Allow owners to disable sharing

q9f

We are currently using Cryptpad intensively with a team and and have done so for the past 2-3 years. There are a couple of issues with sharing I would like to raise and propose some changes.

The main problem is the ability to generate shareable links the contain the key to access a file or directory. Once generated, you don't know where this link will end up and you completely give up the control of the data, even if you trust the people you share the data with.

On top of that, it's a recursive problem, because everyone who has your share link, can generate new share links from within your directory for any file. There is currently, to my knowledge no way to disable and prevent this.

However, we recently found out about the beauty of teams and access lists. They are exactly what teams need to more strictly control access to files and drives. W.r.t. teams I also have some UX feedback, but I will create a separate post on that. (Edit: Display team drives as directory in user drive)

Here are two ideas how to improve this situation drastically.

Allow owners/admins to disable sharing for a file or directory (and all containing files). Access can still be managed through teams, contacts, and lists.
(Preferred) Make "sharing" and "access" two mutually exclusive features that cannot be used at the same time, meaning if you create an access list, disable the sharing option for the file or directory (and all containing files).

Also, it's really crucial that parent access rights are strictly inherited by child items.

Please let me know what you think.

Thanks for considering it.

boredsquirrel

This.

I have had the exact same issue. I have made a survey, and sent a participant link to maaany people. Then I sent a view-only link too.

Then, because the "Audit" permission has strange wording, I accidentally sent many people a link with editing capabilities.

Nextcloud has a list of Links, which can be removed, changed afterwards etc.

Here, once you made a link, thats it. As OP said.

I dont know if such an implementation is possible, but it would be really important.

iser

As a workaround, you can hide the share button from the toolbar by customizing its css.
Sort of brute-force, as this of course means users can't use the share button at all.
They can, however, still use the share functionality from the context menu in their crypt drive.

From the cryptpad root folder:

mkdir -p customize/src/less2/include
cp customize.dist/src/less2/include/toolbar.less customize/src/less2/include/toolbar.less

then edit customize/src/less2/include/toolbar.less lika so (for 2024.9.0):

 997         .cp-toolbar-bottom-left > button,
 998         .cp-toolbar-bottom-left > span > button,
 999         .cp-toolbar-bottom-mid > button,
1000         .cp-toolbar-bottom-right > button,
1001         .cp-toolbar-bottom-right > span > button {
1002             background-color: @cp_toolbar-bottom-bg;
1003             color: @cp_toolbar-bottom-fg;
1004             &:hover {
1005                 background-color: fade(@cryptpad_text_col, 20%);
1006                 border-color: @cryptpad_text_col;
1007                 color: @cryptpad_text_col;
1008             }
1009             &.cp-toolbar-button-active {
1010                 background-color: @cp_toolbar-bg;
1011                 border-color: @cp_toolbar-fg;
1012                 color: @cp_toolbar-fg;
1013                 &:hover {
1014                     background-color: fade(@cryptpad_text_col, 20%);
1015                 }
1016             }
1017             /* ===== Start customization ===== */
1018             // Disable the 'share' button by not displaying it
1019             &.cp-toolar-share-button {
1020                 display: none;
1021             }
1022             /* ===== End customization  ===== */
1023         }

Idk if it's neccessary but i ran npm run install:components again after editing

AlexQ

Call to Action

I second this feature request. --> I hope other readers will do so, too.

Risk

IMHO link sharing (in its current basic form) is one of the top security risks of CryptPad. An evil user or an user mistake (accidential sharing) is one of the top probabilities of the possible threats. So the sophisticated cryptography and zero knowledge architecture won't protect this simple threat.

Addtionally it's hard to detect. I don't know of any logging / monitoring, so you can't know if a link is used, how often and from whom. It might be that admins (self host) can mitigate this with the CryptPad log level. But common users are helpless. Also such monitoring could be against the zero knowledge approach (e.g. IP logging).

(A simple monitoring help would be a counter in the GUI, how often a link (URL) was accessed.)

Solutions

AFAIK the CryptPad team plans an "unsharing" feature by generating a new shared secret and a new link and so excluding the unwanted users. This is what one would manually do by deleting the shared document, creating a new one and sharing it again. But it also seemed to be rather complex technically and AFAIK it's not planned yet, so this solution won't come anytime soon (AKA within the next 6-9 months).

So the low hanging fruit would be to make it possible to disable sharing at all as proposed by @q9f and tried by @iser .

This would mean:

make it a configurable option (because most users want sharing)
only useful to admins (self host) since any better solution would need significantly more time and I doubt the CryptPad team would invest this time, instead of working on the "unsharing" feature

Alternative

Since IMHO this concers primarily self host instances as justified another low hanging fruit would be hitns how to hack the code to disable sharing like @iser started.

Disclaimer:
Of course this is an open source project, so these are suggestions, not demands and my thanks go to the CryptPad team for the great work of the last years.

AlexQ

Alternative idea / hint [also for me 😃]:

block share links via HTTP server

basically this would mean that only logged in users can access documents
but would be possible without CryptPad team / feature request (= workaround)

I don't know, if this is possible, so wether the URL indicates the type of access. At first look it seems, that:

URLs of logged in users are: https://{domain.tld}/{type}/#/3/
shared links are: https://{domain.tld}/{type}/#/2/

So the "3" and "2" would indicate the type and so make filtering by HTTP rules possible.
--> Needs more samples and/or reading the CryptPad developers documentation.

AlexQ

Update (HTTP server blocking idea):

I can't find the exact meaning of the URLs in the developers guide. It explains, that the number is the "URL encoding version", but I find no info what "URL encoding version" is. See:

https://docs.cryptpad.org/en/dev_guide/database.html#understanding-document-urls

So:

URL of logged in users (???) = https://{domain.tld}/{type}/#/3/ --> URL encoding version 3
shared links (???) = https://{domain.tld}/{type}/#/2/ --> URL encoding version 2

That's it. I guess one needs to be a developer to further understand the "URL encoding version".

Options:

collect more URL samples
hope for help
read the code (unlikely)