Remove TutaNota as service #2339
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2339
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
https://techcrunch.com/2020/12/08/german-secure-email-provider-tutanota-forced-to-monitor-an-account-after-regional-court-ruling
Posteo and Mailbox.org are based in Germany too.
Old news, already discussed, conclusion: not a reason to delist it.
However we should maybe add a note for all e-mail providers to mention that even E2E encrypted providers can implement surveillance backdoors for future communications on specific accounts. This is important for whistleblowers. Except if self-hosted of course.
@lrq3000 In this case, only unencrypted e-mails (which were received from other provider) were handled to authorities, there was no backdoor. I translated the German news article in the original issue.
Fact is, Tutanota should encrypt all recieved emails and deleting the plain text version. For emails sent unencrypted, this should also be the case. Now, they're forced to make a copy of that plain text version and give it to the authorities if asked to with a court order.
Tutanota maybe shouldn't be delisted, as it's the only free email provider next to Protonmail, but this fact should be mentioned.
Regarding the court order, every email provider will be forced to do this. It's the nature of email. You can't make it encrypted by design. Tutanota doesn't support PGP so there is no other way to automate encryption. This event of forced logging of plaintext email, not "backdoor" is an edge case. This does not enable mass surveillance. You shouldn't use email for private communication anyway.
@youdontneedtoknow22 If you don't enable it by default they could eavesdrop the messages on the way to the receiver anyway.
This statement on the PTIO Website for Tutanota is wrong. It's not zero access encryption, if they can have access (or copy the plain text before the emails are encrypted). That's what I want them to change. Look at how they described Disroot:
So I think they should add a warning that Tutanota can make these plain text copies of emails.
Regarding the other comments,
You can automaticly encrypt every email and never leave a copy of the plain text. This was the case in Tutanota up until the recent law in germany, now it's not. Now they can be forced to make a copy of the plain text. However, Protonmail doesn't have this and all recieved emails are saved encrypted on the server with no way to decrypt them and they don't.
I'm not sure about this tbh. Aren't all emails encrypted with TLS on the way, so that they can't be intercepted? PGP prevents the mail provider of the sender and recipient from having plain text versions of the email, it's not to prevent the interception. That's how I understood it while reading this statment from Disroot (which doesn't utilize PGP by default):
Correct me if I'm wrong tho. I'm by no mean an expert in these topics, but I do like to learn about them :)
See @ph00lt0's comment.