this post was submitted on 15 Nov 2023
8 points (90.0% liked)
privacy
31 readers
1 users here now
Rules (WIP)
- No ad hominem allowed
- Attack the idea, not the poster
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Something sounds off here. Maybe the RCMP had a backdoor or a warrant or something into tutanota but it's not a storefront like the article says.
"A spokesperson for Tutanota, now Tuta, denied the claims. "[Tuta] is not owned or operated by any secret service, nor is it a 'storefront' as claimed by Cameron Ortis,""
Why not?
Who is accusing them of this and what is the accuser's reputation? According to this article, one Canadian official was told by someone that they had a PLAN to use tutanota is a malicious way, but there's not even an accusation that anything ever happened. https://cyberwarzone.com/is-tutanota-a-honeypot-for-intelligence-agencies/
Tutanota's reply: "Hi there, these allegations are absolutely false. Tuta was founded in 2011 by Arne Möhle and Matthias Pfau who knew each other from studying together at FHWD university in Germany. To this day, the company is wholly owned by Matthias and Arne, and is not liable to anyone else.
The Tutao GbmH is not owned by any secret service, nor is it a "storefront" as claimed by Cameron Ortis. These allegations are completely untrue.
With offices in Germany we only respond to valid warrants issued by German courts. You can read more on this in our Transparency Report: https://tuta.com/blog/transparency-report
In addition, Tuta is open source and the entire client code is published on GitHub. Thus, everyone can inspect the code and verify how the end-to-end encryption in Tuta works and that there are no backdoors hidden in the code."
One can freely share “good” source code while actually using something different; which might be an intrinsic problem of an “open-source” web service. Plus, one has no reason to believe that the service has never been compromised: someone might have a backdoor that Tuta itself is unaware.
I’d like to believe that Tuta is not evil, but ultimately that’s anyone’s guess. I’d recommend true e2e (local-to-local) such as PGP, rather than trusting a middle-man e2e provider.