Stick a fork in them, they're done. At least with that name they are. Easiest thing would be to disolve, and start a brand new company with the same people.
Don't get me wrong, whether they have or don't have intelligence ties is irrelevant. No one serious uses them, they're a general public supplier, and the general public is about as brave as a gringo cop, i.e.: not much.
So they're about to lose a chunk of customers and Tutanota's leadership isn't exactly quality so who knows what they'll do.
Sorry mate! Didn't want to be mean XD, but funny you commented this, because I posted about it on LinkedIn and got like 5 private messages asking:"Should I really switch?" XD, so you're at least not alone and in the company of some pretty fine people :P
I'm not a fan of Tuta, mainly because of their disingenuous advertising where they keep calling themselves "open source" when they in fact only open source their clients but keep anything server-side under wraps -- but for this reason this also makes me skeptical; if their clients are indeed open source (which I assume is true, I haven't verified), and all encryption happens client-side before being sent to the server (also an assumption), how would it even be possible for this to be true?
In my understanding, anything that Tuta potentially did to compromise e-mails would necessarily have to shine through in their open source client code -- unless they willingly serve binaries that are not actually built from that code, which of course would be a scandal.
So even if I don't like them, I'm going to need something more concrete than someone simply saying they have "intelligence ties" to be willing to believe that they are somehow duping their users.
I always ask this when it comes up - how would open-sourcing the server-side components help you trust them? They could be running any code on the server-side and you wouldn't know. So even if they open-sourced their server-side code, how would you know for sure that is actually the code they are running in production?
I always ask this because ultimately if you are consuming a web-based application, you have to have some level of trust in the provider. And if you didn't trust them, your only option would be to completely self-host in an environment that only you have full control over.
I guess, if the crypto is real, the only things feds could do is tell tuta to load different JS for certain IPs.
Which would not be easy to verify as anyone but a targeted person.
The point here is, if they have nothing to hide, they can easily open source.
If they already have a weird system to serve some people insecure code, they have to extract that from their code base, maintain 2 versions and make sure both sides are up to date at all times. So not going open source is easier if you wanna be malicious. Not a huge task for feds tbh, but still.
Also, there's still benefits for my privacy and security as in I'm sure some people would find vulns in the code and report them.
So what? The assumption is that the data is encrypted at rest. If your threat model is "physical seizure by a nation state" then obviously you shouldn't be storing your encrypted data at a SaaS provider in a location out of your control anyway, but I don't see why it would be a reasonable assumption by default that Tuta willingly uses weak (or no) encryption.
One reason is that tuta does not require you to have any other connection to create and account.
Protonmail require a second mail, phone or possibly some kind of payment if I recall correctly (for verification?) that could be linked from your account in theory.
Without having a good anonymous starting point, protonmail does not let you get that starting point, at least the last time I tired (maybe a year ago).
You can definitely search back more than a month. However the search is genuinely atrocious. I've been using tutanota for a few years now but every time I need to search my emails I think about switching to something else. It is just not acceptable for the service to need to slowly iterate through emails, downloading them one by one the first time you decide to go back that far, just to find something important.
I have a tuta account, I tried to search for something recently and it only let me search from October 12th or something. I'm not sure you can search back more than a month on the free plan.
I used to love Tuta for the tempting price (1eur/month). But now due to the increasing price, poor UX, no bridge to Thunderbird, broken filter rules, I switched to another provider.
I still have an account that I have some stuff linked to, I want to close it down entirely soon, it sucks there isn't any way to export all my emails without paying though.
Who is on trial for allegedly trying to sell internal Canadian government investigative documents to the CEO of Phantom Secure, the 'secure' communications app popular with the underworld until it got rumbled and who needs some explanation for why he wanted to communicate via a privacy-focused open email service.
Readit News
Don't get me wrong, whether they have or don't have intelligence ties is irrelevant. No one serious uses them, they're a general public supplier, and the general public is about as brave as a gringo cop, i.e.: not much.
So they're about to lose a chunk of customers and Tutanota's leadership isn't exactly quality so who knows what they'll do.
Hey... :c
In my understanding, anything that Tuta potentially did to compromise e-mails would necessarily have to shine through in their open source client code -- unless they willingly serve binaries that are not actually built from that code, which of course would be a scandal.
So even if I don't like them, I'm going to need something more concrete than someone simply saying they have "intelligence ties" to be willing to believe that they are somehow duping their users.
I always ask this because ultimately if you are consuming a web-based application, you have to have some level of trust in the provider. And if you didn't trust them, your only option would be to completely self-host in an environment that only you have full control over.
The point here is, if they have nothing to hide, they can easily open source. If they already have a weird system to serve some people insecure code, they have to extract that from their code base, maintain 2 versions and make sure both sides are up to date at all times. So not going open source is easier if you wanna be malicious. Not a huge task for feds tbh, but still.
Also, there's still benefits for my privacy and security as in I'm sure some people would find vulns in the code and report them.
Tuta has all kind of weird restrictions, like not being able to search back more than a month.
Without having a good anonymous starting point, protonmail does not let you get that starting point, at least the last time I tired (maybe a year ago).
In the past, their billing was based on blackmailing. I don't know if that is the case anymore. But I dropped using it ever since.
> In the past, their billing was based on blackmailing.
Not saying I don't believe you but I'd like to know more.
Deleted Comment
no shit, but the claim is that you aren't...