anarcobuda - almost 2 years ago -

from their website:

Criptext is an encrypted email service that guarantees security, privacy and control over all your email communications. We don‘t have access to your emails nor do we store them in our servers.

more faqs from their website:

Does Criptext store my emails in its servers?

No. We never store your emails in our servers. Emails pass through our servers, but they're there momentarily until they get delivered to your device.

How do I know Criptext isn't reading my data while it's in transit?

Our client apps are open source, so you can verify that we don't have any back doors in place nor are we sending your email data without first encrypting it in the device.

it uses end-to-end encryption and the signal protocol for its messages. the clients for android, ios and desktop are all open-source.
their servers, however, are not.

Is Criptext federated? Can I run my own Criptext instance in a private server like Wire or Mastodon?

The short answer is no. While our apps are open source, our servers aren't, which is the backbone that runs the Criptext platform as a whole.


Do government entities have access to my Criptext emails?

No. Government agencies may request access to your information but since we don't store any of your emails there really isn't anything for us to give them.

while it certainly isn't going to be in our parabola repos soon since it's electron-based, it's an interesting way to do e-mail services.
i've tested it and have been enjoying it so far

Replies (9)

Criptext - bill-auger - almost 2 years ago -

by that description, its probably not as interesting as it
appears to be - firstly, if someone who does not also use that
spacial client, sends an un-encrypted email, there is little
point in the server encrypting it before relaying it to the
receiver's client

conversely, if the email was encrypted by the client of the
sender's choice, and decrypted by the client of the receiver's
choice, which generally all email clients can do, then no email
service could read it - even if the server stored the mail, that
could be nothing more significant than a convenience to the
user, in case their local store was lost

lastly, the FAQ is implying that it is not possible for people
to self-host such a service - it is not possible for people to
self-host that particular service; but that is only because they
do not release the source code - any standard email server
software could simulate that service, by simply deleting messages
after delivery to the client - also, if one self-hosts, there is
no need to delete anything from the server; so there does not
seem to be any reason why anyone would want to self-host that
particular service

so by that description, all that this amounts to is trading the
convenience to the user of keeping remote backup storage, for
the convenience of not needing to explicitly create their own GPG
key and configure their own standard email client to make use of
it - that nice convenience feature but not revolutionary nor

RE: Criptext - freemor - almost 2 years ago -

What I see is:

Unproven - Security is proven by having a long history of being pounded on and being secure. The Signal protocol is getting there, but with encryption the problem is often in the implementation. Programmers often make mistakes that ruin the security of a perfectly secure Algorithm.

Proprietary - Why On earth do I have to use their closed source server. Remember people survieling you are much more interested in the metadata it tell them a lot more about you then the content. So here we have a single entity that could be forced to turn over all the metadata (everyone you've been in contact with, when, how often, etc). There in no ReasonI can see for the server to be closed other then that they plan to monetize your use ofthe service somehow.

There already exist several "Secure e-mail". Why are these folks once again re-inventing the wheel? And doing so in a way that requires me to use their servers. While ones like i2p-bote, GPG/email, py-Bitmessage, etc do not?

I'm also totally unimpressed that their website failed completely a text readable version. All I get with w3m is a blank screen, and minified html/JS lacking any meaningful human readable content. Some would just call this a design choice. But for me it is sloppy in the extreme (because having a standard html fallback is dead simple) and shows a lack of attention to details that I wouldn't hant someone writing my encryption software to have.

Even if Criptext were around 10 years from now and had a proven track record I wouldn't use it simply based on the Proprietary server. It's important to remember that proprietary server most likely means that you can not write your own client. as their servers could easily reject it as not an official sanctioned client. No Thanks.

RE: Criptext - bill-auger - almost 2 years ago -

freemor wrote:

that requires me to use their servers

it apparently also requires using only their electron client exclusively, which as we know is a very large can which may contain its own worms

freemor wrote:

having a standard html fallback is dead simple) and shows a lack of attention to details

my guess is that the target audience is people who have never used a native email client, and are accustomed to email being a OOTB web experience - you are right though, that even the popular web-mail providers do fallback to a HTML-only interface - of course, anyone who would prefer a pure-HTML web client over a scripted web client, would probably prefer a native client over either - probably it is not a case of neglecting the fine details due to some over-sight, de-prioritization, or lack of resources; but that "web sans javascript" is seen as an inferior or antiquated design, and not even on the design table

RE: Criptext - anarcobuda - almost 2 years ago -

yeah, it's so suspicious it's laughable
at least it works as a disposable e-mail for some specific uses

what e-mail clients you use?

RE: Criptext - freemor - almost 2 years ago -

mutt is my email client of choice.

RE: Criptext - anarcobuda - almost 2 years ago -

it looks interesting, i will take a look at it later
what about e-mail services? which one did you enjoy most?

RE: Criptext - freemor - almost 2 years ago -

I'm not a good one to ask because the answer would be the mail server I run myself. I haven't used someone elses computer for email for probably close to 10 years.

RE: Criptext - bill-auger - almost 2 years ago -

the libreplanet mailing list is ideal for these general sort of
"what do fossies recommend?" questions

ive never used any of these myself, but the email services that
seem to be the most popular in the libre and fediverse
communities are, protonmail, disroot, riseup, and tutanota

RE: Criptext - anarcobuda - almost 2 years ago -

oh, hey, thanks for the recommendation
i will take a look at it