Tutanota recently released a new recovery code feature that allows a user to recover their account if they forget their password. This recovery code adds a second method to decrypt your private key and thus your emails. This feature was never asked for by the user base, and they refuse to let users opt out of creating a recovery code. Each time you log in to Tutanota you will see a pop-up requesting that you create a recovery code.
Now I will explain why this is happening:
I work within the German government, and I know for a fact that Tutanota was served an order by the intelligence services to create a database that can be used to decrypt any user's email address upon request. Tutanota is currently under a gag order and cannot speak about this request publicly. This is basically Hushmail/Lavabit 2.0. The recovery code is essentially a government recovery code / backdoor used to read your email if requested by the government.
I'm posting via a public WiFi with a disposable device in a location with no CCTV cameras. This was very hard to do, and I won't be posting again so please do not delete this thread. Users please screencap or archive the thread. I felt I must warn people, especially journalists who rely on the security of Tutanota and may reside in countries with oppressive regimes or human rights abuses.
since this is Jow Forums i am inclined to not believing you, because the users on boards are by and large anonymous and there is nothing stopping us from making lies. if you want to make yourself credible then i ask that you provide us with proof that you are in fact a part of the german government. i realize this may be difficult to do without revealing your identity, but maybe you can omit the parts of the proof that has personally identifiable information.
Brody Hernandez
thanks for the warning, big if true.
Charles Hall
broton mail
Wyatt Collins
how to see it with tinfoil: >issue opened by the governemnt
mailbox.org is a nice alternative, even cock.li lol, just don't trust the companies that claim that your email is encrypted 100% because you don't have control over the secret keys, happens everytime. If you want to encrypt email, set up your own private keys and encrypt the emails you need to.
Xavier Ortiz
What about proton? I read it's also not reliable. What is as an alternative?
Christopher White
it is open source, audit it if you want is cock.li open source? is mailbox.org open source?
Lucas King
literally any mail service with your own pgp keys.
Isaiah Allen
mailbox.org is open source cock.li is for shitposting in the mailing list so I don't really care.
Josiah Gray
Maybe email itself is an outdated concept
Dylan King
>If you don’t want to use the recovery code, you don’t have to. But you can’t restore access to your account if you lost your second factor or your password in that case.
So it's just nagging you or what? Also let's be honest, what kind of shit would you need an encrypted mail for in germany? Posting Swastikas and calling people niggers on Jow Forums is illegal there, but hardly a reason for die Bullen to get off of their chair
Lincoln Martin
same with proton mail, the frontend is open source, but I don't think the backend is.
Hudson Wright
sucks... you might still tell if data is decrypted on your end or not
James White
This. Let's turn back to snailmail and pigeon post. There's no reason technology should be more advanced than that.
it would be a pain in the ass to even try because their frontends is a javascript """"app"""", so it is just a lot of minified unreadable shit.
Carter Carter
>sends you c4 laced flash drives
Isaiah Hernandez
Mailbox is so slow, it's practically dead.
William Brown
What about mailfence, hushmail?
Luke Williams
can relate
Austin Ross
>le BND bot
Epic.
Gavin Wood
So just don't make a recovery code.
Kayden Ross
This is not legally possible in the Netherlands, so startmail is still safe.
Kevin Sanders
>I'm posting via a public WiFi and that's how I know you're larping. there's no public wifi in germany as it's outlawed
Brayden Bell
>slow what do you mean by this? it got a massive software update. If you mean that mail is slow to arrive, that is because the anti-spam thing slows it down on purpose.
James Brown
>but hardly a reason for die Bullen to get off of their chair oh sweet summer child
Henry Johnson
Never mind, I actually confused mailbox with a french mail provider.
Jonathan Moore
it'd be terrible opsec to tell us that anyway.
Andrew Peterson
retard
Jonathan Johnson
nein du
Xavier Mitchell
yep everything is outlawed in germany, you are only allowed to vote merkel and welcome immigrants
Jason Sullivan
your edgy sarcasm aside: I dare you to find a public wifi in germany (that doesn't require you entering your personal ID to use it)
Dominic Williams
K, kann ich mir als Österreicher jetzt nicht ganz vorstellen, auch WPA ist "public" wenn du deinen Nutzern das Kennwort verrätst, oder?
Levi Scott
de.wikipedia.org/wiki/Störerhaftung#WLAN-Betreiber Als public wifi Betreiber bist du mehrfach am Arsch: Torrentiert wer über dein Netz, wirst du zur Kasse gebeten. Begeht jemand ein Verbrechen (swastikaposting), kannst dich auf ne Hausdurchsuchung gefasst machen. Kommst zwar idR. frei davon, aber dein Equipment ist erstmal für Monate beschlagnahmt. Deutschland ist kernbehindert in dieser Hinsicht.
Josiah Walker
Heiliger Bimbam, ist das EU-konform? But I guess ihr schafft in der Hinsicht ja mit Fronkraisch an.
Echt ziemlich gestört aber das net ist eh am Sterben, war eine netter Zeit. :^)
Matthew Butler
Ah, ok, der EU-Zoff ist eh gleich in der section drunter, haha.
Jonathan Diaz
Good thing you're writing in German now so that everyone understands this breaking discovery.