CTemplar: Armored Email, is a secure email provider established in 2018 and another one that claims to be “the best and most secure in the world”.
Is this true and can CTemplar (Crypto Templar) back up those claims with facts? Read this review of their secure email service to find out.
CTemplar Server Location and Data Security
CTemplar stores your email data on physical servers located in Iceland. This is a calculated choice on the company’s part as physical servers, although more costly to maintain, offer more advanced security than cloud servers.
Choosing Iceland as their server location is another well-thought-out decision by the company because Iceland is one of the countries with the strongest data privacy laws in the world and is not a member of any surveillance alliances like the 5, 9, or 14 Eyes or any MLAT treaties.
What this in practice means is that CTemplar will only comply with valid Icelandic court orders for their user’s data. However, since the company uses Zero Access Password proof technology, even they don’t know your password and are not able to decrypt your emails.
Also, unlike other secure email providers that are located in countries like Germany or Switzerland and that must by law store your deleted email data for another 6 months from deletion, once you delete something on CTemplar, it is instantly and forever deleted.
Finally, another positive thing about CTemplar is that they use 100% geothermal and hydropower green energy to power their servers in Iceland.
Encryption and Password Management
CTemplar uses OpenPGP (Open Pretty Good Privacy) encryption protocol on the client-side, with messages being encrypted via the recipient’s public key and then sent to the server.
The company uses 4096-bit RSA keys to encrypt and decrypt emails that you send and receive.
When sending emails to another CTemplar user, the message is encrypted using the public key retrieved from the server, but can only be decrypted using the recipient’s private key.
If, however, the recipient is a non-CTemplar user, then the sender can set an encryption password with a hint. This will generate new public and private RSA keys. The message will be encrypted using the public key, while the private key will be protected with a password.
When the encrypted message is sent, the recipient will get an email with a link that will redirect them to the CTemplar web client. Here, they’ll need to provide a password with which the sender has encrypted the private key in order to decrypt and read the email contents.
When it comes to password protection, CTemplar uses Zero-Knowledge Password Protection technology, which means that even the company will not know your password.
CTemplar uses becrypt.js to hash every password before authentication and sign-in and adds some salt generated from the user’s username.
In practice, this means that, once the user provides a login password, CTemplar will hash it and then send it for authentication. From there (provided the authentication was successful), the user receives an authorization token, that allows them to retrieve their emails and info.
CTemplar’s code is also 100% open-source and available for audit by IT security professionals and users on Github.
Features
CTemplar has many of the standard features that you would expect to see from a secure email provider. However, on top of these, they also boast some more unique features, but most of them are available only to paid users.
For example, CTemplar provides full anonymity by stripping your IP from all outgoing emails and replaces it with its own IP.
CTemplar also does not require a phone number verification when creating an account and promises to not record, monitor, store, log or share anything that the user submits.
Additionally, CTemplar also offers 2FA security, virus and brute-force protection and the ability to set up an anti-phishing phrase on all plan tiers, including the Free plan.
When it comes to some of the more advanced security features that are available on paid plans only, CTemplar, for instance, offers a Dead Man’s timer, which allows the user to set a timer at the end of which the email will be sent, even if they are not logged in. If the user logs in to their account, the timer will reset.
Another unique feature that CTemplar offers is Delayed Delivery. This allows the user to select a date and time at which they want the email to be delivered. For instance, you might want to send an email for someone’s birthday. In that case, all you need to do is set that date and the recipient will receive the email then.
Finally, another feature that CTemplar offers is the Self Destruct timer. This option is available only to the recipients and it allows them to set a timer at the end of which the email will completely self-destruct.
Pricing and Plans
CTemplar offers 5 different plans, one free and 4 paid.
The Free plan offers you 1GB of storage space, with an attachment limit of 10MB and sending limit of 200 messages per day.
This plan is only available via invitation. You can receive an invitation either from:
- An existing paid user. As a paid user, you will be able to send up to 3 invitation codes per week by going to Settings > General > Invitation code > Generate a code.
- By sending an email to invite-codes@ctemplar.com.
- Or, by sending an invite request to CTemplar on the r/ctemplar subreddit. In that case, invite codes are sent to the PM and will expire in 24 hours.
Above the Free plan, CTemplar offers 4 additional paid plans, with extra features that we already talked about. You can upgrade to any paid plan from the Free plan at any time.
Starting from the cheapest to the most expensive, the plans include:
- Prime at $8/month
The Prime plan offers 5GB storage, 10 email aliases, 1 custom domain, 50MB attachment limit and 2000 messages per day sending limit.
- Knight at $12/month
Knight also offers a 50MB/day attachment limit and 2000 messages/day, but a higher storage limit at 10GB, 30 aliases and 5 custom domains.
- Marshall at $20/month
The next plan is Marshall, which has a storage limit of 20GB, 60 aliases, 10 custom domains and also 50MB attachment limit and 2000/day message limit.
- Champion at $50/month
Finally, with the Champion plan, the sending message limit is removed, you get 50GB storage, up to 200 aliases and 100 domains. In addition, you get exclusive beta access to any new CTemplar options before anyone else.
CTemplar also accepts Bitcoin and Monero XMR for anonymous payments and there is a 14-day money-back guarantee if you are not satisfied.
Since the company promises not to sell your data in any way, its only source of income comes from memberships and donations.
Creating an Account
Creating an account is fast and easy. All it requires is:
- Visiting CTemplar.com
- Clicking on the Sign Up button
- Selecting an account type
- Creating an account using a username and password. Again, if you’re creating a free account you’ll need an invitation code, while future paid users will need to provide means of payment (Bitcoin, Monero, card, etc.)
- Finally, click Create Account to complete your secure email account
Problems
Although CTemplar is pretty good by most privacy and security standards, there are still a couple of issues.
For one, the service is sometimes slow to respond. While a somewhat slower speed is to be expected when encrypting emails, CTemplar sometimes seems to slow down to a crawl, which might affect your user experience.
Another issue with CTemplar is the lack of IMAP and SMTP integration. While this is on the roadmap, it has been delayed slightly.
There is also no encryption for some metadata, but this too is on the roadmap for 2021.
Final Verdict
Is CTemplar: Armored Email the best/most secure email in the world? It’s difficult to tell, but from everything we’ve seen from this company, they at least deserve to be in the conversation.
The company seems very dedicated to protecting their user’s privacy and its transparency is also something to be applauded.
While still relatively new to the market, being around for only 3-4 years and some minor issues (that they are on their way to solve), CTemplar is well-worth trying out if you are looking for a secure email provider.