Today we had a chance to speak with Ludovic Dubost. Ludovic is the creator of XWiki and the Founder and CEO of XWiki SAS, who’s company has also created the CryptPad project. We discussed how Ludovic’s career developed, how he envisions the future of the tech industry, and we also discussed the level of cybersecurity awareness among the industry.
Please describe the story behind your company: What sparked the idea, and how has it evolved so far?
In 2003, as I left my previous company, an audience measurement startup, where I was CTO, I wanted to create something new.
I had been always interested in web and intranet software from my time at Netscape as a Consultant. As I had discovered and implemented a Wiki and was amazed how it changed collaboration and information sharing for my team, I decided to create a Wiki engine based on what I had learned as a user.
The wiki engine I was using at the time (Twiki or FOSWiki since it was forked since then), was lacking the capacity to structure data and I felt it had technical implementation weaknesses. After 6 month of work on my own I had the first version that I published as Open Source and created a free wiki service online. XWiki was born.
I then started to make it known, get users to install it and advertised it’s extension capabilities to build collaborative web sites on top of it. I got my first service clients which allowed me to make revenue and fund improving the software.
This was 16 years ago and since then we became a 40 people company, with more than 7000 companies using XWiki, 400+ customers or all sizes. Our XWiki platform is used internally by Amazon, who funded some development, is available for self-hosting and also as a cloud service.
Finally as part of research projects, we have started a new software CryptPad, aiming to allow end-to-end encrypted real time document editing. In 2016 we launched a prototype online and in 2018 we decided to continue the project and launch the cryptpad.fr service. It now has 50000 weekly users and more than a million pads open per month. Since it’s an Open Source project, there are also almost 600 other instances in use.
How do you envision the future of your industry?
I’m quite worried about the evolution of the technology industry. Tech companies are becoming way to powerful both on the economy in general but also in our personal lives:
- services are more and more becoming cloud based and companies and users have lost control of their data
- one of the key business drivers is the “data economy” with very little respect of personal data
- the large players are controlling more and more of the cloud infrastructure, the software running the devices and the main services
- additionally none of them are European which is creating a specific sovereignty issue for Europe
When I started working with Internet technologies in 1995, coming out of school, I did it because I was amazed how the Internet could bring people together and empower individuals. Technology is amazing when it allows you to communicate with your loved ones around the world or when it allows a small business to sell its product anywhere. It’s however very worrying when it is used to manipulate people for commercial interest or even worse to manipulate elections. It is also worrying when the power of how things work is concentrated is a very small number of (unelected) actors.
Incidentally, the fact that ‘Europe’ is in the camp of “losers” in the current way the technology works, might be what could help fix the problem. Europe came up with the GDPR which is a first step at regulating the data economy. From my point of view it’s a first step as it’s not enforced and therefore not effective. I hope it will be reinforced in the future and we can really decide not to be tracked. There are many other actions necessary from the regulatory standpoint, such as standard & interoperability, but also favoring alternative approaches such as decentralization and open source.
So I fear our industry will either evolve highly centralized with a few actors controlling our digital work, or it will evolve towards a decentralized approach where we can control the digital services with use. I hope Open Source would be more prevailing as a way to be able to audit technologies and to increase competition, but I don’t bet on it given the level of lobbying of the business and financial world.
Which trends and technologies do you find to be particularly intriguing these days?
I find the decentralization technologies highly interesting. Not as much cryptocurrencies and blockchain technologies, than decentralized communication protocols such as ActivityPub. The first decentralized tools based on it are growing such as Mastodon or PeerTube. Matrix/Element is also a very interesting software which allows us to connect chat servers.
Then of course, I’m leaning even more towards end-to-end encryption, as we have the CryptPad project built on this. If it’s impossible to trust or regulate actors to handle our data safely and privately without making use of it for their own benefit, then the solution we need as users, is technologies which make it impossible for actors to make use of our data. With CryptPad we saw an opportunity to build an alternative that users can believe in and support. End-to-end encryption is gaining ground, with softwares like Signal or Matrix supporting it for Chat, ProtonMail or Tutanota for mail. Jitsi is starting to support it for video-conferencing.
I’m also intrigued by operating systems like QubesOS or ClipOS which implements compartmentalization of different work spaces. As we are forced to use software we cannot control, at least we can enclave these in a specific workspace and keep other workspaces for the software we do trust !
How has COVID impacted your customers and business?
It’s still unclear how COVID will impact our business. When Europe was confined in the spring, it clearly slowed down our projects with our customers as we are working on custom projects with customers that were not ready for remote working. At the same time we saw more demand for our ready to use solutions. Generally I believe COVID will have increased the need for customers to improve their collaboration tools and we will see more demand. But this will have to be balanced with the post-COVID effect on the economy when we’ll see the full effects of the global recession caused by COVID. On the life impacts, I feel lucky that we were able to go full remote and allow our employees to be as safe as possible.
This is why we decided to increase the free storage side of our CryptPad service (from 50Mb to 1Gb), which quadrupled usage in 2 weeks at the time of confinement. We saw that CryptPad is being highly used by the education sector, in particular in Germany. During the first month of confinement our team has been working very hard to scale our software and infrastructure to receive more users. We also saw a surge of CryptPad installations.
Would you say there is enough awareness of cybersecurity among the industry and the people you work with?
I believe the technology providers are aware of cybersecurity. The biggest issue for the industry is that “business” always wins when providers have to choose between security and revenue.
Now the biggest problem, from my point of view is the end-user awareness, whether it is for personal or business use. When users have to choose between “done right/secure” and “more features/ease of use” they almost always choose “more features/ease of use”. Even educated users feel helpless. In order to communicate with clients, I personally have 5 video conferencing apps installed on my computer which are asking for system rights. This is why I plan to move to QubesOS with a new computer I just ordered.
With CryptPad we are trying to keep things simple and easy to use while increasing the security level. We believe that many users of CryptPad don’t even know it’s an end-to-end encrypted system. We hope that if the tool is easy enough, then educated users will want to recommend it to their friends as an alternative to the big guys’ solutions, even if it can’t do it all.
I think we’ve covered all of my questions but if you have anything else that you want to point out or highlight, please go ahead.
One thing I would like to add to your readers, is the importance to finance Open Source and Free Software. For open source to be more than a hobby for developers, it is necessary to fund its development. Open Source is too much being adopted for its “price” being zero and not for the other benefits (you can reuse, modify, redistribute).
In a business setting, we need to look at the sustainability of the Open Source solution that is chosen, and participate in its funding. For XWiki we have been communicating more and this and setup methods to encourage our customers to have long term relationships with us. We also decided to sell extensions, which code is fully Open Source, but sold in our App Store.
When working in a personal setting, if we want to get rid of the advertisement business and if we want them to be OpenSource and auditable, we need to realize that we will need to fund the alternatives, by buying subscriptions to ethical services or donate to Open source projects. On the donation side, OpenCollective (opencollective.com/) in my view is providing a very interesting approach to raise donations and encourage developers to be transparent on how they use the money. For CryptPad, we have decided to have a collective (opencollective.com/cryptpad) and publish information of how the project is funded and how we spend the money.