• Introduction
• Introduction
• Using Etherpad
• Getting Started with Etherpad
• Taking Etherpad Further
• Etherpad, Security and Privacy
• More Resources
• Installing Etherpad

Etherpad, Security and Privacy

Etherpad is a tool for public collaboration. By default all pads are open to general users of the Internet. As such, it is not advisable to use this tool for information that you do not want to be in the public domain.

However, It is possible to install Etherpad so there is little information that can be gathered used to incriminate users. There are limits to this level of anonymity. It may be possible to check that you have connected to a website even if the contents of what you have read or written can not be detected.

Using Etherpad with HTTPS / SSL

It is possible to install Etherpad to encourage or even force users connecting to it to use HTTPS connections. There is more information on this in other guide like the FIrefox Manual. Very briefly, HTTPS connections encrypt the data your read and write between your computer and the server you are connecting go.

In the Firefox browser you can tell you are connected via HTTPS in the location bar. You will see https:// and a image of a lock.

IP address logging and automatically deleting unused pads

IP addresses are numbers which can identify you when you browse the Internet. When authorities track Internet use or take possession of Internet servers as part of investigations it is often these IP addresses which are used to incriminate Internet users.

It is possible to et up a server to not take a record of IP addresses. One way of doing this is if you are using an Apache webserver it to use the remove_ip module. ¹ 

Rather than leaving all data on the Internet you may choose to user a service that deletes data after a certain amount of time if it is not being used.

Password Protecting Etherpads

It is possible to place a password on Etherpad when it is installed. This may be something you could ask an Internet administrator to do for your project. If you have technical skills you can find out how to do this in the section on Installing Etherpad.

 

If you do use an Etherpad with password protection it is important to always use HTTPS to connect to it. As otherwise your password will be sent in an unencrypted way.

Do you know what you are doing?

As with many aspects of internet security, for very sensitive information it is best not to publish it to a webserver on the Internet at all. Before running a service and declaring it to be a secure tool is is good to get a good depth of knowledge on your subject.

Other suitable tools and services for more secure collaboration

If you choose not to use Etherpad as you collaboration tool due to privacy concerns or the lack of security admin skills to it up set up then there are others that may be available to you.

Crabgrass is web software and a service provided at http://we.riseup.net. It has become a trusted tool used by many grass roots activist.  

OwnCloud is a Free Software system that allows you . Versions until 4.5 featured the ability to encrypt your files.  

IRC (Internet Relay Chat) is a well tested way of chatting in real time with many people. It is possible to keep a log of your chats and have encrypted chats making it a good tool for quick collaboration on texts.  

Wikis can be password protected. However most wikis are not set up to be private or encrypted. One exception is Wiki on a Stick. ²

1. https://we.riseup.net/debian/apache^{^}
2. http://stickwiki.sourceforge.net^{^}