There are very good reasons to move away from Google and Microsoft, but being "Open Source" has nothing to do with it.
Emails are only e2ee if your sender cared to encrypt them on their end. Even then, all the emails headers are plain text, otherwise your provider wouldn't know who to deliver it to. They may claim that they encrypted the headers as soon as they received the emails, but you'll never have a way to verify that.
If there was a method of e2ee for email metadata then you'd be perfectly safe even with gmail. But there isn't any, and it's always fundamentally about trust.
1. Eee2e is only is the sender en receiver are both using Tutanota. But my emails are stored encrypted on the servers of Tutanota, so no one can read them. Also not Tutanota. And yes if I send a email to a NON-tutanota-user the mail is of course NOT encrypted... that is no rocket science.
2. Headers are not encrypted BUT HEAVILY stripped by Tutanota... Did YOU ever check that? I did, and it is the true, they do that!
> if I send a email to a NON-tutanota-user the mail is of course NOT encrypted... that is no rocket science
That is also not very useful. It's no longer "e2e encrypted email" if it only works within Tutanota. It may as well be called "Tutanota messaging service", which is probably what it is under the hood.
> Headers are not encrypted BUT HEAVILY stripped by Tutanota... Did YOU ever check that?
No, I did not. My entire point is that whatever Tutanota is doing is meaningless, because they are incapable of receiving emails as anything else than TLS-encrypted plaintext, just like every other email provider. But you just answered my question – "stripped by Tutanota". If you trust them that they did it correctly without leaking (or willingly backing up) the plaintext, good for you.
My original point still stands.
No you can't be ee2e is the receiving end is also not ee2e... that is normal isn't it??
If I spoke Dutch and you spoke French... we won't be able to understand each other... That seems normal to me...
Yes you need trust.. and yes I don't work for Tutanota. So I don't know entirely if they don't leak.
But hey I don't work at my bank. And I trust them to get my money safely across...
I'd rather do that than spread misinformation about something that people's lives may depend on, thanks.
And that's what they probably should do. But false advertising won't help them make that choice.
We went from "this is secure because it's open source", through "this is secure because it's encrypted", onto "it's encrypted when it's not really email", along "you still need to trust your providers' claims" and finally onto "you probably shouldn't use email at all".
Can we stop with the "your provider will keep you secure" nonsense then? It is not true in the context of emails. Then only entity who can keep your emails safe and secure is *you*. Everything else is wishful thinking: naive at best, and potentially harmful for people who choose to believe your grassroots marketing.
Tadzik: That is what I also meant that wrapping your device and trust.
You never know if a sevice you use is safe, that counts for all stuff. Every car-manufacturer claim that have the safest cars, But to stay truly safe from traffic is to sit in your basement en lock the door.
by the way I market nothing. I have nothing to do with Tutanota. I just use it.
@marc0janssen @tadzik @Tommy @Tutanota Is this really appropriate to ridicule taking privacy seriously while promoting a service literally designed for people taking privacy seriously?
@vifon
I wouldn't say so. But it's up to the people..
@marc0janssen @tadzik
Makes sense ;)
> With Tutanota all is encrypted expect of course the receiving mailaddresses
By whom and when? And how do you know that there are no plaintext backups being made before they encrypt the incoming emails?