CTemplar "Armored Email"

Their Hardenize report seems strong, also A+ rating on SSL Report. Only complain I have with them that their v3 onion address is unsecured (Tor Browser warns images are not encrypted). Also their webmail in Tor is very clunky, idk why that is. It takes more than 5 minitues to open an email. Have you guys/gals tried it with Tor?


I have been using their services and they have been pretty kind answering a lot of questions and fixing as fast as possible a couple of issues I opened on their GitHub repository; they had a feature that redirected you to their .onion web site if the server thought that you were using Tor and my Firefox profile matched their rules so they added a window asking you if you want to be redirected. Really useful if you are using Tor, it’s a real hassle to search for the correct URL to enter a website more securely.

I think they are missing the STARTTLS listing by the EFF to meet PTio criteria, and therefore to be listed. I will fill an issue about the non encrypted images, I noticed that, too.
Their webmail works perfect for me, it doesn’t take more than a regular browser to open an e-mail. Which security level are you using?

What made you decide to use CTemplar over Tutanota or Protonmail?

I use all of them, just to clarify. Since they are hosted on Iceland and their laws regarding privacy are one of the best in the world that gave me trust, since they also meet the same security standards (or even better?) and since they have opened their source faster, are already developing an F-droid application, and they listen to you on their GitHub it seems like a good option.

CTemplar: https://www.hardenize.com/report/mail.ctemplar.com/1581655196
Tutanota: https://www.hardenize.com/report/mail.tutanota.com/1582127558

I tried to signup, but failed on the username.

Even though they state " The username must start with a letter or a number and end with a letter or number.It may only contain a-z , A-Z , 0-9 or ._- ‌characters, and minimum length is 4 characters." they would not let me start a username with a number.

Hope they fix it.

I could create an issue if you want, I remember the same happened to me now that you mentioned it.

that would be fine, thanks

1 Like

I’m on “Safer” level. I’ll try on “Safe”

I’ve been looking at CTemplar for a while for moving my main online accounts emails from Posteo into it. The one thing that I’m still waiting on is the ability to download all emails with POP3 over SSL.

It seems it works on Tor, just on the lowest “Safe” level. On that level you can use it with no issue.

As far as I know it’s possible.

I’ve tried it on Safer, too, and it took longer to load, but it works.

when you connect to any onion url your full session is encrypted, the photo thing maybe they use http source

Also for me i did not try it but i’m sure they got access to ur data (every email service does in fact every server owner does even PTIO on their servers) and i see its not bad thing i mean it depend on owner. anyway, i just mean use whatever service you want while hiding as much as you can data so in emails you can use PGP so you are safe from knowing your Place because you using tor it just use pgp with it

This is an interesting article regarding the use of encrypted email…

Email is unsafe and cannot be made safe. The tools we have today to encrypt email are badly flawed. Even if those flaws were fixed, email would remain unsafe. Its problems cannot plausibly be mitigated. Avoid encrypted email.


1 Like

Good article, it’s true and expands on what PTio says on their e-mail section, but we still need it.

Even when using end-to-end encryption technology like GPG, email is inherently insecure and should not be trusted for sensitive communications. Metadata is always communicated in plaintext, and even when encryption is used correctly it is very easy for either party to accidentally respond to or forward a previously encrypted message in plaintext in many clients. GPG also does not easily support modern crypto functionality such as key rotation and forward secrecy.

We recommend the following email providers for routine notifications and messages from other services that require an email address. For communications that need to be safe and secure, you should use a dedicated instant messaging tool, such as Signal.

Best solution would be to get everyone of your contacts onboard a private messenger and ditch email as much as possible

Or to not talk with anyone.

lol, that is an option too

That may actually be closer than we think, hopefully: https://www.politico.eu/article/eu-commission-to-staff-switch-to-signal-messaging-app/

1 Like

“We are tired of US gov spying us, so please stop using USA based communication services and start using USA based communication service” :d

Is this a reference to Signal or what?