Mayer Mizrachi is the Founder and CEO of Criptext, an innovative email platform with encryption based on the open source Signal Protocol library. With the release of the beta version of its app to give users a secure and private method of communication, Mayer will be sharing with us in this interview, the opportunities Criptext provides.
1) Hi Mayer, please tell us briefly about yourself?
I’m just another entrepreneur in Startupland trying to make a dent in the world. I was born and raised in Panama by Jamaican parents of Jewish descent. Recent life events in which I was persecuted by the government of Panama led me to get involved in the cybersecurity space and privacy world. I know what it’s like to have your private domain breached and the impotence that comes with it, so today I focus on building startups that protect people’s privacy.
2) What is Criptext?
Criptext is a super simple encrypted email service like none other. Not only are we the only email service to use the open source Signal Protocol encryption, but we’re also the only email service that does not collect user data in its servers. Instead, all data is stored exclusively in the user’s device. We’re not just bringing security to the table, but control and ownership too.
We focus on making security and privacy simple and easy to use and so far, judging by user feedback, we’ve really hit the nail on the head in the UX/UI department. Users can download Criptext beta for free on iPhone, Android, MAc and PC.
3) One interesting fact about Criptext is its conception in a Colombian Prison, we will like to hear more of this story.
Well, the lesson to be learned from that Saga for everyone is don’t do business with Latin American governments. In a nutshell, Criptext sold its first product, a secure messaging app, to the government of Panama back in 2014. Then there was a change in government and the new government decided to persecute all ex-government directors, including the ex-minister of Technology. Caught in the crossfire of this political battle they used the Criptext contract to persecute the ex-minister of technology by claiming that Criptext never delivered on the contract. They skipped arbitration and civil suits and went straight for criminal proceedings claiming that Criptext aided in the embezzlement of government funds. This was laughable from the beginning as we had all the evidence to prove that not only did we deliver on the contract, but the used the software even after suing us.
The whole prison thing was a result of a red notice that Panama requested from Interpol. I was detained in Colombia when traveling for new years in 2015 and spent 6 months illegally detained in a maximum security prison with real criminals, despite having paid bail. By end of 2016, it was discovered that Panama gave Interpol fake information to raise the red notice. Fast forward to today and a judge already order the case closed for lack of evidence on behalf of the prosecution. The idea of a decentralized, hyper encrypted email service came as a result of that time in prison when we also learned that the government of Colombia had been collecting our lawyer’s email data from the service provider.
4) What are the major security problems facing emails, and how will your team solve these problems?
Email has 2 main issues. The first is the lack of encryption. The world’s top 3 emails service providers, Gmail, Yahoo Mail and Outlook don’t support end to end encryption, which means your data travels naked through the interwebs like an SMS text from 1999. The truth is, Email is the equivalent of an SMS. It wasn’t built with security in mind, nor was it anticipated to become the world’s most widely used communication medium. This lack of encryption leaves data vulnerable to be read by anyone who intercepts it or even servers who scan email content before delivering it to your inbox.
The second issue is data collection. All, and I mean all email services in the world collect your data and store them in their servers. This includes Proton Mail and Tutanota, which are encrypted email services. The problem with this is that most service providers have the ability (and the practice) of scanning the contents of your emails to serve you better ads. Another problem is that the data belongs to them. Anything in their servers is their property. This means that if a government entity requests a particular user’s information the company can and will give it to authorities like it happened to us in Colombia. The worst part is you won’t even find out if it happened because the company doesn’t have an obligation to report to you.
5) Could you give us a structural analysis of how email sending and receiving works with Criptext
Criptext splits emails into 2 tiers: Encrypted emails and Non-Encrypted emails. It’s important to note that you can email anybody with Criptext– that is: recipients don’t need to have Criptext in order for you to communicate with them.
Sending an encrypted email to another @criptext.com user is as simple as it gets. It’s just like sending any other email. In fact, you don’t even notice that it’s hyper-encrypted. Sending an email to a non-cryptext email address requires you to enter a passphrase before sending the email. You share this passphrase with the recipient so that they can unlock the email on their end from any email client.
Now, we anticipated the need to send normal, non-encrypted emails so when emailing a non-Criptext email address the user gets the option to turn off encryption for those recipients and the email is sent normally like Gmail, for instance. This means that a) your email is not encrypted, but b) recipients don’t need to jump through hoops to be able to read your emails. This especially useful when replying to a customer service inquiry or something of the like.
6) All your codes are open source, could you tell more about this and the advantages?
Yes, Criptext is entirely open source and it’s designed this way on purpose for two main reasons.
1. Transparency: ultimately, Criptext’s main value proposition is trust and instead of telling people to blindly believe what we’re saying we entice them to verify. We think trust is not something you ask for, but rather something you earn and by being completely transparent we’re closer to earning people’s trust as a new player in the market.
2. Collaboration: privacy is not a Criptext problem, but a world problem and there are many privacy enthusiasts and advocates that would back our cause to make email safer more secure medium. In this sense, Criptext allows developers from around the world to contribute in the development process and be a part of a greater cause. All our code is available via https://github.com/criptext
7) We could see you have a strong and talented team behind Criptext, please tell us more about your team.
We’re based out of Ecuador and New York. Our team is very talented, but more importantly, our entire team is Latin American. This is an important point of pride as Latin America has been long known as exporters of bananas, not technology. There’s a big shift in the entire Latin American region whereby governments are investing heavily in Computer Science education and our team is a result of it. The team doubled in size since January to 10 and at the rate we’re growing we expect to double again by end of the year.
8) Do you have any strategic partnerships supporting the Criptext business?
Not really. The only strategic partnership we have is with the Government of Panama who, through their persecution of our company, has given us the best PR any startup could only wish for (lol).
9) How are you funding the Criptext project, do you have any available opportunities for investors?
Criptext is fully privately funded. No ICO, no gimmicks. We raised $600K in November and have used the capital conservatively to build what Criptext is today. We keep a very low burn rate so we don’t have an immediate need for capital. That said, we do anticipate going for a series A funding round by October.
10) Criptext is available on different devices, why is this necessary and could you tell us more how to download it?
Because it’s encrypted, Criptext speaks its own language, which other mail apps can’t understand. Criptext understands them, but they don’t understand Criptext. This is why to use Criptext users must download our apps for iPhone, Android, Mac and PC. Download it simply via criptext.com/dl.