Anonymous

My feedback

  1. 405 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 
  2. 388 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  29 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 
    Anonymous commented  · 

    @Ooo
    No JavaScript means no automatic crypto. You'd do all the crypto with your own tools. Unless Tutanota releases a standalone client.

    Tutanota has custom application of open algorithms to protect the entire inbox, so the inbox may not be accessible at all without an official client or until after the API is released.

  3. 147 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 
  4. 211 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  17 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 
    Anonymous commented  · 

    Interesting feature, but two passwords would mean two keys. I like SwissTengu's and Mustafa's ideas for an optional hidden vault inside the account like Truecrypt's suggestion of a volume inside a volume, another method for plausible deniability. Make sure the vault is not counted for the "Used space" percentage until its password is entered.

  5. 299 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  9 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 
  6. 1,538 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    113 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous commented  · 

    Importing could only be done client-side, say, through the Tutanota app. old provider --> IMAP --> your device --> Tutanota account

  7. 357 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  31 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous commented  · 

    Desktop: Ricochet (text), Bitmessage (like email), Tox (text, voice, video)
    Phone: Signal (text, voice), FireChat (text)
    https://www.eff.org/secure-messaging-scorecard
    https://ssd.eff.org/

    Help Tutao improve email. Don't spread it too thin at this stage.

  8. 283 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    planned  ·  18 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 
    Anonymous commented  · 

    New GnuPG releases support ECDH for public keys and EDDSA for signatures. Its manual recommends Camellia256, AES256, or Twofish for ciphers.
    https://www.gnupg.org/faq/gnupg-faq.html#new_user_gpg_conf
    https://www.gnupg.org/faq/gnupg-faq.html#recommended_ciphers
    https://www.gnupg.org/faq/gnupg-faq.html#no_best_algo

    Please upgrade to SHA512, too. E-mail messages are at rest, not viewed live.

    If changing algorithms is costly for Tutanota, then I would prefer ECDH (with Curve25519) and EDDSA rather than larger RSA.

  9. 1,062 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    53 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:

    Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

    In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.

    We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other…

    Anonymous commented  · 

    At least allow export of the account's key.

  10. 149 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    5 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous commented  · 

    "a 2FA feature request already exists"
    Since nobody provided the link:
    https://tutanota.uservoice.com/forums/237921-general/suggestions/6858986-2-factor-authentication

  11. 295 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Anonymous supported this idea  · 

Feedback and Knowledge Base