| Based in | Germany |
| Storage | 1 - 1,000 GB |
| Price | €1.00/mo. |
| Free Tier | Up to 1 GB |
| Website | Tutanota.com |
Tutanota is a secure email service run by a small team of privacy enthusiasts in Germany. Although it may not be widely known, Tutanota is a serious player among secure email providers. It uses a hybrid encryption system that avoids some of the drawbacks of PGP, and is protected by the GDPR and other pro-privacy EU regulations.
In this new and updated Tutanota review, we’ll be posting hands-on test results while sharing our research findings and personal experience in using this email provider for the past few years.
The Tutanota team has a strong vision for their product:
In the future Tutanota will be the privacy-respecting alternative for Google with a calendar, notes, cloud storage – everything encrypted by default!
That being the case, we’re really going to put Tutanota through the wringer to see if they deserve your hard-earned money and attention. Let’s take a look!
+ Pros
- Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Can search body of encrypted messages
- Can send encrypted messages to non-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open source code (including mobile apps)
- Great apps for mobile devices
- Free accounts with 1 GB of storage
- Encrypted calendar with iCard support
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains and other price+ features
- Discounts and additional support for non-profits
- Two factor authentication (2FA) support
- Publishes regular Transparency Reports
– Cons
- Does not work with PGP
- Potential delays with account approval
- Currently no way to import existing emails
- Based in a 14 eyes country (Germany)
- Can be affected by EU’s schizophrenic stance on encryption
- Only accepts credit card or PayPal; no cryptocurrency payments
Tutanota features overview
Tutanota uses industry-standard end-to-end encryption algorithms for email and other user data. All data is encrypted at rest and only decrypted in your browser or email client. Because it does not use PGP encryption, Tutanota also encrypts the subject line of messages. This is a noteworthy difference from some other secure email services, as we discussed in the ProtonMail review.
Additional interesting features of Tutanota include:
- Anonymous signup process does not require you to give them a phone number or other personally identifiable information.
- Open source code, including apps.
- Web app and desktop apps for Windows, Mac OS, and Linux.
- Android and iOS mobile apps, with Google-free access to Android app through F-Droid.
- Premium accounts with a range of additional benefits, including a brandable Business account.
- The ability to send encrypted emails to non-Tutanota users.
- Whitelabel and Secure Connect are supported in paid plans for an additional fee.
- Dark and Light themes.
Tutanota launched in 2011 (not long before Edward Snowden began leaking information), and is based in Hanover, Germany.
According to their website:
With its unique open source technology Tutanota fights for privacy and freedom of speech online, allowing everybody including NGOs, journalists and activists to send encrypted emails on desktop and mobile. In addition, Tutanota’s affordable business version enables companies and organisations of all sizes to easily secure their email communication.
Germany has strong privacy laws, including the Bundesdatenschutzgesetz and GDPR. That said, as elsewhere in the West, there is political pressure to reduce personal privacy rights to “counter terrorism”.
In addition, Germany is a member of the 14 Eyes intelligence alliance. This isn’t ideal, but Tutanota provides a detailed explanation of the laws that apply to them and the data they may be forced by law to disclose. In recent years, two court cases affirmed that Tutanota was not subject to nasty data retention laws that Germany applies to Internet Service Providers (ISPs).
Unfortunately, what the government giveth, the government can taketh away. At the end of 2020, a regional court in Germany ignored the previous cases and decided to impose the ISP regulations on Tutanota. The court ordered the company to develop a way to monitor an individual’s account. At the time of this review, Tutanota is appealing the ruling. And as you will soon see, thanks to this secure email service’s end-to-end encryption, there really is very little point to the court’s ruling.
Tutanota technical specifications
Tutanota uses a couple of different encryption algorithms to ensure that your messages cannot be read or tampered with:
Tutanota uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end (E2E). When both parties use Tutanota, all emails are automatically end-to-end encrypted (asymmetric encryption). For an encrypted email to an external recipient, a password for encrypting & decrypting the email (symmetric encryption) must be exchanged once. The company suggests doing so using Signal messenger.
On top of its automatic end-to-end encryption, Tutanota uses STARTTLS with an extended validation certificate, Perfect Forward Secrecy, DNSSEC, DANE, DMARC, and DKIM to secure your connection to Tutanota to the maximum.
Check here for more info on Tutanota’s TLS encryption.
Tutanota ensures users that even they cannot access your inbox, due to the open source encryption standards they use.
AES-128 is more than secure enough for protecting your messages. Reportedly even the fastest computers in the world would need many billions of years to crack AES-128.
Tutanota is currently working together with Leibniz University Hanover to make their encryption standards future-proof against quantum computer attacks.
Tutanota hands-on testing
We’ve based this Tutanota review on the browser-based client. If you decide to stick with Tutanota, you can easily upgrade to a paid plan, with similar functionality and more storage, email aliases, and other options.
Signing up for Tutanota
Signing up for Tutanota goes about the way you would expect. Click the Sign Up button on website here to begin the process.
The first step will be to choose your service plan.
On the Subscription screen, click the red Select button under the plan you want to use. Although I have been using Tutanota since 2017, for purposes of this review, I have created a new, Free private account. This is the ideal way to test out the service.
Next you will need to enter your account information. You’ll select an email address using one of the domain names Tutanota makes available for free users. You’ll also need to enter a Password, and check all the relevant boxes on the screen, including the one that confirms you are at least 16 years old.
Note that you are not required to give Tutanota a phone number or other personally identifiable information. This means you can have a truly anonymous free account. As we’ll see in a moment, Tutanota has a process in place to prevent spammers from taking advantage of the service. Unfortunately, that process can be a real headache for regular people.
The last step in this process is to record your 64-character Recovery Code. Tutanota doesn’t know your password (or the optional second factor you can set later) so the only way to recover your account if you lose either of these is by using the Recovery Code.
You can copy the code by hand, or click the round Copy or Print buttons. Once you’ve recorded your code, hit Ok and you’ll be ready to log in. Enter your Password and hit the Log in button.
An annoying automated delay
You are probably anxious to get into Tutanota and start exploring, but at this point, you may run into that anti-spammer process we mentioned earlier. Your account may be automatically “marked for approval.” This puts a 48-hour hold on your ability to send or receive messages, as you can see below.
As Tutanota states in this blog post,
Sometimes accounts are automatically marked for [manual] approval to prevent spammers from signing up. This is often the case when you sign up via Tor or a VPN, for example, because unfortunately spammers like to abuse Tor. In case your account gets marked for approval, you will be able to start using it within 48 hours after registration once it has been approved.
They claim that your account will automatically be approved within 48 hours after registration. However, if your account has not been approved after 48 hours, Tutanota recommends you contact Support and give them the email address you are trying to register.
I ran into a problem with this system while working on the first edition of this review. After waiting four days, I contacted Support about the problem, and someone got back to me within minutes. However, the account was not approved until the 5th day. Not ideal.
On a positive note, this manual account approval takes the place of more invasive verification procedures, such as phone verification, which many other email providers use. While the delay was somewhat annoying, I’d still take this over phone verification.
The look and feel of Tutanota
Once you click Ok, you will see Tutanota’s standard 3-pane layout like most other email programs. Here is a screenshot from our tests:
One feature you may like is the built-in support for a Dark mode, which looks like this:
If you happen to work a lot at night, or just get tired of the glare from the screen, this mode could be for you.
The folder list appears on the left, with messages in the center, and the content of the selected message on the right. A basic set of folders comes pre-defined in the left-most pane, and you can create more at will.
Note: Tutanota will automatically switch to a 2-pane view on smaller displays, such as tablets.
Tutanota has two factor authentication
Before you go any further, this would be a great time to enable 2FA. In the leftmost pane, click Settings, then Login. You will see several login-related settings in the middle pane. Scroll down to Second factor authentication and click the plus sign (circled in the following image).
You’ll see the dialog box you need to connect 2FA.
For more details on how to configure the various types of 2FA Tutanota supports, visit this help page.
Okay, let’s get back to exploring the Tutanota user interface (UI).
Composing, sending, and receiving messages
Composing messages works as you would expect. Click the New email button at the top of the leftmost to create a new message. While an early complaint about Tutanota was the lack of message formatting commands, today there is a full range of formatting options.
To see the menu of formatting options, click the T icon on the Subject line of the new message (circled in red below).
Click Send (in the top right corner of the message window) to transmit the message.
When you receive messages you open them normally, whether received from a Tutanota user or someone else. If a message is from another Tutanota user, all the encrypting and decrypting is done automatically in the background.
Like most secure email programs, Tutanota blocks images from appearing by default. If a message contains images, you can display them by clicking the icon circled in red at the top right of the message, as you can see here:
So far, so good. But what if you want to send a message to a person who doesn’t use Tutanota? This is where things get a bit more complicated.
Sending messages to non-Tutanota users
When you are composing a message, Tutanota checks to see if the recipient is a Tutanota user or not. If not, you have to specify whether you want the message to be sent encrypted or not. If you have this option, Tutanota will display a lock icon on the Subject line (circled in red) with a status message.
Clicking the lock icon will cause Tutanota to send the message either in the clear (unencrypted), or E2E encrypted.
When sending an encrypted message to a non-Tutanota user, you must enter a pre-agreed password that is used for symmetrically encrypting and decrypting the message. Instead of receiving the message in its encrypted form, the recipient will receive a link to view the message. Here’s what that looks like:
Note: Sending the password to someone using the same medium of communication (Tutanota) that you will use to send encrypted messages to that person is a bad idea. A better way to go would be to use a secure messaging app like Signal Messenger to share the password. Check out our Signal Messenger review to see why this is such a good idea for your situation.
Searching for messages
Tutanota has implemented a full text search feature for messages. This is actually a challenging endeavor since the contents of your inbox are stored fully encrypted.
When you enter a term to search for, Tutanota will create an encrypted search index. This might take a minute or two depending on the size of your inbox. Like messages and everything else in Tutanota, the search index is encrypted at rest. This prevents someone from hacking into your system and spying on you by analyzing the search index.
After the search index is populated, the matching hits (emails) will display below. Tutanota’s search feature also gives you the ability to search specific periods of time as well as custom fields (subject, email body, from/to, and attachment name). This is a pretty good system in my opinion.
Comparison: As we noted in the ProtonMail review, searches cannot be performed on the body of messages. They can only be run on the Subject line and a few other fields that ProtonMail leaves unencrypted.
Rules and Filters
Tutanota offers both rules and filters for email, but they are pretty basic. Under the Spam rules you can designate individual email addresses as spam (put in the Spam folder), not spam (leave in the Inbox), or discard (send to the Trash folder).
Mailbox rules are more flexible, but are only available as part of paid plans.
Contacts and calendars
Tutanota supports both Contacts and Calendars.
These function as you would expect, but it is important to note that all Contacts and Calendars are encrypted when at rest. As we noted earlier, one of the main goals for the Tutanota team is for all your data to be encrypted, protecting you from snooping third parties.
The encrypted Tutanota calendar looks like this:
You can see the calendar features here.
Tutanota mobile apps (Android and iOS)
Tutanota has apps for both iOS and Android. I’ve been working with the Android app.
Whereas I had some issues with this app when it first came out, it now functions well. At the time of this Tutanota review, the Android app had over 5,700 reviews with a rating of 4.2 out of 5 stars. (Available on F-Droid too) The Tutanota iOS app had 255 reviews with a rating of 3.9 out of 5 stars.
Tutanota desktop app
Tutanota has a desktop client for Windows, Mac OS, and Linux. I’ve been using it for a long time now and it continues to work well, basically giving you all the features of the webmail app, including the encrypted contacts and calendar.
As you can see, the desktop app looks very much like the web app.
Tutanota business features
Tutanota also offers secure business email accounts designed to let you,
Save time and money by hosting all your business emails end-to-end encrypted on Tutanota’s secure servers based in Germany.
Here’s a partial list of the Business Email features currently available:
- Custom email domains with optional catch-all
- The Secure Connect encrypted contact form
- Multi-user support so you can manage all your users yourself
- Scalable shared storage for all your business accounts
- Zero-knowledge full text search of messages and contacts
- A large set of Whitelabel customizations
- Two Factor Authentication (2FA) available
Secure Connect encrypted contact form
One cool feature for website owners is Tutanota’s Secure Connect form. This gives you the ability to incorporate an encrypted contact form that facilitates completely anonymous two-way communication. In May 2019, Tutanota launched Secure Connect and made it, “free for news sites so that whistleblowers can get in touch with journalists securely.” Very cool.
Unfortunately, if you don’t meet the criteria to get it free (not a news site) then this feature will cost you €240 per year – certainly not cheap. You can read more about Secure Connect here.
Tutanota support
When reviewing email services, we create fresh accounts and go through the setup process as average users.
We’ve contacted Tutanota Support numerous times during our years of using the service. In almost all cases, the customer support team has responded to our queries in about one business day – so overall very good.
Tutanota plans and pricing
Tutanota pricing has grown more complicated over time. Today, they now offer six plans (three Private plans and three Business plans) along with a range of custom options and add-ons. This allows you to create exactly the service you need for your personal or business needs.
At the time of this Tutanota review, here is a breakdown of the plans and prices
- Free Private plan, €0
- Premium Private plan, €12 yearly, €1.20 monthly
- Teams Private plan, €48 yearly, €4.80 monthly
- Premium Business plan, €24 yearly, €2.40 monthly
- Teams Business plan, €60 yearly, €6 monthly
- Pro Business plan, €84 yearly, €8.40 monthly
Beyond the standard plans you can add more storage (10 GB, 100 GB, 1 TB), and more email aliases (20, 40, 100). As if this wasn’t complicated enough, the company keeps adding useful new features like Whitelabel, Sharing (of calendars), Business (specific features), and Secure Connect to their product. As a result, your best option is to scroll down the Pricing page to the Pricing Calculator and let it give you an exact price for the particular configuration you want.
Note: If you are an NPO (non-profit organization), you may be entitled to a reduced price on Tutanota. See here for details.
No cryptocurrency payment options
Unfortunately, Tutanota has still not integrated support for cryptocurrency payment options. This has been on their Roadmap for years now. You can donate to them with cryptocurrency, but standard crypto payments are still not an option.
If you want more privacy with payments, you could check out the services listed in our new Ultimate Guide to Private and Anonymous Payment Methods.
Tutanota alternatives
If Tutanota doesn’t look like the best email service for you, you may want to check out our ProtonMail review. The services are similar, although we like Tutanota’s approach to message encryption better since it encrypts the Subject line as well as the body of the message.
That said, either one of these services should be more than sufficient for normal users who want to protect their privacy while using email. Neither service can guarantee you protection against state actors like the NSA or the various domestic intelligence agencies. Nonetheless, they are both secure alternatives to Gmail that respect your privacy.
You can also see our secure email roundup for a list of other providers.
Tutanota FAQ
Here are some common questions (and answers) people raise about Tutanota.
Is Tutanota really secure?
Tutanota is certainly more secure than the vast majority of email services. Is it bulletproof? No. No system is, so you have to think about your threat model and decide if any given service is secure enough for your purposes. So let’s take a look at potential weaknesses in Tutanota’s security.
The browser and desktop Tutanota apps rely on JavaScript for encryption and decryption. Using JavaScript for these functions is generally considered to be less secure than other approaches. Using a secure browser when using the web app version of Tutanota will help here. You can also use the mobile apps which should be a bit more secure than the others.
There are some cases where Tutanota is bound by law to disclose information about you. According to their Transparency Report, between July 1, 2020 and December 31, 2020, Tutanota released data to the authorities more than three dozen times. Understanding exactly what this means is complicated. If you want the details, you will need to examine the latest Transparency Report and related documents. It is important to note that in some cases, Tutanota may be forced to record IP Addresses by a valid court order, as well as the contents of messages that arrive unencrypted at a user’s mailbox.
Note: All email services must abide by the laws in the jurisdiction in which they are based. To have more anonymity when you use Tutanota (or any email service), consider using a good VPN service to hide your IP address and encrypt your traffic. We have reviewed many popular options, including NordVPN and Surfshark, ExpressVPN, IPVanish, CyberGhost, and more.
Is Tutanota the best secure email service for you?
Is Tutanota the best secure email for you? Here is a summary of the factors to consider when switching to a secure email provider, and how they apply to Tutanota:
- Jurisdiction – Tutanota is based in Germany and your data is stored there.
- PGP support – Does not support PGP (read about PGP problems).
- Import feature – While it has been discussed for more than a year, Tutanota still cannot import email messages. It can import calendar data and contacts.
- Email apps – A web-based client as well as desktop apps for Windows, macOS, and Linux, along with iOS and Android apps.
- Encryption – Emails and attachments can be sent end-to-end encrypted and everything is stored encrypted at rest.
- Features – Includes a built-in calendar and contacts along with full text search of messages.
Can Tutanota be traced?
I assume by this question you want to know if your use of Tutanota can be traced. They don’t track you in any way. They don’t post targeted ads in your mailbox. They also don’t log your IP address, or even require you to enter any personal information (no phone number, no email address). So Tutanota isn’t tracking or tracing what you do.
Your email, contacts, and calendar are all encrypted, so no one, not even Tutanota, can read them. Right now, Tutanota is battling German court demands to spy on one specific email account. Even if the company loses this battle, all they can do is monitor future unencrypted mail coming to the account. They literally have no way to decrypt encrypted messages, regardless of how hard some judge pushes them.
In other words, there is little anyone can do to trace you in Tutanota.
Tutanota review conclusion
Tutanota is a strong choice for anyone who wants a secure email service for general use. While the service itself provides strong security, for maximum security, you can use the mobile apps, or access the browser-based app through a secure web browser. Additionally, you can add another layer of protection by using one of the best VPN services.
While Tutanota may not get as much attention as some other email providers, we believe it is a market leader in the secure email space, if not the best option available for serious users. Check it out here, or see some of our other secure email reviews to investigate other options:
ProtonMail Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
I used to be a Tutanota Premium user. However, I ultimately switched to Mailfence. I have encouraged many of my five siblings to make the switch from Google to the free version of Tutanota. Try it for as long as they like, then get a premium account if it suits them. After getting 4 of the 5 siblings to switch, we recently had a problem with Tutanota thinking they were spamming. There are seven of us in the email (counting my mom), so this certainly doesn’t constitute spamming. I have come to the conclusion that Tutanota is having some very poor business practices in trying to get free subscribers to pay for a premium account. The one sibling that has a premium account is the only one that did not get a notice about spamming, or “exceeded the limit” and it would be a day or two before they could resume emailing again. I do not recommend Tutanota for free or paid subscriptions because of this devious way of manipulating people.
I’ve been with Tutanota since the beginning, with both a paid and a free account. Great experience with both, and very several privacy reasons choose to keep my paid accts at Tutanota instead of Protonmail.
In your case, It’s possible that a contact of one or more family members has very non-secure habits and, even without y’all knowing, has leaks or poor practices that have exposed family addresses to those who generate spam. That volume of junk is not what exceptional services like Tutanota should bear at the expense of free users who carefully monitor and protect accounts, settings, contacts.
There are few to whom I will give my real contact info because of how insecure most people’s phones and computers are; how much worse their contacts practices may be; how quickly such people add others to group lists and cc lists, etc.
I’m sorry for whatever I’ve overlooked–I’m right now devastated–and numb.
Is it possible that Tutanota does not encrypt “Contacts”?
Since a long time ago when I *first* started having horrible problems with my (very abusive, in myriad ways) ex-spouse hiring a hacker to wreck my and our children’s lives, I’ve tried to follow all Sven’s exceptional advice.
(By the way, it may or may not be relevant that Ex works for the U.S. government–not the intelligence community or whatnow, but for the Department of Commerce.)
Anyhow, I NEVER go online without Perfect Privacy VPN set up (perfectly and all). I use only hardened Firefox. I never miss updates of any sort. I stay away from apps unless I really need one and I have good reason to believe it isn’t something insecure or otherwise sinister. For what I [used to] consider “not that important” stuff, I did allow myself to use my ipad pro [with EVERY privacy precaution enabled]–you know, just for reading, benign web-searching, sending “everyday” sorts of email *always via Tutanota*.
But more often, I used either my “Linuxbook” [my older macbook I stripped of MacOS so that it would run only a Linux distro–and utilize all the other precautions mentioned]. But, around the time covid appeared and I had to do more stuff online, I realized some important-for-my-profession software was not available for Linux, so I did begin using an early 2020 Macbook, which I’ve been just as careful on. I connected to the internet via ethernet only. Never wifi.
I search only with Metager. Never share location. It took forever to find a [believe me–necessary] home security system because so many of them are awful in the privacy/security sense. No Siri or Alexa or any such thing is allowed in our place. Black tape on all potentially internet-connected webcams; and I started using these “MicLock” things that actually do prevent others spying on you with your mics.
You’d be very hard-pressed to find someone who has password-setting (and regularly changing) policies that rival mine. My family is always laughing when they see me typing in these crazy-long passwords, using all the “randomization” stuff and stored only in a small book I keep well hidden—and no one who lives here cares at all about my boring online life. My computers and one device are never in anyone else’s possession. The laptops don’t leave, and the ipad pro leaves only when absolutely necessary in my locked briefcase.
The earlier hacking was part of a pattern of [extremely bad] abusiveness that was so traumatizing that, for example, now I REFUSE to use a mobile phone of any sort. (My kids know I can always be reached by them via a text or whatever to the ipad if I was out–but preferably via Signal.)
I could go on and on, but I won’t.
The only thing that comes to mind that I failed to do: I bought a new, more secure, recommended-here router that I wanted to replace the one our internet company provided. I felt mildly uneasy about the internet-company router, and I was going to put one of the recommended VPNs on the new one (in addition to having my computers and ipad running my current Perfect Privacy VPN). But, after I twice tried installing it without success, and after my teenage son (who does things like put together gaming computers for himself and friends and checks out open source software, etc.–you know, more technically savvy than his Gen-X mum) ran into the same problem with it—and after someone on some tech-helpline finally told me [perhaps just to get me off the phone when none of their suggestions worked?] that the router wouldn’t work with my internet company, I guess I’d become so tired of worrying and trying to put out or prevent all these fires Ex would set, I just decided, “Well, I connect with my ethernet cable whenever I do [what I previously thought was] anything important, so I’ll let this slide for now.”
But, sort of lately, I’d been feeling better about being able to be online, etc. Things had started feeling “lighter.”
Until today.
I am too afraid to access my email even to check out whether anything else has happened. (I know that I should have received several pieces of correspondence that I hadn’t but it’s possible the couple people are really busy.)
Here’s the deal: You know how you can enter a contact just by typing the first couple letters and then the entire address appears and you just glance at it, click, and you’re on your way?
Well, I just realized something very bad. I was trying to send communication [again, via Tutanota, as always] to an entity that is very important to my children and to me, and which has a restricted domain ending–but, what I was sending was not, in itself, something you’d think of as a big-dea type of message.
Well, I just realized that someone [ex + hacker] had changed the contact info essentialy to this:
[specific/accurate department of organization].[essentially name/domain-name of organization, which even in abbreviated form is somewhat legthy in reality]–and ALL that seems perfectly fine/correct–but THEN. this: “@gmail.com”!!
GMAIL!?
No way! I *don’t really deal* at all with Google, though of course I must to the extent I need to solve CAPTHCHAs and such.
And I’m not so stupid that I’d think a very important entity that legitimately needed info from me concerning my children would use a freaking gmail address.
In the distant past, my emails were sent correctly to the right address I’d originlly typed in (and I never had any reason at ALL to change it—I NEVER DID change it, and no one in my household would want this stuff unsent, plus no one knows my passwords—and I don’t do fingerprint- or face-recogntion).
None of these communications required a response, but the oganization did need those messages from me.
And, this Ex’s M.O. is: Make her seem very irresponsible, not-that-bright, crazy.
He does a great job at that, btw. But this isn’t who I am.
I quickly checked an email I sent *seven months ago* to this place, and it had gone to this stupid gmail address! They never got it, or any other thing I sent at least since then.
And ex and hacker apparently created a gmail account to receive all these emails–so I wouldn’t be informed that the address was wrong–and, I’m sure so sx could see what I was sending, though it wasn’t anything about him.
Oh.
I’m sorry.
I need some help here.
Crazy things like this happen far too often—not always digitial stuff. It’s gotten to the point even my loving family is obvously sort of starting to doubt me on certain similar things, though they KNOW I’d never type in this address with “@gmail.com.” Sometimes I think even they are beginning to believe I really am crazy, or stupid. I can just hear one of my kids: “Why would he do that? Why would he put so much time into THAT?”
But that’s WHAT he does now—makes it seem I’m incorrigible/ditzy/irresponsible/stupid/hapless/nuts–and therefore not easily believed by “important people” in the lives of my children and me.
Sometimes, I start thinking, “Maybe I AM crazy, despite all I’ve accomplished in my life–maybe the ex is right–that, finally I’m all “washed up,” utterly defeated, and I must be doing stupid things I can’t even imagine doing—maybe I’m crazy without even remembering bizarre, truly-unlike-me things I do somehow?”
Well, yeah, I guess that’s the old gaslighting thing. Been around forever, but this ex (and many of those of others) can do this rubbish so covertly and strategically that few recognize there’s actually a target who’s being chronically mischaracterized. Scapegoated, to draw attention away from the jerks’ real and quite apparent abuses of the type that have occurred in homes against relatively powerless people—to induce “important others” to question the “never-been-in-‘trouble’, otherwise very credible (because they are), protective (non-abusive) truths that she and her children finally built the courage to speak.
Can someone just let me know if/how it’s possible this Tutanota-contacts thing could have occurred?
And maybe what I should do. I have no privacy/security it seems from this sociopath who WILL NEVER GIVE ME ANY PEACE. Today, someone asked me to go for a walk, but I just felt so . . . . . “watched.” I’m starting to think I’ll never escape this harrassment and character assassination. Worst of all, my children suffer from this in many ways.
I’m sorry I cannot write succinctly. I’m sorry. I need some help–and not because I’m crazy. Please don’t be harsh. I’m sorry. It’s all been going on so long. I find someone STILL has so much control over my life, my kids’ lives. I don’t know what I can do to escape it for us, and I’m beginning to think I never will.
Thank you,
P.
Hello Sven
Which is the best Protonmail or tutanota for daily use ?
I like Mailfence for daily use 😉
Try both ProtonMail and Tutanota with the free accounts they have. Then keep the one you like best.
Thanks
I will give them a try
Just use protonmail .com or.ch the Swiss address will confuse people but that’s what I like. I am a Cryptology expert; Only the subject line comes in clear text and can be investigated by the Swiss court but that’s probably never gonna happen just don’t be obsessive compulsive take it it
Hey Sven —
Any thoughts on the past week’s blowout at /r/Tutanota over the big Premium-tier devaluation? It makes them more expensive (to get useful features) but they were unsustainably cheap anyway. It seems like more of a problem that they made such an egregious business decision and executed it so badly — can they stay in business with skills like that? And then it seems like MUCH more of a problem that through the whole debacle they were making one false statement after another, including a false claim, an edit to an old blog post to support the false claim, and then when that was caught an edit to the edit to cover up the coverup. Not too very attractive; they did not exactly cover themselves in glory.
I assume most subscribers won’t be too bothered, but to me it’s just as though they’ve said “The things we say are not to be relied on,” which pretty much wipes out their usefulness in a trust-based business. For me anyway.
Hi Philip, I did not see the controversy and have not had time to research what exactly happened. Feel free to fill other readers in on what transpired in the comments if you want.
Okay… I’ll try to keep it manageable. Late last week they announced a “new feature”, which was actually that a couple of Premium-tier features were being taken away and restricted to Business-class. There was a commotion; their next announcement was here:
https://www.reddit.com/r/tutanota/comments/lsu1zw/update_existing_subscribers_can_get_the_business/
After that, lots more commotion; a couple of the more worthwhile posts:
https://www.reddit.com/r/tutanota/comments/lsp1d9/a_suggestion_re_price_increase/
https://www.reddit.com/r/tutanota/comments/lts33j/we_should_give_the_tuta_team_time_until_next_week/
This one was interesting — apparently they never made the announcement about the half-baked compensation offer in German (nor did they ever send it out in email — only at Reddit):
https://www.reddit.com/r/tutanota/comments/luacle/bitte_aktuelle_situation_auch_auf_deutsch/
And then here is where they were caught out by a sharp-eyed person checking the permanent record:
https://www.reddit.com/r/tutanota/comments/lvbd3x/explanation_on_subscription_changes/gpbi0rx
I’ve seen that you’re a Tutanota fan — and with reason. But their misrepresenting themselves and monkeying with the historical record is just low behavior. Some people might judge for perfectly good reasons that this doesn’t matter for them. For me the good-faith relationship is essential; I think a privacy provider can’t work any other way.
Thanks for filling us in, Philip. It looks like they did not execute this change very well! Yes, we have liked, recommended, and personally used Tutanota over the years, but that also applies to ProtonMail, Mailfence, Posteo, CTemplar, and more.
Philip,
Thanks for the info.
While this is sad, it is not unexpected from what I have seen.
Appreciate the heads up.
First off, thank you so much for this website. Really great content.
I have a lot of emails that I’d not likely worry about sending e2e. What isn’t clear to me, is whether or not those correspondences are automatically encrypted once they land in my Tutanota inbox/outbox. In other words, is an “unencrypted” email safer in a Tutanota inbox than, say, Thunderbird?
The court case that was posted below seems to suggest that Tutanota encrypts everything on their servers, but they can somehow still provide messages that were sent to their servers unencrypted. I must be missing something.
I can’t stand the Tutanota aproach of 3-pane layout. There’s no option to turn to 2 panes. It’s the only obstacle to keep me from adopt this as main main email service. A so narrow folder subjects (the pane in the midle) is useles! Why dont theres a option to choose 2 panes with the full subject of the content of a folder (inbox for example). I can’t work with this, sorry.
Tutanota? Don’t use it.
I just tried to create a free account, my FIRST and ONLY one, but was blocked IMMEDIATELY. I was given NO waiting period – just told it could not be created due to abuse!!! (LOL). All I had done was enter a DECENT user name and password (some abuse!!!).
I read Tutanota’s blog on reddit and now other review sites and MORE WORRYING is that other people complained of having their Tutanota accounts suddenly deleted and other NASTY treatment. Can users RISK using Tutanota? My answer is a BIG NO.
I will continue to use Protonmail (a happy user now for 6 years) and my scoring is:
Protonmail 10, Tutanota 0
Tutanota = AVOID.
Sven,
What are your thoughts on this as for Tutanota being forced by court to have a backdoor; if they lose their appeal? Will they drop in your rankings of best email services, if they are forced by court order? I like Tutanota, and hate to see them lose their appeal. They have been a really good service.
https://techcrunch.com/2020/12/08/german-secure-email-provider-tutanota-forced-to-monitor-an-account-after-regional-court-ruling/
https://www.theregister.com/2020/12/08/tutanota_backdoor_court_order/
Yes we are monitoring this situation and will update recommendations accordingly.
@Sven,
Not sure of all the legaliese, but could they move to Switzerland, Iceland, Virgin Islands, etc. And re-establish?
It would be a bonus to them and whatever country they would go to.
Yes, I would think that is a possibility.
@Sven,
Thanks.
I do not recommend Tutanota at all, at least not an unpaid account. Firstly, I would repeatedly receive spam emails from supposed tutanota admin asking for verification of my account. When I would go to verify, the links very often were broken. I also was often unable to log into my account. Additionally, I would receive emails twice. Secondly, I could not search through my archived emails (which is only an option through premium). All of these inconveniences were worth it, however, as moving away from Gmail and mainstream online services is very important to me. Eventually, however, my email was hacked and as I was going to change my password, I was kicked out of the system and have not been able to log back in since. I have records of the original recovery code and have tried to use it to reset my password, but to no avail. There is no way I could have updated my recover code because I didn’t even know this was an option until this fiasco arose. The Tutanota time has done very little to help me or compensate in any way. They are very difficult to reach and pretty inaccessible. I have switched over to protonmail with which I am very happy. I would recommend avoiding this service.
For those of you with any doubt about the reliability of Tutanota check out their twitter:
https://mobile.twitter.com/TutanotaTeam/status/1296940311420248065?p=v
If you click on any of the tweets you tend to get irritable customers complaining about the downtime.It is sad that a service with such potential continually fails to deliver a reliable service.
Every month for the past year you can guarantee you won’t have access to your emails for at least 24 hours.
As of today, I’m quitting Tutanota. They twitted/blog an article about BLM solidarity. As any smart people would know, BLM is bu****it and it’s sad that tech companies in privacy use that.
Except for the price, it wasn’t very good anyway in terms of android app, always having notifications of emails that I had read on my computer, slow sync, etc..
@Joe,
Agree. This is the third time they have done something like this.
My answer to them because they ignored my email is this, and I hope they read this:
“Show up, shut up, and do your job. If and ONLY IF I want your opinion, I will ask.”
Haha well said.
Companies and entreprises should not be part of politics and surf on the ‘tendance’.. That’s why I despise social networks that have too much influence on people (Instagram to name only one)
I’m trying Protonmail again. The development is unfortunately less active than Tutanota..
Agree. I am proud to say that I have never had and will never have a Fakebook…errr…Facebook account.
Many are shocked at that but, no, I never have. Don’t want one either.
I am using Protonmail and while their development is slower, their stuff works when it comes out. I gave a link to a site to voice what you would like (I believe that link is under the Protonmail review) and it does get views from their developers.
Tutanota could be good. They could do a lot. But maybe I am jaded against them when I was first trying to set up a paid account and what I had to go through with them.
I opened a paid protonmail account for my business. I had a problem and a couple of questions so e-mailed them. It’s been more than 24 hours and I have not heard back anything. Very disappointing customer support. As a paid user and trusting them with my business e-mail accounts, I expect a response within 24 hours. I will be leaving them. A company with poor customer support is not one I am willing to work with.
@Ann,
Are you saying you opened a ProtonMail account, or a Tutanota? Your comment is under tutanota.
I will also say that I am sorry for the time. I am a Visionary Account holder with PM and they usually take a day or two to get back to me as well.
I would also say that if you are sending in requests to their main email, they generate a response that says it is usually very full and takes time. There is a quicker way to get a response, and I have done it a few times. I cannot guarantee a response time, but for me I have gotten a response in less than an hour. The link to that is here: https://protonmail.com/support-form.
Depending on your account level will really depend on their time of response. They will check that off your Username. Hope this helps.
BLM is bullshit if you are never affected by the thing people are protesting about. This comment is hilariously stupid.
A perfect example of Racial Equivocation (Key word here).
I am only going to give you the start and it is up to you to see the truth.
https://christianintellectual.com/racial-equivocation-serpentine-shepherds/
And
https://christianintellectual.com/structural-racism/
They are long reads, but if, and only if, you are willing to see truth, will you read.
Since this site is for the aspect of privacy and security, and Tutanota is supporting a group that believes in neither, our original diologe is pertenant.
However, this is as far as I am going to go out of that stream because it does not flow with the stated purpose. However, I do believe that truth should be declared and that ALL points (and not a predisposed ideological speaking point only) should be given a place.
Truth, objective truth, will always win. Narratives and ideology can only win by the use of force.
This is, by my choice, my only response that will be given and will not reply.
Sorry @Sven. I am being careful not to sidetrack here. Or trying to be.
J.M., my good man… you’re citing a site of one of our fellow Great Apes who claims to know the will of a god.
Truth is that which comports to reality; that so-called ‘intellectual’ source is but a poor man’s sophist.
Still, the point remains: it wasn’t _that_ long ago they removed mention from their website how the founders of BLM were unabashed in braying they’re trained Marxists. Even Bill ‘Sun goes down, Sun comes up; you can’t explain that!’ O’Reilly knows it.
Hi Sven, thanks for the very informative article. I’m still learning about these issues, so please bear with me – how do I exchange a password with someone outside the Tutanota system and still stay anonymous? The Tutanota ‘How To’ says to do it in person or via Signal. I don’t know what Signal is. But I’ve already sent an email to recipients outside Tutanota, and need to send them the password. Thanks!
Yes, this can be tricky. Signal is a secure messenger, like WhatsApp, but more secure and private (see our Signal review). And here’s our roundup of the best secure messengers.
I’m looking to (slowly) transition from Gmail to a private email like Tutanota (probably not 100% but certainly things like bills and receipts). In the interest of privacy, would it be better to use the different aliases Tutanota provides for different services? Like use one alias for Amazon, another for PayPal, another for eBay, etc.? I imagine that way it’d be more difficult to cross-reference between corporate databases, although 5 might not be enough in that case.
Yep, you’ve got the idea.
Hello @ psycho and Gerhard,
That’s the latest BAD hype in the headlines about any Germany email providers.
It’s meant for a purpose to shock and awe readers lured to their sites thinking of the worst.
But not a true definition in any case as an in-depth logic of an understanding yields to the concerned user.
–
First, so both you and others readers know it’s not a total surveillance scheme across accounts of any of the German email providers.
* As one of the Germany based email providers needs at one of their users accounts to have been flagged with valid order from a German court issued against it – for it to be affected and it’s only with that specific account that’s involved in the TGK action by said court order.
.
Second, messages encryption on an Tutanota account is there offered automatically as in two-fold parts of (sending/receiving) on a users account.
You have to deliberately sidestep the encryption for sending, or want to for the people you’d normally send messages to where an encryption form is not warranted as beneficial, or received well by the recipient…
Ex: Business accounts, professional correspondences say of your business contacts mail reply’s.
– Then when Tutanota accounts receives an e-mail from persons who does not have an Tutanota account – it’s at least automatically encrypted as soon as these messages lands on their servers. (Granted a valid German TKG court order is not in place for an account)
.
Correction: According to a ruling by the European Court of Justice in June 2019, e-mail providers are no longer seen as telecommunications providers and are therefore no longer subject to the TKG.
https://www.sueddeutsche.de/digital/tutanota-verschluesselung-e-mail-ueberwachung-polizei-1.4676988
– – I’d say worry of not being informed correctly and let smoke and mirrors headlines stay just that (BAD HYPE).
Greetings
“Même les e-mails envoyés ou reçus non chiffrés sont stockés chiffrés sur nos propres serveurs basés en Allemagne.”
It’s in the welcome email from them.
It means that even sent email or received emails not encrypted, are encrypted as soon as they are in your mail box on their Germany based servers.
Tutanota has very limited security model. Users should know, that every mail sent to or received outside Tutanota servers ARE NOT ENCRYPTED. So there is no brainer to catch and read all communication, with court order or not (e.g. hackers break into cluster). Tutanota can only encrypt mails between Tutanota users. This is also true with ProtonMail, but here you have option to use OpenGPG – so every incoming and outgoing mail IS ENCRYPTED.
Sven, Tutanota is no longer safe. They are forced to store their emails unencrypted for police or authorities.
https://t3n.de/news/gericht-datenschutz-gesicherte-e-mails-1220028/
Looking into this now, but Tutanota addressed this on reddit here.
I have few concerns about Tutanota:
1. They are very small company, so support is very limited. You have to wait for support reply few days as Premium user.
2. They are activits and ready to leave customers beacuse of demonstration. (source: https://www.reddit.com/r/tutanota/comments/d5xp0l/fridays_for_future_tutanota_team_joins_the/f0om4ic/)
3. Tutanota is developing since 2011 and still have ridiculous limitations:
– You can’t import emails,
– You can’t export emails,
– No conversation View,
– No labels,
– Unsuable filters and inbox rules
4. They have serious security holes:
– There is no restrictions in email address, so if someone register address: [sven.taylor@tutanota.com] you can register [sventaylor@tutanota.com] and make some phishing.
– For long time they don’t have custom domain ownership verification.
5. They product depends on 2 or 3 people. I don’t know who is responsible for servers security. If developers that’s not good, beacuse they don’t able to make application, supporting and managin servers at the same time.
Greetings, on Breitbart I just came across a story about the latest security report from Tutanota. It discusses the reality that the whole internet is just one big tracking engine geared towards a social credit system – like they are using in China, but is more “subtle” in the West at present. Anyhow, it’s a nice heads up for all privacy and security minded citizens, and well worth a read. It verifies the need for solutions provided by Tutanota and other reputable companies. Note that I am not in any way affiliated with Tutanota or any such company. The article link is:
https://tutanota.com/blog/posts/social-credit-system/
Hello Paulie,
Thanks for the heads up.
A lot of content there seems in what I’ve posted about herein throughout this site.
Not word for word but in generalities of trends and technologies pace.
I feel there’s a big adjustment coming to modern things in the digital nature as the internet and life advances around the world. Governments and big companies control much already and the working poor have had enough of their misconducts and bad leaderships rolls.
–
One positive thing of the digital age is I can address many people of the nations in sites as this. As we link minds it can become a large think+tank of ideals – to inspire others and simply conversing about digital privacy as say you did of the past about the weather to people.
Each persons ideals can build on the last or be vetted and honed by those who have grounded a better understanding, experiences, and results in an area.
***Knowledge is power and whoever banks the most detailed profiles data can actually control the money and commerce systems to an extent – once that it’s gone all digital in a cashless society system.
–
Poor thing about the Digital Age, is we as humans can’t get around our own personal faults enough to live peacefully together. Same types of people have the continuing controlling rolls in the governments and large businesses around the world. They should walk a mile in the peoples shoes of who their to serve.
– The digital age with spawn of the internet or vice-versa moves us all closer inward from life’s edge of rotation inward towards a higher spinning RPM of being out of control.
So a wide reaching reset seems natural to happen.
Thanks
Hello Sven,
First of all, thank you greatly for the informative work you do.
I have been using the Tutanota desktop client for a few weeks and the truth is that it works quite badly for me. It closes unexpectedly, does not update new emails… is there any email client (like Mozilla Thunderbird) that you know is 100% secure in terms of privacy?
Thanks a lot
I don’t know of anything that is 100% in privacy or security. Thunderbird is popular, but it won’t work with Tutanota due to the encryption. The desktop client has been working well for me, so I guess that leaves you with the webmail app.
Thanks, Sven!
Hi 4ld33n…
Without doing additional research, the only think I can think of that might work and is close to what you’re looking for is Protonmail’s “Bridge” app, which is available to paying users only. However, I can’t guarantee you will have a seamless experience with this program either. If you’re interested, please click on the link below…
https://protonmail.com/bridge/
Regards…
A.R.D.
Hi 4ld33n,
Monday Oct 7th all Tutanota clients were to update – has this helped any? This was to be automatic but you might insure your on the latest client for your platform.
I just use the web client – hows that work for you while the desktop has the troubles you mentioned.
–
@A.R.D. I don’t think 4ld33n wants to jump the Tutanota ship and they’d have to with your suggestion. I believe the trend for most is the other way around – AKA moving to Tutanota from Proton.
As things become known to them it’s not 100% secure in terms of privacy.
Proton’s encryption (public-key cryptographic system) would work with Thunderbird. To use PGP within Thunderbird requires two additional applications installed also – GnuPG and Enigmail.
– The Bat as an locally installed email client offers –
On-the-fly Disk Encryption:
During the installation, you can enable the On-The-Fly encryption, so all the data (messages, address books, configuration files) will be stored encrypted on your hard disk. In this mode, unencrypted data never appear on the disk. On-the-fly encryption uses AES hardware acceleration on modern Intel processors (AES-NI) and produces no noticeable delays.
Encryption to Mail Servers:
The Bat! email client protects your personal information thanks to its widespread support of authentication protocols and encryption while working with mail servers. It prevents intentional data distortion and loss of confidential data while sending messages via the Internet. The Bat! supports Secure Socket Layer (SSL) v3.0 / Transport Layer Security (TLS) v1.0; v1.1, without using any third-party library – The Bat! has own implementation of these cryptographic protocols.
Features – https://www.ritlabs.com/en/products/thebat/features.php
Hi Hard Sell…
Yeah, that was the only suggestion I could think of “on the fly.” I haven’t worked with The Bat! in a very long time and I had no idea it offered the privacy features that it does. While a great suggestion, depending on who the email provider is, the overall benefit could be reduced. Unfortunately, as you probably know, Tutanota does not support POP/IMAP. I hope the update to the Tutanota client you mentioned helped 4ld33n but if not, he or she might want to consider contacting Tutanota’s staff for help. This might require a subscription, though. 🙂
Take care…
A.R.D.
Greetings A.R.D.
Yes it’s all good advice, suggestions are always good granted they try to help, give insights and are honest…
Trouble – – I’m seeing is most of these secure – private – encrypted email offerings (in the box say), have their own Eco-Systems setups – as their needed to insure their secure functions (user to user on the same email service).
As I understand then the secure email eco-system server(s) holds message to deliver them personally over their own servers. Never going through any other email servers. This does lead to a closed off footprint say, but it also brings out their own imposed limits.
(People you know not using the same email eco-system – then mailing you).
Is this the only way ? Or for marketing growth.
–
I’ve ran across GoldBug, from a user comment on the site. 2016 seems to be when it opened it’s offering.
Not a lot I’m finding on it – but it’s interesting concept.
Enjoyed your comment.
Thanks
@4ld33n
I have been having this issue as well. Today my desktop app just completely uninstalled…for the third or fourth time.
Hard Sell is right. You may have to just use the web site. I have just decided to use my phone but that too has been having hiccups on me lately.
@Hard Sell,
I do appreciate your thoughts. I agree with a lot that trust is a necessity which then over time builds to faith.
For many, Tutanota may have been able to provide that. I, sadly, was not given that chance which I am sorrow for as I want to test each of my services.
Thank you again for your good thoughts and research.
Ditto and thank you kindly.
Your very welcome.
Really nice review, I like the attention to details and being down-to-earth (e.g. not fussing about AES being “only” 128 bit). Also I didn’t know that they could be ordered to monitor communication – thanks for pointing that out!
One remark though – I think it’s wrong to say that Tutanota’s desktop client offers better security over the web-based one. Electron just launches Chrome instance under the hood, so what you see is generated with mostly the same code that serves web-based client. Moreover Electron has its own security “issues” – some of the under-the-hood-Chrome’s security flags have to be disabled for Electron apps to work (I say “issues” for the lack of better word , they could be easily called “features” by some; what I mean is that Electron’s Chrome is significantly altered and one need to be aware of all these modifications for the system to stay secure)
Anyway, I’d love to see similar review of Mailfence some time in the future (I am currently split between Tutanota and Mailfence :P)
Good points, thanks for pointing that out.
Mailfence is on the To Do List as well.
Hi Cokolwiek,
Pretty interesting, tried to find the Electron’s Chrome thingy you talked of – koush/electron-chrome / Run Chrome apps in Electron. https://github.com/koush/electron-chrome
Is this it or something else that Tutanota uses, I noticed when trying to sign up ago starting Tutanota account on IE11 I had got ‘Sorry your browser is not supported or outdated – to use.’
– So is the issues only related to a Chrome Browser instance and not Firefox say?
–
Tutanota’s co-founder, Matthias Pfau MARCH 25, 2019
https://restoreprivacy.com/let-pgp-die/#comments
His reply comment – answered some of my questions – – one was {* Security of browser vs desktop clients.
The desktop clients are the most secure way of using Tutanota because we are able to sign the clients.
By verifying the signatures, you can make sure that you are using the exact version of Tutanota that we have published and no one has tampered with the code. For the web version, we have implemented DANE to reduce the risk of MITM attacks, check here for details: https://tutanota.com/blog/posts/dane-everywhere/
–
That’s the answer I bought but I don’t know if it satisfied your concern-
“One remark though – I think it’s wrong to say that Tutanota’s desktop client offers better security over the web-based one. Electron just launches Chrome instance under the hood, so what you see is generated with mostly the same code that serves web-based client.”
[Electron is open source with a community to work on security issues – – wouldn’t you think so and would security flags take priority.]
Again, browsers and then their functions are not well know to me. Answers appreciated : )
https://tutanota.com/blog/posts/desktop-clients/
Secure desktop clients based on Electron:
When we decided to build desktop clients for Tutanota, we carefully evaluated whether to build a native client for each OS or use Electron to convert our webmail client into desktop clients for Linux, Windows and Mac OS. We have opted to use Electron for the following reasons:
-We are able to support all three major operating systems with minimum effort.
-We can quickly adapt the new desktop clients so that they match new features added to the webmail client.
-We can allocate development time to particular desktop features, e.g. offline availability, email import, that will simultaneously be available in all three desktop clients.
.
Native desktop clients have a slight advantage towards clients built with Electron in regards to RAM, but this advantage does not outweigh the fact that with Electron we can support all three operating systems with minimal development effort. On top of that, we have put special attention to this issue when redesigning our new webmail client in 2017 and 2018 so that the current desktop versions of Tutanota need relatively little RAM.
–
At Tutanota we are a small team so we have to focus on how to develop the best product with minimal effort, and Electron enables us to achieve just that.
I found this to that may interest…
Is all of Tutanota Open Source including the server side?
” We plan to open source our server side as well. However, right now the server is not open source for the following reason:
With the client code being open source, everybody can build the client themselves, run it locally and verify that the open source code is being used. Even if we published the server code open source, this would not be the case: No one would be able to verify that the open source server code is actually running on our server – so publishing it is a bit pointless.”
https://www.reddit.com/r/tutanota/comments/ag08ba/is_all_of_tutanota_open_source_including_the/
Thanks
Tutanota Desktop Client actually offer BETTER security. There is one important reason: hackers or govs can’t replace client code, beacuse it is on yours hard drive. Electron vurnelabilities has nothing to do, beacuse using Tutanota Desktop you never open “external www sites” or another code.
I’ve been using the paid version of Tutanota for two years now and this year will be my last.
The downtime over the last year has been poor(a delay of an hour or more every fortnight- where it is impossible to access your emails!) while the constant crashing and updates for the desktop client make that unreliable.
Hello Greg Cash,
Have you contacted Tutanota support with this trouble?
[1st Year = OK, then 2nd Year = Downtime, Delays, Crashing ]
– Something possibly you changed/added (totally separate from Tutanota) on your system from the 1st to the 2nd year’s use with Tutanota that can explains this?
*Contacting Tutanota Support would maybe let you know if it’s on Their end or Yours.
For a paying customer their support is better ?
Can you comment on this and the other areas of Tutanota you found undesirable…
–
What OS version in the Decktop used – Windows ?
Out of curiosity does the web client give such trouble with it’s use?
Have you herd of GoldBug, I just have and looking into it.
Thanks
The downtime in the first year was sporadic(web version only as desktop client not yet released.)Unfortunately it has greatly increased this year.
It is not good enough to have no access to your mails for multiple hours every month.
I have contacted support about this matter several times and the replies have always been(usually after 24-36 hours)that it is a temporary problem which will be solved.The problem(unable to load desktop client or load the inbox on the web page)always returns within a week or two.When I contact support with this follow up information I have largely been ignored.
I have encountered this problem on windows 8.1(desktop client and web version)and also on the android app(and via the web.)
Quite simply Tuta have become more and more unreliable and it has become impossible to rely on continual access to my mails.Nowhere near good enough for a paid service.
Not heard of GoldBug.
Greetings Greg Cash,
I often believe that nothing said – is something said…
In Tutanota’s case on your troubles it may very well be ‘they don’t know’ and/or ‘have yet to run it down’ – to – ‘vetting of the solution is still in process of verification’ within the T team.
–
Maybe this week of Oct 7 after they have disabled Tutanota client(s) versions older than Version 3.59.8. – it may be a different arena.
[Tutanota stated with this news that their clients usually and automatically update itself].
* News was to insure your client version was at least 3.59.8. ]
–
If I was to go fishing from my memory – – ‘Tutanota’s Secure Search’ for the paid user (unlimited) may have developed in a taxing user option on Tutanota’s resources (server).
This Oct 7th client(s) update – implementing compression for emails so that your future emails will need less storage space – may remedy your downtime Greg – as a guess.
.
Do you know for sure the whole of Tutanota was down to the web or just for you?
Fishing:
Sites like “down for everyone or is it you” would confirm one or the other.
Then if it is you, where? / server handshake? , VPN you’ve used sets off some Tutanota alert (spam say).
– The Tutanota servers are located in secure and ISO27001 certified data centers in Germany.
https://tutanota.com/faq/#server-location
-I see ‘certified data centers’, as plural more than one. Maybe the server your on gives T the most trouble?
Maybe your location to Germany has something to do with connection or the hops – VPN encryption?
Thanks
Tutanota was inaccessible via 3 different ip addresses so it is very unlikely it was just me.Every other site I visited at that time was accessible!
History has shown them to be unreliable and if they can’t be trusted why use them?
The fact they said it was only a temporary error and then failed to elaborate after follow up questions also leads me to believe they aren’t reliable(particularly as the problem keeps reoccurring.)
This has been going on for months so the very least they have shown is that they are not good enough for time sensitive emails.
I’ve given them two years to perfect their system but,if anything,it has been getting worse.I won’t be giving them any more time or money.
Hi Greg Cash,
I totally emphasize with anyone having trouble. I’m not naturally with a digital skill set (cause old school), but I do understand logic, then of research in running something down. IF, Logic may be defined as the science of reasoning – liken to mathematics, in your case the reasoning to move on I see is warranted…
– No insult and nothing I’ve just said is personally reflected from me towards you as in a harming way. You do well in trying to help yourself. The other pieces of any relevant data just don’t materialize.
–
I’ve done a general search for ‘complaints of Tutanota down time’ and only reviews (sites) are listed.
(No caption of texts shown to users complaints – with all the search links being shown.)
Are there users personal comments that involve Tutanota’s down time in these review sites? – if there are the volume must be small, as nothing appears to me or in a pattern of prolong and re-occurrence to prove or disprove. I feel more users documentations are needed to raise an alarm or dismiss.
Sorry, I wished I was able to help – or better if I did help some…
Regards : )
No offence taken.
If others have somehow had better service from Tutanota then good for them.
This is the first time I have posted comments like this on a public forum about them and have only come across a negative app review.
There doesn’t seem to be any other comments about them at all!
Perhaps other paid users are ok with some downtime,after all it is only 12 Euros per year.I wouldn’t be surprised if my requirements are greater than most users as some of my mails are time sensitive so to not have access to them is unacceptable.
Anyway I am in the process of switching over to runbox now and hope I don’t have any such issues with them.
Hi , no service is 100% safe , but even Tutanota can find your i , so with good vpn you can stop that !
Bad is this they can see unencrypted messages !
So , always use best & secure ways
Vpn , encryption , secure connections … .
Hi lonna,
Hope you don’t leave with that impression of Tutanota you have.
I think I can clear things up, it’s in – ‘Is Tutanota really secure?’ the #2 part that you’d need to click through on the ‘Transparency Report’ link offered. https://tutanota.com/blog/posts/transparency-report/
Yet looking for another link on this page to – German data protection laws. https://tutanota.com/blog/posts/data-protection-germany/
That’s where everything is spelled out or defined to understand for the user as regarding your data – it’s privacy within Tutanota, their cooperation with the German government/authorities, and to what if any data they can give if so ordered to – – and what state the data’s in (encrypted-clear texts).
Key points are:
1. It takes a ‘Monitoring (TKÜ) order from a German judge to be issued to Tutanota of the mailbox for initiating their compliance action.
A German judge can either issue a seizure of a mailbox or a real time monitoring of the mailbox (TKÜ), or both.
An order for real time monitoring of a mailbox refers to all emails received and sent from the relevant mailbox starting with the time of the order until a specified date (usually three months).
– Emails that are sent end-to-end encrypted with Tutanota can only be delivered in encrypted form.
– – Emails that are sent unencrypted are delivered in plain text if they arrive after we have received a valid German court order for a real time monitoring (TKÜ).
2. Plain text emails that have arrived before that have already been encrypted on the server and cannot be decrypted by us.
3. Know the 3 kinds of data types as explained by Tutanota that several authorities are allowed to ask ONLY for in certain data types. (Inventory data, Traffic data, Content data).
4. By default, we (Tutanota) don’t record IP addresses of our users. Therefore, IP addresses can only be recorded for a single user account after we received a valid German court order for a real time monitoring (TKÜ), but not for the past. There is no data retention law for email providers in Germany.
5. German constitution guarantees right to privacy, and regularly being defended by the Federal Constitutional Court in Germany.
For instance, in 2008 German politicians introduced a data retention law.
The Federal Constitutional Court declared this law as unconstitutional in 2010. In 2015, a new data retention law was introduced. The law explicitly states that the German data retention does not include email communication. Politicians hope that by excluding emails from the data retention law it will not be declared unconstitutional this time.
***The Federal Constitutional Court has yet to decide about this. However, the data retention law is not being enforced because of a court ruling that the law violates EU law.
6. Germany has one of the strongest policies: the Federal Data Protection Act (Bundesdatenschutzgesetz).
[This law protects users of Internet services. It puts the user in charge of what should be done with their data: Companies (=Tutanota) are not allowed to collect any personal information without express permission from an individual (=you), (i.e. name, date of birth, IP address). In Germany there is no law that could force us to submit to a gag order or to implement a backdoor.]
*Additionally, the new European General Data Protection Regulation (GDPR), which came into effect on May 25th 2018.
This regulation requires that companies protect personal information they handle. Any sharing of personal information such as a private home address, bank details, or CVs of applicants could lead to fines under GDPR.
It is recommended to protect emails containing personal information with proper end-to-end encryption.
[I do believe Tutanota is referring to itself in the last sentence instead of their users because what leads before hand – {This regulation requires that companies protect personal information they handle.]
–
So can you understand lonna that where it’s written and somewhat hard to find for the new shopper/user of Tutanota. Hope it was indeed information that changes your mind.
Maybe Sven can edit the key points to his liking and throw something more to that vague #2.
Greetings
Hello,
TUTANOTA will disable Tutanota client versions older than Version 3.59.8. in the week starting October 7th, for implementing compression for emails so that your future emails will need less storage space.
–
ProtonMail listed as an Tutanota alternative, not that I found good in my trial of it. Sven, I’d try to do a ProtonMail 10 questions interview article and have the best five reader contributed questions added so 15 total.
Sure you’d have to solicit your readers but once known you’d have a harder time picking the best 5 of the multitude given.
*Sure PM has a nice interface and you have actual PGP encryption keys you use, but that all I can say good of it.
–
PGP encryption – if you update your PGP key e.g. from RSA 2048 to RSA 4096, you need to decrypt your entire mailboxes data with your old 2048 private key and re-encrypt it with your new 4096 private key.
– Then it was said here, “Tutanota private keys are generated from the password you create, and Tutanota is not able to access them.
It seems to be a tradeoff:
Proton can change your private keys, but Proton has access to your private keys, which may not be ideal.
Tutanota explains their position in this article.” https://tutanota.com/blog/posts/innovative-encryption/
–
ProtonMail – things I’ve found didn’t suite me.
1. To upgrade storage size – involves a new plan invoice having to be created and a credit applied/pro-rated for what I’d paid.
Basically it’s cancelling out your currant and starting a whole plan over again with storage added and not simply topping up your storage allotment and then charging based remaining main acc’s. time left with added storage.
If you bought during BF discount weekend like me, that deal you can’t upgrade the storage of your initial purchase, then you try later and with PM starting a new invoice that knocks you out of the BF pricing.
2. Having to use the me+alias@mydomain(.)com method for my aliases with my own my custom domain addresses. Then to delete one of my CD aliases – no mail (even trash folder) can be in my account addressed to it to do so.
3. Alarming of ProtonMail’s start is they’ve accepted money from Corporations and/or Governments to what end – in being a cooperative of the 14eyes nations jurisdiction.
*Here say has it –
They’ve flipped-flopped their official response in a couple of heated forum thread questions where they interact off the proton site.
*Bitcoin payments are delayed for a time.
*Support takes a couple of contacts to drill down in their understanding of a problem you have and a few more to fully answer – like pulling teeth.
I must say Hard Sell, your findings always prove interesting and useful at the least. Thank you Sven also for providing such an in-depth analysis of what is currently one of my top Email provider choices right now.
–
I have been reading from various information and opinions regarding Tutanota’s Private Policy, comparing it to the likes of Posteo’s, which I was considering my Email provider of choice.
–
Points such as using Braintree as the payment service provider and how they store your data, Mail server logs and IP address storage, how to share the end-to-end encrypted mailbox password securely and the avoidance of PGP, were all mentioned against Tutanota.
–
I understand Posteo uses PGP encryption methods, and because I rarely send emails, I look towards the ‘encryption at rest’, private policy and other, may i say “static” security standards when looking at the right Email provider, and Posteo has been praised in these areas more-so than Tutanota.
–
I guess what i’m saying is, what is your – or anyone’s for this matter — opinion on the comparison between the nitty gritty details of these two email providers security and privacy standards? Do the points brought out matter that much? (All comes down to each individual I guess).
–
Other ‘community based’ providers were mentioned here too, and praised heavily may I add, such as Disroot and RiseUp, but I’m not sure what to think on these.
–
https://digdeeper.neocities.org/ghost/email.html
More information can be found here. I respect any information and all the effort put into articles such as these and Svens, I respect them all equally.
–
Any information/opinions will be appreciated. The more you know, the better 🙂 Thanks all.
–
PS. Sven do this kinda review on Posteo 😉
> PS. Sven do this kinda review on Posteo
It’s on the To Do List, coming soon…
You’re the best. Appreciate your hard work and dedication! =)
OTT Sir,
That’s good logic, I mean you think as I do asking for opinions – answers.
I’m currently using both Posteo / Tutanota and that’s the only way to know in their practical applications to your needs in usage regardless of whats in print or mission statement and it’s encryption type and of the areas offered.
IF READING UP and things hit 3-4 out of 5 go for it a spell, treat as a burner account at first with tidbits of the real you.
–
There are things about both I care for and then don’t care as much for in my selves acquaintance knowing both.
– Posteo has seen the longest use, has a nicer fluid interface cept for your color choices. Tutanota has yet to change the mandatory election of the dark theme when signing in to see it – I see preferences or a global setting in your account making this permanent but where is that…
Can’t click-on a message and drag it up-down in tutanota must use the side window scroll bar and that’s annoying.
–
I’m on a slow cell’s data signal to my rig (dedicated hotspot) hardwired USB to my tower and at times posteo with some error pop-up does act as if it’s timed out to recover, recovers quick but this happens every minute or so some days.
*It gets confused when I log in with a no cookies policy allowed from other installed programs of mine (FIRST-THIRD) party. I have to hit my password manager filling the form that’s rendered in german the second time round.
–
IMPORTANTLY the encryption used in posteo isn’t automatic as that’s found being offered as with Tutanota.
https://posteo.de/en/help?search=encryption
Then this may inform too-
https://posteo.de/en/help?tag=end-to-end
That’s a real handicap to the novice users and brother I’m in the ranks as one, I just read to much and talk to much tying my logic to people questions in hopes to stimulate thoughts in them or answering point on.
–
The help section for encryption found here (both links above) leads this belief as I did’t set any on this account.
– Posteo, Supports two-factor authentication (2FA)
https://posteo.de/en/help/what-is-two-factor-authentication-and-how-do-i-set-it-up
–
Can’t use your custom domain with posteo as you can with tutanota – if now or planning on getting one.
– What I’ve done in the past is close out my account every year with posteo and about a month before that I’ll add credit funds to it enough for another year.
Then I’d open another posteo account from a different IP address, then create a Posteo credit/gift voucher code from the old’s accounts surplus – to – my funding the new account with.
https://posteo.de/en/help/how-do-i-use-a-posteo-voucher-code
–
If these hold true than that should never be linked to any thing but the voucher code that’s null of my info…
– Payment:
You can pay by PayPal, bank transfer, credit card or in cash. Personal information that we receive in connection with bank transfers, PayPal and credit card payments is not linked to your account. With Posteo, your payment is always, therefore, anonymous.
– Vouchers:
You can transfer some of your credit to a voucher, to give to others. Vouchers can be used, for example, to add credit to family members’ accounts.
. . .
Any of this insightful or possibly new ideals jump out at you?
Greetings : + SPACE-BAR and ) = : ) need a spacebar character in there.
Hello Sven and OTT
I did leave OTT a reply here some hours ago – after the MY MY Paulie reply.
I got the popups for both times in (Paulie and OTT), “your post is waiting for moderation or as such the notice conveyed.
I DID EDIT Paulie reply before hand a couple of times after getting the popups for submission – using my browsers page-back arrow.
Any affect of that loosing my Hi OTT Sir reply, not sure but I might of answered in another tropic’s page here between Paulie and OTT. Any chance it’s still held in memory and/or it’s waiting your moderation.
– If not so to a recovery, OTT should get a hands on of both – tutanota and posteo they both have pro’s and con’s with me. OTT you won’t know your’s if somebody else discourages you in the experimenting and experiencing process.
Tutonta’s has a free account and you’ll have to pay a year for Posteo at 1 euro a month but, 2 gigs is hard to use if you don’t live for emails. I’m at 8%.
@Hard Sell
Find that you have some good statements and I am not to the same level as you or most any on this site for security. However, I wish to share so e of my thoughts on the article, a friend’s comments that does security for a living and your comments.
First, the encryptions that they use is adequate. However, as was expressed they are using their own created encryptions and also setting it up. The issue comes that there is some big trust needed to trust they set it up correctly. If not it will not secure. Are they doing it right? Probably. But the security then is back to trust.
Being in 14 eyes, I don’t trust. I hear the courts saying they can’t do —. However I have seen the courts also disregard laws because they don’t like to enforce it. How do we know what is going on behind the scenes?
The comment on their pricing, while cheaper per month, was not as good for me. I am an NPO and the documents I use to set up my NPO with bank accounts, tax docs and other things was outright rejected by Tutanota. Proton mail didn’t even blink.
The customer service between my free Tutanota account and my free PM account is different. While smaller, it was two weeks for Tutanota to respond to one contact. Even as a potential new paying customer I did not receive the CS I had hoped I would get. PM, It was as if I was already a paying customer. Then when I would email as a paying PM customer, my questions were answered in minutes if not hours.
Both PM and Tutanota must abide by the laws of their nations. However, even Tutanota has the fact that they too can read unencrypted emails.
Now email security. When I signed up with PM, I set up the account PGP, turned my domain DKIM, MX and SPF ratings on my DNSF files. Tutanota, at the time did not have that. I see DKIM now on the article so I am glad about that but to me they are a little behind in this regard.
This is just my two cents and I am in no way trying to fight and I know Tutanota enjoys a very special place to many here inclusing Sven and rightfully, if they earned it, they should.
However, because half of what is often said is over my head, I have to go practicle. Who gives me the best CS and benefits that I do understand. I keep and use my free Tutanota account. As far as my email it has my name and org in the email so secrecy is not a major player to me on that front as I must have it that way for emails from my ORG. Who gives me the best in areas I do know: Return emails, prompt support, technical aid, fast and curteous CS and answers and the ability to work with me in ways I understand (it took a bit of hassle to set up my email and PM went over and above to help.
So, without meaning to fight this was just my layman’s knowledge. I have learned a lot from the site and am enjoying reading.
I should say, I do not work for, nor receive any money from PM, nor do they pay me or give me “kickbacks” to promote them.
I am just a regular guy who wants to use secure services, saty away from the corp. conglomerates and just get the best bang for my buck. Just thought I would poat that disclamer before I am thought of as being a PM troller.
Greetings JM,
I’m answering both comments here.
I’m also clean too, meaning point blank – – the only compensation I ever get, is what I can bank in my heart – not the pocketbook. (Thank you – helped – understand – agree) or giving their time to respond back proper.
That’s where it’s at with me – besides the knowledge, if I should research an area/subject that interests me in their case.
–
I liked your outline (direction, details, purpose) you’ve presented in the quest related to your first comment. That helps me and others understand many things.
For one, how to move from point ‘A’ to ‘B’ and to know that route can be an uphill one covering many points. A struggle for the novice person, and where there might be relief-nourishment-rest, so to speak.
– Trouble is for any Novice person (I consider myself one), they must TRUST everything digital tech offers.
.
Till the pieces/points are reverend – liken in an order as (science-religion) have taught where ones dedications to the practice in their principles leads into a position of trust called Faith by repeatedly experimenting and experiencing the process or results.
[Ex: First time I set in a chair I trust it will hold me.
Every time after my 10 seating of said chair – I’ve gone from a trust state to a faith state now. ]
– – That puts said chair on a watch status for inspection, maintenance, comparison to new trends and ideals that technology bombards with daily.
[I try to live daily connected to the web but I do take vacations from it too] ; – )
– – –
I think I’ve might of answered some to your points in responses to others here – please have a look.
I see you’ve mentioned a friend’s trust and his background being associated to a security field. *That’s all we really want is like a vetted friend’s relationship for our software/services required today, because as friends interaction with us they learn about us and have that power in our lives to harm or help…
LET ME LEAVE YOU WITH THIS MENTAL PICTURE.
Imagine a rotating ‘Totem Pole’ (no disrespect ever meant), all the carvings of faces stacked looking onward/outward.
See their stacked order as knowledge levels.
I have a low position on the pole, I can only help from that perspective that I’ve seen from my experiences lived.
As this ‘Totem Pole’rotates I get a 360 view (and give from) that level of understanding or from a hands on aptitude – the help I offer to another here.
We need more people here on Restore Privacy taking a spin on the ‘Totem Pole’ above me and offering the perspective from their minds eye view from their experiences in a hands on aptitude they’ve lived.
Thanks : )
JM
I edit a lot sometimes it doesn’t stick.
This was meant after the Mental Picture part.
–
To help answer the questions or correct misnomers, to helping grow peoples researching and reasoning traits, build up their deducting skills by using your examples.
By all levels of people offering their own examples up of how/where as their own quests answers came to find merit to a logical conclusion they had undertook.
I’m referring to what novice people want (a direction of attack) cause you can’t guide or TUT it enough to take them by the hand.
You tell then how you learnt something and showing how by your examples to go about learning in the digital age in how you understood it. That aids the RP site to offer more value and represents the individuals reading here that care.
Thanks :
Great review.
I am like Tutanota but like you said they need to accept cryptocurrency (BAT could be cool too since I’ve got a bunch with no where to go). I would also like to see them fix their pricing plans, I don’t like the idea of switching to a paid plan and not getting more space.
Apologies Sven, I forgot to post the link to GoldBug in my last comment:
http://goldbug.sourceforge.net/
Regards, Paulie 🙂
Hi Sven, I enjoyed this informative and impartial review of Tutanota. It is interesting that they don’t use PGP, which you mentioned in a previous comment to me (on the last article about Tor) is reportedly because it would hinder their ability for future upgrades to defend against quantum decryption attacks, but it’s also interesting that they use “only” AES-128 encryption. I do take your point about the difficulty of breaking even that level of encryption with the best computers of today, and I don’t mean to labour the point on quantum cryptography or to sound too paranoid about something which may be rather a more distant future concern, but still mindful of all that I wish to ask how does GoldBug compare or do you know of it? I know only what I have read on their website and they advertise it as a decentralized secure email and messenger with end-to-end encryption. They use hybrid multi-encryption with zero plain text and no PGP either, their source code is open source and audited. Interestingly, they describe their encryption as “quantum-secure” using McEliece + NTRU instead of RSA, and providing IFPS (instant forward perfect secrecy). From my limited knowledge and checking the info on Wikipedia it certainly appears that the McEliece encryption algorithm is immune to attack by Shor’s algorithm (the latter is commonly used in quantum computers for factoring integers – i.e. breaking encryption). Anyhow, perhaps GoldBug may be worth a look? Regards, Paulie.
Cool I’ll check that out.
My My Paulie your support of the site is a blessing.
The first link you gave on your comment(s) in Sven’s Tor article was enlightening, though the drift I get from it to quantum computing – is it’s out of this world / no really all – that’s the realm where it’s answers come from being the cosmos.
–
https://www.naturalnews.com/2019-09-24-d-wave-2000-qubit-quantum-computing-encryption.html
“Factoring integers” is the key to breaking encryption.
In fact, it is the extreme difficulty of factoring very large numbers that makes encryption incredibly difficult to break using classical computing.
But as quantum computing translates exponentially complex mathematical problems into simple, linear (or you could call it “geometric”) math, making the computation ridiculously simple. (In truth, quantum computers aren’t “computing” anything. The universe is doing the computations. The quantum computer is merely an interface that talks to the underlying computational nature of physical reality, which is all based on a hyper-computational matrix that calculates cause-effect solutions for all subatomic particles and atomic elements, across the entire cosmos.
.
The best way to describe this is to imagine quantum computers as computational stargates. They submit mathematical questions into a hyper-dimensional reality (the quantum reality of superposition, etc.), and the universe itself carries out the computation because the very fabric of reality is mathematical at its core.
As some brilliant scientists say, the universe IS mathematics, and thus the fabric of reality cannot help but automatically compute solutions in every slice of time, with seemingly infinite computational capability down to the subatomic level.
– Put another way, the world of quantum phenomena is constantly trying out all possible combinations and permutations of atomic spin states and subatomic particles, and it naturally and automatically derives the best combination that achieves the lowest energy state (i.e. the least amount of chaos).
@ spell bound Interesting – lest to me.
.
Then it was stated “the rule of thumb is that by the time breakthrough technology gets reported, the government is already a decade beyond that”.
Well I hope there’s someone still left in a cabinet’s position that’s having the smarts.
– – – – – – – – –
Good to see your mention of GoldBug – but really the bug as part of a name for any privacy product sounds spy-like to me.
Briefly looking it over, https://compendio.github.io/goldbug-manual/
*In addition to RSA GoldBug has yet implemented the encryption algorithms Elgamal and also NTRU and McEliece. The latter two are also considered to be particularly resistant to the attacks known from quantum computing.
.
QUESTION — how does anyone know something will be particularly resistant to the attacks known from quantum computing. There’s barely news that one exists (though – it’s manufactured for sale today as a D-Wave 2000Q™ Quantum Computer – Technology Overview: https://www.dwavesys.com/sites/default/files/D-Wave%202000Q%20Tech%20Collateral_0117F.pdf
– YOU, ME and all the John Doe’s can only speculate on this…
Thanks ( :
Hi all…
While I don’t know if the claims are true, I happened to read the article linked to below from the first site (Natural News) that Hard Sell mentioned in his post above…
[https://www.naturalnews.com/2019-09-23-nsa-is-archiving-all-encrypted-emails-and-transactions-quantum-computing.html]
If this is true, my hope is that research and development of stronger, quantum resistant “cryptography solutions” will be expedited.
Regards…
A.R.D.
Thanks A.R.D. – for bringing this up.
Could be why Tutanota went the encrypted direction it took. And it was Paulie’s comment that feed my link offered.
.
I guess for laymen – novice to visualize data that can be seen from a past data timeshot, the best example to see how (digital content) can be trapped and store – – not seen (aka – to you in your case it’s now long deleted or deep down in a folder), as time advances because it been a trapped digital timeshot caught of the past data.
Would be to look at anything trapped in time here-
https://archive.org/web/
[You could go back to a website you know how it looks today to say 4-years ago look…]
–
https://en.wikipedia.org/wiki/Wayback_Machine
–
I could see the governments using stronger “crawlers” such as the service does above for other pieces to add to the pooled data on a subject (you). Then brick-n-mortar records making it to a server of any company you purchased from, caught in some agreement with governments of the businesses operating in their country for otherwise inaccessible data access.
– Imagine all the leads as tree branches and root systems and as like the secondaries of rivers and streams all having a main trunk or supply as feeding or being feed.
–
Stored Communications Act
https://en.wikipedia.org/wiki/Stored_Communications_Act
Email Privacy Act Comes Back, Hopefully to Stay
https://www.eff.org/deeplinks/2018/05/email-privacy-act-comes-back-hopefully-stay
“Today, when government agents seek electronic communications from companies and service providers, they don’t actually follow the rules set forth in the 1986 Electronic Communications Privacy Act.
While the text of that law splinters warrant protections according to an arbitrary time restriction (emails older than 180 days have no warrant requirement protections; emails newer than 180 days sometimes do) since the Sixth Circuit’s decision in Warshak, providers have required a full search warrant for all email content.”
–
Yelp and then the backups made on servers containing the very same data – how many times can you make clones of it blurring the laws affect to protect…
– – So info of emails decryption of it’s encryption standards means any digital encrypted content, service, are broke – three years,,, Well eyes wide open here…
Thanks very good.