Worse. This;
https://tutanota.com/blog/posts/australia-surveillance-bill/
Data Disruption Warrants, which allow the AFP and the ACIC (or another person on the law enforcement officer’s behalf) the ability to “add, copy, delete or alter” files on a computer or device, so as to “frustrate the commission of crime”4 where a law enforcement officer “reasonably suspects” that one or more “relevant offences” are “being, are about to be, or are likely to be” committed.5
Network Activity Warrants, which “allow agencies to collect intelligence on serious criminal activity being conducted by criminal networks”6 by intercepting communications and using surveillance devices on computer networks. The AFP and the ACIC are permitted to do “any thing reasonably necessary to conceal”7 their access and modification to computers, allowing the warrant to be conducted covertly. This is available where there is a “reasonable suspicion” that monitoring the network activity of a “criminal network of individuals” is “relevant to the prevention, detection or frustration of one or more kinds of ‘relevant offences.’”8
Account Takeover Warrants, which provide agencies with the ability to take control of a person’s online account “through the modification of data” for the purposes of “gathering evidence to further a criminal investigation.”9 This is available where there is a “reasonable suspicion” that one or more “relevant offences” are “being, are about to be, or are likely to be” committed; an investigation is either imminent or in progress, and taking control of the “target accounts” is “necessary for enabling evidence to be obtained.”10
Hi there, the TutanotaTeam here. We noticed this discussion and wanted to jump in: In regards to data protection laws Germany and Switzerland aren't so much different. One difference, however, is that Switzerland has data retention laws for email, which Germany does not have. Anyhow, any company in these two countries must hand out data if requested to by a court. Nevertheless, as all data is encrypted in Tutanota, we can only hand out encrypted data. If you're interested in details, best check the transparency report: https://tutanota.com/blog/posts/transparency-report/
I believe Tutanota (German based) and Protonmail (Swiss based) are well regarded, and offer free accounts alongside their premium options.
Posteo (German based) is also an excellent option, but unlike the others does not have a free option, and is instead $1 a month.
GMX is still an option, but it's not privacy focused like the others mentioned, and very likely datamines your emails for advertising, similar to Yahoo mail and Gmail.
This was a good article to read through. Pretty poor form this snuck through parliament. Read what specific powers they have. It is crazy
https://tutanota.com/blog/posts/australia-surveillance-bill/
"What makes this legislation even worse is that there is no judicial oversight. A data disruption or network activity warrant could be issued by a member of the Administrative Appeals Tribunal, a judge's warrant is not needed."
and police have power to:
Data disruption warrant: gives the police the ability to "disrupt data" by modifying, copying, adding, or deleting it.
Just like politicians trying to deny strong encryption to people while using it themselves all the time. (Not a good comparison, but just makes me as mad as this.)
There are so many reasons to use Signal for chat, Tor browser, and Tutanota for encrypted emails.
Yep, that would be great for newbies. Actually there are lots of posts about how to stop using Google out there: one example and another example.
But having it here would be awesome!
That is so stupid; as if people couldn't use it via Tor/vpn? And while they do, they should also consider getting a secure mail provider like Tutanota so THEY can block their conversation from the government's eyes.
A gag order is not possible in Germany, and the above posting is nonsense.
Please check our Warrant Canary, which is unchanged since we first published it years ago: https://tutanota.com/blog/posts/transparency-report
Just like your password, the revovery code can only be accessed by yourself. Our code is fully open source and you are very welcome to check this: https://github.com/tutao/tutanota
The recovery code was not only demanded by the community, it is also a basic necessity to most users who want to make sure that they never lose access to their encrypted mailbox. The new web client allows you to set up 2FA, which will only increase the number of people losing their password or their second factor. Hence, the recovery code is a must.
Yes, you are still good with Tutanota. We at Tutanota cooperate with the authorities when we get a valid German court order. You can read details on this in our Transparency Report: https://tutanota.com/blog/posts/transparency-report Therefore, an illegal seizure of our servers will not take place. On top of that, all data on our servers is end-to-end encrypted and can't be accessed - not even by our developers.
This action by the German police is already heavily criticized as being out of their legal limitations. We're sure an investigation on this will follow and there will be consequences.
Australia has no freedom of speech, no online privacy and no freedom of movement. It seems like gun control is working as intended there.
By default, we do not log IPs. If we get a warrant from a German judge in a criminal investigation we log IPs for individual accounts. We explain details here for transparency: https://tutanota.com/faq/#anonymous-email
Ja, E-Mails zwischen Tutanota-Nutzern sind automatisch verschlüsselt und können mit dem Passwort entschlüsselt werden. Hier erklären wir das: https://tutanota.com/faq#email-encryption & https://tutanota.com/faq#password-security
Überprüfen kann der Nutzer das sehr gut mit den Desktop-Clients. Der Code ist als Open Source veröffentlicht und der Nutzer kann mit der Signatur des Clients überprüfen, dass tatsächlich der veröffentlichte Code benutzt wird. So kann das verifiziert werden: https://tutanota.com/faq#verify-desktop
What a shithole Tutanota put themselves in for an extra 1.2 €... was it worth it being disemboweled in public like this? I swear I'm serously asking. do you know how angry someone would have to be just to take the time to write all of this on reddit? Someone who's already paying you, no less. Paying you to spend time commenting on the EARN IT act to a clientèle that obviously understands the importance of encryption or the achievement that is removing the term blacklist from your FAQ instead of clarifying who gets access to calendar invites or that you can remove any feature at any time regardless of your ToS. Notice how people aren't even answering each others' questions here as often? How much in support/marketing costs was having a passionate user base saving you?
tutanota. It's German based, with Germany probably having the best privacy laws of any country at this time. The mail client is very limited, but it works and I believe it's secure.
One of the nice things about tutanota is that you can send people outside of tutanota secure emails. They would just get a (password protected) link to the tutanota web front end where they can read and reply to your mail securely.
The UN can't help here. We need to encrypt everything.
>Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.
Tutanota is a more and more compelling alternative to ProtonMail. Between their more transparent development, completely open-source clients and significantly lower cost, I am more and more tempted to make the switch.
Thanks for pinging us /u/PaskanMarjat
I've just registered via Tor myself: I got the clock captcha and the 48-hour wait. Believe us when we say it is hard to offer an email service with anonymous sign-up, and keep spammers out at the same time. Despite that, we stand firm to never ask for phone numbers or any personally identifiable information when you sign up.
Unfortunately, spammers heavily abuse VPNs and Tor so there will always be temporary blocks on certain VPN servers or Tor circuits. There's nothing we can do about this as otherwise we'd open the gate for spammers. Nevertheless, we focus on private, secure and anonymous emails. This hasn't changed. Please check again, you will be able to register via Tor.
I think they're talking about it not being a Judge decreed warrant?
Here's an article from earlier in the thread.
>What makes this legislation even worse is that there is no judicial oversight. A data disruption or network activity warrant could be issued by a member of the Administrative Appeals Tribunal, a warrant from a judge of a superior court is not needed.
So while there are warrants, it doesn't need to be approved by a judge which looks to be the change OP referenced?
Either way, I'll be over here with /u/XenosMind for confirmation.
https://tutanota.com/blog/posts/australia-surveillance-bill/
This is absolutely insane. The govt can hack into social media or just takeover social media accounts in Australia now. All of this without even a warrant.
You are being watched if you have a online presence, have any type of banking, or have a phone. Things like this is not uncommon and honestly the least of your worries. You ought to be more worried about the US trying to ban encryption and increasing surveillance just like Australia did.
Learn how to reduce your online presence, avoid cloud products, secure your home-network, use 2FA, use password managers, and fight against social engineering.
>Australia: Unprecedented surveillance bill rushed through parliament in 24 hours. Australian police can now hack your device, collect or delete your data, take over your social media accounts - all without a judge's warrant.
https://tutanota.com/blog/posts/australia-surveillance-bill/
Tutanota team here. We've noticed your post and had to jump in to clarify:
>Doesn't accept Bitcoin so there is no true anonymous way to sign up for a paid account
Bitcoin support is planned for when we push the new client out of beta. We even plan to support a privacy-focused coin like Monero as well. You'll find details here: https://tutanota.com/blog/posts/cryptocurrency-support
>The team is not transparent about when new releases are coming.
We are very transparent about when releases are coming, and you can always ask for features via social meda - or in our sub Reddit. However, the timeline needs to be a rough one as it is common in development projects. The Android app is already available with 2FA as beta, the iOS app update will follow once the Android version is finished: https://tutanota.com/blog/posts/secure-mail-android-app-beta
He also says that they are going to invest in flood protection (he claimed so years ago already) and that he plans to outlaw encryption.
Yes, it's in public beta: https://tutanota.com/blog/posts/update-fingerprint-pin-unlock
Please follow these steps to test
The new beta release is available via Google Play by opting into testing using this link. Alternatively, you can manually install the APK from GitHub.
We would like testers to pay attention to the exact steps they are taking when acivating pin/biometric unlock so that we can reproduce possible issues.
If you experience any issues, please also let us know the Android version and device model as well as types of authentication enabled for the phone at .
We ask testers to make sure they have credentials (password/recovery code) for their accounts written down in case something doesn't work as expected.
Better article, IMO:
>Australia: Unprecedented surveillance bill rushed through parliament in 24 hours.
>Australian police can now hack your device, collect or delete your data, take over your social media accounts - all without a judge's warrant.
I found this really interesting:
> this wording enables the police to investigate any offence which is punishable by imprisonment of at least three years, including terrorism, sharing child abuse material, violence, acts of piracy, bankruptcy and company violations, and tax evasion.
What the everloving fuck???
Thanks for your feedback. This is exactly what we plan to do. While we do want to add notes and drive in the future, we are focusing on completing email and calendar features right now. You can track this on our roadmap: https://tutanota.com/roadmap/
The best secure email provider is, arguably, Tutanota. You can even sign up through Tor (albeit it may take 48 hours to make sure you are not a spammer) and they do not require an email or phone number for sign-up. Tutanota, unlike Protonmail, encrypts subject lines. Regarding free accounts, Tutanota offers 1 GB of storage and the ability to change email signatures; there is, however, limited search functions on such accounts, only allowing you to search emails up to one month prior. From a personal perspective, I have used both email providers discussed and I prefer Tutanota's commitment to open source and the user interface for both desktop and the mobile app.
Even though it does not seem like it based on previous responses in this thread, you are not alone in your concern about US investors. If you look through other threads regarding email providers or Protonmail specifically, you will hear those sentiments echoed. Furthermore, Protonmail's seeming unwillingness to work quickly on publishing all of their source code is a concern for many.
We came across your post, and just wanted to let you know that you can always ask for help in our sub: /r/tutanota/
Your account will be approved after the stated 48 hours, this is necessary to let people use Tutanota anonymously: https://tutanota.com/blog/posts/anonymous-email/
If there's anything else, please get in touch!
https://tutanota.com/blog/posts/australia-surveillance-bill/
The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 gives the AustralianFederal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) three new powers for dealing with online crime:
The two Australian law enforcement bodies AFP and ACIC will soon have the power to modify, add, copy, or delete your datashould you become a suspect in the investigation of a serious crime.
Ako nekoga zanima više o australskom zakonu, nek kopira ovo i pročita: https:// tutanota.com/blog/posts/australia-surveillance-bill/
Stavljam razmak prije domene jer kad sam stavio link u post, reddit spam filter ga je uklonio.
There are other reasons why Frewen will be useful to the LNP. He could have a long political career ahead of him.
>The Australian government has been moving towards a surveillance state for some years already. Now they are putting the nail in the coffin with an unprecedented surveillance bill that allows the police to hack your device, collect or delete your data, and take over your social media accounts; without sufficient safeguards to prevent abuse of these new powers.
>This month the Australian government has passed a sweeping surveillance bill, worse than any similar legislation in any other five eye country.
>Frewen commanded ADF personnel in the Middle East in 2017 and assumed a senior role at the Australian Signals Directorate in 2018.
>“My concern is that we are seeing normalisation of the military performing functions that are not military functions,”
https://tutanota.com/blog/posts/australia-surveillance-bill/
>I think the chart there https://tutanota.com/blog/images/chart-child-pornography-drug-offences-germany.jpg shows this political agenda clearly.
And they claim CP is a big problem. We "know" it's not and never was. That graph shows how incredibly disproportional this measure is from a fundamental rights standpoint - massive "cost" and insignificant benefit.
Do you delete inactive accounts / recycle email addresses?
A deleted email address (also if it is an alias) will not be recycled for security reasons. There must be no possibility that someone else is able to register your previously used email address, and then, by accident, receive a confidential email that was meant for you.
Free of charge accounts are deleted after an inactive period of six months. A regular login is necessary to prevent automatic deletion. We delete such accounts for security reasons and also to allow us offering free of charge Tutanota accounts at all. However, the email addresses of such deleted accounts may be taken over into another paid account and re-used as email aliases or additional user addresses if you still have the valid login credentials.
That address does not exist. Use [email protected] instead. It's the generic email address of Tutanota.
Tutanota does not use tutanota.com addresses for its own correspondence. It uses the tutao.de domain.
One has to marvel at the nation of whiners and beggars which the Internet has become.
Tutanota has a generous, full-fledged free plan. It has a dirt-cheap, paid entry-level plan, at 12 €/year.
It even allows you to buy one month for the huge price of 1,20 €. Or, two months for the outrageous price of 2,40 €. And so on.
But no. It's not enough. The more free stuff some people are offered, the more they feel entitled to whine.
The scope of inbox rules is very clearly explained here :
This comparison is not a fair representation, there used to be a discussion on this a couple of months ago: https://np.reddit.com/r/ctemplar/comments/cjr47h/q_about_comparison/
We do have a research project running that is funded by the European Union: https://tutanota.com/blog/posts/pqmail-post-quantum-cryptography/
The aim of the project is to develop and implement encryption algorithms that will remain secure should quantum computers become a reality one day. The entire code will be published as open source so that everyone can verify that the encryption does what it is supposed to do: Protect your private data, now and in the future.
I don't like being a product.
I don't like the idea of my personal correspondence (and everything else I do online) being data-mined and having my online persona dissected by an algorithm which then slaps a few dozen arbitrary tags cooked up by the marketing (and their AI dev) department on this livestock that is 'online-me' and stores them away in a database somewhere to monetize. Forever.
Yes, I know I can "opt-out". I just don't trust them enough to think that it helps a lot. "Use another service" you say?
Well...
tldr, I value my privacy and so should you; something that used go without saying a mere 20 years ago...
EDIT1: fixed formatting, words
EDIT2: more formatting. I'll never use bullet lists again.
EDIT3543: I give up. Sorry for the longs.
Bad but not as bad as Aus. This August they passed a bill that gives the government the right to take over your accounts and even modify past communications records. Companies who don't participate can be treated as criminal organizations with leaders landing in a cell.
https://tutanota.com/blog/posts/australia-surveillance-bill/
It's actually insane how little attention this has gotten in the big Reddit subs. Aus was already pretty draconian to begin with but this shit is mad.
https://tutanota.com/blog/posts/australia-surveillance-bill/
>The Australian government has been moving towards a surveillance state for some years already. Now they are putting the nail in the coffin with an unprecedented surveillance bill that allows the police to hack your device, collect or delete your data, and take over your social media accounts; without sufficient safeguards to prevent abuse of these new powers.
I'm far from a lolbert for the record but authorities messing around with personal data with zero oversight is overstepping a shitload of boundaries. And unlike China, I doubt the MPs passing this are doing it with the best interests of Aussies in mind.
WTF is going on in Australia?
The Australian government has been moving towards a surveillance state for some years already. Now they are putting the nail in the coffin with an unprecedented surveillance bill that allows the police to hack your device, collect or delete your data, and take over your social media accounts; without sufficient safeguards to prevent abuse of these new powers.
https://tutanota.com/blog/posts/australia-surveillance-bill/
just in case you are reading this: do not ever sign up an online service without reading privacy policy - faq - terms+conditions
5.5 After termination of the contract, Tutao is no longer obligated to provide the contractual services. The timely storage and backup of the data, is the customer's responsibility.
5.6. Tutao is entitled to terminate the contract without notice in case of a free of charge tariff if the account was not used for at least six months.
I'd suggest Proton or Tutanota. I'm leaning towards Tutanota, they just had their app released on F-Droid, which is nice. In case you're using Android, other email apps are still connected to Google even if it's not Gmail.
That's not possible right now, but we plan to add a desktop client that will allow you to import emails into Tutanota in the near future. You can already import contacts via vCard with our new client: https://mail.tutanota.com
Thanks for sharing our mission to leave Google behind. :)
The UN can't help here. We need to encrypt everything.
>Encryption should be enabled for everything by default, not a feature you turn on only if you're doing something you consider worth protecting.
There's always a chance that someone will dislike your research. If you're ordering reasonable amounts for your own personal research it's unlikely that you'll have troubles but there are of course some things you can do to reduce the chance.
Here are some tips in order of importance (IMO):
Unfortunately it's very hard to hide your address. P.O. boxes and such are not anonymous. Most private drop boxes require an I.D. So short of using a fake I.D. (which might be overboard for ordering products for personal research), I think you'll just have to flow with this one. Another (high-risk) option is to have it be sent to a vacant address and closely follow the tracking.
And remember, you're placing an inherent amount of trust in the vendor. Your security is only as strong as his is. Optimally, your vendor securely erases all information after the transaction is over and successful.
Cheers and stay safe.
>as an example, they deleted my account for not logging in for a certain period.
Okay .... so in the terms, §5.6 it says:
>5.6. Tutao is entitled to terminate the contract without notice in
case of a free of charge tariff if the account was not used for at least
six months.
Source: https://tutanota.com/terms
Thinking they are assholes because they do exactly what is written in pretty clear text in the terms is just moot. And you agreed to these terms when signing up for an account.
Hi there, it is only possible to delete aliases created with a custom domain. We only allow aliases with Tutanota domains to be deactivated. This prevents someone from re-creating your old email aliases for nefarious purposes after you have deleted an account.
You can learn more about aliases here: https://tutanota.com/faq#aliases
Tutanota for anonymity.
ProtonMail for protection from mass surveillance.
Remember that neither of these can give you an complete and comprehensiving anonymity. It requires more "steps" than just using one email provider.
And if NSA chases you, not even Tutanota can hide you forever. You can run but you can't hide.
I didn't start the organization I'm in, so I can't help you there, but I can give you some tips on how to stay safe.
Always use an encrypted e-mail and SMS-service. I recommend https://tutanota.com/ for e-mails, and Signal for SMS.
Be safe when doing activist-work or demonstrating. For generel activism (hanging posters, graffiti, handing out flyers, ETC.) I recommend wearing plain, dark clothes, and always having someone standing guard if you're hanging posters or doing graffiti. Don't bring your phones, so the police can't check your e-mails or SMS if they stop you. Always know your rights, but don't be too confrontational with law enforcement when it isn't necessary. If you're doing a demonstration, use red block/black block strategies. Wear dark clothes with no obvious identifying marks, keep as much of your head covered as you can.
Feel free to ask any questions you have about this subject, I'm still sort of new to activism, but I'll answer what I can. :)
My wife and I like it a lot. The aliases are great for spam/alternate accounts, and inbox rules are easy. In terms of privacy and security, they obviously know what they're doing. Being in Germany, they have strict email protections.
P. S. From now until Monday, you can get 5 months free: https://tutanota.com/blog/posts/cyber-monday
Edit: Both ProtonMail and Tutanota offer the source code to their web apps. In theory, this could be used to verify that you're using an uncompromised web app. However, the binary signatures of both of these services are verified, so using the smartphone apps is a safer bet in the case of a server breach.
Both are great, and much better than Gmail and the likes. Since Tutanota now has their app on F-Droid I've decided to go with them. Tutanota also supports U2F, the new beta version looks slick and is really fast. Don't think there's an option to label the aliases the way you would like to with any of the two, though.
We just did, and he's already speeding up development as you can see with the Android beta release: https://tutanota.com/blog/posts/welcome-ivan
We plan to hire more people soon. However we only hire qualified people that are also passionate about privacy - so it's not a money issue, the difficulty is rather to find matching candidates.
Your four points pretty much cover our to-do list for the coming months. We're working hard to achieve them as quickly as possible!
We have millions of users around the world and - what is more important: a good number of them are paying users that support our fight for privacy.
So, we're here to stay, if this has been implied in your question. ;)
Well, let's get an answer from the source then. /u/Tutanota, is this blog post a joke, or was something lost in translation?
https://tutanota.com/blog/posts/trump-family-encryption
Context: https://prxbx.com/email/
Huh. I live in Norway and had never heard of Runbox before. Strange. Anyway: They don't seem to be Free/Open source software, so I wouldn't trust them. Rather go with Tutanota.
Nope, never going to happen. If they want to ban encryption, they might as well turn off the internet (old post, but still valid).
We've tested Disconnect ourselves. Many companies use email for tracking through images in their emails. That is why Tutanota is blocking automatic image loading, to protect your privacy and to stop this tracking.
What Disconnect does: Once you click on 'Show' blocked images, the tracking starts and Disconnect shows this. When you click on a different email, the Disconnect tracking does not refresh, but still shows the tracking from the previously opened email.
If you never click on 'Show', no tracking should happen.
Hahaha, of course it's a sCam attempt. A pathetic one, at that. "Dear TutanotaMail user, we have noticed that your protonmail account failed validity check." Two different languages used in the email. An allegation that an email provider, any email provider, compels its users to a "monthly validity check". Who could possibly fall for that ?
Also, genuine emails from Tutanota display a special red label "Tutanota team" which cannot be faked. Look it up here.
Report as spam, delete and move on.
Thanks for your feedback. We have just released fingerprint/pin unlock on Android - a precondition for offline: https://tutanota.com/blog/posts/update-fingerprint-pin-unlock
You can also allow image to view automatically for each sender, which has been working since May: https://github.com/tutao/tutanota/issues/147
Search on calendar is already planned, but we are not actively working on this yet as offline mode has our priority right now. Thanks for your patience.
We also explain here why we do not rush releases, but take our time when improving Tutanota: https://tutanota.com/blog/posts/development
Oh, sorry, my bad, i thought they would already, as of now they only accept donations, in this article they also state that and say it takes long to implement crypto payments. (But the article itself also is 3 years old :/)
Thanks for reconnecting. :) It's at the top of our roadmap right now so the wait should not be much longer: https://tutanota.com/de/roadmap/
But as others said, we don't publish ETAs as one never knows what happens. :)
Try this.
Hi there, if you are not sending from a Tutanota address, your email might go to spam as we block all unknown domains. You will get a notification about this, which lets you put the email into our mailbox, but only if you click the link. Alternatively, you can also write to our sales team, you'll find the address here: https://tutanota.com/faq#payment
Well, that's Tutanota's main and basic feature, so maybe you should have studied the service a bit before commiting to it, and complaining about it in ALL CAPS.
Tutanota is an end-to-end encrypted email provider. This password is the way emails get end-to-end-encrypted. So saying you will NEVER use it is a bit like buying a car and complaining because you don't like wheels.
However, you can also send emails unencrypted.
If you must complain about bad usability, how about doing it in a way easy to read ? How about hitting your Enter key once in a while, so it can produce, you know, paragraphs, instead of that user-hostile wall of text ?
The Drafts folder is right below your Inbox. There are plenty of screenshots showing it in the How-To. This one, for instance.
If you have trouble with technical vocabulary, the simplest way to learn is to make a Google search with the word, or expression. For instance, googling Markdown would have teached you that it's a basic formatting language, for enhancing notes.
Tutanota cannot be expected to teach you the basics of computers or the Internet. That's for you to learn. There is no shortage of free resources on the Internet if you're willing to put in the effort.
Hi there, thanks for getting in touch! Yes, to share the birthday calendar, you will need the 'sharing feature'. This is already included in Teams. With sharing included, each user will cost 24 Euro per year. You'll get the best overview here: https://tutanota.com/pricing#calculator
Aliases and users are different things, you'll need users: https://tutanota.com/blog/posts/secure-email-alias/
No, avoid Tutanota.
A Dec 2020 German court order forced them to turn over UNencrypted Inbox emails on one account.
They routinely turn over encrypted emails (34x in the past 6 months) but don't have the keys - if the encryption holds you're fine, do you want to risk that?
This is now precedent and will make it easier for them to get YOUR unencrypted emails too if they so desire. Your encrypted emails are probably safe, but if you are using Tutanota anonymously and unencrypted, they are not safe. Also, Tutanota permanently deletes your account if you haven't logged in within the past 6 months. Also, they no longer allow signups via Tor, whereas they used to allow this readily in the past.
Tbh I'm in the same disappointed but not surprised camp. I'll see if I can use a tutanota email to sign up as they require no info so as long as you can also put gibberish in for the Facebook account sign then you have an account with no ties to any personal info.
Of course you lose your purchases tho as so far as I'm aware they're not transferable.
Use tutanota.
I don't know what you mean about speed/space/uptime. All companies have the same 99.99% uptime. What do you need speed for? Are you sending out millions of emails a day? You can buy more space if you want.
Term 4.6 states that Tutanota Free is only allowed to be used by private customers, and that business use is only allowed for paid plans.
I don't think that buying stuff online and communicating with people/companies to ask questions and submit resumes counts as 'commercial use', so long as you're acting as a private individual yourself (e.g. you are sending your resume to apply for a job, as opposed to running your own company and receiving resumes of applicants that want to work for you).
Thanks for your feedback. You can whitelist by address and sender easily: https://tutanota.com/howto#spam
We continuously improve spam filtering. However, spam in emails will always be a difficult task as some people will consider the same email as legitimate and others as spam. That's why there is a spam folder, and also a number of unread emails next to the spam folder to help you spot spam emails that might be legitimate.
We plan to add a learnable spam filter in the coming months, thanks for your patience!
We do not track you because IP addresses are anonymized right away. Check our Privacy Statement:
>In order to maintain operations, for prevention of abuse and and for visitors analysis, IP addresses of users are processed. Storage only takes place for IP addresses made anonymous which are therefore not personal data any more. This processing takes place for the purposes of the legitimate interests pursued by the controller according to Art. 6 DSGVO 1. f).
The legitimate interest here is to prevent mass sign-ups by spammers, which for obvious reasons we must make impossible. We're sorry that you and your friends have been caught up by this anti-spam protection mechanism. We'd recommend you go home and sign up each from their own network again.
This FAQ is also important to know should you have issues signing up.
Thanks for spreading the word about privacy! :)
Hi there, Tutanota Team here. We explain how German laws affect Tutanota on our blog: https://tutanota.com/blog/posts/data-protection-germany/
>Traffic data is subject to the secrecy of telecommunications. Only German judges are allowed to request traffic data. This is only possible in case of serious criminal acts like murder, child pornography, robbery, bomb threats and blackmail (see § 100a StPO).
>By default, we don't record IP addresses of our users. Therefore, IP addresses can only be recorded for a single user account after we received a valid court order for a real time monitoring (TKÜ) but not for the past. There is no data retention law for email providers in Germany.
To summarize: We do not log IP addresses of our users. If we receive a legally binding court order from a German judge to monitor an IP address of a suspected criminal, we must under German law comply. Our mission with Tutanota is to provide a secure email service that enables everyone to communicate online without having to fear illegal mass surveillance.
We also publish a Transparency Report every six months to show details: https://tutanota.com/blog/posts/transparency-report/
I love tutanota because it's open source with an app on F-Droid. I'd say the risk with them is pretty low as they grow organically rather than taking investor's money. You see when investors are involved, there are lots of interests, and even if the team wants to continue, investors can pull the trigger anytime.
Despite all this, no matter what email service you use, I'd always back up the most important emails locally. Tutanota supports bulk-export for folders, so that's easy.
Thanks for your suggestion, we'll take it into consideration. For now, you can transfer your wanted aliases to a new account, deleting the unwanted ones: https://tutanota.com/faq#merge
Please export any needed emails first as when you delete the old account, all emails will be deleted, too. You can only transfer the email addresses, not old emails when merging accounts.
As I understand it the recovery code is simply put a second password - which you can only generate/access upon entering the password, so no one else can get access to it but yourself. You'll find details here: https://tutanota.com/blog/posts/secure-password-reset
Also, if you've set up 2FA, you always need two to reset the third. So you can still fully trust your second factor, it still secures your account just like before.
What do you prefer with Tutanota? I'm using both, and kinda like both, hard to decide. What annoyed me when trying to sign-up via Tor, Proton asked me for the phone number, which Tutanota does not. However, I managed to get signed-up by not using Tor without a phone number eventually...
I think all these questions are answered on their website.
Yes, there's still an advantage as the TLS encryption is very good. Take a look at their security site.
No, Tutanota doesn't store IP addresses and strips IP addresses from emails sent & received so you can use Tutanota anonymously.
As Tutanota doesn't log IP addresses and stores the mailbox encrypted, there's not much they can possibly hand over to the authorities. You'll find details in their transparency report.
It's so interesting that you got the Trump family to sign up for your service:
>After the recent scandal revealing that Trump campaign aides have had repeated contacts with Russian intelligence in 2016, the entire Trump family seems to turn towards encryption to protect their private communication. Several encrypted Tutanota mailboxes were registered yesterday alone with distinct names of Trump family members....
Any concerns over seeming revelation of their personal email account information or did everyone take this in stride?
Both their website's log in cipher suite strength are identical TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. both also have verified EV certificates but ProtonMail has the larger key length 4098 vs 2048 for Tutanota.
ProtonMail is in a better privacy protection country, it cooperates but not part of the 14 eyes like Germany.
ProtonMail has more features, Tutanota has basically stopped updating their application and not released two factor authentication as of yet.
Using Tutanota for threw away accounts purposes is fine but not for serious use. I'm really down on some of the decisions they made, I can't find the specific article but Tutanota was warns about security vulnerable by researchers a couple years back they didn't fix, can't confirm if they ever fixed it. then there's this https://tutanota.com/blog/posts/trump-family-encryption. last thing I really dislike is their promoting of the Uniphone with Una partnership for a kickstarter fundraiser on indiegogo that looks very sketchy, over year later and still can't verified a single backers getting anything, excuses after excuses.
https://tutanota.com/blog/posts/una-phone-zenith-crowdfunding
Sorry to bash Tutanota but I needed to put it out there doesn't mean they're necessary shady just that some of their decisions warrant looking into to.
Obviously ProtonMail is my choice especially with their added transparency the only con being that do to their popularity they're very likely a target for powerful adversaries.
Hi Karen, I don't think this subreddit is the right place for this post since r/Privacy4Search is focused on search engines. Try asking again at r/PrivacyGuides.
But I would recommend Tutanota, it's a well known email & calendar service, they do not track you, and their clients & apps are open source.
You cannot change your email address.
Your account is defined by your email address : if it had another one, it would not be the same account. This is the case with all email providers, and not at all specific to Tutanota.
This is not stated in the help, because it's kind of obvious. It's a basic tenet of email.
You can, of course, delete your account and create a new one, with the address you want. Provided no one has already created that address.
Instructions for deletion are published on Tutanota's website :
https://tutanota.com/faq#delete
Take care to export first any content you might want to keep : emails, contacts, appointments.
Also, before deleting your account, I would advise you to test the new address you wish for. Just in case it is already taken, and you actually prefer your present address with the mistake included.
Sign up for a new free account. Tick the two boxes saying you don't already have a free account, and this is not for business. Then type the new address you wish for in the required field. The server will check it, and tell you whether it is available.
Then click on the Back link to abort the account creation procedure. If you still want to delete your existing account, do it and then create a new one.
They just rushed through a bill in under 24 hours that allows cops to hack your devices, take over your social media accounts, and collect or delete your data, and they only need a warrant from a member of the Administrative Appeals Tribunal (not exactly sure of their role, but the key point is that they don’t need a warrant issued by a judge).
Ostensibly the bill is to prevent child exploitation and terrorism, but they’re allowed to use these powers for any suspected crime with the potential for three years or more of jail time.
No, it is direct Internet. Everything else works fine btw. This is only about tutanota.com. Looks like they were using Sectigo before Lets Encrypt. Is there some kind of a cache mechanism that I need to clear?
Interior Minister Seehofer is asking for feedback on the new cyberstrategy draft. To save strong encryption and security online, please send them an email to You may use this pdf (or make your own on the bmi website).
Unfortunately no info on the help screens ...It clearly says in their FAQ
​
My newly created account has been put on hold for 48 hours after registration. What should I do?
Some accounts are automatically marked for approval upon sign-up to prevent abuse. This often affects IPs from VPN services or Tor as spammers try to bypass our anti-spam protection method by abusing these services. Please read here why the 48-hour wait is necessary to protect your privacy to the maximum with a truly anonymous email service.
During these 48 hours emails cannot be sent or received. Please do not share your new email address before the blocking has been lifted automatically.
As a social scientist, I hate these headlines. Yes, illegal, expensive etc. Will we know if it stopped a terror attack? Not likely in the near future. We will never observe the counterfactual world where we did not have the program.
>A similar investigation of terrorist attacks in Europe came to the same conclusion: Between 2014 and 2017, 13 Islamist terrorist attacks took place in Europe after which 24 offenders were convicted. All 24 of them - one hundred per cent - were already known to the authorities prior to the attack and had been classified as violent.
This is exactly the wrong way to do this analysis. We don't need to know which attacks happened and who was convicted. We need to know which attacks didn't happen. This is likely classified (SIGINT and HUMINT that can provide this information is probably an ongoing source of actionable intel) and will remain classified for years.
Then there is the effect on the costs in a terrorist's utility function that are even harder to analyze. How many attacks that happened in France were originally targeting the US until the perpetrators realized it would be easier to communicate and target someone else?
This is a conclusion for a political science research paper in about 30 years.
You guys want something like this?
It’s another email service I use. I pay for both Tutanota and Proton as I decide between the two. The issue I have though is that things get marked as near future but have been on the pipeline for 2+ years.
If you are looking for specific dates I don’t think that’s something you are going to get.
I read about it on their subreddit and confirmed the information on their blog.
>3. Content data
>
>This term refers to your emails: subject, body and attachments. All emails in Tutanota are stored end-to-end encrypted and only you hold the decryption keys.
>
>Just like traffic data, content data can only be requested by a German judge (§ 94, para. 2 of the StPO, § 98, para. 1, sent. 1 or para. 2, sent. 1 of the StPO) in case of serious criminal acts (see above for examples).
>
>The German judge can either issue a seizure of a mailbox or a real time monitoring of the mailbox (TKÜ), or both. A seizure order under criminal law (§ 94, para. 2 of the StPO, § 98, para. 1, sent. 1 or para. 2, sent. 1 of the StPO) refers to the encrypted mailbox content. An order for real time monitoring of a mailbox refers to all emails received and sent from the relevant mailbox starting with the time of the order until a specified date (usually three months).
>
>In case of real time monitoring (TKÜ), we have to provide contents of emails. Emails that are sent end-to-end encrypted with Tutanota can only be delivered in encrypted form. Emails that are sent unencrypted are delivered in plain text if they arrive after we have received a valid German court order for a real time monitoring (TKÜ). Plain text emails that have arrived before that have already been encrypted on the server and cannot be decrypted by us.
Tutanota offers a paid subscription as well, at 12 EUR an year/1.2 EUR a month. From what I read, they have a good chunk of paying customers and that keeps them running.
Edit: I previously mentioned that calendar is not available on free plans, but it's available.
This is scam. Please read this post how to prevent phishing: https://tutanota.com/blog/posts/how-to-prevent-phishing/
Emails coming from us can be easily distinguished in your Tutanota mailbox:
>Tutanota displays a red tagline reading 'Tutanota Team' next to the sender's address if an email coming from us hits your Tutanota mailbox. This cannot be added by someone trying to phish your Tutanota password because it is built into the code of our email client.
Hi there, and thanks for your feedback! Yes, the old version is not live anymore mainly because the new one comes with much better security features (2FA, secure password reset, etc), but also with great usability features like full-text search. Check our blog for details: https://tutanota.com/blog/posts/new-mail-client
Please try the new verison for a week before your final judgement, we're sure you'll love it. It's also much faster. ;)
Protonmail and Tutanota are both nice.
everything encrypted
encrypted emails to outside users available
both not located in the US (wouldn't say Switzerland or Germany is much of a difference as both countries have agreements to share data with others, however, as mailbox content is encrypted, this should not matter too much). However, if this is no-go for you, check out Yandex or similar outside Europe/North America.
prices Proton €5 per month & Tuta €1 per month
both are passionate about open source, Tuta just published their app on F-Droid
Yes, Opera has supported U2F almost just as long as Chrome, and Firefox as of the release of Quantum, in addition as of Firefox 60 is able to use in conjunction with Google stuff. So the standard is definitely reaching maturity by now. Protonmail sounds like it's the Lastpass of secure mail that uses a strategy of delay delay delay, while all major browsers, with the exception of Edge/IE (doubt 99% of Protonmail users care about those anyway), support the standard. Tutanota has U2F on offer and working perfectly for almost a year now. For a service that very likely makes way more money than Tutanota, it's embarrassing that it still isn't supported. If I'd be running any type of service that literally protects lives by offering secure private communication, I'd be deeply concerned if it still doesn't support challenge-response authentication.
Edit: going a bit off-topic here, but no: Yubico doesn't have a BT model on offer (read Yubico's statement in the Techcrunch article I linked to in OP), but the Neo does indeed support NFC, which is supported by both iPhone and Android. Anyway, since Google is releasing a BT model, there's no excuse for that now either.
It's not complicated.
1: Open a new email account. I use https://tutanota.com
2: Open an account with an exchange so you can buy BTC. I use https://www.coinbase.com. Buy BTC.
3: The next step is up to you. You normally want to move the BTC you've bought to an online or offline wallet (storage for the BTC). This in case the exchange you've bought from offers an online wallet (which Coinbase does), but will cancel your account if they think you're using the BTC for illicit activity (which you will be doing). It also ensures your BTC is safe if that exchange exit scams.
You can install BTC software on your computer and send the BTC to your wallet, or use an online wallet like https://blockchain.info.
4: Go to your vendor. Buy the 1P. You'll be given a price in BTC (usually a fraction of a bitcoin, like .01) and a long address in random alphanumeric characters. Copy that address. In your wallet, send to that address. The vendor will eventually see you have paid.
Tutanota here. We noticed this post because it's an x-post from /r/tutanota/
What the CIA is doing in Germany is illegal. Also, their spying has nothing to do with the security of Tutanota as we cannot be forced by German law to help them spy. Data-privacy laws in Germany are very strict and we can only be forced to hand out data when presented with a valid German court order.
In addition we can only hand out encrypted data because Tutanota's mailboxes (emails and contacts) are end-to-end encrypted on the user's device. This leaves us zero access.
If German LAW changed, we can discuss whether moving our servers to another country makes sense or not. However, Switzerland is not an option because they force ISPs as well as email providers six months of to data retention: https://de.wikipedia.org/wiki/Vorratsdatenspeicherung#E-Mail
While email providers in Germany do NOT have to retain data: https://tutanota.com/blog/posts/germany-data-retention Right now the legal situation in Germany is very good for a privacy-focused service. Of course we watch the political debate about this closely and also try to influence politicians as best as we can into a pro-privacy direction.