I recently saw Tuta boasting about their “zero knowledge” email service but from reading their article it seems like the same stuff every private email service offers - encrypted email, contacts, etc etc. Doesn’t that make their tweet below seem a little disingenuous? To me it reads as though they don’t even keep IP info on their customers. Please enlighten me.
I just want to point out those two tweets were made (A) two days apart, and (B) from two separate accounts The way the screenshots are displayed makes it look like there is a direct relationship between those two tweets that probably isn’t there/wasn’t intended.
We do not log any user IPs when creating accounts or when you access/use them. By not collecting this information we cannot be forced to turn it over. We also do not require phone numbers or secondary email addresses which means that you can create a truly anonymous Tuta account over the Tor network.
Regarding the zero-knowledge architecture, this is related. The blog post here is referring to how we have constructed our internal infrastructure in such a way that we are unable to view customer data (emails, calendar events, contacts, etc). This is specifically referring to the way in which data like emails, contact info, or calendar events are encrypted on your device before any data leaves your device and heads to our servers.
We have also created our own push notification service which completely avoids Google’s FCM service. This means that notification data is not being shared with these third-parties. With the Tuta Calendar event reminders we never see the names, times, places, or dates of any events.
Our goal is to encrypt as much data as possible and do not require any more information than is needed for operational purposes. We don’t need to store your IP to send an email, so we don’t.
There is no legitimate reason to store more data than is required for a service to function properly.
I hope this answered your questions, if not we can provide more info : )
But, won’t google know my Tuta address because of Google Play Services as you reveal my whole address in accounts and services (Under android settings) ?
They give you a recovery code during account creation, it is the only way to reset your password/2FA. If it’s lost, you are doomed.