Stick a fork in them, they're done. At least with that name they are. Easiest thing would be to disolve, and start a brand new company with the same people.
Don't get me wrong, whether they have or don't have intelligence ties is irrelevant. No one serious uses them, they're a general public supplier, and the general public is about as brave as a gringo cop, i.e.: not much.
So they're about to lose a chunk of customers and Tutanota's leadership isn't exactly quality so who knows what they'll do.
Sorry mate! Didn't want to be mean XD, but funny you commented this, because I posted about it on LinkedIn and got like 5 private messages asking:"Should I really switch?" XD, so you're at least not alone and in the company of some pretty fine people :P
I'm not a fan of Tuta, mainly because of their disingenuous advertising where they keep calling themselves "open source" when they in fact only open source their clients but keep anything server-side under wraps -- but for this reason this also makes me skeptical; if their clients are indeed open source (which I assume is true, I haven't verified), and all encryption happens client-side before being sent to the server (also an assumption), how would it even be possible for this to be true?
In my understanding, anything that Tuta potentially did to compromise e-mails would necessarily have to shine through in their open source client code -- unless they willingly serve binaries that are not actually built from that code, which of course would be a scandal.
So even if I don't like them, I'm going to need something more concrete than someone simply saying they have "intelligence ties" to be willing to believe that they are somehow duping their users.
I always ask this when it comes up - how would open-sourcing the server-side components help you trust them? They could be running any code on the server-side and you wouldn't know. So even if they open-sourced their server-side code, how would you know for sure that is actually the code they are running in production?
I always ask this because ultimately if you are consuming a web-based application, you have to have some level of trust in the provider. And if you didn't trust them, your only option would be to completely self-host in an environment that only you have full control over.
I guess, if the crypto is real, the only things feds could do is tell tuta to load different JS for certain IPs.
Which would not be easy to verify as anyone but a targeted person.
The point here is, if they have nothing to hide, they can easily open source.
If they already have a weird system to serve some people insecure code, they have to extract that from their code base, maintain 2 versions and make sure both sides are up to date at all times. So not going open source is easier if you wanna be malicious. Not a huge task for feds tbh, but still.
Also, there's still benefits for my privacy and security as in I'm sure some people would find vulns in the code and report them.
But my point is that even if they did open-source their backend code, and even if it was 100% secure and showed that full end-to-end encryption was implemented, you still wouldn't know for sure that this was the code they were running in production. They might have a modified code base running in production and you would be none the wiser.
You’re straw-manning. Nobody said that open sourcing the server component would increase trust in the SaaS service. The whole point of open sourcing a server side component is so that you can self-host, so you don’t have to trust the provider.
Also, regardless of whether someone is actually interested in self-hosting or not, one can still call Tuta disingenuous for repeatedly marketing themselves as “open source” when they are clearly not.
If it's just self-hosting that you're after, then yes - open-sourcing the server-side components would definitely help. Regarding their marketing as "open source" - I haven't seen their marketing claims, so I'll take your word for it, and in that case I agree with you - it's a disingenuous claim.
But my comments were mostly around your original post, where you said you were sceptical of their trustworthiness because they hadn't open-sourced the server-side components. This implied that you would trust them (and I assumed the SaaS service) more if they did this. I was just expanding on a theme that you mentioned: "unless they willingly serve binaries that are not actually built from that code...", and I was just highlighting the fact we would never know if this was happening. So if you're sceptical without them open-sourcing, you should remain sceptical even if they did open source the backend.
> you said you were sceptical of their trustworthiness because they hadn't open-sourced the server-side components
I never said that. I said that:
- Their marketing is disingenuous because they call themselves "open source",[1] when their server side component is in fact not open source.
- I was "skeptical" regarding one very specific thing:
> if their clients are indeed open source (...), and all encryption happens client-side before being sent to the server (...), how would it even be possible for this [tutanota being compromised] to be true?
So what? The assumption is that the data is encrypted at rest. If your threat model is "physical seizure by a nation state" then obviously you shouldn't be storing your encrypted data at a SaaS provider in a location out of your control anyway, but I don't see why it would be a reasonable assumption by default that Tuta willingly uses weak (or no) encryption.
One reason is that tuta does not require you to have any other connection to create and account.
Protonmail require a second mail, phone or possibly some kind of payment if I recall correctly (for verification?) that could be linked from your account in theory.
Without having a good anonymous starting point, protonmail does not let you get that starting point, at least the last time I tired (maybe a year ago).
It's a stark contrast to Tuta, which allows anonymous account creation with Tor Browser if you pay with cryptocurrency (Monero or Bitcoin, via their partner ProxyStore) and doesn't require a whitelisted verification email address or any other data.
An additional email address is required only in cases when our system detects something suspicious about your network, so if you are coming across this, we recommend changing nodes. If you keep coming across the same issue, please contact us at: https://proton.me/support/contact, so we can take a closer look.
The email addresses, however, are not tied to your account - we only save a cryptographic hash of your email address. Due to the hash functions being one-way, we cannot derive your data back from the hash: https://proton.me/support/human-verification.
Who cares if you hash it, cracking a hash of an e-mail is easy AF compared to passwords. Especially on agency scale... How do you hash it? Argon2 or rather some extremely fast to crack hash?
It's a difficult issue. If they allow unlimited signups via Tor, people will bulk sign up for accounts and use them for spamming, scamming, threats, phishing and other crap. I can imagine why they don't tbh.
Proton forbidding anons from opening free accounts might be necessary for anti-spam/deliverability. But even paid accounts?
"They accept cryptocurrency, but only for existing accounts - after you've already doxxed yourself" (during the initial signup flow, where this payment option has been removed)
You don't doxx yourself by creating a Free account. In most cases, no human verification method is required or it's captcha only. As explained above, an additional email address would be required only in cases when our system detects something suspicious about your network.
It takes a while for the Bitcoin transaction to come through, which is why we the process is the way it is. The same process applies to users who wish to pay with cash or bank transfer.
And what suspicious thing about the network would you be detecting for Tor Browser users arriving on the .onion? Their network is uniform as far as you can tell, and you are blocking them from opening either a free account without an invasive verification method (non-disposable email or phone) if it works at all, or a paid account without an invasive payment method.
For Tor users arriving on proton.me, what sense is there in saying "There's a surprise in every 100th exit node! If you cycle through enough of them maybe you too will be allowed to open an account anonymously!" Not treating them as equivalent to .onion visitors is a you problem.
> It takes a while for the Bitcoin transaction to come through, which is why we the process is the way it is.
By not allowing this payment option at all in the signup flow? Removing what would be the only way for Tor users to sign up to your service anonymously without beating lottery odds. Just use any normal off-the-shelf checkout page that waits for however many transaction confirmations you want! (Let's not even get into the lack of privacy coin support, e.g. Monero. For a privacy focused service, Bitcoin L1 only is substandard in 2023.)
I'm not saying you are a honeypot. I'm saying you've cultivated such a careless indifference to data minimization that you've become indistinguishable from one.
So fix your backend to exempt Tor visitors from those measures, if it's really all due to hallucinating clusters of abuse from a network where abuse categorically does not appear in clusters of the kind that your backend is attempting to detect.
To add an exemption for proton.me: The list of Tor exit IPs is public. For the .onion: That's loopback traffic from the tor daemon running on your own load balancer or wherever you've put it.
You can definitely search back more than a month. However the search is genuinely atrocious. I've been using tutanota for a few years now but every time I need to search my emails I think about switching to something else. It is just not acceptable for the service to need to slowly iterate through emails, downloading them one by one the first time you decide to go back that far, just to find something important.
I have a tuta account, I tried to search for something recently and it only let me search from October 12th or something. I'm not sure you can search back more than a month on the free plan.
I used to love Tuta for the tempting price (1eur/month). But now due to the increasing price, poor UX, no bridge to Thunderbird, broken filter rules, I switched to another provider.
I still have an account that I have some stuff linked to, I want to close it down entirely soon, it sucks there isn't any way to export all my emails without paying though.
It was possible to get "pro" version credits with coupons from very different places, for example Humble Bundle book bundles. Sometimes they gave them themselves. I guess you were also able to buy credits directly, but I am not sure about that.
Well, anyway when the credits ended, your service did not downgrade but they put your negative credit automatically, and if you don't pay it, you were never able to use your account until you pay this negative part.
There was no mention in anywhere that this would happen, and also all the messages were quite threatening.
Who is on trial for allegedly trying to sell internal Canadian government investigative documents to the CEO of Phantom Secure, the 'secure' communications app popular with the underworld until it got rumbled and who needs some explanation for why he wanted to communicate via a privacy-focused open email service.
I know very little about the case, but how would disparaging Tutanota help his case in this scenario? And why would anyone in the intelligence field need to justify using a privacy focused service?
"I did not use the privacy focused email service for my conversations with criminals because I wanted to sell classified material without being surveilled. I used the privacy focused email service to make it easier to catch these criminals, because it's very very surveilled! A reliable source once told me this. No you can't meet her, she lives in Canada^W undisclosed location. Not guilty, your honor."
It seems obvious Five Eyes will not tolerate or legitimize any email provider that doesn't allow them access to subpoenas, at the very least - this rules out most of the privacy features touted by protonmail & tutanota (no logs, E2E encryption, etc).
Perhaps what makes the ruse convincing in Tutanota's case is the crappy interface and clear dearth of basic features: search basically doesn't work; it's impossible to select all messages or use shift to select pages of messages. Their excuse is that customers might accidentally delete emails, but it might make more sense that they want to retain as much data as possible: https://www.reddit.com/r/tutanota/comments/nc9jxx/suggestion...
> Perhaps what makes the ruse convincing in Tutanota's case is the crappy interface and clear dearth of basic features: search basically doesn't work; it's impossible to select all messages or use shift to select pages of messages. Their excuse is that customers might accidentally delete emails, but it might make more sense that they want to retain as much data as possible: https://www.reddit.com/r/tutanota/comments/nc9jxx/suggestion...
Implementing search for E2EE mailbox is difficult problem (Protonmail is not doing the same). For search to be efficient, you would need to download the whole mailbox for your device. If you want to support as many users as possible, you can't. But maybe they could make it optional.
And they are very small team, offering mail for very low price (free for most), which has resulted on using Electron for producing the applications for as many platforms as possible. And it is a mess.
What comes to that Reddit post, it is two years old and they have supported mass selection for a long while for now.
Index processing should happen on the client's device (server never sees the content). That defeats the purpose since you need full mailbox on your device for that. At least in the beginning.
Maybe over longer period it would be possible to integrate and maintain the index so, that you can guarantee the correctness without full mailbox.
While I tend to assume the vast majority of privacy is either imagined or a façade, I also have a deep enough distrust of authority that when I see such a claim made by a government, or government official, I'm inclined to believe it's a ploy to discredit someone that won't cooperate with them.
He was a hacker who leaked information about a single political party, justifying that with "Trump's already bad enough on his own, so no need to sling mud his way". Then said party, and the country's intelligence agencies, got mad. How is that surprising? Of course they're going to discredit and prosecute him; it's the healthy response to a foreign actor trying to target and influence politics to their agenda.
Its dangerous to think that committing crimes and violating rights is ok as long as the other side loses. A healthy response would have been internal reforms to the party and the abolishment of secret police. Punishing free speech just increases political cynicism in the general public, which can just as easily be taken advantage of by the other side.
Emails arrive at your datacenter in the clear and that is simply a flaw of SMTP; you're not going to change that. Blabbing on about your client-side JS as if it stops you from reading your users' mail just makes you look disingenuous.
Yes. The irrational belief that big, sophisticated organizations are scary but tiny, opaque organizations with weird names and no verifiable capabilities whatsoever are safe is a form of low-level derangement.
Are we now having a philosophical debate? It is a delusion to believe that you can "get privacy" by switching to Tutanota, and the harm of acting on such delusions is that your precious data will be delivered directly rather than indirectly to the BND. Perhaps you are thinking that it can't be a mental disorder because there are so many people who think this, therefore it is more like a religion, i.e. an obviously irrational behavior that is tolerated because of an in-group.
Mental illness is a testable set of clearly-defined symptoms that are diagnosed by a mental health professional. You are contributing to the stigma around mental illness when you toss that word around to describe something like a stupid/delusional belief. They aren't remotely the same.
Don't get me wrong, whether they have or don't have intelligence ties is irrelevant. No one serious uses them, they're a general public supplier, and the general public is about as brave as a gringo cop, i.e.: not much.
So they're about to lose a chunk of customers and Tutanota's leadership isn't exactly quality so who knows what they'll do.