Please remove CTemplar

[anon238]

Description

URL of affected page:
CTemplar.com

This provider is known for deactivating randomly accounts based on activity. It’s anything but trusted. Besides the apps won’t work and you got continually errors. Sad to see this provider mentioned on PrivacyGuides.

[ghost]

Also they suffered a data loss earlier this year. I am not for or against CTemplar, but this is another thing to factor in

[ghost]

Also they suffered a data loss earlier this year. I am not for or against CTemplar, but this is another thing to factor in

This was already taken into consideration as seen here.

[ghost]

This provider is known for deactivating randomly accounts based on activity. It’s anything but trusted. Besides the apps won’t work and you got continually errors. Sad to see this provider mentioned on PrivacyGuides.

Source for your claims?

From what I can understand CTemplar deletes free accounts that haven't logged in in 36 months.

[anon238]

I experienced it myself. They sent me an invitation code and because I didn't used my account in less than 2 months it was already gone. Besides it's filled with those things back than on reddit.

[ph00lt0]

From what I can understand CTemplar deletes free accounts that haven't logged in in 36 months.

This is a huge security vulnerability, no email account should ever be given out again. Imagine what can happen with accounts still linked up to old mail addressees of people who do not keep track of this. This is really really stupid.

[ghost]

@dngray The Main point here is deleted ones can be reused after a certain time which should not be done.

[dngray]

This also applies to Mailbox.org.

Recycling of addresses may/may not be an issue to some users, and this is something that should be considered on a per user decision basis. On services that don't allow any kind of recycling it is impossible to get a good username. It's worth noting mobile phone numbers are recycled also, yet we don't consider this a problem.

I think an approach to this might be to look at the policy of each provider and state what that is under a heading.

We should be directing users to use password managers to manage and track their credentials so they have a clear list of what needs changing if they decide to delete an email account.

If you've got 99 email accounts that you semi regularly use (and you're worried about your email being recycled), because you didn't log in with your huge number of free email accounts then you've probably got a very wrong threat model and aliases or email cloaking is likely what you really should be doing.

In the event of someone's death, some providers have a policy of what do with your account in that event, usually referred to as "Digital legacy". Google does and so does Mailbox.org.

I don't think this is as big a problem as you're all making out and I don't think it is worth removing perfectly good providers otherwise. If it were nobody would ever register a custom domain.

[ghost]

How about this Scenario, What if the Email Address recovered was already in a Data breach leak and the users gets frustated by Spam Messages.

[ph00lt0]

I still think this is a massive issue, regardless of users being warned. People won't see the implications this can have. Expired domains, and email addresses lead to huge data-leaks. Imagine a sys admin using this and after he doesn't login, due to whatever, his email address becomes freely available. Everyone could sign up with that address and gain access to things you really do not want to happen. There is in my opinion no good excuse to allow the recycling.

[jonaharagon]

It's worth noting mobile phone numbers are recycled also, yet we don't consider this a problem.

Lots of people do consider this a problem too, actually, but it's accepted as a technical limitation of phone numbers being a finite resource, which is somewhat of a problem with email as well, but far less significant.

I do agree that you probably should only have one/a small number of mailboxes and make use of SimpleLogin for aliasing instead though.

[git70]

Here @Godfry (the owner Ctemplar) promised to remove all relationships with Big G:
privacytools/privacytools.io#1642 (comment)
There is still a connection to gstatic
He does not keep his promises...

[ghost]

Here @Godfry (the owner Ctemplar) promised to remove all relationships with Big G: privacytools/privacytools.io#1642 (comment) There is still a connection to gstatic He does not keep his promises...

Do you have proof for this? I haven't gotten any connections to gstatic after visiting CTemplar.com multiple times on both Tor and Firefox.

[git70]

It's a bit weird because it appears randomly.
I am sending screenshots from uBlock Origin and Logger:

[dngray]

This actually isn't part of the criteria. If Google Fonts is in your threat model, you should be using a VPN/Tor anyway.

There is no security or privacy issue here.

Also I could not reproduce it. What page was this on specifically?

[freddy-m]

There is no security or privacy issue here.

There are alternatives though. Would be nice if they were used.

If Google Fonts is in your threat model, you should be using a VPN/Tor anyway.

Exactly.

[ph00lt0]

Great news, the google font's have been removed. Honestly Google Fonts should not be accepted on privacy guides. The legality of usage of Google Fonts is always been problematic, which is currently also noticed by supervising authorities. Google Fonts is literately a tracker. It should already be a requirement due to the fact that we want a service to take privacy seriously.

[dngray]

Opened an issue privacyguides/privacyguides.org#531 it will get done likely in the legacy migration PR.

[anon238]

Like I said. Not trustable. Lmfao.

https://ctemplar.com/ctemplar-is-shutting-down/

[Dyrimon]

Well tbh it's kind of hard to believe how they stood out so long with the high pricing. Not comparable to the competitions at all.