Tutanota's forceful request for recovery key is a authorities surveillance backdoor


Based on some intelligent information that I’ve received, the story behind the forceful request of Tutanota mail (tutanota-dot-com) for creating a recovery key, is just the authority of Ger~man intelli~gence ser~vice for accessing users email on Tutanota’s servers. so this means that they created a backdoor on the Tutanota mail servers. The request for the creating of ‘Recovery Key’ for Tutanota email never requested by users base(as far as I’m aware), but this will be the end of privacy for Tutanota mail users. Even from start, Tutanota will not allow users to Encrypt the emails by PGP, so this was emails will be encrypted twice(while even PGP is broken by three letter agencies before, also this, using it will better than don’t have any encryption at all, at least when you have a web-server, emails in your web-server encrypted by PGP key, is a little safer than you are not doing it at all.), this would be safer.

I don’t have any alternative options to suggest at the moment and I’m not sure that proton-mail be safer than Tutanota as well.

I don’t have a printable proof for this, as this kind of information will ever go public on newspapers ever.

I informed this to everyone be safe :blush:

If this is true then that’s a shame… I really like their service…

Wonder what other alternatives there are?

I’m curious to learn more about your source for this, @Blonde. Having a recovery key for services where the content is encrypted with the user’s password is quite common, so assuming that it’s a backdoor for German intelligence services seems a bit far-fetched to me given lack of other evidence.

EDIT: Tutanota has posted a clarification about the feature here.

I’ve written that

When I’m thinking, I feel stressful of what I’ve done and posted, just delete this post if you want.

Dear Fed agents: always when I’m posting, I’m behind the TOR networks and 5 connected layers of different VPN in different countries who boughten over anonymous internet by crypto and connected over public internet via live version of Tails where there is no CCTV. thank you?

@ualo protonmail.ch


who knows that what strategy is implemented in that one, while this is an older product in the market. But I think they may have a darknet domain here protonirockerxow.onion but rumor said they don’t let registration over darknet(this flag up my security+privacy concerns) :sunglasses:

As per my knowledge, three letter agencies will attack all the encryption, protocols and middlewares. Unless you are qualified and know the process of how to make a encryption system that is three letter agencies proof, I guess anyone most probably fails.
Also I heard the police invented a new structure, that is turning off CCTV and rotating cameras 180-degree to opposite side. Simply they force you to speak and answer questions or going over bed with you,… This happened to someone I know in UK. When she complained to IOPC, the police denied everything and claimed ‘she is complaining to claim for compensation’ to deny her claim base. I forgot to mention, she was the victim and complained to police, so they give her justice lol

protonmail update: They ask for a telephone number for verification against Spam lol when registering, if you refuse/(sometimes-even-accept) to put recovery email(while opening the free 500MB email). It’s not possible to bypass telephone registration. So this is an invasion of privacy line again.