Does having open-source code eliminate this risk? No, because open-source code is just an act to encourage users’ trust. The audited code in GitHub might not be the same code that is sent to you from a companies private server. There is no assurance or promise that the code hosted is the same as the one is served.
Currently, all end-to-end encrypted email services can hack their users and decrypt all of their data except us. We can provide this level of protection using an implementation of checksums that haven’t been used before. We are proudly the first “Zero Access” end-to-end encrypted email service that is not able to decrypt our own user’s emails.
How Did We Solve This With Checksums?
Our checksum implementation allows our users to compare the code served to their browser with the code in GitHub within 15-30 seconds. Usually, comparing code can take hours or days. With checksums, you can do it in seconds.
First, the file index.html starts the platform loading process and determines what is loaded, but when doing so, could pose a couple of risks:
In any case, if anyone wants to manually verify if our “index.html” hasn’t been tampered and is the same as the one being served, we have a guide in GitHub.
At the time of writing, our current checksum is:
SHA-256 checksum of “index.html”:
The CTemplar Team:
Disclaimer: Checksums do not protect you from hacks from your browser, OS’s, plugins, mobile ISP providers, running process software, or the Intel Microprocessor hardware backdoor. We do not protect against keyloggers that may be installed on your computer.