@Tommy @Tutanota Do any of these have an opensource backend? And even with that, what's stopping them from reading and selling your emails? Even protonmail receives them in plaintext, otherwise they wouldn't know who to deliver it to.
There are very good reasons to move away from Google and Microsoft, but being "Open Source" has nothing to do with it.
There are very good reasons to move away from Google and Microsoft, but being "Open Source" has nothing to do with it.
@marc0janssen @Tommy @Tutanota
> With Tutanota all is encrypted expect of course the receiving mailaddresses
By whom and when? And how do you know that there are no plaintext backups being made before they encrypt the incoming emails?
> With Tutanota all is encrypted expect of course the receiving mailaddresses
By whom and when? And how do you know that there are no plaintext backups being made before they encrypt the incoming emails?
@marc0janssen @Tommy @Tutanota I'm sorry, but that's complete nonsense.
Emails are only e2ee if your sender cared to encrypt them on their end. Even then, all the emails headers are plain text, otherwise your provider wouldn't know who to deliver it to. They may claim that they encrypted the headers as soon as they received the emails, but you'll never have a way to verify that.
If there was a method of e2ee for email metadata then you'd be perfectly safe even with gmail. But there isn't any, and it's always fundamentally about trust.
Emails are only e2ee if your sender cared to encrypt them on their end. Even then, all the emails headers are plain text, otherwise your provider wouldn't know who to deliver it to. They may claim that they encrypted the headers as soon as they received the emails, but you'll never have a way to verify that.
If there was a method of e2ee for email metadata then you'd be perfectly safe even with gmail. But there isn't any, and it's always fundamentally about trust.
1. Eee2e is only is the sender en receiver are both using Tutanota. But my emails are stored encrypted on the servers of Tutanota, so no one can read them. Also not Tutanota. And yes if I send a email to a NON-tutanota-user the mail is of course NOT encrypted... that is no rocket science.
2. Headers are not encrypted BUT HEAVILY stripped by Tutanota... Did YOU ever check that? I did, and it is the true, they do that!
@marc0janssen @Tommy @Tutanota
> if I send a email to a NON-tutanota-user the mail is of course NOT encrypted... that is no rocket science
That is also not very useful. It's no longer "e2e encrypted email" if it only works within Tutanota. It may as well be called "Tutanota messaging service", which is probably what it is under the hood.
> Headers are not encrypted BUT HEAVILY stripped by Tutanota... Did YOU ever check that?
No, I did not. My entire point is that whatever Tutanota is doing is meaningless, because they are incapable of receiving emails as anything else than TLS-encrypted plaintext, just like every other email provider. But you just answered my question – "stripped by Tutanota". If you trust them that they did it correctly without leaking (or willingly backing up) the plaintext, good for you.
My original point still stands.
> if I send a email to a NON-tutanota-user the mail is of course NOT encrypted... that is no rocket science
That is also not very useful. It's no longer "e2e encrypted email" if it only works within Tutanota. It may as well be called "Tutanota messaging service", which is probably what it is under the hood.
> Headers are not encrypted BUT HEAVILY stripped by Tutanota... Did YOU ever check that?
No, I did not. My entire point is that whatever Tutanota is doing is meaningless, because they are incapable of receiving emails as anything else than TLS-encrypted plaintext, just like every other email provider. But you just answered my question – "stripped by Tutanota". If you trust them that they did it correctly without leaking (or willingly backing up) the plaintext, good for you.
My original point still stands.
@marc0janssen @tadzik @Tommy @Tutanota Is this really appropriate to ridicule taking privacy seriously while promoting a service literally designed for people taking privacy seriously?
