Tutanota Contributor

My feedback

  1. 1,023 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      51 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

      Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:

      Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

      In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.

      We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other…

      Tutanota Contributor commented  · 

      +Note:
      I had to find other solutions for PGP communication... There was a service for 12EUR/month, and there was an other one for free. Now I have sever different e-mail providers, but I pay none of that, because there is simply no single one which has all the important features.

      This is just a hint, I know, you work hard, but when these features need years to develop, people get bored of waiting, and switch.

      I understand, that PGP is not perfect, but maybe it would be easier to integrate an already existing tool, than build your own for years, and lose customers with that.
      It would be great, if Tutanota worked in Thunderbird with PGP.

      Tutanota Contributor commented  · 

      "There are several "islands" Tutanota, Hushmail, Protonmail, Silent Circle, various PGP and S/MIME, Startmail, etc. (Telegram, TextSecure (WhatsApp), Wickr,...) but few of them can communicate with each other. If you can connect them together the sum is much greater than the parts. I have correspondents in the various islands, but no secure mail gets sent because they are often in different ones."

      This is very true, many times you have no chance to exchange passwords in a 2nd secure channel, nor timed destruction for mail exists here (unlike in protonmail), so youre forced to send mails to privacy invading providers. Since Tutanota only operates in English, many people who speak other languages, can not even switch.

      Tutanota Contributor supported this idea  · 
      Tutanota Contributor commented  · 

      Please remove your votes and vote for the link https://tutanota.uservoice.com/forums/237921-general/suggestions/6979966-pgp-support , because that has more votes already.

    • 2,379 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        87 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

        We are happy to inform you that we have started to build desktop applications for OS X, Linux and Windows. Desktop clients will enable you to import emails to your encrypted Tutanota mailbox as well as give you offline access. Building desktop clients is an extensive project, so we cannot give an exact ETA.

        If you would like to support our development team, please donate to Tutanota: https://tutanota.com/community#donate

        We use this money to further grow our development team and speed up our development: https://tutanota.com/blog/posts/welcome-ivan

        Thank you very much for your support!
        Your Tutanota Team

        Tutanota Contributor commented  · 

        +Note 1: Insted of a full feature app, Tutanota could invest into a Thunderbird plugin, maybe PGP compatibility? In this case you dont lose much energy, because the app itself is handled by an other group.

        +Note 2: It would be nice, if Tutanota would stop "adverising" facebook, google and such, who are practically their enemies. Especially after the Cambridge Analitica case. Just remember, both had problems with the German court because of their data usage practices.
        Although I understand, that it is a way of informing people.

        Tutanota Contributor commented  · 

        "I can only agree with other users here: integration into standard mail clients in OSX, Linux and Windows should be next on your agenda. Otherwise Tutanota would always be behind competition ..."

        I agree with the importance of being multiplatform, but keep in mind, that Tutanota operates on a limited financial and workforce level, not everyone (can) support their work. There are very few companies outthere, who offer userfriendly, free E2EE mail.
        I also recommend to switch to an open-source security focused OS, because Windows and MacOS are really bad ideas for privacy.

        "I don't understand, why the most asked feature is not even planned or under review. Does it mean that you don't think about it at all?"

        Same answer as above, Tutanota is operated by a few people, who are bombarded with idealistic wishes, but to implement it, is not easy. To create an open source, free and privacy respecting service is always a hard job.

        Tutanota Contributor commented  · 

        The idea is good, and Tutanota needs money from all platforms...

        BUT users should be reminded of the dangers of closed source (backdoored) operating systems and hardware.
        Serious, secure and effective user/server computers operate on GNU-Linux and Xen, not OS X or Windows.

      • 211 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          under review  ·  17 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
          Tutanota Contributor supported this idea  · 
        • 371 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            18 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
            Tutanota Contributor commented  · 

            I wanted to open a similar suggestion, but it seems, it already existed. I post the arguments here.

            Important arguments:

            1) Message destruction timer is already a widely practiced key solution in free E2EE messaging to minimize data breach risk. ( Examples: Protonmail, Telegram, Wire )

            2) It would be ideal to be able to destroy it after first access ( Instant ), so noone can access the encryped storage / message later, also if the recipient can not access it, that suggests a previous data breach.

            3) Delete message / conversation deletes from recipient too. Than you could really delete the sent message from a virtual inbox instead of being stored on Gmail servers forever and being handed out for companies and governments.

            The range should look like :
            Set destruction time to:
            xx Minutes, xx Hours and xx Days
            ( default: 0 = After first acccess - records acces time and date )
            ( if you set a longer time, but you made up your mind: "erase now" button )

            This would be a realistic, practical solution for communicating in insecure channels, like sending a CV to a non-tuta company, or sharing a password instruction with a non-tuta friend.
            This way you can be sure, that even if an entity does not respect your privacy, your documents and datas are stored temporally and encrypted on the Tutanota server.

            ( Google stores everything for ever, against the new EU privacy sanctions, and it will even after EU GDPR - than it is threatened/hacked by state agencies and criminals, and stored for ever in criminal datacenters, and they are used to commit crimes in the victims name, or against the victims. The more biometric "security" was applied, the more you have to lose. )

            ( hacking phones and computers is not a tutanota issue, but we should definitely spread awareness
            Recommendation: FLOSS GNU/Linux OS with FLOSS hardware. Until it is not reality, encryption is just an illusion, since billions of people are backdoored, spywares are hardware implanted before purchase. )

            Tutanota Contributor supported this idea  · 
          • 5 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              under review  ·  3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
              Tutanota Contributor commented  · 

              How is it going? It is weird to see the Tuta support sharing it and being under review for 2 years.

            • 234 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                under review  ·  20 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
                Tutanota Contributor commented  · 

                Using Windows computers or Phones for "secure" communication is an illusion.

                Tutanota is FOSS, because FOSS is more trustable and secure than closed source.
                Installing a popular Linux distribution is easy, Linux phone (Not standard Android) also exists.

                Windows is closed source, with many security problems, using any app on it is subjected to Windows vulnerabilities.

              • 1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
                  Tutanota Contributor commented  · 

                  There is no safe country for privacy on the web. There is no 100% security.

                  Every country has a secret law enforcement, able to access literally everything, and a dark history of human rights abuse. Corruption and crime exists everywhere.
                  Rightwing extremism is rising everywhere, human rights and privacy/security is shrinking everywhere. Privacy seeking individuals will always be identified as extremists, but the more popular these tools become, the less prejudgement will they generate. No one thinks, ALL whatsapp users are criminals, but most countries hack smartphones to work around E2EE.

                  Why Tutanota is the best choice today:
                  1. Germany is one of the very few states, where constitutional court cares about human rights. They try not to forget the Gestapo and Stasi. In Switzerland, xenophobic laws are not always stopped by the Swiss supreme court.
                  2. Also its political environment is mainly centrist, not dominated by extreme rightwing parties as in Switzerland.
                  3. 2017 election in Germany seems to end up with a 4 centrist party coalition, which suggests fewer left/rightwing extremist law enforcement action.
                  4. Snowden and local German secret agency and police scandals will also force to make these less corrupt.
                  5. In 2018 the GDPR will threaten companies with millions of € penalty upon data breach, which will "legalize privacy". Switzerland is not part of the EU.
                  6. And Tutanota strips away your IP, so actually you are anonymous, unlike with Protonmail. If noone uses your e-mail for criminal activities, the German court will not order a hunt on you.

                  If anyone knows better, please correct me.

                  https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Sanctions

                Feedback and Knowledge Base