Kudos to the team for the new feature. However, please correct me if I am wrong but email is inherently not a very secure communication method. Tuta is already secure enough. What they donât have are good looking and feature rich clients.
I think instead of working on further strengthening their security they should focus more on productivity and introducing more feature that a normal user would love to use. Proton is doing this, Fast mail is doing this and every other service in privacy space is trying to do this but Tuta is still way far behind.
Just a feedback for Tuta. I really love the service and what it stands for but I think the focus should shift a little to the productivity instead of making email more secure. If someone wants security they will never use email to begin with. I use tuta to get away from Big tech like google and microsoft. However, I always miss the ease of use those services have. The integrations they have and everything about them is so nice except the privacy invasion part. I think more people will accept privacy centric products if they get the same productivity out of them as they get from big tech products. Make the app good looking, simple, feature rich and full of productivity tools and fast as lightning. If you can accomplish this then many people will use privacy centric services and not just ânerdsâ like me.
BTW, currently I am using Tuta mail but I have always been tempted to use Protonmail instead because of productivity features and the ability to use it on clients like Thunderbird. However, I have my bias towards proton and donât have faith in them so I can not switch. I wanted to do it when skiff came but again, it didnât last long. Please make your apps better Tuta.
Sorry for the rant 
Well, they are trying to fix this inherent flaw email has. And if you ask me, they have. So, email inherently not being secure is true but Tuta is the solution to this problem along with Proton. The key is to email other Tuta and Proton users if using these services. Secure email is difficult to do but not impossible.
What seems to be the problem?
I love Tuta too, I find their products excellent but itâs true that their products lack class compared to Proton, itâs less beautiful, Protonâs products are much more beautiful, theyâve really worked on them as well as security.
I currently have a Tuta and Proton address and Iâm waiting for Tuta to release their Drive and an alias manager like Proton with SimpleLogin before I really decide.
Protonâs getting on my nerves more and more about diversifying its services, and I canât wait for Tuta to make rapid progress.
I assure you Tuta knows itâs about themselves. They have heard this many times by many people over the course of many years at this point. I know this for a fact as Iâve followed both companies for many years now.
Donât think theyâll improve on this front as they appear to have other priorities. They also have a smaller team so not sure if this is even feasible which should not excuse them to not even try.
I think the next big thing is their drive coming up along with continuous improvements.
Tutanota try to provide end-to-end encryption between their own service users. For that part of the service key verification is actually a fundamental requirement. Although it is a newly implemented feature, it actually should have been implemented years ago since whenever they introduced their internal end-to-end encryption. âSecure enoughâ is difficult to quantify and has changed over time with more awareness and knowledge, but this is somewhere Tuta were behind and managed to catch up. Due to the lack of published third-party audits from reputable firms it is hard to be confident they donât fall behind in other areas too.
âMonster-in-the-middleâ attacks? Surely these only happen on Halloween.
True, key verification should have been implemented before post quantum encryption and anything else. Without it, encryption is basically just trust me bro, which goes against the point of E2EE. Itâs been requested since 2018, so itâs good they finally implemented it.