enjolras
Dead are useless if not to love the living more
- Feb 13, 2020
- 1,293
Intro : this is both a development for rookie and advanced users interested at safer emails, so peeps stop to fear to perform mishaps in general, leading to risk of prosecution (not only with CTemplar, because some of the advices can be transposed elsewhere). Apologies if the amount of info lies on the IN YOUR FACE side, but I've compiled most of the important info I know (extensively, indeed)
—————————————-
CTemplar is a new kid on the block (work in progress), competing on the scene of the encrypted email providers, like the well established ProtonMail, Tutanota, etc. Comparatively, it comes with it's own approach at handling the security & privacy, trying to fix some of the issues of its' opponents. To familiarise yourself with the distinctive functionalities & concept schemes applied, here are the infomercial speeches (obviously, always judge them with a grain of salt, still it's the reference basis)
ctemplar.com
ctemplar.com
ctemplar.com
ctemplar.com
ctemplar.com
Due to the focus to carry on sensitive communications, it can be used as an improved messaging service, by default, between SS members (opposed to PMs or the Telegram app mishandled) ...and why not towards merchants (if/when arranged) : if you manage to convince your contacts to switch to CTemplar, then end-to-end encryption occurs automatically between in-house users (i.e. similar to ProtonMail, requested mandatorily by A for this very reason of perfected default cryptography), otherwise sending encrypted email to non-CTemplar users is still possible, by protection through a password that will serve the recipient to decrypt the message (like Tutanota, except that CTemplar allows also to include, as extra, a Hint to guide the revelation of the password at the time the email will be received, so your correspondants don't have to be warned in advance... which is key to cool down any alert suspicion)
Disclaimer : CTemplar (like any solution) is not perfect / void of criticism, but is generally better than the flaws of many other providers. An in-depth overview describing most accurately the do's and don'ts of a good secure private email service can be found here
digdeeper.neocities.org
It's a fantastic read (attention : geek talk) to build a broad understanding of the keypoints to review while choosing a mail provider. It gives RiseUp (almost impossible to access for the Random Joe anyway) as a winner, which personally, I would disagree with, as a matter of the type of protections aimed at. I believe that if CTemplar is used appropriately with best practices in mind, it positions itself advantageously over other contenders.
NB: as is analysed, ProtonMail or Tutanota, which have the most popular marketshares, are in fact complete catastrophes when it comes to proper opsec and trust versus claims.
—————————
Now, down to the point : additional benefits of CTemplar suited for CTBers specifically. 2 unique particular features (with a twist) are proposed :
* delayed mail scheduler (paid) ...allows to prepare a draft mail in advance, set to be sent at a later datetime (through a delay) into the future
* dead man timer (paid) ...same principle, except that the delivery activates itself after a certain time of inactivity instead of a fixed datetime. Basically, it triggers after the surveillance has observed the email's owner has been missing in action for a given period (in brief, that there was a failure to log in / use the mailbox)
Once the preparation of the email(s) is finalised, their status can be reviewed and canceled out inside the Outbox folder
Alternatively, or additionally, it's possible to setup an auto-responder (free), that triggers an alt pre-written(/formatted) email all the times you'd be contacted. Use case ? Potentially if you treat some persons more or less importantly ? then it could filter them with a generic, different response, past the time you reached out to LE/family with delayed / dead mail.
RISK WARNING : if you'd be contacted before CTB or shortly after (before the delayed mails), it could lead to interruption or rescue...
NB: otherwise, the auto-responder would work during 1 full year for a free account, or infinitely for Prime (paid just one, even 1 month) accounts
———————————-
What's the catch between CTemplar & a delayed mail add-on to Gmail like Boomerang ? (or other, miscellaneous)
Well :
- you don't have to trust the oppressive Gmail (or another not qualified email service) to not read your scheduled communication in advance of CTB. CTemplar is a closed private environnement, fully encrypted (the contact list, bodies of mail - the internal search engine can't even scan them, possibly the subject lines if activated - paid option)
- you don't have to use a secondary locked container (like a passworded Word document), attached to mail, to achieve an extra layer of prevention against Google/website. The paranoia can be put aside with confidence
- in extension, you don't have to dispose the password of any locked container or encrypted mail to the targeted recipients in advance, therefore you don't reveal any leak of intention
- up to, the scheduled mail (except auto-responder) at the time of the postponed delivery will be transmitted encrypted (automatically to other CTemplar users) ...or at your choice (yes or no, to setup) towards non-CTemplar users, then you tie the decryption of the mail & attachements to a password that can be Hinted by a short explanation (including the full password in clear) that is not necessary to share prior... the recipient will receive the password when the mail is delivered, not before
- since you'll obtain almost perfect opsec with CTemplar by following the registration/routine instructions to mask your IP, you can also use CTemplar for other CTB goals safely. One danger people may not be aware of, is for instance that even emails on purpose sent with anonymous content (up to no sender's alias), forward your approximate geolocation (which can be fine tuned to become precise with further cross-analysis). Indeed in the email header, your IP has been collected, stored and transmitted to your contacts when you emailed them... the info could be retrieved easily both at the other end or if seized at rest or in transit (LE action, investigating servers - sometimes agencies hijack servers if a court order fails). Sadly, this is as well true for ProtonMail & the likes, as long as you don't hide your IP always (from the application to the closure of the account, and all the time spent on it), you're putting your head under water unknowingly.
What's the catch between CTemplar & another "secure" email service like ProtonMail (recommended and used by Exit International, plus references inside the PPH) & the likes ?
Well :
- unaware, people use Proton recklessly, because the behemot company tries to enforce poor opsec through restrictions if Tor or a VPN is pulled during the registration to blur the IP (it tells a lot about their so-called "anonymous" stance), typically by asking for a phone number or a donation by PayPal/card instead of submitting an email or NO identifying connection (at the moment, CTemplar tolerates registrations with Tor freely, which is RARE nowadays, plus does not request neither email, or SMS or association to a financial institution at this stage, while offering anonymous payment directly through Monero afterwards, again very rare)
- deleted messages (even consequently to the deletion of account) with ProtonMail or Tutanota, remain as stored data for 6 months as mandated by the swiss & german laws... the jurisdictions chosen by CTemplar (Iceland/Seychelles, the most protectives worldwide for free speech and data retention) avoid this abuse : the deletion is acted without delay following user's action. In other words, when you're advised to delete your emails(/account) with ProtonMail, you should still shake in your shoes for a period when prosecution stays possible
- Proton's particular encryption model, does NOT allow to send encrypted subject lines (even on a paid plan, unlike CTemplar). Therefore, if/when you contact a seller titling "Nembutal" you're making a mistake, leaving a trail behind ...nobody warns you ! Write an innocent approach line instead, whether with CTemplar (Free, if email sent to non-CTemplar users as non-encrypted, or if paid & subject encryption disabled) or Proton
- CTemplar's foundations (self-funded, not financially backed by venture capital funds - Proton with US company - or any government - Tutanota locally in Germany) & operational roots (physical servers, not cheap in the clouds in danger to be taken unexpected control, subject to the icelandic laws, outside of the 14 Eyes' aggression) are the cleanest to avoid legal infiltration & complications
- unlike Proton, there is no backdoor access to 2FA, which means CTemplar cannot reset/disable this secondary physically owned password's layer (isolated from the main pw, which could be obtained from other online services if reused, or by police/family if saved with a password manager). It's impossible at the user's request, by asking a list of weak privacy violating questions, like Proton commits to offer. If the recovery codes of the 2FA are not backed up or lost with CTemplar, then there's no safety net, the account is lost forever. That's how real security is achieved, preventing awkward loopholes
- Metadata encryption is on the roadmap, and should take care to conceal the IP from retrieval out of CTemplar for those who disengage to take care of their IP in the first place (unavailable today at competitors)
——————————-
The only downside of CTemplar is its cost : $8 once, IF delayed mail is wanted (except for the auto-responder which is free). Ponder if it's worth it for the extra peace of mind & convenience.
Plans : the service comes either free, thus limited (most notable restrictions : lack of delayed mail functions, plus max 3 outgoing emails per hour to non-CTemplar users) or paid, among which, only the most basic subscription is sufficiently useful (in case delayed email is sought after) at $8 for 1 single month (by debit/credit card via Stripe, or PayPal) or $72 for 1 year if there's a preference to pay with cryptocurrencies (notably Monero, but also Bitcoin) for improved anonymity (especially if used extensively before CTB, otherwise strictly unnecessary - just buy the $8 one month upgrade at the "last minute" - no need for anonymity once you'll be dead!)
—————————————-
CTemplar is a new kid on the block (work in progress), competing on the scene of the encrypted email providers, like the well established ProtonMail, Tutanota, etc. Comparatively, it comes with it's own approach at handling the security & privacy, trying to fix some of the issues of its' opponents. To familiarise yourself with the distinctive functionalities & concept schemes applied, here are the infomercial speeches (obviously, always judge them with a grain of salt, still it's the reference basis)
Features - CTemplar
ctemplar.com
Security - CTemplar
ctemplar.com
Transparency Report - CTemplar
ctemplar.com
Icelandic Privacy Laws - CTemplar
ctemplar.com
CTemplar’s 4 Wall Protection - CTemplar
4 Wall Protection was defined by the CTemplar team with the goal of helping people review their privacy needs. Imagine that your privacy is a four-walled fortress. If a wall is missing, then an enemy can quickly get into your fortress. Therefore it’s vital that you make sure you receive adequate...
ctemplar.com
Due to the focus to carry on sensitive communications, it can be used as an improved messaging service, by default, between SS members (opposed to PMs or the Telegram app mishandled) ...and why not towards merchants (if/when arranged) : if you manage to convince your contacts to switch to CTemplar, then end-to-end encryption occurs automatically between in-house users (i.e. similar to ProtonMail, requested mandatorily by A for this very reason of perfected default cryptography), otherwise sending encrypted email to non-CTemplar users is still possible, by protection through a password that will serve the recipient to decrypt the message (like Tutanota, except that CTemplar allows also to include, as extra, a Hint to guide the revelation of the password at the time the email will be received, so your correspondants don't have to be warned in advance... which is key to cool down any alert suspicion)
Disclaimer : CTemplar (like any solution) is not perfect / void of criticism, but is generally better than the flaws of many other providers. An in-depth overview describing most accurately the do's and don'ts of a good secure private email service can be found here
E-mail providers - which one to choose?
NB: as is analysed, ProtonMail or Tutanota, which have the most popular marketshares, are in fact complete catastrophes when it comes to proper opsec and trust versus claims.
—————————
Now, down to the point : additional benefits of CTemplar suited for CTBers specifically. 2 unique particular features (with a twist) are proposed :
* delayed mail scheduler (paid) ...allows to prepare a draft mail in advance, set to be sent at a later datetime (through a delay) into the future
* dead man timer (paid) ...same principle, except that the delivery activates itself after a certain time of inactivity instead of a fixed datetime. Basically, it triggers after the surveillance has observed the email's owner has been missing in action for a given period (in brief, that there was a failure to log in / use the mailbox)
Once the preparation of the email(s) is finalised, their status can be reviewed and canceled out inside the Outbox folder
Alternatively, or additionally, it's possible to setup an auto-responder (free), that triggers an alt pre-written(/formatted) email all the times you'd be contacted. Use case ? Potentially if you treat some persons more or less importantly ? then it could filter them with a generic, different response, past the time you reached out to LE/family with delayed / dead mail.
RISK WARNING : if you'd be contacted before CTB or shortly after (before the delayed mails), it could lead to interruption or rescue...
NB: otherwise, the auto-responder would work during 1 full year for a free account, or infinitely for Prime (paid just one, even 1 month) accounts
———————————-
What's the catch between CTemplar & a delayed mail add-on to Gmail like Boomerang ? (or other, miscellaneous)
Well :
- you don't have to trust the oppressive Gmail (or another not qualified email service) to not read your scheduled communication in advance of CTB. CTemplar is a closed private environnement, fully encrypted (the contact list, bodies of mail - the internal search engine can't even scan them, possibly the subject lines if activated - paid option)
- you don't have to use a secondary locked container (like a passworded Word document), attached to mail, to achieve an extra layer of prevention against Google/website. The paranoia can be put aside with confidence
- in extension, you don't have to dispose the password of any locked container or encrypted mail to the targeted recipients in advance, therefore you don't reveal any leak of intention
- up to, the scheduled mail (except auto-responder) at the time of the postponed delivery will be transmitted encrypted (automatically to other CTemplar users) ...or at your choice (yes or no, to setup) towards non-CTemplar users, then you tie the decryption of the mail & attachements to a password that can be Hinted by a short explanation (including the full password in clear) that is not necessary to share prior... the recipient will receive the password when the mail is delivered, not before
- since you'll obtain almost perfect opsec with CTemplar by following the registration/routine instructions to mask your IP, you can also use CTemplar for other CTB goals safely. One danger people may not be aware of, is for instance that even emails on purpose sent with anonymous content (up to no sender's alias), forward your approximate geolocation (which can be fine tuned to become precise with further cross-analysis). Indeed in the email header, your IP has been collected, stored and transmitted to your contacts when you emailed them... the info could be retrieved easily both at the other end or if seized at rest or in transit (LE action, investigating servers - sometimes agencies hijack servers if a court order fails). Sadly, this is as well true for ProtonMail & the likes, as long as you don't hide your IP always (from the application to the closure of the account, and all the time spent on it), you're putting your head under water unknowingly.
What's the catch between CTemplar & another "secure" email service like ProtonMail (recommended and used by Exit International, plus references inside the PPH) & the likes ?
Well :
- unaware, people use Proton recklessly, because the behemot company tries to enforce poor opsec through restrictions if Tor or a VPN is pulled during the registration to blur the IP (it tells a lot about their so-called "anonymous" stance), typically by asking for a phone number or a donation by PayPal/card instead of submitting an email or NO identifying connection (at the moment, CTemplar tolerates registrations with Tor freely, which is RARE nowadays, plus does not request neither email, or SMS or association to a financial institution at this stage, while offering anonymous payment directly through Monero afterwards, again very rare)
- deleted messages (even consequently to the deletion of account) with ProtonMail or Tutanota, remain as stored data for 6 months as mandated by the swiss & german laws... the jurisdictions chosen by CTemplar (Iceland/Seychelles, the most protectives worldwide for free speech and data retention) avoid this abuse : the deletion is acted without delay following user's action. In other words, when you're advised to delete your emails(/account) with ProtonMail, you should still shake in your shoes for a period when prosecution stays possible
- Proton's particular encryption model, does NOT allow to send encrypted subject lines (even on a paid plan, unlike CTemplar). Therefore, if/when you contact a seller titling "Nembutal" you're making a mistake, leaving a trail behind ...nobody warns you ! Write an innocent approach line instead, whether with CTemplar (Free, if email sent to non-CTemplar users as non-encrypted, or if paid & subject encryption disabled) or Proton
- CTemplar's foundations (self-funded, not financially backed by venture capital funds - Proton with US company - or any government - Tutanota locally in Germany) & operational roots (physical servers, not cheap in the clouds in danger to be taken unexpected control, subject to the icelandic laws, outside of the 14 Eyes' aggression) are the cleanest to avoid legal infiltration & complications
- unlike Proton, there is no backdoor access to 2FA, which means CTemplar cannot reset/disable this secondary physically owned password's layer (isolated from the main pw, which could be obtained from other online services if reused, or by police/family if saved with a password manager). It's impossible at the user's request, by asking a list of weak privacy violating questions, like Proton commits to offer. If the recovery codes of the 2FA are not backed up or lost with CTemplar, then there's no safety net, the account is lost forever. That's how real security is achieved, preventing awkward loopholes
- Metadata encryption is on the roadmap, and should take care to conceal the IP from retrieval out of CTemplar for those who disengage to take care of their IP in the first place (unavailable today at competitors)
——————————-
The only downside of CTemplar is its cost : $8 once, IF delayed mail is wanted (except for the auto-responder which is free). Ponder if it's worth it for the extra peace of mind & convenience.
Plans : the service comes either free, thus limited (most notable restrictions : lack of delayed mail functions, plus max 3 outgoing emails per hour to non-CTemplar users) or paid, among which, only the most basic subscription is sufficiently useful (in case delayed email is sought after) at $8 for 1 single month (by debit/credit card via Stripe, or PayPal) or $72 for 1 year if there's a preference to pay with cryptocurrencies (notably Monero, but also Bitcoin) for improved anonymity (especially if used extensively before CTB, otherwise strictly unnecessary - just buy the $8 one month upgrade at the "last minute" - no need for anonymity once you'll be dead!)
Last edited by a moderator:
