Criptext Is A New Encrypted Email Service That Doesn't Store Your Emails *

Criptext is a fairly new encrypted email service that claims it "doesn't store any emails in its servers" and instead, "all your emails are stored on your device alone". The service uses the open source Signal Protocol to encrypt emails from end to end. 

Started in 2014 as an encryption solution for Gmail, Criptext email was launched as a beta service back in August, 2018, and it has a rather interesting origin story, which you can read here if you're interested.

Criptext desktop app
Criptext desktop application

Accessing your Criptext account can only be done by using one of its open source applications (available for macOS, Linux, Android and iOS; coming soon for Windows), and the service is free to use right now. A paid premium version will probably be launched in the future though, but a free version will continue to be available.

Criptext email features include:

  • End-to-end encryption
  • "Unsend" emails
  • Display email read recipients
  • Open source apps

Criptext encrypts every email with its own unique key, so your inbox is safe in case a key is compromised. What's more, the application generates and stores the encryption keys exclusively on your device, as opposed to ProtonMail, given as an example on its security page.

* What grabbed my attention was Criptext's claim that it doesn't store your emails on its servers. According to its frequently asked questions page though, there are some exceptions.

For example, if you are logged into a device but it's not powered on or it's not connected to the Internet, the emails are stored on the Criptext server until your device is able to receive emails (is powered on and connected to the Internet).

(As a side note, you should also be aware that you need to be logged into at least one device, or else you'll lose any emails you may receive. Due to the encryption, no one can access incoming emails if there's no active key.)

In the "What information do you store about me?" answer, it's mentioned that "we never store your emails unless it’s an email that is sent to non-Criptext email address, in which case it’s stored in our server for a temporary period."

Also, email attachments (which are limited to 20MB per email) are stored encrypted on Amazon Web Services.

In case you were wondering, yes, you can receive normal, non-encrypted emails using Criptext, and you can also send non-encrypted emails if you wish. Emails sent using Criptext to other Criptext email addresses are always encrypted though.

Encryption option displayed after clicking the Send button

You can also use Criptext to send secure emails to non-Criptext email addresses. In such cases, the message is encrypted with Signal Protocol, while the keys are encrypted using AES, and the recipient receives a link that displays the encrypted message in the web browser. Once opened, you'll have 10 days to read the email before it expires.

As for the desktop application, it includes two-factor authentication, a search with advanced filters, WYSIWYG editor for the compose window, all/unread view switching, labels, and an auto-signature feature. It lacks the ability of using a third-party email client, or multi-account support.

Download Criptext




Criptext is available for Linux, Mac (coming soon on Windows), iOS and Android. On Linux, the React/Electron application is available as an AppImage.