I’ve been using Tutanota for a while now. Been interested in people’s opinions about Tutanota and Protonmail.

  • asudox@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption There’s even a section which discusses why they do not use PGP. So it’s not like they can’t add it, they just don’t because it lacks “important requirements”. Plus they even are slowly developing a protocol that is post-quantum secure to encrypt their emails with.

    • sanpo@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I’m not really saying that what Tutanota does is insecure, but historically doing security on your own instead of using established standards has not been a winning move.
      Plus their unwillingness to open source it and not sharing the audits just doesn’t inspire my confidence.

      Overall they’re probably fine, but these are some of the main reasons I ultimately chose Proton instead.

      BTW, they’re not “slowly developing” post-quantum encryption, they’re just saying they may do that at some point in the future - which everyone will have to do anyway when we get to this point.

      • dngray@lemmy.oneM
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Plus their unwillingness to open source it and not sharing the audits just doesn’t inspire my confidence.

        The server side isn’t open source, and you can’t verify that is what is actually running in production. While we do recommend it I don’t personally use their products.I like the use of email clients, particularly customized to my needs.

        Nested folders was only a very recent feature added https://tutanota.com/blog/posts/subfolders and without that I wouldn’t even consider a provider as I use this for organization. Of course as you can’t use your own email client, downloading email from Tutanota can be a bit of a pain too, you can only export per-folder into Mbox.

    • dngray@lemmy.oneM
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption

      These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.

      There is no way to do key distribution outside of Tutanota’s service.