| Based in | Iceland |
| Storage | 1-50 GB |
| Price | $6.00/mo. |
| Free Tier | Up to 1 GB |
| Website | CTemplar.com |
In 2019 we investigated CTemplar, a new secure email service that claimed to be, “The most secure & private email service in the world.” We called it a promising service that was worth trying out if you could get your hands on an invitation code. Now, we are revisiting the service for an updated and in-depth CTemplar review.
So let’s begin with the Pros and Cons of CTemplar that we identified in this review:
+ Pros
- Strong encryption standards (4096-bit RSA) with built-in support for end-to-end encrypted emails (using OpenPGPjs)
- 100% open source code
- Based in Iceland, with some of the strongest privacy laws in the world
- Passwords protected by “Zero Knowledge Password” technology
- Zero logs; IP address stripped from emails
- Anonymous signup options (no phone verification)
- Anonymous payment option using Monero
- Self-destructing emails and Dead Man’s Timer
- Can send encrypted emails to non-CTemplar users
- Custom email domains
- Desktop, mobile, and browser apps
- 2FA and anti-phishing support
- 14 day money-back guarantee
– Cons
- Email Subject line only encrypted in paid plans
- Above-average prices
- Metadata not encrypted (work in progress)
- No support for IMAP/SMTP and third-party email clients (work in progress)
First we will examine the features.
CTemplar features overview
CTemplar uses the proven encryption algorithms of OpenPGPjs to apply end-to-end (E2E) 4096-bit RSA encryption to your email and contacts. All data is encrypted in transit and at rest. The only place the data is decrypted is in your browser or email client. While their encryption is based on PGP, CTemplar offers paid subscribers the ability to encrypt the subject line of messages, a privacy-boost over the other leading PGP-based service, ProtonMail. This is important since hackers seem to be endlessly resourceful in getting into secure services, like this hacker selling email credentials of hundreds of C-level executives with Microsoft email accounts.
Additional interesting features of CTemplar include:
- The ability to sign up for the service anonymously, paying for your account with the Monero cryptocurrency. Pseudonymous payment using Bitcoin.
- Desktop clients for Windows, Mac OS, and Linux.
- Android and iOS mobile apps, with Google-free access to the Android App through F-Droid.
- Open source code.
- Premium accounts with a range of additional benefits.
- The ability to send encrypted emails to non-CTemplar users.
- Dark and Light themes.
CTemplar company history and funding sources
CTemplar is a product of Templar Software Systems Ltd, a Seychelles Limited Liability Company that was founded in 2017. The Seychelles is generally regarded as a privacy-friendly location, with a constitutionally guaranteed right to privacy, no mandatory data retention requirements, and an independent legal system.
CTemplar is a small organization that is completely self-funded and pledges never to accept corporate or government funding. This too should reduce the risk that they can be pressured into sharing data on their customers.
CTemplar servers and data security
Ctemplar stores all your data on servers in Iceland. Iceland has very strong privacy laws, perhaps among the best in the world. Beyond that, the country is not part of the 14 Eyes surveillance alliance, or the international data-sharing MLAT treaties. In other words, like the Seychelles, Iceland is a highly-rated country for online privacy and a good place for your data to be stored. We also see Trust.Zone VPN operating in this same jurisdiction.
This all looks excellent. But what would happen if some high-priced lawyer, or government bureaucrat were to pressure CTemplar to turn over your data? Here’s what the company has to say on the subject,
CTemplar will only comply with valid Icelandic court orders. When presented with a valid Icelandic court order, we will give them your content. Due to our zero access password technology, we do not know your password/passphrase so we are not able to decrypt your emails.
CTemplar technical specifications
CTemplar relies on the OpenPGPjs encryption library for the 4096-bit implementation of PGP they use to encrypt your email and contacts. They are in the process of implementing encrypted metadata as well, which will greatly increase your privacy when using their service. In addition, they use TLS to protect your data while in transit.
CTemplar hands-on testing
I used a free CTemplar account, along with F-Droid version of the Android app, for testing in this review.
Creating a free CTemplar account
You still need to enter an invitation code during the signup process for a free account. Here are three ways you can get one according to their website:
- Request a code from one of your CTemplar contacts who has a paid account
- Send a message to their team: invite-codes@ctemplar.com
- Contact them on social media
Note: Invitation codes are only needed if you want to signup for the free service. You can signup for any paid plan right away (no code required).
As part of the sign-up process, you can enter a recovery email address. With this, CTemplar can help you regain access to your account. If you don’t enter one and lose your login information, you will permanently lose access to the data in your account.
Note: Instead of entering a recovery email address, you can store your login info in a high-quality password manager like Bitwarden. You’ll find a full range of options in our review of the best password managers.
Signing in to CTemplar
To sign in to your encrypted CTemplar account, just go to their homepage, click the Login button, and enter your login credentials into the respective fields.
The look and feel of CTemplar
Here’s what the CTemplar email view looks like. Nothing fancy, just clean and easy to read.
On the left side of the CTemplar mailbox you’ll find a list of the predefined email folders, along with an Add Folder option for creating your own. As is common with privacy-oriented email services, CTemplar blocks remote content like images by default.
Note: If you are using the encrypted Subjects option, it can make viewing your mailbox clumsy. To get around this, you can decrypt all of the subjects of the current page by clicking on the lock icon.
Here’s the Contact view:
As you can see, the CTemplar interface is menu-based, rather than drag-and-drop. That is, you select one or more items by setting the checkboxes to the left of them, then selecting an option to act on them.
CTemplar doesn’t offer a lot of optional views for your email or contacts, but if you select the General tab in Settings you can switch between light and dark mode, as well as control how many email messages appear on a single page.
Interestingly, there is also an option to write custom CSS (Cascading Style Sheets) that changes how your mailbox appears. This isn’t a capability too many of us are equipped to take advantage of, but certainly opens up possibilities.
Clicking the Settings button in the top right of the window brings you to a large range of settings and other options, including filters, rules, whitelists, and blacklists. If you go to the Security tab in Settings, you’ll be able to adjust some unusual security settings. You have the ability to enable or disable:
- Subjects encryption – Encrypt the Subject line of messages. Only available with paid CTemplar accounts. While I would prefer that the Subject line was always encrypted, the ability to enable this is good motivation to upgrade to a paid plan.
- Contacts encryption – CTemplar doesn’t encrypt contacts by default. If you enable this option, CTemplar will encrypt your contacts for better privacy and security. However, when this is enabled, CTemplar can no longer suggest contacts when you are composing messages. Also, when this is enabled, it will be impossible to search contacts.
- Attachments encryption – CTemplar doesn’t encrypt attachments by default. If you enable this option, message attachments will be encrypted for better privacy and security. However, when this is enabled, CTemplar doesn’t support attachments in the body of a message. Among other things, that means images in the body of messages will automatically be extracted from the body of the message and converted to external attachments.
- Anti Phishing – I’ll let the CTemplar folks explain this one themselves, “The Anti-Phishing phrase allows users to link a custom word or phrase of your choice to your CTemplar account. Once set, if you ever log into your webmail and your Anti-Phishing phrase is either missing or incorrect, you may be the victim of phishing.”
Composing messages
The CTemplar default is to compose messages using an HTML editor in a small pop-up window. The editor has a good range of HTML options, along with some more exotic offerings:
- Encryption for non-CTemplar users – Requires sharing a password with the recipient through an alternate channel. When you send an encrytped message to a non-CTemplar recipient, the recipient receives an email with a link to the CTemplar web client. Once there, the recipient needs to enter the shared password to decrypt and read the message.
- Self Destruct Email (paid plans only) – Configure a message to automatically delete itself on a particular date and time. This only works if both you and the recipient are using CTemplar. You can’t make a message sent to a Gmail account (for example) self destruct.
- Delayed Delivery (paid plans only) – Specify the date and time to send the message.
- Dead Man Timer (paid plans only) – Create a message that will be sent only if you do not log into CTemplar for the specified amount of time. For example, you could use this to send an email containing the login information for your Bitcoin wallet to your children if you were to die or become incapacitated.
Searching for messages in CTemplar
CTemplar offers partial support for searching messages. You can search for email addresses and words or phrases in the Subject line of messages. As of now, May 2021, you cannot search the body of messages.
This is one place where CTemplar (and ProtonMail) fall behind another leading secure email service, Tutanota. Tutanota has been offering full-text search capabilities (searching the bodies of messages as well as the header information) since 2017. Tutanota creates an encrypted search index that is stored on your device.
The email search only needs to decrypt and search this index, rather than each individual message. I’m not going to claim I understand the nuances of the Tutanota approach. I will say that I have been using Tutanota for years and the search works pretty darn well. (See our Tutanota review here)
The CTemplar Mobile Apps
In March of this year CTemplar rolled out their mobile apps. They have an iOS app, along with a standard Android app and an Android app on F-Droid. Here’s what the CTemplar Android app looks like:
The app has 88 reviews in the Play store, with a rating of 3.6 stars out of 5.
Is CTemplar really secure?
CTemplar is more secure than the typical email service. After all, services like Gmail and Outlook.com read your messages to help them send targeted ads your way. That can’t happen with a secure email service like CTemplar, since they cannot decrypt your messages. The fact that your messages are end-to-end (E2E) encrypted is reassuring in the face of stories like this one from May 11, 2021. According to Ars Technica, ransomware crooks posted personal data about individual policemen that was stolen from off the Washington DC Metropolitan Police Department’s servers.
Even if hackers did somehow break into CTemplar’s servers, all they would see is encrypted gibberish instead of your personal data and messages.
That said, there are still aspects of your email and contacts that are not encrypted as of today. Things that are not encrypted by default in CTemplar’s design are:
- Subjects of messages
- Message attachments
- Contact data
If you have a paid plan, you can turn on all three of those types of encryption for extra security. But even with those turned on, the metadata related for your email messages remains unencrypted. This is supposed to be resolved in the future, but metadata is exposed right now. In addition, according to their Privacy Policy, the company may maintain a copy of your IP address for 7 days before automatically deleting it. You can maximize your CTemplar anonymity by using a good VPN service, to further encrypt your communications with the CTemplar servers and hide your real IP address.
This means you will need to look at your threat model and decide if CTemplar is secure enough for your purposes. Beyond the things we just discussed, here are a few additional CTemplar factors to consider:
- The CTemplar browser client relies on the JavaScript in the OpenPGPjs library for encryption and decryption. Many people consider the use of a browser and JavaScript for encryption/decryption to be less secure than using an app that resides on your device. If you are concerned, one thing you can do is connect to CTemplar using one of our recommended secure browsers. Even better, use the mobile apps whenever possible to avoid the whole JavaScript issue.
- CTemplar can be compelled by law to disclose information about their users. As of May 2021, their Transparency Report lists 19 requests for user information. None of those requests were accompanied by an Icelandic Court Order, and none of the requests were granted. This is excellent, but you need to realize that all email services must abide by local laws and CTemplar may need to respond to a valid request in the future.
CTemplar support
The route to CTemplar support is through their Help pages. These pages are useful, with almost 70 major entries, many of which include multiple sub-entries. I’ve found them to be very helpful, with the only issue being that it can be tough to find the specific topic you need.
When it comes to reaching the support team, there is a ticket-based system available. In addition, the company has a varied social media presence, including Facebook, Twitter, LinkedIn, and Reddit.
CTemplar cost and pricing plans
CTemplar offers one Free pricing plan, and four paid plans. As you might expect, as you go up through the plans (Prime -> Knight -> Marshall -> Champion) you gain more storage, the ability to send more messages per day, and additional features (including custom domain names). Default pricing is billed yearly; monthly billing is available for a higher price.
The Free plan is a great way to check out the service. If you don’t mind the lack of encrypted Subject lines, the Free plan, with its 1 GB of storage and 200 message a day limit, could be good enough to meet your needs without upgrading.
CTemplar alternatives
In my opinion, the two best alternatives to CTemplar are the secure email services I’ve mentioned several times throughout this review: ProtonMail and Tutanota. Both services have much bigger user bases (important for easily exchanging secure messages) and more features than CTemplar.
Two other email services you may want to consider are Posteo and Mailbox.org. But there are many others to consider as well. Our best secure email guide gives an overview of our top 12 picks.
CTemplar review conclusion
CTemplar is a solid secure email service that has been busy rounding out their offering during this COVID-plagued year. They are worth a test drive if you can swing a free version invitation code. That free version, with its 1 GB of storage, may be all you need.
As with most any other secure email provider, to give yourself the maximum security possible, I strongly urge you to connect to CTemplar through a good VPN with a secure browser.
You can learn more about CTemplar on their website here:
https://CTemplar.com/
And see these email reviews for other options:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
As of 11/18/2021 I can’t create a free account. The password checker keeps stating its requirements and even when I do follow them I can’t move on. I click the agreements and the hang up is an error in the UI. I tried other browsers and almost checked the source but just went with a different service.
Hi,
I’ve had the most horrible experience with ctemplar.
1/ their website has always been slow (others like Portonmail or Vivaldi are not with same configuration).
2/ I have tested them for few months so I never use them for serious emailing and I was very wise to do so!
3/ Very very very poor, incompetent or dishonest support
What happened?
I used ctemplar for 6 months sporadically. it wasn’t very quic but worked and had the appearance of ‘privacy’.
Two weeks ago, I tried to log in and I got a message that the account wasn’t recognize.
I contacted the support, gave them my ctemplar email adress and they replied that they were “victim of a DDOS attack” and that “now my account should be back”.
I tried again two days later and the account wasn’t back and this time I had a message mentionning impossible login because of a DDOS attack.
I contacted support and again, they replied that it should be back . But it wasn’t.
The third time I contacted them, they asked me again for my email adress, which is strange since it was in my original support ticket. I gave again my email and the history of our exchanges as they obviously didn’t eep it.
The next email I got was to tell me that my email didn’t exist.
After more than 6 months of use, they simply had no record of my email, my account, had obviously deleted it or have been victim of an attack (great for a so-called ‘safe’ provider) and now were saying that my account never existed.
As I have other things to do in life than wasting my time with incompetent and technically flawed provider who are not even able to follow through a support ticket, I sent them packing.
My advice: don’t make the same mistake, you create an account with them, then few months later it’s gone, they pretend it’s back and few days later they tell you it doesn’t exist…
Weirdos?
CTemplar introduced “Autocrypt”, very nice addition.
https://ctemplar.com/what-is-autocrypt-and-why-ctemplar-adopted-it/
CTemplar, the most expensive secure encrypted webmail, has undergone a catastrophic incident on July 2021 09 with complete data loss of all its client directory and all their emails.
[https://cyber-privacy.net/ctemplar-catastrophic-incident-with-complete-data-loss-july-2021/]
And it’s also announced here:
https://old.reddit.com/r/ctemplar/comments/oh3xj4/system_failure_issue/
It was far from all customers. I was never affected by the incident.
Hello,
as a result of your review I went ahead and created an account. Even got a more expensive tier for a year (for crypto).
There were a lot of bugs, which I reported on their support but they were utterly unhelpful. Things like “On your TOR node you can login, but it fails to resolve any data afterwards” they replied I should try to make sure my password was correct.. (login worked, their app just didn’t update).
So after support being unhelpful I went and created issues on the github (CTemplar / webclient) repo.
The level of maturity in the application is staggeringly low for at least my preferred workflows. See issues on their github webclient reported by me ( FP1996).
While there I also saw issue 1284, which states that if you remove a subdomain (which would happen if you go for a cheaper tier), all historical email will be deleted with it. Wow, what!?
Then a couple of days ago they had a bad software upgrade, all emails to many users bounced from around 16:00 till 10:00 the next day. People asked me why they got an email stating that my address no longer existed.
Ok, they fucked up. That happens. How did they handle that?
Well, I reported this to support in the evening and didn’t get a reply until 11 the next day when it was already fixed. In the mean time their status page simply reported all systems were Ok. But on reddit a bunch of people were complaining about this.
I added to this conversation and had both of my posts removed when I was critical about their lack of reporting of problems to their users.
Today you can not find any official message about a developer publishing an update at the end of the working day on the 29th of June 2021 and only the next day, shortly after office hours start, people being able to receive emails again. No indication it ever happened.
So my biggest problem with this company is that 100% of the emails going into their system will never be able to be migrated out of it. They have been promising IMAP for ages, not sure if that will ever happen.
This would be Ok if all your email would not become forever unavailable (encrypted and they delete the key) should you want to move on. They openly state that all that email will effectively be deleted if you remove a domain as that will delete the encryption-key.
The company leadership not being open about historical problems gives us a really incomplete view of what actually happens and makes trusting the company even less of a wise thing to do.
Stay far away, is my advice.
Like most users here, the email service is rigged with bugs. All my emails are now empty. I click on an email just to see a two lines like this:
———————-
———————-
Basically I lost my emails. Good thing I didn’t had anything in it. except some stupid spam newsletters.
Thanks for this review.
I’ve had CTemplar for about 2 months. 1st month I had the free version and it was ok until I was locked due to sending and receiving too many emails in one day. I contacted customer service using my Gmail. They said accounts get locked due to fraud/ breaking the TOS.
I paid for a Prime account which unlocked it and I was able to use it again.
I’m in the 2nd month of use. I open up the app on my phone. I see someone else’s CTemplar email in there. If I’m reading someone else’s email, then is a stranger reading mine?
I contact customer service twice from my Gmail. No response in 11 hours. This could be a deal breaker.
Is Tutanota better? Is Gmail better at this point?
See our guide on secure email services for other options.
This review led me to try the free version and try a one month paid option to try all features . I have found multiple bugs and most of which were already known to the support team . I rely on reviews to make an informed decision and I find this review lacking in detail and no mention of important bugs .
What bugs Kevin? The review reflects what Heinrich experienced.
Typeface too large on incoming mail iOS app from ctemplar
No spell check on web based version.
Unable to enter recipients email
Address in “to field” unless already in address book
Very very slow in iOS
Encryption on contacts option does not stay on
Most of these have been acknowledged as known issues
Hi,
I opened CTemplar+ Tutanota. the second month after CTemplar, as it had a lots of bugs, mostly by Android, I gave it a chance as CTemplar is new and in Iceland and didn’t care if it costs more……but as long as it works well……after 3-4 months of bugs(each time they asked me to fill a kind of file with full details and descriptions of the new bug..) I said enough and deleted my account.
When you ask the highest price in the market you can’t deliver a so pre mature product…..sorry….I’m not a part of your developrs team, CTemplar, after months I had enough…..stayed now only with Tatunota, will add second, maybe Mailfence ?!
What is it now? Seychelles or Iceland? If it has changed can you update it accordingly please otherwise it’s confusing. You have different information about the same company on your website. https://restoreprivacy.com/email/secure/
And pricing starts at $8 per month – according to their website.
Yeah it is confusing. At the bottom of the website we see:
©2020 Templar Software Systems Ltd., a Seychelles Limited Liability Company.
But then in the footer area we also find:
Send a letter
Orange Project ehf Armula
4&6 Reykjavik, 108
Iceland
So my guess is that the business operates under Seychelles with hosting in Iceland.
I’ve been using the free account for about three months. About the same time, I also signed up for a Tutanota account. Ctemplar has had a few bugs for me. Not sending emails for three days. Composed emails disappearing when hitting “send.” And I find the inbox very difficult to navigate when an email exchange has a lot of back and forths in the same conversation. This is all with the F-Droid app. I hope it improves.
Having used CTemplar for well over a year, I don’t have any complaints . I upgraded to the basic payment tier which is what £2 a week and I’m happy to pay this for more privacy (they don’t take donations). The admins are very responsive and also transparent on Reddit – very refreshing.
Hi Gillboots,
would you mind to share how “responsive” are those admins ?
i’m using a paid account, sent their support team emails for more than 24 hours and got no response at all.
Purchase of their subscription is shown in transaction history as “CTEMPLAR SECURE EMAIL MIDLAND USA.” What the hell USA is doing here?
Probably just a payment processor. I’ve seen this with offshore VPNs that needed a US payment processor.
Use the application for the cell phone, register there.
Desktop clients available.
@Sven,
The prices have gone up. It is now seven for the lowest and fifty for the highest.
Thanks for the update J.M.
Welcome.
I wanted to support them at first for being a “privacy driven” email service. I signed up for a paid service and they charged me for the monthly service only to have my account remain as “free” without the benefits of paying for said service. I emailed them several times only for them to disregard it as not important apparently. I even showed them a statement, per their request, showing the transaction(s). They simply ignored it and kept charging the account. I closed the email account and they are still charging the card 3 months later(12.00) a month. I finally had to cancel the debit card to stop the charges. At the very least, they are incompetent. At worst..well…
This review did not take account for the fact that the product is basically in alpha stage, still super buggy, and a work in progress. It also appears that all the info here has come straight off their public website, which doesn’t really mean anything.
The product should have actually been properly used, before writing a review like this
Heinrich is using CTemplar and has been testing it since before the review was even written. Don’t make assumptions when you don’t know what you are talking about.
Super buggy is something I cannot find having used their free account for more than a month now. If it is alpha or beta is not for me to comment. I was one of the guys translating the very first Windows for that Irish company of theirs and received all the alpha and beta from Microsoft up to Windows 2000. They were alpha and beta and super buggy.
26 June 2020 tried to subscribe and get only spinning icon circles. Tried again 27 June. Tried paid account signup, tried free account sign up. Tried with a vpn and without. Tried will all blocking disabled. Tried with two different browsers.
It is secure. You cannot get to it at all. Not even to subscribe.
Traceroute to Ctemplar :
Hop IP Address Host Name Country Time 1 Time 2 Time 3 Average Time Error TTL ASN Company Name
6 62.115.185.26 kbn-b2-link.telia.net European Union 26 ms 32 ms 30 ms 29 ms 250
7 62.115.123.178 kbn-bb3-link.telia.net European Union 39 ms 40 ms 40 ms 40 ms 244
8 62.115.114.93 ffm-bb1-link.telia.net European Union 38 ms 40 ms 38 ms 39 ms 246
9 62.115.120.207 ffm-b1-link.telia.net European Union 42 ms 92 ms 41 ms 58 ms 247
10 62.115.40.75 European Union 41 ms 42 ms 42 ms 42 ms 56
11 5.254.73.89 ams-eq6-01gw.voxility.net United Kingdom 40 ms 41 ms 40 ms 40 ms 58
12 5.254.112.197 lon-tel-01gw.voxility.net United Kingdom 45 ms 46 ms 49 ms 47 ms 57
13 5.254.107.85 lon-tel-01c.voxility.net United Kingdom 45 ms 52 ms 70 ms 56 ms 247
14 5.254.112.170 United Kingdom 45 ms 46 ms 52 ms 48 ms 244
15 82.221.168.228 Iceland 80 ms 81 ms 81 ms 81 ms 244
16 82.221.128.253 Iceland 83 ms 85 ms 117 ms 95 ms 243
17 82.221.128.7 Iceland 81 ms 79 ms 80 ms 80 ms 51
Can you do a criptext mail service review?
criptext mail homepage : https://www.criptext.com/
Thanks for this.
CTemplar looks great!
But it’s too expensive for me.
I’m sticking with tutanota with its cheap premium starter plan.
Things have slowed down enough I can take a few minutes to comment.
Thanks for the review here and in the ProtonMail.
I was locked out of my free account with this company but they were able to re-establish my email. I am not sure how that could be when they are supposedly locked down to a degree as Protonmail and Tutanota?
I do know that it required them deleting my profile and then allowing me to remake it. By that time I had decided to go with Protonmail’s paid plan.
In regard to MLAT treaty and Iceland, I know that they have turned zero info over. One thing not answered yet has been, has ProtonMail ever been served by an MLAT request?
They seem good but still new. Plus their prices are really high. I went to Visionary for my NPO and the discount is equivalent to their lower end plans but I get more to show.
They do a lot right but I want to wait and see how everything plays out first. Thanks for the review.
Dear Heinrich (and Sven),
Thank you so much for penning a review of CTemplar so soon after I (and apparently a good number of other similarly interested commenters) asked about it. You’ve covered all of the bases in the review, and while I knew most of what was outlined, having it in one place and rather expressly deconstructed makes it all the better. Like you mention several times, the service is too new to gauge its reputation, customer service capabilities, etc. but I am cautiously optimistic as to how things will turn out. Their background appears to be legitimate enough, and I’m no technology wizard, but their claims about SRI and zero-knowledge do stand up to casual scrutiny. I suppose I’ll consider myself lucky for snagging a free account some time ago, and watch with interest as to how the service develops. And I wasn’t aware they had an F-Droid app! That’s a major plus. Thank you again for the review; to Restore Privacy!
Anonymous
Heinrich,
Good review you’ve covered most I’ve researched.
Something I see new I can’t find anything on yet,
4. Built-In Kill Switch – We protect our users from malicious scripts by using SRI which makes CTemplar immune to Man-in-the-Middle attacks and it also make sure that even we can’t serve any malicious script from our server.
Your review stated about meta-data: it reads from CT that this protected should be in this down some. *CTemplar’s 4 Wall Protection…
Then…
Is there any way to now if this is just marking Hype, or is it real and actually user helpful?
-Does having open-source code eliminate this risk? No, because open-source code is just an act to encourage users’ trust. The audited code in GitHub might not be the same code that is sent to you from a companies private server. There is no assurance or promise that the code hosted is the same as the one is served.
-Currently, all end-to-end encrypted email services can hack their users and decrypt all of their data except us. We can provide this level of protection using an implementation of checksums that haven’t been used before. We are proudly the first “Zero Access” end-to-end encrypted email service that is not able to decrypt our own user’s emails.
-How Did We Solve This With Checksums?
Our checksum implementation allows our users to compare the code served to their browser with the code in GitHub within 15-30 seconds. Usually, comparing code can take hours or days. With checksums, you can do it in seconds.
-First, the file index.html starts the platform loading process and determines what is loaded, but when doing so, could pose a couple of risks:
-Someone/Something could modify the JavaScript files defined in the “index.html” making them harmful without the user’s knowledge.
Someone/Something could make “index.html” load more JavaScript files than what the authors intended, making the website harmful to the users without the user’s knowledge.
In any case, if anyone wants to manually verify if our “index.html” hasn’t been tampered and is the same as the one being served, we have a guide in GitHub.
-At the time of writing, our current checksum is:
SHA-256 checksum of “index.html”:
08f4cb9a1c9753a6963b56debb76c31ace97dbead25ccd2c93a1944e7a5ebed2
-The CTemplar Team
[https://ctemplar.com/ctemplar-checksum-implementation/]
Disclaimer: Checksums do not protect you from hacks from your browser, OS’s, plugins, mobile ISP providers, running process software, or the Intel Microprocessor hardware backdoor. We do not protect against keyloggers that may be installed on your computer.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CTemplar’s 4 Wall Protection
4 Wall Protection was defined by the CTemplar team with the goal of helping people review their privacy needs. Imagine that your privacy is a four-walled fortress. If a wall is missing, then an enemy can quickly get into your fortress. Therefore it’s vital that you make sure you receive adequate protection in the places that are important.
We feel CTemplar is the most secure email service because it has the strongest features. Here are the “4 Walls” we do best.
Wall 1: Metadata Protection:
We are the only secure email service that encrypts metadata.
Icelandic law protects us from deleting all logs of your metadata.
Wall 2: The Only “Zero Access” End-to-End Encryption: We offer 4096-bit end-to-end encryption.
“End-to-End Encryption” using javascript has flaws. The CTemplar team was the first to solve the flaws making our End-to-End encryption the very first “Zero Access” email platform.
Wall 3: Strongest Legal Protection: Iceland has no data retention laws that apply to webmail. When you press “delete” it’s instantly deleted.
Iceland legally allows us to offer total anonymity.
Iceland is outside the “14 Eyes” and has no US MLAT Treaties.
We require an Icelandic court order to turn over your data. If we turn over your data, it will only be encrypted information.
Wall 4: Company: We formed the company in Seychelles because it gives the maximum protection for company records in the world.
We do not record or list any of our user’s data for corporate reasons, and our Seychelles corporation legally allows this.
We are owned by those that built the site. No global corporations. No secret government sponsors
A service that offers end-to-end encryption is worthless if they can decrypt your emails and give them to anyone who asks. The strongest fortress in the world is not secure if a wall is missing or gate wide open. People desiring the highest level of protection should not buy discount services. Conversely, people that only require minimum security protection may not need the strongest protection.
Your privacy is your fortress, be sure you get the privacy protection that meets your needs.
The CTemplar Team
[https://ctemplar.com/ctemplars-4-wall-protection/]
Sven – Heinrich,
This tells why invite code needed, that might lead to being permanent.
https://ctemplar.com/email-creation-restriction/
Sven that comment – reply glitch is back right here. ○●○
some info :
https://www.reddit.com/r/ctemplar/comments/flh2hg/website_hosted_on_same_server_as_mail_server/