Tutanota recently released a new recovery code feature that allows a user to recover their account if they forget their password. This recovery code adds a second method to decrypt your private key and thus your emails. This feature was never asked for by the user base, and they refuse to let users opt out of creating a recovery code. Each time you log in to Tutanota you will see a pop-up requesting that you create a recovery code.
Now I will explain why this is happening:
I work within the German government, and I know for a fact that Tutanota was served an order by the intelligence services to create a database that can be used to decrypt any user's email address upon request. Tutanota is currently under a gag order and cannot speak about this request publicly. This is basically Hushmail/Lavabit 2.0. The recovery code is essentially a government recovery code / backdoor used to read your email if requested by the government.
I'm posting via a public WiFi with a disposable device in a location with no CCTV cameras. This was very hard to do, and I won't be posting again so please do not delete this thread. Users please screencap or archive the thread. I felt I must warn people, especially journalists who rely on the security of Tutanota and may reside in countries with oppressive regimes or human rights abuses.
So if we don't make a recovery code we might be safe?
what if you have green ears and a 16" dick
Sucks, was a good burner email service but now ill just find something else. Add opt out or rathee opt in and id reconsider. Forcing a feature onto users is stupid. Just another example of normalfags shitting up an email service thinking that email is by any means a secure means of chatting.
I use Tutanota occasionally because it seemed pretty secure and simple. It's unfortunate to hear this, but also no way to confirm this. They at least give you the option to postpone I guess? But creating a new account probably forces you to have one.
Must have missed this when i read. Its still a viable burner if they allow you to postpone creation. The moment it becomes necessary during account creation is when ill drop it.
Antipodean Resistance used this service
Reminder that jews own literally all communication, proving that no one will ever fight back against them at any time.
asses and elbows
Why doesn't anyone fire up Tutanota, experiment and report? I'm too lazy to but at least I'm going to spare you my speculative theories.
Still better than (((gmail))) but yes I was annoyed by a stupid recovery code appearing. What the fuck do I do with this? Was my only reaction. Just seemed like even more of a liability for a breach.
Were you allowed to bypass recovery code creation?
How about ProtonMail?
I literally searched "protonmail pozzed" and it came up positive but I'm not tech enough to know if true. Tutanota seems seemed like the last unpozzed.
"Tutao has the right to show its customers security notices as well as information in regards to contracts with the customers, to product updates, to Tutao GmbH, to other products and to products of partners. Partners are exclusively companies that can be recommended by Tutao GmbH because they advocate human rights, data protection or privacy." Changes will come into effect on November 2, 2018, for all users. "
Weren’t they just hacked? Their symbol is the old jewish symbol for the atom with the star of remphan in it, too.
>>>/suicide/ Prove me wrong, in any capacity, or kill yourself.
Didn't you read the OP? This is all just dressing up having to store your emails for the gov's perusal. Likely they share your "recovery code" even if you don't know it. Its a dumb feature even if you take it at face value and a red fucking flag because if you can't remember your password then why the fuck can you be trusted to remember and even more forgettable random jumble of numbers? Why do you need a backdoor when you can go in the front just fine?
My thoughts too, always a possibility. Why would he need to post once on a burner device and never revisit the bread? Seems fishy.
Until it becomes a forced feature theyre still a viable burner. Im not saying it isnt shit but its not required yet
I can smell you, jew.
I think you can choose to not do it and it only nags you on mobile, but I made the mistake of setting it up.
doesnt necessarily have to be forced.. Those who dont voluntarily do it could have a default recovery code added without their knowledge..
No shit. Whoever uses a server hosted in a EU country for their communications might as well broadcast them for all to see. Doubly so for France, Germany and Great Shitstain. Use Protonmail or host your own server; there is no alternative.
Tutanota became property of NSA at least by August 13, 2016–the date when The Shadowbroker leaked all of NSA EQGRP's goodies on Github.
the account creator of that Github account used a Tutanota email account. of course NSA hacked Tutanota and have been copying 100% of Tutanota traffic as well as stealing their private crypto keys and bulk decrypting everything.
NSA will never again let another Shadowbroker using Tutanota catch them with their pants down. so there's that reason to considered Tutanota as burned.
bizarrely, a year later, in the Shadowbroker's auction of unreleased NSA virus goodies, he recommended buyers use Tutanota to send him emails about purchase confirmations. (of course The Shadowbroker has a tremendous sense of humor and knows perfectly well that Tutanota and all email is being wiretapped by NSA, and that there is only one way to defeat the NSA's net cast around the entire Internet and to be anonymous.
me amigo, i would bet your bottom dollar that Tutanota has been compromised by (((glow niggers))) since day one, because that's just how they roll–hack every service provider of pseudo anonymous comms years ahead of time while they are small and obscure is just NSA's default posture.
ironically, the best way to DEFEAT LIST what NSA is doing is by not trying to hide by using 1337 крипто at all. i'm going to share a lil' secret with you about how to truly be invisible from (((NSACIAFBI))). it is stupidly easy and obvious and 100% fool proof and you'll kick yourself for not thinking of it and for creating crushing extra work for yourself and hoops to jump through.
YOU DON'T NEED TO HIDE AT ALL. YOU JUST NEED TO BE SOMEBODY ELSE. steal someone else's WiFi. hack or burgle into their SOHO network and "borrow" their Internet connection. do the ol' trick of dropping infected USB sticks in busy places, waiting for passersby to find them, take them home, and plug them into their own computers and thereby infect themselves with your botnet that gives you access to proxy through their networks. or if you're bad ass you can do what the Shadowbroker himself did to remain untouchable for at least 8 years and to hit the hardest targets and pull of the top 10 greatest hacks of all time. hack into wifi routers, security cameras and printers and use them to build yourself a botnet of relays to proxy your comms. NSA won't even fucking see you much less be able to find you.
Also, you see this little message at the bottom of the page? Every day, whenever you come here, check for it before you post anything. The moment it disappears, it's time to pack up and leave, without looking back for a second.
this. It's really not that complicated to set up; there are plenty of tutorials and most OS distributions come with everything necessary. The hardest part is getting the spam protection configured, but again there are tutorials. And once you do you can make all the addresses you need for your friends, your sockpuppets, add new domain names, etc.
But, if you need real OpSec, forget email. Use bitmessage.
why can't i have just a little bit of privacy? i close the bathroom door when i go to the loo!
Protonmai is pozzed too. Might as well use an @yahoo.com or @hotmail.com account
It actually is these days, especially if you want to make sure your IP is not black listed. There are a very large amount of variables in play, making it extremely easy for even competent users to screw up. I still recommend everyone try it out, but unless you're willing to invest time learning which goes far beyond the basic setup guides, you are likely to spend a lot of time creating a solution with less security than the commercial providers.
I'm glad he's still going I'm Spartacus
Don't your encrypted bitmessages persist forever in the blockchain like transactions in bitcoin?
That's likely not possible. Assuming the service was unpozzed from the beginning (a fair enough assumption, given that they're now insisting on creating recovery codes for government access), they require your decryption key in order to create the recovery code (essentially another decryption key). If you don't create a recovery code, your mail remains inaccessible.
"safe email" is a fucking meme. use gpg in a local client or unplug.
That's still no good though, satan, because if you're using encrypted messaging with another Tutanota user and they're pozzed, you are by contagion pozzed in that line of messaging. AND YOU CAN'T TELL WHO'S POZZED ANYMORE among tuta users. That's like the AIDS epidemic all over again!!!!
the woes of centralized messaging
Please use encryption ALL the time. Even if you use an encrypted service like protonmail, encrypt your mail on your own computer or phone first.
Why doesn't someone just create an open-source browser extension that acts as a wrapper around pozzed services and encrypts the text and attachments before they're even sent to the server?
This is true. I was addressing only the "recovery added for you by default" issue, which in reality is unlikely to be possible. Make no mistake, though, the service is now thoroughly pozzed.
And always create the biggest fukken key pair possible
Protonmail recently added encryption options if you're sending to other servers, but don't use it, always write your email on your computer or phone first, and encrypt it locally before sending it.
All the big "super duper private" email and vpn firms are comped. All of them. We heard some shit about Nord VPN a couple months ago too. It's interesting news but should be filed in the "you should have expected this, you were warned, why didn't you listen" circular.
Isn't Tutanota run by the same sort of people as RiseUp (as in antifa/commie fags)?
Why is there no DHT based chat app?
No, but there are no real "safe" emails. I use Tuta as a main email, but I literally dont use it for anything. Might switch over to Protonmail but I dont even use emails in general anymore. Who the fuck needs emails unless for business practices?
Yep seeing lots of posts of these kind here lately. Dunno if cia niggers or little upstart tech kikelets jewing each other.
It doesn't matter if OP works in government or not. What he is saying is correct: now that Tuta is demanding that all users create a recovery code, which THEY store serverside, any user that has created a recovery code is now pozzed. That is an undeniable fact.
please don't tell me you're recommending a browser plugin.
Nope. You take the email contents and copy paste them into your terminal GPG program, and vice versa.
No client software needed. Just good old fashioned mouse movements and middle clicking.
Also their explanation sounds somewhat dubious for a very convoluted password reset system that is unsafe by design and never been used by any serious website.
good job user
explain or fuck off
but all computers are pozzed learn nu-navajo communicate in dreams..
I have hopes for powerpc, even if it's foolish to do so
This, right? I'm using Tutanota just because I don't have to link a cell phone number to it like with Gmail. I don't really need encryption tbh, I only do normie shit via email.
then just use cock.li, it's a much faster compromised email server
yeah but like I said, I use email for normie shit. I don't want to tell my boss or my mom to email me at my cockmail
use Yandex. because at least that way your emailed lolis won't be read by some snooping pervert local Field Office FBI faggot, who is corrupt as sin and on the Clinton Crime Cartel payroll, and who is looking for dirt to threaten you to become their informer or else, and it won't be some blue haired tranny Langley xer reading your emailed dikpix to blackmail you to become their asset or else drone strike for you–no, those cocksucking DC Swamp traitors to the Constitution don't have raw access to Yandex mail.
at the very least, you'll force the top floor of the Ft Meade glow niggers to break a sweat reading your emails by hacking Yandex, and so they'll have to tip toe very carefully on the rice paper and only make use of the SIGING in your emails if it is of exceptional Intelligence value or else risk burning their whole Yandex hack op or worse–risk enraging MUH RUSSIA with an overt act of cyberwar and triggering proportionate retaliations, such as Russia dumping the OPM database on Github.
as an ancillary bonus, you'll be helping Russia fight back against the NWO OWG by giving them your patterns of life. i have exactly zero fears of Russians using my private data against me in any way. ironically, i would welcome the Russian govt to spy on my entire life, because i have nothing to hide from them and i am ultimately on the same side as they are and so i trust them. sadly, i cannot say the same thing about my own govt, who have time and again let all Americans down and betrayed us and stabbed us in the back by abusing our private data to run coups against our own President and to start illegal wars and to create the terrorists and to turn the 3rd world shitholes into even worse shitholes and to help (((WallSt))) fleece us and rob us blind. as you can see, it's pretty clear which side of the equation group i'm on.
use Yandex. you'll thank me later. you'll find out.
Thankyou for he post OP Bumping, everyday peacful resolution moves further away, but the muscles grow larger, and more bullets get moved into the magazine.
yaas, use cock.li goy. nevermind the dude who runs it in Romania has been tweeting repeatedly going back years that when the FBI asks him for data on his users, he VOLUNTARILY hands it over, and doesn't even make FBI go through the legal process.
never trust a faggot offering a "free" service who is so broke ass ghetto that he cannot even afford to pay an attorney to talk to the FBI for him and instead just gives the FBI whatever they want.
and see that last pic? it shows the FBI asking him to keep it secret that they are asking him for user data and that he is giving it to them.
if you actually believe "Canary Warrants" on websites fucking work at all, and that a similar informal arrangement hasn't been made between FBI and Zig Forums going back years, then i've got a fucking igloo bridge to sell to you gullible dupe Eskimos.
If that's your use case, then Tuta is still a valid option. With the introduction of the recovery code Tuta is now reduced to the level of privacy of every other email provider: i.e. if the feds want the contents of your email, they have it. That doesn't mean you can't still use it for normalfag communications. Where that can break down, however, is in the perceived security of the platform by less knowledgeable users than yourself: e.g., some normalfaggot that thinks he has security on the platform decides to email you something compromising, believing that it is safe because it's through Tuta. If that's a risk you're willing to live with, then there's no harm in continuing to use the platform. Personally, I'd look into migrating elsewhere.
as opposed to some sketchy German one no one remembers how to spell? they have "airmail.cc" fam
one more thing. notice how the FBI tells him not to disclose to all of his users that he has handed over data on one of them, and then FBI softly twists his arm by saying if he cooperates then he won't have to personally appear before the grand jury in Florida.
wanna bet FBI faggots profiled his life, looked at his bank accounts, his net worth, his financial situation in life, and determined it would be prohibitively expensive for him to take time away and fly to Florida and pay an American attorney to represent him before the grand jury? and a grand jury can make your ass sit in the chair and testify for an unlimited time. FBI certainly abuse the grand jury process to intimidate and scare "witnesses" into voluntarily cooperating and not challenging the grandy jury summons nor the FBI at all in Court.
that's some fucking dirty tricks bullshit being pulled by FBI. just look at fucking traitor Robert " Saddam Hussein may supply terrorists with biological, chemical or radiological material" Mueller for Exhibit A for how Grand Juries have become a farce, a circus and cynical Iron Maiden for the New Inquisition to torture you as witches unless you confess to your MUH RUSSIA collusion.
so basically SVD > CIAniggers? You forget even vodkaniggers with badges will sell anything they can get their hands on, they're all out for themselves.
what part of "compromised" confused you? Also you're a retard if you think every email service doesn't do this.
know why you can trust SVD > Langleyglownigs?
Langley faggots can import thousands of tons of cocaine into the US, they can create, fund and arm ISIS, they can hack Mercedes of reporters to assassinate American citizens on US soil, they can drone strike Americans on foreign soil, and they can recruit every low life mafioso scumbag and give them a Get Out of Jail Free card and the Invisibility Cloak of Top Secret, and the CIA trannies never once face any consequences for their domestic crimes and for their foreign blunders. shit man, if you're CIA, the worse you are at your job, the higher your career path aims and the faster you get promoted. CIA is the living embodiment of the Peter Principle.
however, if an SVD agent double crossed Putin and betrayed Russia and abuse their intelligence for personal profit or helped foreigners in any way, you know what would happen to that guy? passersby would find his body hanging by his balls from a 5th floor balcony.
from that perspective, being ruled over by a brutal individual who wields an absolute monopoly on violence works to your benefit. you can actually trust the system because the system has zero tolerance for defection.
I'm moving toward Tox. I hope to get the few normies I communicate with using it.
So long as you're not promoting faggotry. If you do, they'll burn you so fast.
lavabit.com or neomailbox.com are far superior. Not free, but worth the money
weren't they shut down?
good info man, thanks
Ladar shut down his company rather than comply with a national security letter compelling him to modify his source code and turn over his private TLS keys. Ladar relaunched the service Friday, January 20 2018.
cockli is also finding a way to automatically encrypt the message itself, at least that's what canfield said.
Their servers were raided by the german federal police and were given digital disk drive copies to the FBI. There was nothing vince could do.
Warrant canary solves that.
That doesn't say you have to, just that it asks. So I'm hesitant to consider it as a must.