This might come out as a bit of a rant, but I just wanted to post it here anyway since it’s the only social media I use.
Recently, I’ve been making some steps to improve my privacy. GrapheneOS, Linux on my PC, open source software, moving away from Google stuff. So, next logical step was for me to switch away from Gmail. I went with Tutanota, since they’re based in EU, their mobile app is on F-Droid and doesn’t require Google Play Services. So I made an account, switched a bunch of my private account e-mails from Gmail to Tuta, and was basically done. Two days later, I wake up to a “invalid credentials” message. I checked the option to remember my password on my PC, so I thought it was weird. I checked my phone, and it turns out I was logged out of the app too. I tried changing my password with recovery code, thinking something went wrong (though unlikely since I used a password manager), but I got an error on that one too. So I contacted Tutanota, almost a week ago. No response.
I tried looking on various sites to check if people had a similar issue. I found a few reports on Reddit. The moderator of Tuta says to contact the e-mail address that I sent a message to already, but people complained that they haven’t gotten a response either. I found out that similar reports were happening for a while now, accounts being flagged for seemingly no reason. I found one post from October, 2024, from a frustrated user. He said he was in the same situation, and when he finally got the reply, Tutanota said they can’t do anything. When I found that post, I was really disheartened. I’ve already went back on a bunch of accounts to @gmail.com account, for safety, but there is still a few that I’m not even able to access because they use e-mail 2fa. Some of them being accounts for various government public services.
So this one gave me a pause on my privacy journey. I never encountered problems like this one before. A service blocking my account without any message or warning. No contact from support. Being locked out of my accounts. I’ve lost a lot of enthusiasm to replace a few proprietary services that I have left.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.43K Posts
- 112K Comments
- Modlog
A lot of these “privacy sensitive” service providers are actually quite user-hostile.
Find a middle ground - get your own domain (pick a good registrar) and find a respectable mail host that has a support team with accountability who don’t treat you like a burden on this planet when you attempt to contact them (i.e not Tuta, not Mailbox-org - nope!!!, not Proton etc.). Do not go overboard with DMARC/etc in the beginning. Go about it slowly.
Also - make sure you use a service that lets you connect via an IMAP/POP client. It pains me to say that, but if you start avoiding services based on “five eyes” and “14 eyes” and “195 eyes”, I’m pretty sure we will be looking at pigeons and corked bottles in the sea. So, if you need E2EE over email - please use E2EE in the email using GPG on your own. I’d highly recommend not falling for the privacy theatre of the likes of Proton.
I understand the tuta and proton hate, but what’s wrong with the mailbox dot org?
I think they have some sort of critical security flaw regarding spoofing that hasn’t been resolved in years and they had a forum thread about it
I found some really old leddit and HN threads with similar warnings but nothing conclusive –Please send links if anyone finds anything convincing
+1 for Proton as a security theatre.
Proton is not safe, the Swiss government can (and did, in fact) ask Proton for users’ IP addresses and metadata.
Plus, Proton forces you to use their client instead of standard IMAP.
What metadata?
Proton stores senders and subjects in clear text. Only the content of the email is encrypted.
That means that the Swiss government can easily force them to handle out that data.
Fastmail is what i use for this. $50/year. Not gmail. Catch-all email boxes. So i use a new address for everything. It’s not proton. So not sure if it’s even encrypted at rest. But they are not selling my email to advertisers like gmail. And if I want to move I own my domian so its easy.
Did we read the same post?