8pol reports tutanota is compromised

>tunanota introduces password reset feature
>I work for the german government [doubt]
>all tunanota's based are belong to intelligence agencies and the recovery feature is a backdoor but I don't have any evidence and tunanota are conveniently under a gag order
>not going to say anything else because MUH OPSEC
you're a moron for not realizing this is bullshit, user

Proofs or GTFO with your LARP.

Hachipol is pretty fucking bad and I say that as someone with a Jow Forums tab open.

I'd take regular Jow Forums over cripple Jow Forums anyday, Jow Forums's pol has a sense of humor atleast

seriously go back hans

Oh no, they are dead just like protonmail

he's actually not. The new heads for BND, BSI and Verfassungsschutz have a very uneducated and simplistic views on crypto and they publicly announced that they will invest in creating a "cyberforce" that's capable of dealing with crypto magic and to weaken crypto, as the American FBI/NSA/CIA did/tried. This sounds pretty reasonable, taking into account that our version of ex-homeland security guy got booted because he questioned the opinions of our politicians in regards to a 13 second video that supposedly shows prosecution of minorities. People get imprisoned for "hate-speech", whatever the fuck that is. Imagine a german sevice that allows freedom of speech in a society like ours ... that seems like a danger to the broken and corrupt institutions that dictate our everyday life, obviously this needs to be shut down.

bump

Jow Forums LARPS are so fucking cringy, they're always a super insider with the toppest of top clearance. It's fucking "my dad works for nintendo" tier.

plausible but unfounded. I could say the same about anything else. Jow Forums, gnu, openssl, whatever, but until there's any proof or indication that is it indeed the case it's little but rampant paranoia and fear, potentially driving people away from otherwise secure services and software.

I don't think that just adding a security code will allow them to steal your private key. If they can, they can even without the code. If they can't, code will not help them.

No, you can't say that about gnu or openssl, because these are primarily projects and transparent organizations, gnu more than openssl. Tutanota is a private company of which its sole purpose is to make money. There's only so much trust you can give to an entity like that, regardless of their code being partially published to github.

>rampant paranoia and fear
Which is good, because people don't realize how close we are to establishing exactly what Orwell has predicted nearly 70 years ago, if they fear that, they should find solutions on how to overcome this fear.

>potentially driving people away from otherwise secure services and software.
Nothing's secure if it's backed by a corporation, don't believe that a small company such as this is willing to go to any length to fight legal injustice. They can't, they won't, they'd rather obey and continue to profit instead of disobey and face the consequences.

Nice FUD shilling LARPer.
Before ProtonMail, now Tutanota... like someone will believe you without any proof...

>~the man~ hacks a dev's gibson or coerces them into inserting a subtle backdoor (ever see the kernel backdoor that was found a while ago? backdoors don't have to be obvious, you can easily slip them in as programming mistakes in huge diffs) into a commit
>hurrhur transparency

please kill yourself you degenerate and pathetic shitposter

no counterargument to my post? that's what I expected. take off your tinfoil hat instead of believing baseless accusations at face value. and employ some proper threat assessment while you're at it, it's not like the NSA/CIA/GCHQ couldn't 0day whatever complex unaudited software they wanted if they gave enough fucks.

>all these people caring about its "authenticity" and not the vulnerability in the first place
it's like you all need someone to tell you how to think

If you want a tried and proven way of communicating securely, you use PGP. If you're really paranoid you generate the keys in an airgapped Tails session, and put them into an HSM (e.g. Yubikey, or the FST-01 which is FSF endorsed).
If you want a *simpler* way to communicate privately then you use XMPP+OMEMO.
If you're technically capable, and you wanted to protect EVERY mail that comes into your inbox, then you would self-host your email and PGP encrypt everything that comes and then delete the plain text email. There's no other option, and Tutanota or Protonmail are just memes because as long as they're using the SMTP protocol it matters not that they encrypt mail after they arrive to their servers; some five-eyes agency could order them to save a copy of your mail before the encryption and that's it.

Attached: 1542733593262.jpg (757x910, 434K)

stop pretending to actually care to argue anything, you are just another shitposter with a meaningless life who's sole purpose is to annoy people on the internet because you have nothing of value to contribute to society.

> and employ some proper threat assessment
You are just proving my point, because you haven't read or even understood what has been written previously.

Just stop posting

tutanota.com/blog/posts/transparency-report
Warrant canary is still up so this is most likely fake

It's FUD. Warrant canary is still up.

does it though

> as long as they're using the SMTP protocol it matters not that they encrypt mail
STARTTLS can work.

Posteo supports using a GPG Public key to encrypt all incoming emails, and all emails at rest. Then just use Thunderbird/Sylpheed/K9 with your private key. EZ

Getting normie email recipients to use GPG keys is very difficult, so unencrypted outgoing of course is unprotected.

>>all tunanota's based are belong to intelligence agencies and the recovery feature is a backdoor but I don't have any evidence and tunanota are conveniently under a gag order
This is exactly how it works, tho
>not going to say anything else because MUH OPSEC
I'm guessing there's more in the original thread

>Log in
>Use users password to regenerate their private key and decrypt everything in-browser
>Take the private key and create a simplified "token" that can also regenerate the private key
>Send it back home to the servers so they have a copy
They can't generate it unless you login and give them a chance, however there's a fair chance it will automatically occur the moment you log in once they're compromised anyway

holy shit I was just thinking about making an account with tutanota.. is this legit?? any way to get to the bottom of it

was posted on 4channel as well

Attached: Screenshot from 2018-11-29 19-03-17.png (1335x265, 109K)

it was just last week that there was a smear campaign on Jow Forums and 8c that targeted protonmail, now this week it's tutanota. most likely it's a competitor that is trying to make their users uneasy and seek out a new provider