Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] secure text collaboration platforms

Michael Rogers michael at
Wed Oct 3 05:10:28 PDT 2012

Hash: SHA1

Hi Sam,

On 03/10/12 10:25, Sam de Silva wrote:
> Can someone help me out - Is secure? I
> thought it was, but I can't seem to access it via SSL.

As far as I know, the pad software used by PiratePad and similar
services doesn't support SSL. It might be possible to combine the
software with stunnel ( to add SSL support, but I
haven't heard of anyone trying it.

> It'll also be really useful to know of 'piratepad' type platforms
> that are secure, and there's controls over deleting the
> collaborative pads/docs.

Etherpad Lite has an HTTP API that can be used to delete pads:

There's been some discussion about making the same functionality
available through a dashboard, but I don't think that's happened yet:

There are a couple of other security issues you might want to
consider. First, the pad server (and anyone who hacks into the server)
can read and modify any pad. No server is completely secure, so it's
worth considering whether the pad server you're using contains
valuable enough information to be worth someone's while to hack into.

Second, if you create a named pad with Etherpad Lite, anyone who can
guess the pad's name can access the pad. If you create an unnamed pad,
a name is generated using Javascript's Math.random() function, which
is not a strong source of randomness, so it might be possible for an
attacker to guess the random name and access the pad.

Version: GnuPG v1.4.10 (GNU/Linux)


More information about the liberationtech mailing list