I suggest you ...

Make tutanota resistent to browser fingerprinting and thus support anonymous usage

The suggestion is to design tutanota in a way that browsers which avoid fingerprinting can fully use tutanto in an anonymous way.

JondoFox for examples prevents browser fingerprinting (https://anonymous-proxy-servers.net/en/software_win.html) similar to the TorBrowser. This makes the use of tutanota more anonymous.

Unfortunately, tutanota uses fonts which have to be loaded by the JondoFox and other browsers and which allow to fingerprint everyone's browser and prevent anonymity. This should be clearly avoided.

57 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jehitsin shared this idea  ·   ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  · 

        This also concerns Tutanota allowing login BTW. I found that even with an "approved" browser set "to enhance security and privacy" the Tutanota login comes back with "Your browser is not supported". I found however, resetting the browser profile (FF in this case) by deleting the browser profile, login is restored. Strangely enough, if then the original profile is restored, login is still possible. Furthermore, I suspect that this behaviour is not user agent dependant, because "spoofing" a Tutanota accepted browser does not resolve a "not accepted browser" situation. Perhaps Tutanota can share what their login page is scanning for that triggers this process?

      • Anonymous commented  · 

        Just a remark: as far as I can see Tutanota does not need the fonts to be loaded. As you probably know browsers can be configurated to use only fonts available locally, thus limiting font loading and potential font fingerprinting. For example, for FireFox see browser.display.use_document_fonts. When I tested this on Tutanota, all still functioned perfectly. Furthermore, if this is applied on the users browser, it'd apply to all web use (although detection can still occur with Java and we all know complete anonymity is of course a pipe dream).

      • Nicolas commented  · 

        Agreed, this is a great idea.

      • Anonymous commented  · 

        I'm all out of votes, +1 please

      Feedback and Knowledge Base