L

My feedback

  1. 303 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  10 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    L commented  · 

    I think Tutanota and Protonmail see each other as competitors (which is in fact true) but lose site of the fact that the REAL competition is all the other unencrypted email services.

    It would be far better for both providers to focus not only on increasing their own market share, but even more, on increasing the TOTAL market share of end-to-end-encrypted email services. That will bring increased public awareness and grow their market share more rapidly.

  2. 836 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  20 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    L commented  · 

    It's tempting to implement features in stages. E.g., first allow multiple email addresses, but not multiple signatures or full names. Later, plan to implement more things.

    But this can be a flawed strategy. Some things go together and must be implemented together. If you're going to implement multiple email addresses, you must at the same time implement multiple signatures and multiple full names.

    I think the Tutanota software developers did not think far enough ahead and added features somewhat randomly. They should have planned ahead more carefully.

    I didn't upgrade my account to a paid account because I was waiting for them to handle bitcoins properly. Now that I have discovered that they did not implement multiple identities properly, I am glad I did not upgrade. I would have been very disappointed.

  3. 1,062 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    54 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:

    Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

    In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.

    We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other…

    L commented  · 

    I am going to explain why OpenPGP support would be a good thing.

    Right now, there are competing services offering encrypted email. Mostly Protonmail and Tutanota, also others offering lesser degrees of encryption. Since these services compete with one another, they would prefer not to be interoperable.

    But there is an argument to be made that the competing services, by becoming interoperable, will actually compete better. Due to networking effects, if N services offer encrypted communications among one another, they as a group are now able to compete N times better with the NON-encrypted services. Tutanota alone will never compete with Gmail. Most of the other people Tutanota users want to communicate with are using Gmail (or Yahoo, or Hotmail, or ...).

    But if Tutanota + Protonmail are exchanging encrypted email, they are now twice as big. If we add some other encrypted mail services to this, we now have a collective encrypted mail service cluster that is N times better able to compete.

    Protonmail already accepts incoming OpenPGP mail and transparently shows it so the user. All that a sender has to do is know that Protonmail user's public key. If Tutanota wanted to cooperate, Protonmail and Tutanota could work out an automatic public-key–exchange protocol. It would be completely transparent to users on both services. So without trying to underestimate the development effort of doing this, let me point out that OpenPGP already exists in JavaScript form, so they would not have to write the encryption code from scratch — they would only have to add just enough scaffolding to bring it all together.

    Let me also take this opportunity to explain why Tutanota's explanation “Why does Tutanota not use pgp?” (see: https://tutanota.uservoice.com/knowledgebase/articles/470724-why-does-tutanota-not-use-pgp) is untrue. They say: “It is important to us that the subject line in emails is also encrypted. That's why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments.”

    I think this explanation is disingenuous. Nothing in PGP requires that the subject heading of your email be left unencrypted. PGP simply gives you the option to have an unencrypted Subject: header in your email. PGP does not require that the contents of this Subject: header be the subject heading of your email. The subject heading of your email can be inside the encrypted part, and the Subject: header can be “Encrypted email”, or anything else that the sender wishes that does not disclose private information.

    Attachments can definitely be encrypted using PGP since about 15 years ago.

    I am sure Tutanota developers have good reasons of their own for not using PGP. These reasons have nothing to do with the subject heading or encryption of attachments.

  4. 702 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    83 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    We would like to apologize that Tutanota does not support payments with cryptocurrencies at the moment. In 2016 we took a tough decision to give our encrypted webmail client a complete make over to improve performance, which became particularly important for mobile devices. The new Tutanota client is now in beta – https://tutanota.com/blog/posts/secure-mail-public-beta-release – and much faster. The speed improvement was also necessary to allow us to implement a search feature – https://tutanota.com/blog/posts/first-search-encrypted-data – one of the highest voted feature requests.

    Our plan for 2018 is to bring the new client out of beta and to give the iOS and Android apps the same update as well as add the Android app to F-Droid.

    Once we have finished this project, we plan to add support for cryptocurrencies. We will take a close look as to what currencies fit best before simply adding one or two. Please let us know your…

    L supported this idea  · 
  5. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    L shared this idea  · 
  6. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    L shared this idea  · 
  7. 127 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    L commented  · 

    Please allow plus-addressing, but using a hyphen (-) not a plus (+). Hyphens look nicer, and are generally not prohibited by most websites.

    If you are using any of the common open source MTAs at your end, they support this already. So all you need to do is enable this in your UI.

  8. 27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    L commented  · 

    The current voting system works like this (I think):

    If ten thousand people support an unimportant idea that sounds good to them, it will get high priority.

    If three people support a brilliant idea that would improve the security of a million users, it will be ignored.

Feedback and Knowledge Base