Privacytools.io: 💬 Discussion | Warn Users of Non-free Email

TutaNota is not a safe e-mail platform.
Should not be trusted. They are compromised.

Why?: You cannot trust non-free software by nature, it is not transparent.
TutaNota does not offer a free email server, you must use the email server they provide, you are unable to run a deployment of your own. Take Lavabit for example, github.com/lavabit/magma and you can run your OWN instance of a "Lavabit email server." Open Server. Open Client. You driving both. Otherwise, how can you verify the "open source" server running on their end? You simply cannot.

I don't see the problem with a closed source back end, as your unable to see what they run anyway.

I don't see the problem with a closed source back end, as your unable to see what they run anyway.

My issue with this is that some have gone to start running windows or something.
And as we know, Windows isn't privacy respecting: https://www.privacytools.io/operating-systems/#win10

If they release their back-end as free software then we at least know what 3rd parties might have access to our data.

unable to see what they run

Seems like a bit of a stretch that they are lying to us, as it is illegal in most regions.
At least, we get some protections..........

TutaNota as forced recovery codes, that is the gov backend to all your messages.

I'm still not convinced, adding another warning makes users less likely to choose our listed email providers and go back to things like gmail and yahoo. I don't know if some theoretical legal "protection" would be worth confusing new/less tech savvy users.

TutaNota as forced recovery codes, that is the gov backend to all your messages.

while i dislike that they are forced, calling it a backdoor is useless conspiracy.

more on this: old.reddit.com/r/tutanota/comments/a3ms5t/clarifications_on_the_recovery_code_feature/

The equation is simple:

Who is in control of the message encryption? You or somebody else?

The only way to control your encryption through email is when you encrypt your messages locally using gpg/pgp (POP3,IMAP needed to achieve that).

Since tutanota , protonmail ...etc doesnt give you this opportunity then user laughing on himself to say his emails are encrypted with 100% surety.

These providers as well doesnt allow you to login without allowing JS in your browser which makes things even worse.

So to measure things correctly = Free POP3/IMAP accessibility , User free to use any email client he wish , non 5 eyes located , doesnt force JS on web login, better to have no fees on account creation. Well i know good one doing that (and maybe there are others as well):

https://danwin1210.me/mail/index.php

The list in https://www.privacytools.io/providers/email/ doesnt really make alot of sense regarding user privacy/security.

I don't see the problem with a closed source back end, as your unable to see what they run anyway.

Closing this issue.

If you trust an email provider with your email, you're giving them ultimate trust and the stack doesn't really matter.

If you want to be sure your server runs free software, run your own. We're not putting warnings on all the options listed.

At what point do we say it's not free software? If they have some shell scripts that are not on github?

Additionally it isn't something that can be verified without shell access to the production servers, something the provider would never give anyone, obviously.

I would also suggest rather than focusing on whether something is 5 eyes or not, focus on whether the country has good privacy legislation. Realistically some 5 eyes countries probably have better privacy than some which are not. See https://github.com/privacytoolsIO/privacytools.io/issues/1437

Further it is also my plan to redesign that page, in accordance with https://github.com/privacytoolsIO/privacytools.io/issues/603