Secure email. Protonmail and cryptext email service

Hey everyone. Wasn’t sure exactly the best spot to post this but I have been using ProtonMail for a couple years and seen a new email called cryptext and just wondering what everyone thought as it said to be open source but not using normal email protocols like protonmail and the like, comments and input would be great and also I’m pretty sure Leo hasn’t mentioned this service before,

New to me but I’ll check it out. I’ve been using Tutanota for encrypted email and it works well.

I have to say that the notion of secure email might me an oxymoron no matter what you do. Email is inherently insecure. If you really want secure messaging use Signal. Use email for the stuff that doesn’t matter.

I think this article sums it up well.

1 Like

Thanks for the reply Leo, I use protonmail and have two separate accounts with them (one for personal and one for Apple ID and then a Gmail for google services & everything else) I just seen a bit of buzz about the new service cryptext and looked interesting and I would love to use helm instead of any of those but they do not ship to Canada yet

signal I think is great when I had android devices including the pixel, since using iPhone later on iMessage seems to work for me so far and with all those apple benefits of the iOS and iMessage

Keep up the great work TWiT, Later

P.s. i love the YubiKeys and have everything with 2fa on and YubiKey 5ci is perfect

While this doesn’t help the home user, here’s some business stuff.
A lot of companies offer secure mail, where the email is sent as an encrypted attachment that requires the user to “sign in” to read and reply.

Also, at this point a lot of mail servers support SMTP over TLS. So you send an email to your outgoing email server via secure SMTP (really the only thing supported nowadays). Then the mail server talks to the receiving end over TLS (most servers try this first before using open SMTP). So email is more secure than it used to be.

But yes, if security is a necessity, Signal is probably a better choice.

i pretty much gave up on the notion of email being secure, yes we all use encrypted ports nowadays, but the body is still plain text, unless the sender uses your pgp pub key and sadly often only a few are using it and there lies the problem,

even cryptext allows unencrypted in and out, true secure mail would bounce those back, but then the sender gets an error message back and complains to you for having a non working email, OMG duh.

You are both right. When it comes to the point email is always going to have its issues on being secure but still not encrypted in others. Which is why I would try running my own server at home but more difficult said then done so it is nice to use something which is still pretty secure but also relying on trust with others and companies which is why protonmail is my choice for personal mail currently all though like I said if the helm server shipped to Canada then TWiTs out here would be that much better off although that’s another story as the chance helm shuts down then your server would as well I guess?

the advantage of protonmai is that it offers a secure inbox vault on their servers, so mails dont get bounced when you (or the proton service) is down. And you know when you got hacked, because a PW reset deletes your old inbox.

Yup correct it also helps the iOS app is great compared to many other email apps other then no dark mode on the iOS app yet android app does already
So protonmail mail is my recommendation with 2fa / YubiKey for now

Criptext is from the folks behind Signal. It seems a little beta, but not too bad.

Yes looks very beta but not wanting to try and switch over to until more known and tested

I might be showing my ignorance here, but anytime I’ve tried to investigate encrypted email, it always ends up being a closed system, only useful if anyone you want to contact also uses the same product. Pretty much useless to “casual” users. After 35 years in highly classified jobs, I find I have no one I particularly want to set up a unique email system with, but from a personal privacy and security basis, would like to think there was some security in all my email.

What I would think would be useful would be an email system that works much like https on browsers, where there is a standard that all email clients use, which sets up secure encryption between any two users automatically for every message.

Again, showing my ignorance, I had high hopes Steve Gibson’s SQRL system might provide a basic infrastructure for secure email. An automatic creation of encryption keys using an email address address and your SQRL key.

This seems to be inaccurate, unfortunately. According to the Criptext website:

Also, none of the developers listed on Criptext are cross-overs from OWS, as far as I can tell.

Criptext is using the OWS (Signal) protocol, but it’s not by the same team. Being open source is a bonus, but “open source” isn’t truly trustworthy unless you’re doing everything yourself and the code is well looked at.

Wow. Thanks for letting me know. I got bamboozled somehow. :frowning:

1 Like