cTemplar

Tekpon Score
8.7

cTemplar Reviews

& Product Details

We live in a time when social media platforms spy on, fact-check, censor, and ban their users with abandon. Rather than put yourself at their mercy, it’s better to invest in alternative ways of communication, such as email. Touting itself as “armored email,” cTemplar provides an encrypted email service that does not stockpile user data. cTemplar’s servers are stationed in Iceland, which boasts the strongest privacy laws regarding anonymity and user data collection. I decided to find out what’s beneath the claims, which is why I’m doing this cTemplar review.

Found in these Categories

Recommended For

  • StartUps
  • Freelancers
  • Small Business
  • Medium Business
  • Large Enterprise
  • Non-profit Organization
  • Personal

Deployment

  • Cloud, SaaS, Web-Based
  • Mobile - Android
  • Mobile - iPhone
  • Mobile - iPad
  • Desktop - Mac
  • Desktop - Windows
  • Desktop - Linux
  • Desktop - Chromebook
  • On-Premise - Windows
  • On-Premise - Linux

Contact

cTemplar Pricing

Starting from:

Pricing Model: Subscription

  • Free Trial
  • Free Version

Pricing Details:

cTemplar Features

Features list not provided by cTemplar.

cTemplar — email encryption service

As Mark Zuckerberg famously said in 2018, “Security is not a problem you ever fully solve.” Tech companies are notoriously lax with security, focusing their efforts on growth and turning a profit instead. As a result, one determined insider can steal data, disrupt services, or jeopardize user accounts. E-mails are also vulnerable to intercept, copy, or delete en masse. A sensible solution is to use strong data privacy practices: data encryption. The upside of an encrypted email service is that even an insider can’t access or exploit the data. The downside is that encryption is difficult to implement and maintain. In this cTemplar review, I will look at how well the company implemented the different e-mail data privacy practices.

What is cTemplar?

cTemplar is an encrypted email service that offers ways to pay and doesn’t retain user data anonymously. The idea is that only the sender and the recipient can see the raw content of e-mails, and there is no trace of who either of them is. To add more layers of security, cTemplar email data privacy includes protecting you from JavaScript, a flexible but janky tool often exploited for hack attacks. The cTemplar code is regularly audited by the community and cybersecurity experts. The name stands for “crypto templar,” which is reflected in the names of pricing tiers.

How to use cTemplar?

You must get a cTemplar invitation code. I contacted u/CTemplar-Official on Reddit through direct messages and within 2 hours received a free one-time code. The response also contained the link to the official sign-up page, which is a nice touch that helps avoid phishing. I clicked the link, selected the “Free” plan, typed in my username, chose a password, and finally created my account. Then, I was then given a cTemplar email recovery code to enter the account if I lost my password. I was asked to store decrypted data on my local storage temporarily. Since I don’t care about speed when sending a secure email, I checked “Don’t ask anymore” and clicked NO.

cTemplar email design is nothing special. It uses red, white, and #34495e for the color scheme. The left-hand sidebar contains folders such as Inbox and Draft, while the remaining 85% of the area is reserved for e-mail overview. Clicking “Compose” pops up a messenger-like window for writing. Unfortunately, even when expanded to “full screen,” this window doesn’t cover the entire screen.

cTemplar Features

Now, let’s discover some of its great features.

  • Accepts anonymous payments

Payment processing companies, including banks, are required to abide by two sets of laws — KYC (know your customer) and AML (anti-money laundering). KYC includes asking the client for personal info and proof of residence; AML includes rules that run the gamut from reasonable to superstitious. For example, banks in the US must report money transfers equal to or higher than $10,000 to the IRS. However, if a customer makes a $9,999 transfer and a $1 transfer, that is a crime called “structuring,” punishable under IRS internal rule 4.26.13. How about two transactions for $4,999? Yep, structuring.

The bank must read the customer’s mind, divine the intention behind the transaction(s), and report the event accordingly. AML legislation forces payment processors to stockpile personal data and user logs, because hey, what if a client sent two $4,999 payments ten years apart? Securing all that data costs a lot of money, which most companies don’t have.

So, that data lays around unsecured, waiting for anyone to waltz in and abuse it six ways to Sunday. cTemplar does away with the AML part of the equation by accepting anonymous payments. This includes Bitcoin and Monero, a dark horse cryptocurrency that appears optimized for privacy. None of that public blockchain nonsense Bitcoin users are unaware of.

  • Instantly deletes user data

cTemplar claims to give you the right to delete all your user information instantly, no questions asked. Normally, user information is stored on an internet company’s servers for a few months. This is due to data retention laws intended to help law enforcement agencies.

Facebook says it deletes user data from users that deleted their accounts after three months. Still, I vaguely recall receiving notifications from Facebook to return to the fold even past that time. Whatever the case, Facebook doesn’t delete personal data but rather anonymizes it, using the scraps of the user’s jolly presence on the platform to make money through ads.

  •  Hates JavaScript

JavaScript powers the modern internet, mainly because I can modify it on the fly. The problem is that JavaScript is notoriously prone to misbehaving, either because of malfunctioning code or a malicious attacker. When JavaScript is used for encryption, this vulnerability to hacking can defeat the point of having encryption in the first place.

cTemplar uses a JavaScript-free way to verify you’re in the right place. In the “Help” section of the cTemplar website, this is described as using checksums to guarantee the integrity of the index.html file.

  • Enhanced security practices

cTemplar doesn’t know any of your passwords or has any access to the encryption keys used to process your e-mails. In other words, cTemplar can’t access your encrypted data and, if any law enforcement agency took the data, cTemplar can’t be compelled to decrypt it.

By default, only the body is encrypted, but other parts of an e-mail can be encrypted, such as the subject and the attachment. In addition, all e-mails sent from one cTemplar account to another are encrypted, though those sent to non-encrypted e-mail providers (Yahoo, Gmail, etc.) are in plaintext.

Reading the “About Us” section of the cTemplar website reveals its CTO (chief technical officer) is anonymous. Only the alias “The Hidden Hand” and a cartoon avatar reference Alice in Wonderland and The Matrix. This is a neat idea, preventing outsiders from kidnapping, stalking, or blackmailing the CTO.

  • Lacks polish

Comments on the company’s sub-Reddit show people complain about inconsistent translations, buggy interface, and poorly implemented encryption. The interface appears to be the biggest offender, especially when composing an e-mail. My advice is to compose an e-mail in a word processor and then paste it in cTemplar. Pasting e-mails from cTemplar to a word processor may be needed, too, as long paragraphs don’t get wrapped.

Some complaints refer to cTemplar having trouble communicating with other e-mail servers. For example, one user sent an e-mail written in Japanese to another e-mail service provider that uses non-UTF-8 encodings. Unfortunately, the e-mail turned out garbled, which hasn’t been fixed even three months after the user reported it.

Another Reddit user tried setting up all 200 aliases provided by the company and got stuck on 13. That’s how the user interfaces displays, with no way to scroll through the rest. She found a workaround by manually rearranging the aliases so the needed ones end up in the top 13 and then editing them. That user appears to enjoy busywork and mentions having worked as a free beta tester in youth; if you don’t have the same zest, stay clear of cTemplar.

  •  E-mail composer acts erratically

The composer has an HTML and a plaintext version. To attach files, add links, and insert images, you need to switch to the HTML version, allowing you to send enriched e-mails. However, that’s when I experienced problems.

I attached two images, one a 62 KB, 1024 by 768 JPG, and the other a 42 KB, 720 by 458 JPG, and sent the e-mail to my Gmail account. Unfortunately, the first image did not attach, but the other one did. Furthermore, that same e-mail was stripped of all text, which makes me believe there is a bug on cTemplar’s end regarding the HTML composer, confirming Reddit users’ complaints.

  • Encryption

All right, we’re doing this. Here’s how the cTemplar encryption works. Upon making your account, cTemplar’s server creates two keys, strings of numbers, letters, and characters: public and private. If you want to research more on this, it’s called PGP. Beware involves a lot of interesting math, but it’s explained poorly, especially on Wikipedia. You can share your public PGP key with everyone, and they can use it to encrypt messages sent to you. Your private key is used automatically to decrypt e-mails encrypted using the public key and sent to you. It is tied to and retrieved from cTemplar’s server using your cTemplar password.

The simpler option is to use the baked-in encryption in cTemplar. When composing an e-mail, click the icon of an envelope with a padlock to send an encrypted e-mail. You will be asked to enter a password, a password hint, and select the expiration date for the message. Fill out those fields and send the e-mail.

The Gmail, Yahoo, etc., the recipient will get an e-mail with a big red button “View secure message” and the password hint. Clicking the button takes the recipient to cTemplar’s website, with a field to input the password. Typing it in reveals the message, with the option to reply to the sender and securely download it.ASC file that users can send out through the cTemplar user interface.

Clicking the three dots in the e-mail composer and checking the “Attach Public Key” option will attach a file to your e-mail. Users can open ASC files in any text editor. It holds ten lines totaling about 500 characters that look like gibberish. Don’t modify anything in it or copy/paste anything. Single characters or lines are unusable; you need the whole thing. To use the.ASC file, get an external program to encrypt a message using that key.

  • Using GPG4win

Download a free program such as GPG4win, which will ask for a donation before you can download it ($0 is a valid amount). Then, install it and launch it. A module of GPG4win called Kleopatra will start. You will import your public PGP key, encrypt a message using it, and send out the result. So, click “Import.”

Select the.ASC file you downloaded, and Kleopatra will process it. Next, click the Recipients tab and then “Encrypt for others” (you may need to uncheck “Encrypt with password”). If all goes well, Kleopatra will automatically fill out the e-mail address field with your cTemplar address, confirming you’re on track.

Go to the Notepad tab, type in your message, and click “Encrypt Notepad.” The program will report if the operation succeeded, giving you a gibberish message that starts with “BEGIN PGP MESSAGE” and ends with “END PGP MESSAGE.” Copy/paste the whole thing (including the BEGIN and END parts) into any e-mail provider and send it to a cTemplar e-mail account.

I tested the sending part using Gmail. After a few tense moments, the e-mail arrived in my cTemplar inbox and — it was properly decrypted, revealing the message I typed into Kleopatra’s Notepad. YES!!!! If you managed to get this far, a fist pump would be in order. Good grief, that was a lot of work, but that’s how encryption is meant to be. The idea is that you inconvenience yourself and the recipient for an added layer of security in your communications.

One issue with all this is the incessant copy/pasting. When you’re done with encryption, always clear your clipboard (on Windows 10, press Windows Key + V, press the three-dot menu, and click Clear all). People using your device can access your clipboard to see what you copied, but some programs can access it too.

cTemplar Pricing

There are five pricing tiers:

  • Free
  • Prime for $8 a month
  • Knight for $12 a month
  • Marshal for $20 a month
  • Champion for $50 a month

To make an account under the Free tier, you must contact cTemplar on social media (Reddit, Mastodon, Facebook, or Twitter) or e-mail support, or get an invitation code from someone using the service. This is to deter spammers from making free accounts. This tier can send 200 e-mails a day, use 1 GB of storage, and attach files up to 10 MB. With tiers, you get new features, such as Mission Impossible messages that destroy themselves. The highest tier has nearly uncapped capabilities. Prices are 25% cheaper if billed yearly. In addition, there is a 14-day money-back guarantee for all payments using cards.

See all Features

cTemplar Alternatives

Do you know what beauty is in this industry? That you can find a lot of products for your business. Or personal use. Thus, if cTemplar is not for you, let’s discover some of its alternatives. I’m sure that you’ll find the one for you.

cTemplar vs. ProtonMail

ProtonMail is perhaps the most serious contender for the title of the best private email. Then, of course, there are the Calendar and Drive functions; encryption, of course. However, ProtonMail has been compelled to hand over private user data in the past.

In September 2021, ProtonMail handed over the private data of one of its users to the French government, leading to the person’s arrest. ProtonMail managed to do it by fingerprinting browsers and keeping IP logs, despite the company’s heartfelt promise stating otherwise. After the scandal, they have modified the homepage to read “we put people (not advertisers) first.”

cTemplar vs. Tutanota

A German-based e-mail provider, Tutanota provides encrypted e-mails, calendars, and notes. The code is open-source, and there is a free plan. Business plans are available too. One gimmick of Tutanota is that it’s powered by renewable energy. There’s the option to send a password-protected message, just like cTemplar has. The mailbox has no ads. The design is like Gmail, which eases you into Tutanota, but it’s quite fiddly and requires a lot of mouse clicks for the simplest actions.

cTemplar Review Conclusions

There is a definite need to have more diverse communication methods. Whether you end up using smoke signals, Morse code, or yodeling, you’ll have more success transmitting your message than through cTemplar. The e-mail composer felt janky. The most basic features did work as expected, but the advanced functions were a dice roll.

These could be teething problems, of course. It was stellar when the encryption did work, showing why governments worldwide fear and loathe personal encryption. cTemplar’s effort is evident, and it could become a serious player in the privacy-oriented communication industry. I don’t think that will happen until there’s a huge scandal that somehow jeopardizes US-based tech giants, which is possible. Now that I think about it, I am glad to have made a cTemplar account.

To me, it’s quite clear cTemplar is an encrypted email service that’s best for private use only. Trying to run it in any enterprise capacity is like pulling teeth. Sure, you get data privacy, but the hassle is not worth it. Ultimately, even if you don’t care about encryption, you can use cTemplar as free 1 GB cloud storage, which is worth the few minutes of your time it takes to set it up.