About Raft
Raft is a productivity web application for small groups, designed specially to address the need for secure collaboration for activist groups and civil society.
Current features:
- Encrypted personal and group workspaces.
- File management
- Familiar file management behavior, such as keyboard shortcuts, drag and drop, upload progress, etc.
- Never lose a keystroke: all editors securely store unsaved drafts.
- Fast, encrypted, full text search for contents of 90+ file types.
- Real-time collaborative editing of office documents using ONLYOFFICE.
- Real-time collaborative rich format editing of markdown documents using the Raft Editor.
- Collaborative task management with Kanban board.
- Events & calendars (work in progress).
- Sharable links: temporarily share files/folders, collaborative editing sessions, and other resources without requiring users to register accounts.
- Data sovereignty: Quickly download and restore a full archive of all files (more data types coming soon).
- More to come
| Application | Security | Search | Adaptability |
|---|---|---|---|
| Raft |
High
|
High
|
High
|
| Nextcloud |
Low
|
None
|
High
|
| Proton | Medium
|
Low
|
None
|
Security for Social Movements
Raft is designed to address the primary threats faced in the real world by social movement organizations when they use computers to internally collaborate and coordinate.
An organization trying to improve its digital security is faced with a confusing array of recommendations, decisions to make, and concepts to master. It does not need to be this way.
Raft eliminates all the confusion. By simply adopting Raft, your organization also adopts and enforces a very high level of information security. There are no settings to adjust to make your group secure, no best-practices policy to impose on users, and there are few ways that users can accidentally compromise the security of group information.
Authentication attacks
The vast majority of all data breaches can ultimately be traced back to vulnerabilities inherent in password-based log ins.
To address this, Raft requires a passkey or security key in order to log in. Most people find passkeys and security keys to be a smoother and faster process than password-based authentication once they are familiar with how it works. Most importantly, passkeys and security keys eliminate nearly all authentication attacks. For a longer discussion, see authentication.
Personal device attacks
Suppose you have an activist group with 100 members. There is no practical way to do enough security workshops so that the phones and laptops people rely on can be made resistant to targeted malware attacks or to routine forensic tools used by most law enforcement.
While it is commendable for an individual to spend the time to learn best practices when it comes to personal data security, it does not make sense from a social movement or organizational perspective to store a copy of sensitive information, or information that might be sensitive in the future, on the personal devices of everyone in the organization.
Raft addresses this by storing all data in the cloud and leaving no data footprint on the device used to access the web application.
Law enforcement requests
Recently, the large cloud providers such as Google and Microsoft have started to hand over sensitive information on users to US law enforcement without even a court order.
Raft protects against this in two ways:
- Open Source: Choose a provider you trust to have your back.
- Per-user Encryption at Rest: The provider is unable to access nearly any potentially sensitive stored data. This makes it much less likely that your data will fall into the wrong hands and makes it so that the provider cannot be forced to turn over data as a result of a court-ordered subpoena. For a longer discussion, see encryption.
Appropriate Technology
Raft is designed to be usable and adaptable.
Usability
The Raft experience is just like any normal web application, despite the strong data protection.
For example:
- User encryption keys are strong, random, and automatically managed using a passkey or security key. Security does not rest on the user being forced to generate a good password.
- Although stored encrypted in the database, Raft is still able to perform very fast full text searches, even for very large databases.
Raft is still in its very early stage and the user interface will continue to improve over time.
Adaptability
No application can be all things to all people. The goal with Raft is to allow individuals or small teams to build whatever workflows and tools are appropriate for the community they are working with.
- Plugins are easy to write: Raft is built using Ruby on Rails, a framework that is particularly well suited for rapid agile development and for small teams to create impressive applications.
- Plugin data is encrypted: With just a few lines of code, a plugin author can create custom data models that take advantage of Raft’s built-in encryption, without sacrificing speed, scalability, or full-text search functionality.
Limitations
- Hosted software: Raft is a web application that must be hosted on a server. Like most web applications these days, Raft relies on many dependent services and is not trivial to host.
- Needs user testing: Raft is not yet released for production use.
- Desktop first: Raft is currently designed primarily to be used on a desktop browser.
- Online-only: Raft requires an active internet connection and does not have an offline mode.
- Bugs happen: Data may be compromised if there is a fatal bug in the Raft application code.
- All software can be modified: A provider can potentially gain access to personal user data if they intentionally modify the Raft application code to add a back door and then wait for the user to log in.