Tutanota Contributor

My feedback

  1. 1,062 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    54 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you all for your feedback. Please let us explain in more detail why we don’t plan to add pgp-support at the moment:

    Current encryption standards like pgp and S/MIME have several issue that we plan to address with Tutanota. These standards do not support forward secrecy and are not resistant to attacks from quantum computers.

    In addition, it is important to us that the subject line in emails is also encrypted. That’s why we have developed a solution that is also based on recognized algorithms (RSA and AES) and that automatically encrypts the subject, the content and the attachments. In the future, we plan to upgrade these algorithms to quantum-resistant ones that also support forward secrecy.

    We also see the importance that Tutanota needs to be interoperable with other encryption solutions. We will develop an API so that Tutanota users can communicate with users of other…

    Tutanota Contributor commented  · 

    +Note:
    I had to find other solutions for PGP communication... There was a service for 12EUR/month, and there was an other one for free. Now I have sever different e-mail providers, but I pay none of that, because there is simply no single one which has all the important features.

    This is just a hint, I know, you work hard, but when these features need years to develop, people get bored of waiting, and switch.

    I understand, that PGP is not perfect, but maybe it would be easier to integrate an already existing tool, than build your own for years, and lose customers with that.
    It would be great, if Tutanota worked in Thunderbird with PGP.

    Tutanota Contributor commented  · 

    "There are several "islands" Tutanota, Hushmail, Protonmail, Silent Circle, various PGP and S/MIME, Startmail, etc. (Telegram, TextSecure (WhatsApp), Wickr,...) but few of them can communicate with each other. If you can connect them together the sum is much greater than the parts. I have correspondents in the various islands, but no secure mail gets sent because they are often in different ones."

    This is very true, many times you have no chance to exchange passwords in a 2nd secure channel, nor timed destruction for mail exists here (unlike in protonmail), so youre forced to send mails to privacy invading providers. Since Tutanota only operates in English, many people who speak other languages, can not even switch.

    Tutanota Contributor supported this idea  · 
    Tutanota Contributor commented  · 

    Please remove your votes and vote for the link https://tutanota.uservoice.com/forums/237921-general/suggestions/6979966-pgp-support , because that has more votes already.

  2. 211 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  17 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Tutanota Contributor supported this idea  · 
  3. 402 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    23 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Tutanota Contributor commented  · 

    I wanted to open a similar suggestion, but it seems, it already existed. I post the arguments here.

    Important arguments:

    1) Message destruction timer is already a widely practiced key solution in free E2EE messaging to minimize data breach risk. ( Examples: Protonmail, Telegram, Wire )

    2) It would be ideal to be able to destroy it after first access ( Instant ), so noone can access the encryped storage / message later, also if the recipient can not access it, that suggests a previous data breach.

    3) Delete message / conversation deletes from recipient too. Than you could really delete the sent message from a virtual inbox instead of being stored on Gmail servers forever and being handed out for companies and governments.

    The range should look like :
    Set destruction time to:
    xx Minutes, xx Hours and xx Days
    ( default: 0 = After first acccess - records acces time and date )
    ( if you set a longer time, but you made up your mind: "erase now" button )

    This would be a realistic, practical solution for communicating in insecure channels, like sending a CV to a non-tuta company, or sharing a password instruction with a non-tuta friend.
    This way you can be sure, that even if an entity does not respect your privacy, your documents and datas are stored temporally and encrypted on the Tutanota server.

    ( Google stores everything for ever, against the new EU privacy sanctions, and it will even after EU GDPR - than it is threatened/hacked by state agencies and criminals, and stored for ever in criminal datacenters, and they are used to commit crimes in the victims name, or against the victims. The more biometric "security" was applied, the more you have to lose. )

    ( hacking phones and computers is not a tutanota issue, but we should definitely spread awareness
    Recommendation: FLOSS GNU/Linux OS with FLOSS hardware. Until it is not reality, encryption is just an illusion, since billions of people are backdoored, spywares are hardware implanted before purchase. )

    Tutanota Contributor supported this idea  · 
  4. 5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Tutanota Contributor commented  · 

    How is it going? It is weird to see the Tuta support sharing it and being under review for 2 years.

  5. 234 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  20 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Tutanota Contributor commented  · 

    Using Windows computers or Phones for "secure" communication is an illusion.

    Tutanota is FOSS, because FOSS is more trustable and secure than closed source.
    Installing a popular Linux distribution is easy, Linux phone (Not standard Android) also exists.

    Windows is closed source, with many security problems, using any app on it is subjected to Windows vulnerabilities.

  6. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
    Tutanota Contributor commented  · 

    There is no safe country for privacy on the web. There is no 100% security.

    Every country has a secret law enforcement, able to access literally everything, and a dark history of human rights abuse. Corruption and crime exists everywhere.
    Rightwing extremism is rising everywhere, human rights and privacy/security is shrinking everywhere. Privacy seeking individuals will always be identified as extremists, but the more popular these tools become, the less prejudgement will they generate. No one thinks, ALL whatsapp users are criminals, but most countries hack smartphones to work around E2EE.

    Why Tutanota is the best choice today:
    1. Germany is one of the very few states, where constitutional court cares about human rights. They try not to forget the Gestapo and Stasi. In Switzerland, xenophobic laws are not always stopped by the Swiss supreme court.
    2. Also its political environment is mainly centrist, not dominated by extreme rightwing parties as in Switzerland.
    3. 2017 election in Germany seems to end up with a 4 centrist party coalition, which suggests fewer left/rightwing extremist law enforcement action.
    4. Snowden and local German secret agency and police scandals will also force to make these less corrupt.
    5. In 2018 the GDPR will threaten companies with millions of € penalty upon data breach, which will "legalize privacy". Switzerland is not part of the EU.
    6. And Tutanota strips away your IP, so actually you are anonymous, unlike with Protonmail. If noone uses your e-mail for criminal activities, the German court will not order a hunt on you.

    If anyone knows better, please correct me.

    https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Sanctions

Feedback and Knowledge Base