CBC: Tutanota (Tuta) is a honeypot

Tutanota (Tuta) just released a statement: x.com

I cant neve make an account in Tuta website. They always say it depends on spam stuff or what ? I aint even used them before lol

Same, probably using a trusted country’s proxy would help.

They want us to pay now (Fair).

Testimony before a judge isn’t journalism. It is individuals responding under oath to verbal and written questions. Any sort of external response would be inappropriate.

Adding Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement | CBC News which clarifies and did ask for comment, actually.

I think there is a far cry between this and having an email service listed that could be a honeypot. Sure, the claims are unclear, but this is a pretty enormous blow and I’m surprised the PG community isn’t more up in arms about this. It undermines the integrity of the entire community to not take this type of claim seriously.
Right now, it’s a he-said she-said, and I think sites like PG should be strict.

@jonah, just curious and if you can indulge me, what’s your setup regarding mail provider?

Thanks for the link. I think this is important. Independent media has a role in figuring out the truth for the public good. And such allocations should really be addressed. And i think it is necessary to question a company when things like this are been said.

It isn’t really though, this is more along the same lines as the continual allegations that “Proton is a CIA honeypot” or whatever. The claims don’t appear to have any basis in reality, and there’s a reason that hearsay like this is usually not admissible in legitimate courts in the first place. Why it’s being allowed here in this Canadian case is not clear to me.

I don’t see it as similar whatsoever. This is under oath testimony before a court by a government employee with exact specificity. Ignoring it is strange. I’m not familiar with “hearsay” or “legitimate courts” but perjuring yourself before a court is a major crime.

Well, that is what criminals do.

The definition of hearsay is when a witness reports the words of somebody else, rather than their own experiences. In this case, Ortis is claiming Tutanota is a “storefront” based on a briefing he received (from some other party who did not testify in this case). It’s second-hand information that he was also unable to substantiate, so it would be irresponsible to take it as fact.

It’s obviously not being “ignored” by us, because we are discussing it here, we are just choosing to not remove Tutanota from the site based on hearsay at this time, and we’ll continue to keep an eye on it here in this thread.

Ok, that’s fair. I expect we will learn some more developments in the next we weeks.

Tbh, I really wonder what kind of a threat model can require a very very secure email collaboration unless you are a whistleblower, or sth like that. Even in that case, I don’t think you will be able to use PGP to send emails to a government institution. Also, you need to use a VPN (assuming no money trail or protection against law enforcement) or Tor browser to hide your IP, even with a perfect encryption.

Imagine being that lady’s editor:
“Catherine, this company is mad you didn’t check with them before publishing (mea culpa, yeah, I should have known by now)”
“ok, but it’s just one sentence, I’ll update the original story”
“no, it’s been three days, just push a new article. And, since you’re at it, rewrite the whole thing with coherent sentences, please”

In my opinion, this doesn’t make any sense. I don’t know how many users they have, but it seems to me that Proton is way more popular, and they are still far from big provider. So making Tuta honeypot might help you get like 3 criminals a year, it’s just not worth it. And as someone mentioned, email is barely used for private conversations these days. I expect young people will not know how to use it properly in a few years. I asked friend some info from mail he received, to help him with an issue, and he took a screenshot and sent it via IM (there was no private information there)

Also, they’ve been doing business for years, I suppose there were some external audits, or at least some experts in the field took a look at their (clients) code. I agree there is a risk with web version and in that case you have to trust provider. But you don’t have to use Tuta in browser.

Ironically, this is the exact reason why PG hasn’t delisted tutanota.

People will have varying opinions but this seals the deal for me: quoted from tuta blog:

In another article more excerpts of the hearing are explained in which it reads like Mr Ortis was using Tutanota to communciate with the criminal, rather than “lure him into using it”

My intuition tells me this is 95% what actually took place and he is just lying that tuta was a honeypot, a pathetic lie at that.

I will wholeheartedly support a lawsuit by tuta for defamation and slander.

Can you explain what you mean?

The story is about a guy named Cameron Jay Ortis, who worked for Canadian intelligence and encouraged “criminals” to use Tuta, right?
And at his trial, he stated that Tuta is a honeypot created and used by governments to incite criminals to use it, right?

Yes, so why is it still listed here

Because, to my understanding, no proof has been procured