https://github.com/tutao/tutanota/issues/768
There is no way to verify key fingerprint of your recipient right now. So server can just man-in-the-middle you providing third-party key and read all messages silently. It is not e2e encryption if you have to trust the server. Thanks to this HN comment for pointing it out.
This issue have been there for 7+ years.
Comments from Tuta:
https://github.com/tutao/tutanota/issues/768#issuecomment-2384998498
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Tuta introduces key verification | Tuta | 7 | 1297 | September 1, 2025 | |
| Clarification on Email "end-to-end encryption" to external recipients? | 3 | 1420 | October 23, 2023 | |
| Tuta Mail enables TutaCrypt quantum-safe encryption | 4 | 1004 | March 12, 2024 | |
| Tutanota shouldn't be at the very bottom of the email recommendations page | 14 | 3722 | July 11, 2023 | |
| All contacts use Gmail, and Outlook does not have PGP | 2 | 467 | February 13, 2024 |
Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.
Privacy Guides is a non-profit, socially motivated website that provides information for protecting your data security and privacy.
We do not make money from recommending certain products, and we do not use affiliate links.