I suggest you ...

Release the source code for the server (as open source)

Having the whole client open source is awesome for many reasons, but I think particularly for vetting the security of the server side, open sourcing the app code for the server would be a good next step. There are tons of TypeModels for API endpoints (https://github.com/tutao/tutanota/blob/master/src/api/entities/sys/PaymentDataServicePutReturn.js) but we have no idea what those APIs actually do. :) Particularly with payments, I did not expect payments details to go through Tutanota's API so directly (from the client), and I wanted to see how the server interfaces with the payment gateway.

Thanks for the great product :)

121 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
John Preston shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Anon commented  ·   ·  Flag as inappropriate

    IMO the tutanota wants to be as closed as possible. At example unavailability external forwarding option or thunderbird plugin

  • JM commented  ·   ·  Flag as inappropriate

    How can i report a fraud that someone is stolen money from your webmail.

    It any possibility ?

    Do you need the police report ?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Wait, I though TutaNota already made EVERYTHING FLOSS. This is the only reason I switched from ProtonMail. Could somebody from TutaNota plz clarify this?

Feedback and Knowledge Base