It's no longer safe to use Tutanota

Tutanota recently released a new recovery code feature that allows a user to recover their account if they forget their password. This recovery code adds a second method to decrypt your private key and thus your emails. This feature was never asked for by the user base, and they refuse to let users opt out of creating a recovery code. Each time you log in to Tutanota you will see a pop-up requesting that you create a recovery code.

Now I will explain why this is happening:

I work within the German government, and I know for a fact that Tutanota was served an order by the intelligence services to create a database that can be used to decrypt any user's email address upon request. Tutanota is currently under a gag order and cannot speak about this request publicly. This is basically Hushmail/Lavabit 2.0. The recovery code is essentially a government recovery code / backdoor used to read your email if requested by the government.

I'm posting via a public WiFi with a disposable device in a location with no CCTV cameras. This was very hard to do, and I won't be posting again so please do not delete this thread. Users please screencap or archive the thread. I felt I must warn people, especially journalists who rely on the security of Tutanota and may reside in countries with oppressive regimes or human rights abuses.

Attached: tutanota.png (512x512, 12K)

Other urls found in this thread:

tutanota.uservoice.com/forums/237921-general/suggestions/6925513-we-need-a-system-for-recovery-reset-password
de.wikipedia.org/wiki/Störerhaftung#WLAN-Betreiber
twitter.com/SFWRedditImages

>javascript botnet
trash

My feet smell makes my dick hard.

And where should we migrate to? Posteo?

since this is Jow Forums i am inclined to not believing you, because the users on boards are by and large anonymous and there is nothing stopping us from making lies. if you want to make yourself credible then i ask that you provide us with proof that you are in fact a part of the german government. i realize this may be difficult to do without revealing your identity, but maybe you can omit the parts of the proof that has personally identifiable information.

thanks for the warning, big if true.

broton mail

how to see it with tinfoil:
>issue opened by the governemnt

tutanota.uservoice.com/forums/237921-general/suggestions/6925513-we-need-a-system-for-recovery-reset-password

just use cock.li with gpg faggot

What's the decentralized email?

mailbox.org is a nice alternative, even cock.li lol, just don't trust the companies that claim that your email is encrypted 100% because you don't have control over the secret keys, happens everytime.
If you want to encrypt email, set up your own private keys and encrypt the emails you need to.

What about proton? I read it's also not reliable. What is as an alternative?

it is open source, audit it if you want
is cock.li open source?
is mailbox.org open source?

literally any mail service with your own pgp keys.

mailbox.org is open source
cock.li is for shitposting in the mailing list so I don't really care.

Maybe email itself is an outdated concept

>If you don’t want to use the recovery code, you don’t have to. But you can’t restore access to your account if you lost your second factor or your password in that case.

So it's just nagging you or what? Also let's be honest, what kind of shit would you need an encrypted mail for in germany? Posting Swastikas and calling people niggers on Jow Forums is illegal there, but hardly a reason for die Bullen to get off of their chair

same with proton mail, the frontend is open source, but I don't think the backend is.

sucks... you might still tell if data is decrypted on your end or not

This. Let's turn back to snailmail and pigeon post. There's no reason technology should be more advanced than that.

Attached: serveimage[1].jpg (2500x1250, 460K)

it would be a pain in the ass to even try because their frontends is a javascript """"app"""", so it is just a lot of minified unreadable shit.

>sends you c4 laced flash drives

Mailbox is so slow, it's practically dead.

What about mailfence, hushmail?

can relate

>le BND bot

Epic.

So just don't make a recovery code.

This is not legally possible in the Netherlands, so startmail is still safe.

>I'm posting via a public WiFi
and that's how I know you're larping. there's no public wifi in germany as it's outlawed

>slow
what do you mean by this?
it got a massive software update.
If you mean that mail is slow to arrive, that is because the anti-spam thing slows it down on purpose.

>but hardly a reason for die Bullen to get off of their chair
oh sweet summer child

Never mind, I actually confused mailbox with a french mail provider.

it'd be terrible opsec to tell us that anyway.

retard

nein du

yep everything is outlawed in germany, you are only allowed to vote merkel and welcome immigrants

your edgy sarcasm aside: I dare you to find a public wifi in germany (that doesn't require you entering your personal ID to use it)

K, kann ich mir als Österreicher jetzt nicht ganz vorstellen, auch WPA ist "public" wenn du deinen Nutzern das Kennwort verrätst, oder?

de.wikipedia.org/wiki/Störerhaftung#WLAN-Betreiber
Als public wifi Betreiber bist du mehrfach am Arsch: Torrentiert wer über dein Netz, wirst du zur Kasse gebeten. Begeht jemand ein Verbrechen (swastikaposting), kannst dich auf ne Hausdurchsuchung gefasst machen. Kommst zwar idR. frei davon, aber dein Equipment ist erstmal für Monate beschlagnahmt.
Deutschland ist kernbehindert in dieser Hinsicht.

Heiliger Bimbam, ist das EU-konform? But I guess ihr schafft in der Hinsicht ja mit Fronkraisch an.

Echt ziemlich gestört aber das net ist eh am Sterben, war eine netter Zeit. :^)

Ah, ok, der EU-Zoff ist eh gleich in der section drunter, haha.

Good thing you're writing in German now so that everyone understands this breaking discovery.