the issues that such a law would mean for privacy and CryptPad on our blog and also offered various options for someone that wants to join those organizing to oppose this proposal on social media and beyond. Here's our list of articles and resources on what you can do.

Our team

The team has grown a lot this year, going from 3 to 6 and counting:

  • Maxime Cesson did an internship with us in June/July. He addressed a number of "junior friendly" issues as well as the not-so-junior document type filter for the drive;
  • Mathilde Grünig joined the team in August and started by bringing our support ticket backlog to inbox zero in her first week. Since then she has been leading our support and community efforts;
  • Theo von Arx joined us in October as a cryptography researcher. He is leading the Blueprints project, documenting the use of cryptography in CryptPad and paving the way for future developments;
  • Arnaud Laprévote joined XWiki in November to manage research projects across the company. As part of the CryptPad team, he is leading our business efforts such as selling managed CryptPad instances and other partnerships;
  • Wolfgang Ginolas joined the team at the start of 2023 as an R&D Engineer. Wolfgang has 14 years of experience in full-stack software development and he'll help tackle some important challenges such as OnlyOffice integration and many more.

Finally, after seven years on the team, Aaron MacSween will be stepping down from the project lead to be replaced by David Benqué.

New forum

We took advantage of the XWiki seminar hackathon we had in September to set up a new forum for CryptPad using Flarum. We hope this forum will act as the central place for feedback and discussion around CryptPad. At the moment we receive feature requests, bug reports, and other feedback through various channels:

  • Matrix chat - great for synchronous communication, not ideal for keeping track of ideas over time;
  • GitHub issues - great for developers, not ideal for people who don't write code;
  • Support tickets on - only visible by the sender and the instance admins;
  • Email, word of mouth, and anything else that gets lost if we don't write it down.

This forum is now the main place to submit feedback such as feature requests, ideas for improvements, and bug reports. It will allow the community to keep track of these discussions and contribute to them.

On a side note, we've also switched our communication from Twitter to Mastodon. Additionally, you can also find us on PeerTube and Pixelfed!

What to look forward to in 2023

We have some exciting new developments to look forward to this year, including funding for Single Sign On and multi-factor authentication as well as future-proofing the way we use cryptography.

As you can see, 2022 has been quite a full year and we're grateful for all the support received and all the suggested improvements and contributions. If you'd like to go a step further and support CryptPad and help its development and effort to take data privacy back, you can always make a donation on Open Collective or subscribe on

You may also be interested in: