Tutanota's forceful request for recovery key is a authorities surveillance backdoor

(Blonde) #1


Based on some intelligent information that I’ve received, the story behind the forceful request of Tutanota mail (tutanota-dot-com) for creating a recovery key, is just the authority of Ger~man intelli~gence ser~vice for accessing users email on Tutanota’s servers. so this means that they created a backdoor on the Tutanota mail servers. The request for the creating of ‘Recovery Key’ for Tutanota email never requested by users base(as far as I’m aware), but this will be the end of privacy for Tutanota mail users. Even from start, Tutanota will not allow users to Encrypt the emails by PGP, so this was emails will be encrypted twice(while even PGP is broken by three letter agencies before, also this, using it will better than don’t have any encryption at all, at least when you have a web-server, emails in your web-server encrypted by PGP key, is a little safer than you are not doing it at all.), this would be safer.

I don’t have any alternative options to suggest at the moment and I’m not sure that proton-mail be safer than Tutanota as well.

I don’t have a printable proof for this, as this kind of information will ever go public on newspapers ever.

I informed this to everyone be safe :blush:


(ualo) #2

If this is true then that’s a shame… I really like their service…

Wonder what other alternatives there are?


(Thomas K. Running) #3

I’m curious to learn more about your source for this, @Blonde. Having a recovery key for services where the content is encrypted with the user’s password is quite common, so assuming that it’s a backdoor for German intelligence services seems a bit far-fetched to me given lack of other evidence.

EDIT: Tutanota has posted a clarification about the feature here.


(Blonde) #4

I’ve written that

When I’m thinking, I feel stressful of what I’ve done and posted, just delete this post if you want.


(Blonde) #5

Dear Fed agents: always when I’m posting, I’m behind the TOR networks and 5 connected layers of different VPN in different countries who boughten over anonymous internet by crypto and connected over public internet via live version of Tails where there is no CCTV. thank you?