(no title)

The problem I have, is that you say the word "vulnerability" for CryptPad when we never promised to protect you from a badly configured computer.

If there is a vulnerability, it's unsecured browser syncing which would be exposing your browsing history to Google. Google Docs has anonymous links which are in that history too.

BTW I could not find any info about browser companies exposing the synced browser history. As far as I know It's encrypted on Chrome and Firefox. But maybe I'm wrong as I believe if people want to be sure why would they use browser sync ?

Note that in addition to passwords there are also Access configs where the server can block access to documents to specific users. This is an additional security which mitigates the issue of links that would be opened on a bad browser. Sharing links through CryptPad as also the recommended way to never have URLs opened by your browser.

When I mentioned PR, you could also fork and run your server with higher security settings.

If a team does not respond to your vision, you can indeed bitch about that team, or you can come and give more proof of your vision. Documentation also help ? Why not document that browser syncing would be risky for activists ?

So take this as a call to be constructive. Make a github issue and propose something that helps. Maybe indeed add a message and a link to more documentation about good and bad ways to use shared links.

About "> empower laypeople to collaborate on documents with reasonable confidence that nation-state actors won't be able to passively surveil those documents", did you read our white paper ?

Ludovic