I hope to hear from @Tutanota very soon. Lack of key verification is a major flaw in the technical design of the platform, allowing a malicious Tuta server to read end-to-end encrypted exchanges (both emails and shared calendars).
github.com/tutao/tutanota/issu…
The issue has been opened 6 years ago.
#Security #Privacy #Crypto #Cryptography #Email #FOSS
![Message posted on the GitHub issue titled "Manual key verification":
"This issue has been opened for more than 6 years now, with no clear roadmap or even real consideration from the Tuta team. I have to say, I am disappointed.
You keep saying that "[...] Tuta [is] the most secure email service on the market.", but without key verification, a malicious Tuta server can read the end-to-end encrypted emails and shared calendars exchanged on the platform as there is no way to verify the recipients' public key. As explained by @llebout, "all users of Tutanota must trust Tutanota to not provide forged keys and perform an MITM attack". This is a significant flaw in the technical design of the platform, and it does not seem to bother you.
In #198, it can be read that:
> We are aware of the issues with verification, new protocol will support verification, the work is underway
However, your post-quantum implementation has now landed but still no word on the key verification issue.
Could you please stand by what you have said from day 1, that you prioritise security and privacy, and establish a clear roadmap of the work already undertaken or to be done to fix the situation?
Thank you"](https://fedi.ml/photo/preview/640/595249 "Message posted on the GitHub issue titled \"Manual key verification\":
\"This issue has been opened for more than 6 years now, with no clear roadmap or even real consideration from the Tuta team. I have to say, I am disappointed.
You keep saying that \"[...] Tuta [is] the most secure email service on the market.\", but without key verification, a malicious Tuta server can read the end-to-end encrypted emails and shared calendars exchanged on the platform as there is no way to verify the recipients' public key. As explained by @llebout, \"all users of Tutanota must trust Tutanota to not provide forged keys and perform an MITM attack\". This is a significant flaw in the technical design of the platform, and it does not seem to bother you.
In #198, it can be read that:
> We are aware of the issues with verification, new protocol will support verification, the work is underway
However, your post-quantum implementation has now landed but still no word on the key verification issue.
Could you please stand by what you have said from day 1, that you prioritise security and privacy, and establish a clear roadmap of the work already undertaken or to be done to fix the situation?
Thank you\"")
FTC-Bericht: Massenüberwachung durch Online-Plattformen ist außer Kontrolle
heise.de/news/FTC-Bericht-Mass…
Keine Einzelfälle, sondern Teil des Geschäftsmodells
Accrescent 0.24.0 is out with settings menu accessibility improvements, target SDK 35 (Android 15), and LOTS of translation and dependency updates! 🎉
Download it from our website at accrescent.app or read the changelog below 👇
Im Namen der "Sicherheit" natürlich!
Überwachungspaket: Ampel will anlasslose Personenkontrollen und Durchsuchungen fast überall
netzpolitik.org/2024/ueberwach…
Von Amnesty bis Seawatch: Breite Front gegen Überwachungspaket der Ampel
netzpolitik.org/2024/von-amnes…
As much as we fight the EU Commission's push for #chatcontrol, we applaud the EU for protecting users' #privacy with the #GDPR.
It's about time the #EU Commission reflects on European values and increases data protection, not undermining it. ✊
Read here what Tuta does to achieve GDPR-compliance: 👉 tuta.com/blog/gdpr-compliant-e…
Tor insists its #network is safe after German cops convict CSAM dark-web admin
Kind of boils down to opsec fail here. Using outdated software, which in this case didn’t properly secure Tor connections.
Timing attacks are still viable (especially with hostile nodes), but this reads as an #opsec fail to me.
Remember: a major part of anonymity is maintaining great opsec.
Obligatory: Tor is not “just for criminals,” despite one getting caught in this case (glad he did tbh). Regular people use Tor everyday.
#cybersecurity #security #privacy
theregister.com/2024/09/19/tor…
Outdated software blamed for cracks in the armorIain Thomson (The Register)
Is your company using a quantum-safe email provider in 2024?
Not yet? Upgrade now! 🔐
Here’s how Tuta Mail can help your business 👉 tuta.com/blog/how-companies-be…
🇬🇧Leak on latest #ChatControl attempt (in German): netzpolitik.org/2024/interne-d… +++ Only AUT, DEU, EST, LUX, POL, SVN were critical – no blocking minority! +++ BEL, CZE, FIN, ITA, NLD, PRT, SWE undecided +++ EU legal experts confirm violation of our fundamental rights +++ Only 5 days to next discussion +++
Help pressure our governments into defending our #privacy of correspondence and secure #encryption now: patrick-breyer.de/en/take-acti…
#LinkedIn is not familiar with the concept of "#privacy by default"
Suggest everyone check their settings. lnkd.in/efq-wHms
Quantum computing has the potential to break modern #encryption. How real is this threat and how soon will it be viable? @Tutanota's Brandon Sundh explains how this fascinating tech works and what companies like his are doing now to protect your #privacy.
Does #Google own the web? 👀
Biggest US antitrust lawsuit ever must break the tech giant’s monopoly.👇👇👇
tuta.com/blog/google-antitrust…
What alternative Google products do you recommend to your loved ones? Let us know in the comments!
#privacymatters #privacy #monopoly
"Billionaire Larry Ellison says a vast AI-fueled surveillance system can ensure citizens will be on their best behavior"
"Ellison said AI would be used in the future to constantly watch and analyze vast surveillance systems, like security cameras, police body cameras, doorbell cameras, and vehicle dashboard cameras."
We're excited to be on @FirewallDragons
podcast on #Monday
This will definitely give you some #MondayMotivation 👇👇👇
podcast.firewallsdontstopdrago…
#Privacy #securitymatters #Tuta #Firewallsdontstopdragons #podcast
Gespräche im Auto als Datenbasis:
Patentanmeldung: Ford plant personalisierte Werbung in seinen Autos
heise.de/news/Patentanmeldung-…
The attached picture can be improved, a bit outdated.
For chat, Matrix and XMPP clients (e.g Element and Monal) can be used.
Libre Translate can replace Google Translate.
2FAS Auth is a nice project for OTP codes.
Strongbox is nice to store passwords.
PeerTube is a real YouTube alternative instead of YouTube facades.
And Yandex is an efficient search engine.
#privacy #web #degooglisonsinternet #degooglify #Android #iOS #opensource
So... #Signal and #Wire, which both have issues, but not #Matrix / #XMPP? And for video, 2 #YouTube front ends and a proprietary YouTube clone, but no direct mention of #Peertube? And for Translation, the proprietary #Deepl, but no mention of the local and #Privacy respecting #Firefox #translate
I appreciate the intent of this post, but the research is... outdated at best.
I somehow just learned about the IETF's "Privacy Pass" working group, along with Google and Apple's respective implementations ("Private State Tokens", "Private Access Tokens"), and I'm so damn tired of DRM being the answer to everything.
Mozilla wrote a blog post in December of 2023 about why they decided not to implement it:
blog.mozilla.org/en/privacy-se…
...and the IETF has a page to track the working group's drafts:
datatracker.ietf.org/wg/privac…
#IETF #DRM #cryptography #privacy
ODF wholesome encryption is the default password (symmetric) encryption mode in LibreOffice 24.8.
Supports AES-256-GCM and Argon2id.
LibreOffice 24.2/24.8 is required to open the encrypted files.
Disable: Tools > Options > Load/Save > General > ODF Format Version > 1.3 (drop down menu) > Apply > OK
AES: en.wikipedia.org/wiki/Advanced…
GCM: en.wikipedia.org/wiki/Galois/C…
Argon2: en.wikipedia.org/wiki/Argon2
Website: libreoffice.org
Mastodon: @libreoffice
#LibreOffice #Encryption #InfoSec #Privacy #E2EE
Privacy-focused Tuta Mail Opens Second Office in Munich:
See how Tuta stacks up with other email providers in keeping your information private:
📢 ❤️ Good news alert: We are proud to announce that Tuta has officially opened it's second office in Munich! 🇩🇪 🥳
Read more about our new office here:
tuta.com/blog/tuta-in-munich
🛡️ Under Meredith Whittaker, Signal Is Out to Prove Surveillance Capitalism Wrong
— WIRED
「 Signal is, in many ways, the exact opposite of the Silicon Valley model. It’s a nonprofit that has never taken investment, makes its product available for free, has no advertisements, and collects virtually no information on its users—while competing with tech giants and winning 」
As the #AI hype train continues, the threat it poses to #privacy continues to grow. 🤖
Fortunately, @noybeu is fighting back! 💪 💪 💪
👉 tuta.com/blog/noyb-privacy-win…
What are your biggest concerns about how AI will impact your privacy? Let us know in the comments!
🔍 A search engine is only as good as its search index. Even alternative search engines might be using indexes built by Big Tech. 👉 tuta.com/blog/what-is-search-i…
What is your favorite search engine? 🤔 Let us know in the comments!
The arrest of #Telegram's founder Pavel #Durov sets a dangerous precedent for what kind of action can be taken against supporters of #privacy & #cryptography.
Don't settle for anything less than E2E #encryption! We've created a list of the top encrypted messaging apps to help!
👉 tuta.com/blog/best-whatsapp-al…
There are lots of messaging apps similar to WhatsApp. Here's a review of the best secure alternatives: Signal, Threema, Telegram, Element, Wire, SimpleX, Session, and more.Tuta
Google is headed to trial after allegedly misleading Chrome users on data collection. 🧑⚖️
This is the most recent in a growing list of court proceedings.
📣 tuta.com/blog/google-incognito…
📣 tuta.com/blog/google-search-mo…
What was your most startling discovery about Google's data collection? Let us know below!
#google #encryption #privacy #data
If you thought Google’s Incognito Mode was private, you’re one of the billions around the world blinded by big tech’s privacy illusion.Tuta
Se più persone fanno un piccolo passo verso la #privacy possiamo fare la differenza!
Gmail -> @protonprivacy o @Tutanota
WhatsApp -> @matrix -> richiedi l'invito alla stanza M1 a @amministratore
Google Drive -> @nextcloud richiedi account 25GB -> cloud.mastodon.uno/apps/forms/…
Instagram -> @pixelfed
YouTube -> @peertube
Iniziate con poco! Non serve fare tutto in una volta ma passo dopo passo.
E se date una reblog a questo post potremmo raggiungere più persone in questo movimento per la privacy!
With so many great new changes in 2024 alone, what is your favorite thing about the Tuta Calendar? 📅
Major new updates are coming soon 💪💃
👉 tuta.com/calendar
#encryption #privacy #calendar #comingsoon
Tuta Calendar lets you organize your events with quantum-safe encryption. Break free from Big Tech surveillance, turn on privacy!Tuta
As dating goes digital, concerns for online privacy are more relevant than ever. ❤️
Is it possible to meet someone and still keep your privacy intact? 🤔
💘 Let’s find out 👉 tuta.com/blog/private-dating-a…
#privacy #dating #safety #security
As romance goes digital, extra steps are needed to avoid a privacy heartbreak. Here are our tips for protecting yourself and your data from overexposure.Tuta
IP-Haushaltstracking bei Google und Drittanbietern: Was es ist und wie man sich schützt
kuketz-blog.de/ip-haushaltstra…
Die IP-Adressen werden häufig für Tracking eingesetzt. Bei Google möglicherweise auch ohne Einwilligung. Wie schützt man sich dagegen?www.kuketz-blog.de
AI ❤️ Tuta!
Which makes sense as we're already using quantum-safe encryption. 🔒
We might not like AI, but it sure likes us. 😊
#ai #privacy #security #encryption #quantumworld
The web can be dangerous with stalking, identity theft & other cyber threats.
Check our post on how to remove your personal information from the web. 👇
tuta.com/blog/how-to-remove-in…
Stay safe out there! 🔒
#removeinformationonline #dataprotection #privacy #privacymatters
Find out the best tips for removing your private data from the web.Tuta
