this post was submitted on 22 Oct 2023
457 points (98.9% liked)
Privacy
31921 readers
746 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This article makes some good points generally, but it is ultimately marketing for a commercial snakeoil service which has a gigantic backdoor in its very threat model: when a tutanota users send an "end to end encrypted email" to a non-tutanota user what actually happens is that they receive a link to a web page which they type the encryption key in to.
Even if the javascript on that page is open source and audited, it is not possible (even for sophisticated users) to verify that the server is actually sending the correct javascript each time that a user accesses it. So, the server can easily target specific users and circumvent their encryption. The same applies to tutanota users emailing eachother when one of them is using the webmail interface.
This effectively reduces the security of their e2ee to "it works as long as the server remains honest". But, if you fully trust the server to always do what it says it will, why bother with e2ee at all? They may as well just promise not to read your email.
I am removing this from [email protected] with the reason "advertising for snakeoil". (If you're reading this on another instance and the post isn't deleted, ask your instance admins to upgrade... outdated versions of lemmy had a bug which prevents some moderation actions from federating.)