"Your private key is encrypted with your password. This way your login password receives the status of the private key."
"Your password is never transmitted to the server in plain text. It is salted and then hashed with bcrypt locally on your device so that neither the server nor we have access to your password."
What's stopping them (or being commandeered) to serve you modified javascript which sends them your password, or this being done via an unsanitised email viewed via their web UI?
Having worked for two email companies for over 10 years, I know not trust email providers for privacy.
> What's stopping them (or being commandeered) to serve you modified javascript which sends them your password, or this being done via an unsanitised email viewed via their web UI?
Thinking about this more, the threat model here was an insider. This is something that Tutanota wouldn't be able to prevent with its advertised services given the same situation.
