A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies.

The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.

Tutanota (now Tuta) denies this: https://tuta.com/blog/tutanota-not-a-honeypot

    • workerONE@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Who is accusing them of this and what is the accuser’s reputation? According to this article, one Canadian official was told by someone that they had a PLAN to use tutanota is a malicious way, but there’s not even an accusation that anything ever happened. https://cyberwarzone.com/is-tutanota-a-honeypot-for-intelligence-agencies/

      Tutanota’s reply: "Hi there, these allegations are absolutely false. Tuta was founded in 2011 by Arne Möhle and Matthias Pfau who knew each other from studying together at FHWD university in Germany. To this day, the company is wholly owned by Matthias and Arne, and is not liable to anyone else.

      The Tutao GbmH is not owned by any secret service, nor is it a “storefront” as claimed by Cameron Ortis. These allegations are completely untrue.

      With offices in Germany we only respond to valid warrants issued by German courts. You can read more on this in our Transparency Report: https://tuta.com/blog/transparency-report

      In addition, Tuta is open source and the entire client code is published on GitHub. Thus, everyone can inspect the code and verify how the end-to-end encryption in Tuta works and that there are no backdoors hidden in the code."

      • SakiOPM
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        In addition, Tuta is open source and the entire client code is published on GitHub.

        One can freely share “good” source code while actually using something different; which might be an intrinsic problem of an “open-source” web service. Plus, one has no reason to believe that the service has never been compromised: someone might have a backdoor that Tuta itself is unaware.

        I’d like to believe that Tuta is not evil, but ultimately that’s anyone’s guess. I’d recommend true e2e (local-to-local) such as PGP, rather than trusting a middle-man e2e provider.