I suggest you ...

Privacy? No Facebook, Google, and others on Tutanota

Tutanota places a all important focus on user privacy. And rightly so, taken history (see Tuta Blog, e.g. excellent DDR piece), current events, en the future we seem to be heading to. Tutanota is pretty outspoken on this topic and take a privacy conserving view as their start point.

However, having said this, there are some interesting issues with Tutanota in its current form that might need additional attention:
[1] While I'm typing this there is an option "to log in" with Facebook. Indeed, Facebook does many thing - minding user privacy it does not. Hence, should Tutanota run pages (like this one) where Facebook script load and connections to facebook.net net are made?
[2] Something similar goes for "we-read-your-email-as-a-service" Google. Yet again, we can see Google Java scripts (Google analytics? Really?) running on Tuta pages like this one.
[3] Twitter anyone?
[4] Similar argument for Gravatar, Wordpress, and other non-local things used on Tuta. After all, seeing code on Tuta like //by2.uservoice.com/t2/.../portal/track.js?_= doesn't really look well, does it?

Now, taking the primary objective of Tuta, one can ask oneself whether arguments like "availability", "convenience", "connectivity" and so on are really valid or clash with its prime objective. I do appreciate the delicate balance that the Tuta team has to maintain between a service like Tuta, being viable, and a part of modern society. However, one should also heed the fact that privacy, as formulated by Tuta themselves, might quickly turn into a marketing enhancing slogan. No Facebook and Google not realistic? Not possible? Well, then maybe Tuta is not... (http://www.spiegel.de/politik/deutschland/bnd-reform-darum-geht-es-beim-umstrittenen-geheimdienstgesetz-a-1117607.html)

183 votes
Sign in
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
AJ shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: facebook google
Signed in as (Sign out)
  • 11116316 commented  ·   ·  Flag as inappropriate

    One step forward:
    It's nonsense, when talking about privacy, to use any social network.
    WE SHOULD BUILD OUR OWN PRIVACY NETWORK where we share ideas and dreams, and not personal data and facts.
    WE SHOULD BUILD OUR OWN Wikipedia where we do not get infiltrated by governments willing to "set the truth" by hiding and censoring real truths

    For those who have an account on any of these "*useful*" NSA-DIA-CIA-NRO tools, I would recommend to use a different random email, and do not talk about different things; i.e. using different accounts for different topics and different groups.
    Your interests can be tracked, matched, analyzed and linked to your real identity (in case you had one, Mr Anderson!)

    TUTANOTA should have its own TOR fork for accessing the mail from a trusted exit node, and its own DNS server in case we used the TUTA-browser for other purposes than accessing our mail.

  • 11116316 commented  ·   ·  Flag as inappropriate

    I do agree: "convenience" should be optional for the "IHN2H" guys who values it over privacy.
    I use Tor and no-script, but sometimes I forget to... or misconfigure it

  • Biggi commented  ·   ·  Flag as inappropriate

    I agree with this on a general principle level, a kind of "put your money where your mouth is". A big and difficult consideration for the Tutanota team I can image, especially with the reference to the (potentially no doubt very personal) DDR legacy.
    I have to disagree with the @Anomymous remarks below though, because it overlooks/ ignores an important angle: yes, you are right that the Tutanota mail app is "isolated" and that for example Google scripts don't run there when you enter your email box. But the caveat here is to consider the nature of the internet in general. Its basic DNA is that everything is connected. Nothing is completely isolated. Many have already described that you are followed around when you surf the internet, going from one page to another (e.g. referrer head, FB and LI buttons phoning home, browser fingerprinting). And nowadays if you are in the US, your ISP is allowed legally to track, store, and sell your browsing history. So we all know that you have a Tutanota account. Which begs some conclusions about you and your personality. No, using a VPN doesn't help here...
    On a more practical level: how about using that handy Tutanota app you downloaded from the Apple or Google Play Store? And beyond that action on itself, rustling tin foil, did you root your phone and know exactly what Apple and Google are doing on the (their in-house developed) kernel level of your phone? Or what Apple and Google are shuffling your way so conveniently through their Stores? While you run FB Whatapp simultaneously on your device? Messaging your friends you sent the pictures of that great party to their email account? Again, it is all rustling tin foil, and lets keep life liveable. But I also think OP does have a point, incurred by Tutanotas own objectives, on a philosophy vs. IRL vs. commercial/ sustainability level. Especially when saying <quote>might quickly turn into a marketing enhancing slogan</quote>

  • Anonymous commented  ·   ·  Flag as inappropriate

    'how is the use of Tutanota the reason why you lost access to your Facebook account?' Oh no, I have nothing but the greatest gratitude to tutanota, there's nothing as good as your service, trust it fully.
    They simply don't let me in anymore and when trying to retrieve they seemed to try to login on my email and when they found it was tutanota they said they don't have access to that. It's ok, I feel fb is dying and I'm not creating an account there. Never login anyway in the past, not coming back.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I lost my facebook account by using tutanota!!! They don't let me in or recover the password!

  • Forester commented  ·   ·  Flag as inappropriate

    "Now, taking the primary objective of Tuta, one can ask oneself whether arguments like "availability", "convenience", "connectivity" and so on are really valid or clash with its prime objective."

    Perfect insight! I support the idea!

  • Piperman commented  ·   ·  Flag as inappropriate

    Agree with all of this. The comment about these not running on the pages actually dealing with login and email are reassuring but still, a company boasting it's goals to strive for more privacy probably shouldn't have any let alone all of those scripts running.
    I personally will only use the app or imap and a secure client because of the security risks involved in using a browser and this just reaffirms that.

  • Matt commented  ·   ·  Flag as inappropriate

    I didn't know this.
    Goddamn, I'm trying to get away and even suggested using real private cryptocurrency for payment to avoid privacy breach and I find this...

    Man, I can understand they need tools to help them work faster with a smaller team but still, we are paying for privacy.

    This here ain't Google. I'm paying for this service and I expect my money to be worth working for.
    Otherwise I'll just lose the money and stop using it and never recommend.

  • PPlank commented  ·   ·  Flag as inappropriate

    Generally yes to all of this, but especially where Google is concerned. No-one with any kind of privacy in mind should be using any Google services at all, especially not analytics.

  • Anonymous commented  ·   ·  Flag as inappropriate

    While this is definitely an important issue, Tutao seems to only have these 3rd party scripts on their base website (read: not the email app) and 3rd party-hosted sites, like this one (*.uservoice.com). While it's definitely still a privacy risk to run Google analytics and have FB/Twitter/etc buttons, these shouldn't affect the security of your email login as they're only included outside of the mail app itself. This is a forum for user discussion and feedback, and services like Google analytics definitely have their place here. Now I might suggest that Tuta use a different analytics service that's more privacy-conscious, but their use of 3rd party tracking services only exists outside of the mail app itself. It's important to note that the mail app specifically does not include any of these 3rd party scripts from what I can tell. Dev console shows only calls to https://app.tutanota.xxx; all images and scripts are hosted locally on Tuta's server and retrieved via HTTPS. uBlock and NoScript additionally have no problems with anything loaded on https:://app.tutanota.xxx/, which should alleviate some more privacy concerns.

  • Eddie Jibson commented  ·   ·  Flag as inappropriate

    Well, Facebook abuses everyone's privacy worse than the majority of companies. They take all of your posts, contents and friends and sell it to advertisers so they can sell you as many relevant ads as possible. That's why if you search up things like "Heart Surgery" you'll get things like "Funeral Care" and "Life Insurance" adverts.

  • Ines commented  ·   ·  Flag as inappropriate

    Thanks AJ,

    I think you're onto something here. I find the elements to these major tracking services quite a turnoff and inconsistent with what I believe is the Tuta ethos.

    I was very saddened to see the recent email from support requesting users now use Reddit. My initial reaction is WTF and revulsion.

    Happy to give this a vote.

Feedback and Knowledge Base