There have been many news stories lately about companies misusing your data, including your e-mails. What’s more, these giant repositories of data are favorite targets for hackers. Even if you trust the big corporations, you are also betting on their security. Criptext claims they have (possibly) the most private e-mail service ever. It uses the open Signal protocol and stores private keys and encrypted mail only on your device. All the applications to access your mail are open source, so presumably, someone would eventually spot any backdoors or open holes.
At the moment the service is free and the company reports that even when a paid offering is ready, there will still be a free tier. Of course, you can send and receive normal e-mail, too. You can also use a passphrase you send to someone else (presumably not by e-mail) so they can read an encrypted message.
If you think about it for a minute, though, there is at least one catch. If they don’t store your messages or keys, then you need to be logged in for someone to send you mail! Apparently, if you are logged in but not connected to the Internet, the Criptext servers will store your e-mail until you return, although that only involves the sender using your public key — they still can’t read the mail on the server.
You can have multiple devices, though, so that may not be a big problem. Having multiple devices also serves as a backup since they don’t have copies of your mail. In fact, here’s an entry from their FAQ about that:
Q: I lost my device, can I recover my emails?
A: Yes, you can sync your emails with your other devices. If you lost all your devices, sucks to be you.
Currently, you can get clients for Android, iOS, Linux, and Mac. The Windows version is coming soon. Naturally, there is no web version.
There are other secure mail services such as Hushmail and Protonmail. However, these do store some of your data. There have been a few encrypted e-mail extensions for GMail although some quit working after the recent redesign from Google. FlowCrypt is one that still works.
Of course, some people think using visible encryption is a red flag that will draw attention on its own. That’s when you hide your encrypted data. Although the code is open source, there have been problems and backdoors with well-reviewed code in the past that are eventually found, but sometimes not for a long time.
No comments:
Post a Comment