Warranty Canary: No law enforcement agencies have been here. Watch for this statement’s removal or change. (What is a Warrant Canary?)
Zero censorship policy. We do not censor harmful or revealing content about our company. We will publish all negative articles written about us HERE with the writer/researcher’s name, unedited, and any response.
Password Protection: Our users’ passwords are hashed and salted, so we do not know your password, and there is no way for us to reverse the hash/salt process to uncover a user’s password.
Private Key Protection: Your private key is stored on our server. We do not know your password/passphrase, so we can not decrypt your messages. We encourage a strong password. Your password is your passphrase. Currently, we are working on a downloadable version, so users have complete control of their private key.
Company Transparency: We will provide our Seychelles company incorporation documents and ownership information to media outlets, to demonstrate that we are not owned by any government or corporation. This will be issued under a non-disclosure agreement. Please email firstname.lastname@example.org for more information.
Encryption Guarantee / Checksums: We guarantee “Zero-Access” to our user’s data. We make this statement because we support our users performing checksums to monitor our code. An explanation of how it works regarding our website is here.
Stronger Email Solutions: Although our work on checksums is a step in the right direction, there are more robust email solutions available. For a stronger email solution, we suggest you visit Whonix’s email page here.
Release History: Our release history summary can be viewed on GitHub.
Governed by Icelandic Law: Icelandic privacy laws are the strongest in the world. We only acknowledge legal requests that come from Icelandic courts. We will cooperate without Icelandic court orders in matters regarding sexual abuse of children and terrorism.
Other Legal: If an Icelandic court order is issued, we will provide the encrypted mail contents and all other metadata in our possession of the offending user(s). We will provide users with options to encrypt metadata at a later time. We do not record IP addresses at any time. For the protection of our community, we avoided hosting our services in jurisdictions that require a backdoor into the user’s data.
User Data Access Requests
7 Requests for Users Data
0 Icelandic Court Orders Issued
0 Requests Granted
Disclaimer: We do not protect users against malicious code delivered from browsers, OS’s, plugins, mobile ISP providers, running process software, or the AMD/Intel Microprocessor hardware backdoor. We do not protect users from keyloggers that may be installed on their computers.
The CTemplar whitepaper can be found by clicking this link.
We make a pledge to our community that we will not use censorship to hide negative press about our company. Instead, we will publish negative or unedited articles about our company on this page with credit to the author/researcher. If you do not see an article that you feel should be here please email “Media@ctemplar.com” to have it added.
1. Digdeeper.Neocities.org Negative Review
We contacted the author of the website with this information and we hope he will make adjustments based on our updates & clarifications. If he chooses not to make any adjustments, or if he finds more negative things about our service, we will have no negative feelings toward him.
The CTemplar Team
CTemplar’s 4 Wall Protection
4 Wall Protection was defined by the CTemplar team with the goal of helping people review their privacy needs. Imagine that your privacy is a four-walled fortress. If a wall is missing, then an enemy can quickly get into your fortress. Therefore it’s vital that you make sure you receive adequate protection in the places that are important.
We feel CTemplar is the most secure email service because it has the strongest features. Here are the “4 Walls” we do best.
- Wall 1: Metadata Protection:
- We are the only secure email service that encrypts metadata.
- Icelandic law protects us from deleting all logs of your metadata.
- Wall 2: The Only “Zero Access” End-to-End Encryption: We offer 4096-bit end-to-end encryption.
- Wall 3: Strongest Legal Protection: Iceland has no data retention laws that apply to webmail. When you press “delete” it’s instantly deleted.
- Iceland legally allows us to offer total anonymity.
- Iceland is outside the “14 Eyes” and has no US MLAT Treaties.
- We require an Icelandic court order to turn over your data. If we turn over your data, it will only be encrypted information.
- Wall 4: Company: We formed the company in Seychelles because it gives the maximum protection for company records in the world.
- We do not record or list any of our user’s data for corporate reasons, and our Seychelles corporation legally allows this.
- We are owned by those that built the site. No global corporations. No secret government sponsors
A service that offers end-to-end encryption is worthless if they can decrypt your emails and give them to anyone who asks. The strongest fortress in the world is not secure if a wall is missing or gate wide open. People desiring the highest level of protection should not buy discount services. Conversely, people that only require minimum security protection may not need the strongest protection.
Your privacy is your fortress, be sure you get the privacy protection that meets your needs.
The CTemplar Team
Privacy as Seen Through Fourteen Eyes
The history of citizen surveillance boils down to one simple theory: The more eyes you have watching citizens both friend and foe, the easier it is for governments to maintain peace and order.
The first two countries in the world to recognize and implement this method of collaborative surveillance were the U.S. and U.K., who officially enacted a secret treaty between themselves in the 1940’s known as the UKUSA Agreement.
This intelligence-gathering pact was established to bolster each country’s individual strength through shared surveillance of other nations around the world.
The Creation of Five Eyes
Within a few years, they extended this accord to include Canada, Australia, and New Zealand. This group became known as the Five Eyes (FVEY).
During this time, member countries realized that, while there would surely be an outcry if they surveilled their own citizens, other FVEY countries could do their homeland surveillance for them.
And so, a system intended to gather intelligence during wartime was eventually applied to billions of private communications worldwide, essentially becoming one of the most comprehensive known espionage alliances in history.
Five Eyes Grows to Nine, Then Fourteen
It soon became clear that having an international coalition of eyes wasn’t such a bad thing. As a result, the FVEY were joined by Denmark, France, Holland, and Norway to create the Nine Eyes (9EY).
But the UKUSA agreement still had plenty of territories left to cover—namely a need for more exchange of military intelligence—and the agreement was later extended to Germany, Belgium, Italy, Sweden, and Spain as well, establishing an official network of collaborating countries called the Fourteen Eyes (14EY).
The Snowden Leak
For decades, citizens were unaware of the level of surveillance that was taking place via FVEY; it reached incredible levels, which may explain why the group kept growing.
FVEY’s interests evolved from military and diplomatic to become what Edward Snowden said after his groundbreaking 2013 intelligence leak, a “supra-national intelligence organization that doesn’t answer to the known laws of its own countries.”
After the Snowden leak, it became clear the FVEY had been spying on its citizens and sharing their findings to avoid the restrictive domestic regulations on surveillance.
What 14EY Means for Your Business
When fourteen watchful eyes are aimed at your business, there’s little that can go by unnoticed or recorded, which is precisely why you should fully understand how their laws can affect your privacy.
The regulations this group has created and/or circumvented can quickly and easily compromise any piece of sensitive information you transmit.
Simply put, you can’t find complete digital privacy in any 14EY country, no matter what they say. The strength of the laws in 14EY countries can, in many cases, completely overpower any would-be legal discussion of who has a right to your data—they take your information, plain and simple.
A Real-Life Example: The National Security Letter
The United States is home to an investigative tool, like a subpoena, known as a national security letter (NSL).
An NSL gives federal agencies such as the FBI the ability to take any information, from any company, at any moment, using the ongoing justification of national security. This means it doesn’t matter what your service’s privacy statement is.
When a 14EY government steps in with an NSL, they do not need a judge’s approval—they just do it. They are fully authorized to seek any information they deem “relevant” to national security, a right only strengthened by the start of the global war on terror in 2001.
Backers of 14EY may argue that governments don’t have the ability to read the text of an email. While that is true, governments can acquire the information they need without ever reading one.
When the U.S. government learned Edward Snowden had used the email service known as Lavabit to contact lawyers and activists, the Stored Communications Act allowed them to demand his metadata in addition to the private SSL keys of all Lavabit customers.
Of course, the company had no choice but to comply, suspending all operations without much in the way of explanation, primarily because the company was placed under a legal gag order preventing them from saying a word to anyone.
The lesson here is clear. “Privacy” is relative in 14EY countries. That’s why we built Ctemplar.
Digital security is extremely hard to implement on your own. We’ve built a service you can trust and keep the eyes off your important information. Please review our credentials and configuration to see the advantages of Ctemplar.
CTemplar Recognizes Protonmail’s OpenPGPjs Maintenance
Edward Snowden stated: “Encryption, is the single best hope for fighting surveillance of any kind. If all our data, including our communications, were enciphered in this fashion, from end to end…then no government—no entity conceivable under our current knowledge of physics, for that matter—would be able to understand them.”
OpenPGPjs is a method of encrypting email content which is ‘battle tested’, independently audited and extensively peer reviewed. On behalf of the CTemplar community, we wish to thank OpenPGPjs’s old maintainer Tankred Hase and their current maintainer ProtonMail. Their work maintaining the OpenPGPjs code impacts everyone committed to internet privacy and security. Tankred Hase and Protonmail apply significant time & resources to maintain OpenPGPjs and then they make it freely available to everyone to utilize. CTemplar uses OpenPGPjs to encrypt emails and we are grateful for their contributions.
CTemplar offers a niche email service for people seeking a specific set of security & protection. We hope and believe we can exist with Protonmail in this ecosystem as friends and not enemies. We encourage all our current and potential users to check out Protonmail‘s email service. If you choose to use our service we hope you are making an informed decision after reviewing all the facts. We published a comparison table so people can compare Protonmail vs CTemplar’s security specs. This comparison does not take into account that they have been in service for more years than we have. We identified this strength and others in the footnotes of the comparison table.
The CTemplar Team
How does encryption work in CTemplar?
CTemplar uses OpenPGP for end-to-end encryption of emails. It is the most widely used email encryption standard. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard in RFC 4880. OpenPGP was originally derived from the PGP software, created by Phil Zimmermann.
Generation of Keys :
When a user signs up on CTemplar, its RSA private and public keys are generated using the user password as the passphrase of the private key. These keys are stored on the CTemplar server and retrieved on successful login by the user. The private key is encrypted using the user’s account password, and the user password is never sent to the server in plain form. It is hashed using a salt from the user’s username. Therefore the hash can’t be used to get the actual password. This way, only the user knows the actual password, which is required to decrypt the emails, so even CTemplar is unable to see into its user’s email content.
Encryption/Decryption of Messages:
Messages are encrypted using 4096-bit encryption under the OpenPGP standard protocol on the client-side. The message is encrypted using the recipient’s public keys and then sent to the server.
- If all the recipients are CTemplar users, then the public keys of all the recipients are retrieved from the server, and the message is encrypted using those public keys along with the user’s public key. Then the encrypted message is sent to the server. The recipients receive the encrypted message, and they use their private key to decrypt that message, only the recipients of that message can decrypt it.
- If recipients include CTemplar and Non-CTemplar users, then the message is sent to the server in plain text, the server encrypts the message for CTemplar users and sends the plain message to Non-CTemplar users.
- If recipients are only Non-CTemplar, then the message is sent to the server in plain text, the server encrypts the message for the user itself, store it, and then send the plain text to non-CTemplar users.
- If the recipients are non-CTemplar and the user wants to send an encrypted message to a non-CTemplar, then they can set an encryption password and a hint for that. The new public/private RSA keys will be generated, and the private key will be protected using the password, user-provided, and the message will be encrypted using the new public key. The recipients will receive an email with a link. When the user opens that link, they will be redirected to the CTemplar web client, where they will be asked for the password that the sender used to encrypt the private key. After entering the correct password, the content of the email will be decrypted, and the user will be able to see the decrypted plain text of the email. Users can reply to that encrypted message from there without the need to sign-up or sign-in on CTemplar. This is a fully end-to-end encrypted communication with non-CTemplar users.
CTemplar hashes every password before sending it to the server for authentication or sign-up purposes. A unique salt is created from user’s username which is then used to hash the password using bcrypt.js. So the user actual password is never sent on network and never reaches the CTemplar server. Only the user knows the actual password, and the irreversible hash is sent to the CTemplar server for authentication or sign-up. After the user provides the password to log in, we hash it using becrypt.js and send the hashed password for authentication, on successful authentication, CTemplar server returns the authorization token, and then the user info and emails are retrieved using that token. The user’s actual password is used to unlock the private key on the web client, and then that private key is used to decrypt the user emails on the client-side. So even the CTemplar server doesn’t have any way to look into user emails, only the user knows the actual password, which can be used to decrypt the private key.
We are pleased to announce that we have launched Android mobile app for beta testing. It is available for any Android user by visiting the Google Play store. You can also find it by clicking this link.
Open Source Android Code – We are doing an audit of our Android code during open beta testing. We expect to be done with our audit in several weeks. At that time we will open source our Android code making it available for everyone in the world to audit and review. Only companies that have nothing to hide are willing to go open source their code to the world. Tutanota was the first email service to open source their code and we will proudly be the second.
Report Bugs! We are the only End to End Encrypted email service that has not accepted money directly from the US or EU Governments. We are self funded and we hope you will be patient if you find bugs during our Android App’s open beta. We would be nothing without the community that uses our service and supports us. We don’t know who each of you are but we care about you all. You are the reason we built this app and mobile code. If you find a bug please report it and we’ll get it fixed as fast as we can.
iOS/Apple Mobile App Update: We expect to be done with our iOS mobile app in ~3 more weeks. Then we will allow anyone in the community to use it.
Kind Regards to you all,
Godfrey de Saint-Omer
DDOS Attack Mitigation With CDN’s
A DDOS attack involves flooding the targeted website with traffic to overload it’s capacity and results with the website going offline. Criminals might use a DDOS attack to extort the web service for money by holding the service for ransom. If the ransom is paid, then the attacker stops the traffic flooding (attack), allowing the service to become usable again.
A content delivery network (CDN) helps protect from DDOS attacks because it has the experience, equipment, and infrastructure to filter and absorb incoming traffic. For example, if CTemplar receives a DDOS attack that we are not able to handle, we will switch to using Cloudflare.
CDN Security Concerns
Using a Content Delivery Networks (CDN) allows enhanced protection against DDOS attacks, but it has security concerns that did not previously exist. For example, the CDN could serve malicious code (Hacks) intentionally, or as part of the DDOS attackers plan. An attack of this nature could allow an attacker to gain complete access to access and decrypt the data of a single person or a large group of targets.
CTemplar’s Kill Switch
CTemplar only uses a CDN when we receive a DDOS attack that is beyond our ability to absorb and filter ourselves. In rare situations, when we have to switch to use using a CDN, we have enabled Subresource Integrity (SRI). SRI watches and checks the CDN to be sure it’s serving our open source code from Github. If there are any deviations whatsoever, your visit to our website will terminate.
Why the Price?
Providing an encrypted email service costs money. Some companies, like Gmail and Yahoo, offer free email because they profit from collecting and selling your personal information.
We charge a subscription fee because we do not sell our users data and because it costs money to maintain the code and servers. We have the most secure email service based on an analysis of security features. The price of our service reflects what we deliver to our users.
We Are Self Funded
If a government or company had financial control over CTemplar we would be forced to remove anonymous signups. We would also have to comply with their explicit demands. Governments and global corporations want something in return for their investment and your personal data is more valuable than money to them. We are the only self-funded encrypted email service that pledges never to accept corporate or government funding.
Some people want an email service backed by a Government or global corporation because they want the feeling of safety it can provide. A Government backed email is usually cheaper because the Government invests money to cheapen the subscription cost with the goal of increasing users. If you want cheaper prices and the security of a government backed email service then CTemplar is not for you. You could try Tutanota which is funded by the European Union, or Protonmail which is funded by Swiss Gov backed FONGIT, the European Union and a billion-dollar global corporation. It is best if you review your needs and then pick the email service that’s best for you. It might not be CTemplar and that’s ok. What’s important is your privacy is protected.
Our service is more costly because we exclusively depend on our users’ donations.
We Do Not Use Free Email Code
Some email services use free email code from Rainloop or Mailpile. These email services use other people code to launch their service quickly. This is exactly what most Universities do to provide email for their students.
We are more expensive then email services using code from free sources. We custom created our email service because it allows better security and improved user experience. We can not compete against companies that re-brand free email code as their own.
We Do Not Use Cloud Servers
Your data is saved on Icelandic servers, which offers the best location in the world for your data. Read more about the protection Iceland offers. Because we use physical servers in Iceland, we are not able to reduce our price using cheap cloud storage. We feel this is necessary, so our users can be sure what laws apply to their data.
If you like our work and would like to help keep our lights on, please consider paying for a membership. If you can’t afford our membership, we are still happy and honored to have you here.
And, as always, if something is not working or you would like to make a suggestion, please send us a message to “email@example.com” and give us a chance to improve.
The CTemplar Team
Email Comparison Table
Protonmail strengths not mentioned above: Protonmail launched May 16, 2014 and CTemplar launched September 5th 2018. Protonmail’s added experience in this industry has created a more polished service than CTemplar. Protonmail also maintains the OpenPGPjs library that we use. We are grateful for their contributions and wrote a post about it.
Tutanota’s strengths not mentioned above: Tutanota was the first secure email service to go open source for F-Droid.
- Brute force attacks are only successful when thousands of combinations can be rapidly attempted. CTemplar, Tutanota & Protonmail all disable login attempts when multiple failed password attempts are detected.
- The “Zero-Knowledge Password Proof” involves hashing and salting users passwords. You can read a simplified version or the version published by Stanford’s cryptography department. When this technology is utilized no one is able to know the users password except the user. The webmail service only has the users hashed password and can not reverse the hash. Only the user can log into their account.
- Subresource Integrity (SRI) makes it impossible for an attacker to hack you (serving malicious code) during your website visit. CTemplar was the very first secure email service to enable this functionality. You can read more about it here, or here.
- CTemplar developed a combination of SRI & Checksums that has never been used before. This makes it impossible for CTemplar to hack you (serve you malicious code). You can read more about this on our blog post about it. This makes CTemplar the very first “Zero Access” end to end encrypted webmail service provider. We are the first webmail service that cant access users data even if we wanted to.
- The “14 Eyes” are a group of 14 countries that have agreements to share information with each other. Edward Snowden revealed that this agreement results in extensive privacy violations. The majority of privacy experts strongly recommend that you should avoid using a service within the 14 eyes.
- MLAT treaties require broad and all-encompassing cooperation. If the US asks for data from a country with an MLAT treaty then the country must do everything within its power to provide what is requested. The treaty can be utilized to turn your mobile device into a tracking device recording your location. An example of this is the Swiss MLAT treaty which can require a Swiss company to “make every effort to ascertain
the whereabouts and addresses” of their users. Countries with MLAT treaties include Belgium, Switzerland, and Canada.
- Users use 2 Factor Authentication (2FA) to provide greater security for their accounts. Some email services, like Protonmail, maintain backdoor access to all users 2FA. They provide this as a service so they can restore access to users’ accounts if a user loses 2FA.
- Users who log into their account will be shown an “Anti-Phishing Phrase”. If you log into your account and you do not see that phrase then you know that you have logged into a fake website that is trying to steal your account. When a user notices the absence of this phrase they should visit “www.ctemplar.com and change their account’s password immediately. CTemplar is the first to offer Phishing Protection.
- Protonmail and CTemplar both accept Bitcoin. Tutanota does not. Bitcoin is NOT anonymous. CTemplar is the only email service that accepts payment using the most anonymous currency, Monero(XMR). Currently, we are only accepting Monero (XMR) payment via email. After the user sends the Monero the user’s account will be credited & upgraded. Some service allows paying with cash through the mail. However, this can be problematic with recent developments in tracking physical mail.