You might don't want to stay around #Tutanota… I'm sorry for the guys working there, but not only do they have to comply with this court rule which forces them to provide some information in plaintext to the police, it also shows the biggest problem with their system:
Nonstandardized proper end-to-end encryption.
Just use OpenPGP with a generated key *on your device* and a regular IMAP inbox.
https://www.sueddeutsche.de/digital/tutanota-verschluesselung-e-mail-ueberwachung-polizei-1.4676988
@sheogorath
Why not ping Tutanota? Maybe they have to say something about this
@sheogorath @nikolal @Tutanota
I am very curious too, as it states clearly on their website that the only data they are capable of providing is the meta data related to the email transation, since #Tutanota is not suppose to be in possesson of the end-2-end keys.
@sheogorath @nikolal @Tutanota
And that would be correct because this encryption stops at the exit node. However, if a user is outside of the Tutanota network, PGP can still be applied if you need. So, this would be the fault of the end users and not #Tutanota. I send plain text emails daily with it, and encrypted as needed.
@sheogorath @nikolal @Tutanota
You are correct you would need to encrypt an attachment to the email, to do this. It is not that difficult to do though.
@sheogorath @nikolal @Tutanota Also, Just a reminder, you can still send encrpted #Tutanota emails to an outside user. However, you need to follow their guide to do so.
@AvnSgt @sheogorath @nikolal @Tutanota
A better solution would be what mailbox.org does with their encrypted inbox feature. You give them your public key and all (unencrypted) emails get encrypted before being stored in their servers. The upside is that your whole inbox is encrypted, the downside is that you won't be able to use the web interface if you don't upload your private key, too.
Yes, I remember that one, I tried this during my little write up on different email providers. It's not an encrypted email. It's an email with a link to a webform that asks you for a password.
We have S/MIME and OpenPGP which provider working end-to-end encryption for everyone on email. One of the most important features of email: You get the copy of the content.
When setup properly on both sides, both standards work out of the box without a browser.
@sheogorath @nikolal @Tutanota Yep. So, I have to chalk this up to lack of end-user knowledge of how to use a system. I don't really think Tutanota did anything wrong here. As one who advocates for privacy, this is one of those cases where the provider was doing the correct thing, to comply with gov rules, end-users assume the service always encrypts. Which it does not.
I agree that tutanota doesn't do anything wrong by complying with the court rule here. That's what we have them for.
But I think their standard-breaking approach is a problem.
We have mail provider that integrate well with existing standards from Protonmail which at least gets the OpenPGP part okayish, to Mailbox.org and Posteo, which provide Integrations in their webmail clients.
We still lack on desktop and mobile clients which do OpenPGP great universally.
@sheogorath @AvnSgt @nikolal
* This applies only to non-encrypted emails.
* End-to-end encrypted emails are not affected.
* End-to-end encrypted data (calendar, contacts, etc) are not affected.
* A valid German court order is required for this, 4 have been issued in the first half of 2019.
We'd rather focus our time on building more privacy-protecting features, you can read details in the article.
@sheogorath @nikolal @Tutanota If standards are not broken every now and then we cannot have innovation. Without innovati we get stagnation, however, it is up to us to keep those who do break away from standards in check. 😉
@sheogorath @Tutanota @nikolal
And, I hope something comes along soon, cause as you point out in another TOOT, it is a walled garden right now. To send encrypted outside, one needs to either send a pgp encrypted attachment or use their portal method. Being able to add an external openpgp key would be a nice feature to encrypt exteranl emails.
@AvnSgt @sheogorath @nikolal We don't believe PGP is the future. Nevertheless, we plan to support Autocrypt in the near future to enable externals to send e2e emails to Tutanota.
@sheogorath @nikolal
Awesome. Innovation is always good and pgp may not be the future. Looking forward to what @Tutanota will deploy as a fresh solution to an aging solution. 😎
@nikolal Their statement is in the article and more than understandable, but sure, why not :)
Any statement in this, @Tutanota?