FLOSS Manuals

 English |  Español |  Français |  Italiano |  Português |  Русский |  Shqip

Etherpad

Etherpad, Security and Privacy

Etherpad is a tool for public collaboration. By default all pads are open to general users of the Internet. As such, it is not advisable to use this tool for information that you do not want to be in the public domain.

However, it is possible to install Etherpad so little information can be gathered which can be used to incriminate users. There are limits to this level of anonymity. It may be possible to check that you have connected to a website even if the contents of what you have read or written can not be detected. This chapter deals with these aspects and suggests different tools which may be useful to you.

User level security

Using Etherpad with HTTPS / SSL

It is possible to connect to Etherpad to using HTTPS connections. There is more information on HTTPS (also called SSL) in other guides like the FIrefox Manual. Very briefly, HTTPS connections encrypt the data between your computer and the website you are connecting to.

If this kind of digital 'eavesdropping' is a concern for you then choose an Etherpad where HTTPS is available. In the Firefox browser, you can tell you are connected via HTTPS in the location bar. If you are connected, you will see https:// and a image of a lock.

You can also investigate using other security and bypassing censorship techniques. Details of these tools can be found in similar guides on Bypassing Censorship and the Firefox browser.

Administrator level security

IP address logging and automatically deleting unused pads

IP addresses are numbers which can identify you when you browse the Internet. When authorities track Internet use or take possession of Internet servers as part of investigations, it is often these IP addresses which are used to incriminate Internet users.

It is possible to set up a server so that it does not make a record of IP addresses. One way of doing this if you are using an Apache webserver is to use the remove_ip module. 1 

Rather than leaving data hanging around on the Internet you may choose to use an Etherpad service that deletes data after a certain amount of time if it is not being used. This is true of the service at pad.riseup.net  which deletes pads after 30 days of inactivity.

Password Protecting Etherpads

It is possible to place a password on Etherpad when it is installed. This may be something you could ask an Internet administrator to do for your project. If you have technical skills you can find out how to do this in the section on Installing Etherpad.


 

If you do use an Etherpad with password protection, it is important to always use HTTPS to connect to it. Otherwise your password will be sent in an unencrypted way.

Other types of good practices

Do you know what you are doing?

As with many aspects of Internet security, for very sensitive information it is best not to publish it to a webserver on the Internet at all. Before running a service and declaring it to be a secure tool you should ensure you have  good depth of knowledge on your subject.

Choosing the right tool for the job

If you choose not to use Etherpad as you collaboration tool then there are other services and software that may be useful to you.

Crabgrass

Crabgrass is web software and a service provided at http://we.riseup.net. It is a tool used by many grass roots activists.

 

It provides a secure space to collaborate with your friends and colleagues by allowing you to create different spaces and use tools for collaborative writing, organising and decision making.

OwnCloud

OwnCloud is Free Software that provides an online storage area for data (cloud storage) for you. Versions until 4.5 featured the ability to encrypt your files.  

The system is mainly designed for the sharing of existing files but there are also simple tools for editing documents and it is possible to integrate Etherpad. There is also the ability to use shared calendars. You can download or find out more about OwnCloud at http://owncloud.org/.

IRC

IRC (Internet Relay Chat) is a well tested way of chatting in real time with many people. It is possible to keep a log of your chats and have encrypted chats making it a good tool for quick collaboration on texts.

There is more information about IRC and the different clients you can use here2 

Booktype

Booktype is a more advanced tool for collaborative writing, It has a focus on producing printed books or booklets. As such, there are many options for laying out images and text. 


It is possible to hide books from general users however Booktype has not been designed as a secure space for sensitive documents. You can try out, download or find out more information on Booktype at http://www.sourcefabric.org/en/booktype/

Wikis

Although most wikis are not designed to be private or encrypted, they can be password protected.

There are good tools in most wikis for keeping a track on edits that have been made and reversing destructive changes. For formatting wikis use something called "wiki markup" which can make wikis more tricky to use that other tools in this guide. This is especially true if you want to add images to your documents.

If you are interested in trying a more secure wiki tool, which allows for encrypted use, you can try Wiki on a Stick. 3

Encrypted Email and Attachments

While there are many advantages to using online collaboration tools not many of them have been designed to be very secure. To avoid this problem you may want to use more tried and tested ways of communicating securely. For example, it is possible encrypt emails using a technology called GPG. 

There is a manual on Encrypting Email 4  with GPG and the cross platform email client Thunderbird.

  1. https://we.riseup.net/debian/apache^
  2. https://techtoolsforactivism.org/content/instant-messaging^
  3. http://stickwiki.sourceforge.net^
  4. https://flossmanuals.net/thunderbird-workbook/^

There has been error in communication with Booktype server. Not sure right now where is the problem.

You should refresh this page.