💾 Archived View for gemini.circumlunar.space › users › laur%C3%AB › mail › tutanota.gmi captured on 2023-12-28 at 16:20:13. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
UPDATE February 2020: Everything is as it was but added information about Tutanota blocking anonymizers. With that, lack of PGP and mail client support, it is absolutely useless regardless of its privacy.
This was my first provider after I got concerned about privacy and dumped Gmail and friends. That was before I "dug deep" - needless to say, I don't recommend it anymore. It does not support mail clients; I used to think that's something dinosaurs use, but now I can't live without it. Encryption works only if you pre-shared a password with your recipients (unless they also use Tutanota, then it's automatic) - and that, of course, comes with its own issues (how to share the password securely?) which PGP has already solved. And since Tutanota is only accessible through webmail or their shitty desktop client (which is the same as the webmail it seems), they could easily modify the code to send themselves your password and be able to decrypt your shit. Tutanota does not support the usage of other encryption, like PGP (and in fact shits on it on its website, even though it's the only real E-mail encryption you can have). Unlike with ProtonMail, there has been no third-party audit of Tutanota's encryption. There's also this worrying policy in regards to logging:
In order to maintain email server operations, for error diagnosis and for prevention of abuse, mail server logs are stored max. 7 days. These logs contain sender and recipient email addresses and time of connection but no customer IP addresses.
No IP addresses? Great! Except if you use a VPN or TOR - "Storage only takes place for IP addresses made anonymous which are therefore not personal data any more." It's a genius excuse, isn't it? You've hidden your IP so it isn't personal...except if TOR or the VPN ever got compromised. Also, later you will learn how just the metadata (which Tutanota does store) can reveal much more about you than you'd ever guess. This is all assuming you can actually use a VPN or TOR, but Tutanota provides no such option:
Registration is temporarily blocked for your IP address to avoid abuse. Please try again later or use a different internet connection.
The above message appears both with the Snopyta VPN as well as TOR Browser - therefore, there is no anonymity with the uber-private Tutanota. Signing up is free, but you are limited to only one account if you don't pay. If you do, then prepare for this:
For the execution of credit card payments your credit card data will be shared with our payment service provider Braintree. This includes the transfer of personal data into a third country (USA)
Later they say that they have an "agreement" with this company that they will only use your data for the processing of the payment - but the value of these "agreements" is doubtful, in my opinion. Your payment data is also stored for whoever knows how long:
Order-related data and the addresses associated with the order are stored in respect to tax, contract and commercial law retention periods and erased at the end of those periods.
Summary: blocks anonymizers, no mail client or PGP support, stores your anonymized IP and metadata, indefinite (?) storage of payment data. Yet another privacy giant bites the dust.