Tuta

3 months ago

Tuta
3 months ago

The UK's Investigatory Powers Act has way too much power. By forcing Apple to remove its encryption for UK users, it threatens the #privacy of everyone.

We at Tuta would never build a backdoor - and our #opensource code is proof of that.

👉 tuta.com/blog/uk-demands-apple…

Apple removes cloud encryption for UK users - but there's a grain of hope.

Apple to backdoor encryption? Round 2 | Tuta

UK demands Apple to backdoor encryption similar to what the FBI asked ten years ago. Will Apple stay strong?

^Tuta

in reply to Tuta

Seldon

in reply to Tuta 3 months ago

Will we see the #Tuta server-side open source anytime soon?

#tuta

in reply to Seldon

@Seldon This is not planned right now. No one could proof that the open sourced code would actually be running when you access Tuta... Nevertheless, we plan to enable you to self-host Tuta Mail, and for this, open sourcing the server code will make sense. This will be a small server, which can run locally.

Note,, all the encryption takes place locally on your device (end-to-end encryption) so our servers don't see your encrypted emails and can't read your data.

@Seldon

in reply to Tuta

Liam

in reply to Tuta 3 months ago

This! Please release a self hostable version of your server code. This would be a massive win for the #selfhosted community.
@Seldon

#selfhosted @Seldon

in reply to Tuta

MyOwnCreationM8H

in reply to Tuta 3 months ago

I don't know what to expect from a mentality which has made eugenics Liberal in order to choose the genes according to fashion after having fought the Nazis, signed the death warrant of physical money to hide poverty and take advantage of the commission on the slightest micro-transaction, authorized the marketing of printable synthetic meat to feed the beggars while a capricious crown head are presented every morning with a 100 eggs to draw two whose cooking would be suitable?!

in reply to Tuta

Samuel Hautamäki

in reply to Tuta 3 months ago

But only your client is open source? You actually haven't (to my knowledge) shared how your server side works, which could aswell have a backdoor, lol.

in reply to Samuel Hautamäki

Tariq

in reply to Samuel Hautamäki 3 months ago

@sirobsidian
And also how do we know the actual server side is the same as what is published?

I'm not particularly moaning about tuta. I'm just saying publishing code is not the same as asserting it is what is running.

@Samuel Hautamäki

in reply to Tariq

Samuel Hautamäki

in reply to Tariq 3 months ago

@rzeta0 Tuta is great, I use Tuta, but they constantly make the claim about being part of the #opensource community, but the only part of Tuta that is actually open source is their client-side. What people actually need, server-side is not open source. Self-host capability is one of the most important parts of open source and Tuta didn't get that right.

#opensource @Tariq

Unknown parent

Tariq

Unknown parent 3 months ago

@tizmic @sirobsidian
Indeed.

And as I said above, it is not easy to verify that what is published as server side code is actually what is running.

@Samuel Hautamäki

in reply to Tariq

Tuta

in reply to Tariq 3 months ago

@rzeta0 @tizmic @sirobsidian That is exactly the point. No one could proof that the open sourced code would actually be running when you access Tuta... Nevertheless, we plan to enable you to self-host Tuta Mail, and for this, open sourcing the server code will make sense. This will be a small server, which can run locally.

Note,, all the encryption takes place locally on your device (end-to-end encryption) so our servers don't see your encrypted emails and can't read your data.

@Tariq @Samuel Hautamäki

Unknown parent

Tuta

Unknown parent 3 months ago

@otfrom We haven't seen the order so it's hard to say. However, what we can say is that German data protection legislation is pretty strict and could very well be in conflict with the UK order, which would have helped us. In any case, we will never undermine the end-to-end encryption offered in Tuta, and this is proven by our open source code.

@Chip Butty

in reply to Tuta

Levi

in reply to Tuta 3 months ago

@rzeta0 @tizmic @sirobsidian what way do clients have to validate the client code does not differ from what is published? This is even more important for web based clients, since your servers can serve whatever they want to whatever client/ip/user makes the request.

@Tariq @Samuel Hautamäki

in reply to Tuta

Levi

in reply to Tuta 3 months ago

Where do you publish your warrant canary? This seems crucial in your position. en.m.wikipedia.org/wiki/Warran…

Warrant canary - Wikipedia

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

in reply to Levi

Tuta

in reply to Levi 3 months ago

@levigroker Hi there! you can find it at the end of this: tuta.com/blog/transparency-rep…

Transparency Report & Warrant Canary for the secure email service Tuta (formerly Tutanota) | Tuta

Tuta is the secure email service, built in Germany. Use encrypted emails on all devices with our open source email client, mobile apps & desktop clients.

^Tuta

@Levi

in reply to Tuta

Azarilhⓥ

in reply to Tuta 3 months ago

Just like Linus (LTT) said, Apple could have just stopped working in UK territory, people would fight back against UK's government, pushing them to revert back the law and get Apple back. But Apple has no backbone and cares only about money, unlike Tuta.

#Apple #Tuta #Privacy

#apple #privacy #tuta

⇧

Tuta 3 months ago • •

Tuta
3 months ago