I suggest you ...

Release the source code for the server (as open source)

Having the whole client open source is awesome for many reasons, but I think particularly for vetting the security of the server side, open sourcing the app code for the server would be a good next step. There are tons of TypeModels for API endpoints (https://github.com/tutao/tutanota/blob/master/src/api/entities/sys/PaymentDataServicePutReturn.js) but we have no idea what those APIs actually do. :) Particularly with payments, I did not expect payments details to go through Tutanota's API so directly (from the client), and I wanted to see how the server interfaces with the payment gateway.

Thanks for the great product :)

100 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    John Preston shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • JM commented  ·   ·  Flag as inappropriate

        How can i report a fraud that someone is stolen money from your webmail.

        It any possibility ?

        Do you need the police report ?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Wait, I though TutaNota already made EVERYTHING FLOSS. This is the only reason I switched from ProtonMail. Could somebody from TutaNota plz clarify this?

      Feedback and Knowledge Base