canadian intelligence officer, testifying under oath: yeah tutanota is a front for collecting data^[1]
tutanota: nuh uh

@ptrc that's wild wtf

@ic5146 the wildest part is that it's 2023 news but somehow they managed to sweep it under the rug so well

@ptrc who? tuta?

@ic5146 ya, i assume it's not good for business to have news floating around that you're ran by feds

@ptrc tuta can't just make a blog post and NOT elaborate further what the hell is that

@ptrc what are the odds that proton is the same?

@tofu @ptrc

Quite high actaully. Almost all of the VPN businesses that you can use to do illegal stuff and that don't get shut down are ran by intelligence agencies.

They need the criminals to use their service so that their agents have plausible deniability for being "caught" with that service on their devices.

And their agents use them to communicate with HQ.

(Also it allows you to have a foot in a bunch of networks behind their perimeter firewalls...)

@konstruct @ptrc

well what would you elaborate? It's quite clear what is going on...

@agowa338 @ptrc I mean they already grabbed the IP of someone sending bomb threats via protonmail and people were somehow shocked

@agowa338 @konstruct they could point out that the officer's entire story—sending confidential documents from his random tutanota account—was dependent on the assumption that getting "targets" to use tutanota was benefiting 5eyes

or, like, anything else really

@ptrc @konstruct

And thereby putting more attention on all of this? They were trying to sweep it under the rug. So of course they'll keep anything and everything they say as short and ambiguous as possible...

@agowa338 @ptrc I think what they mean is that they use this platform to impersonate criminals, not to learn data from tuta's servers directly

@konstruct @ptrc

> so if targets begin to use that service

That is a very specific way to word it. They didn't say "contact agents". They said "begin to use".

@ptrc okay atp: if it looks even remotely corporate & marketable, it’s probably a fed surveillance op lmao

@ptrc wait what oh no

@ptrc WTAF i thought this was a joke for a second

@ptrc glad i quit using it a few years ago! and my previous email provider was seized by feds, not having much luck here @ic5146

@agowa338 @ptrc begin to use that service for crime, since they're after criminals

@konstruct @ptrc

"the information into the 5EYES system".

And the 5EYES system is where they dump all of the data they've access to.
They dump everything that COULD be interesting in there to be able to search it later...

@ptrc "encrypted"/"secure" email is a scam? Who could've predicted that xD

@ptrc both tuta and proton have always felt fishy for me because of their closed nature. funny this hunch turned out to be true

epic win for team selfhost (writing this through metaphorical tears)

@agowa338 @ptrc yeah, true, but from what it looks like they're doing, they can only get that information by making you interact with them as fake criminals

@konstruct @ptrc

No.

@agowa338 @ptrc lol ok

@konstruct @ptrc

If you still don't see it then we've to stick with agreeing on disagreeing. There literally isn't anything more I could tell you. It's literally quite obvious from reading this to me...

@tofu @agowa338 @ptrc If I’m remembering that right, they were sending threats from their dormitory wifi and confessed during the first visit from LEO, following up on the small amount of internet activity right before the exam.

@ptrc Oh, for fucks sake. It was even hiding in plain sight...
https://archive.org/details/nov3am/page/14/mode/2up
I've had an account with them for 5 years and used it for "official" matters (job hunting, communication with therapist, government stuff).
Now I need not only to stop procastinating and move off of proton, but also this. Question is: where...

@elly @ptrc

Question is: where…
disroot? (if u trust them enough ofc)

@elly @ptrc run your own mail server? it's the only option that can fully be trusted

@noisytoot @ptrc uh, no. Too much hassle and maintenance (which I have no time for) too little benefit.

@elly @ptrc I run my own mail server and there's not that much maintenance (beyond just doing security updates), at least between Debian releases (the version of dovecot in trixie totally changed its configuration which is why I'm still on bookworm, and in a previous upgrade the opensmtpd package broke in a way that meant I couldn't receive any email from gmail (I don't remember what exactly the issue was, but it was something TLS-related))

@noisytoot @elly @ptrc depending of how often you send emails, you also have to take care of IP reputation. especially with Outlook and the likes

@nay @elly @ptrc isn't that more of an IP address lottery you have to do once rather than ongoing maintenance? (at least for a personal mail server)

@ptrc you're kind of omitting the part when everyone called bs on his testimony and he got a 14 year prison sentence

@sarna oh i did mention lower in the thread that his entire testimony ( sending files from his tutanota account ) was depending on the fact that tutanota is a honeypot
and the original post is just poking fun at how tutanota didn't really try very hard at disproving it, they just said "nah trust me bro we're safe"

@elly @ptrc Seconded. Self hosting is presently not an option for me (I don't want to play the IP rep game, horrific uptime, etc), but I'm genuinely not sure which provider to go with.

@ptrc yea to me it sounds like he was trying to quickly invent some conspiracy theory, the chair company-style, to escape prosecution somehow
but idk how else tuta could disprove it? imagine the guy says you're a CIA asset. do you have proof that you're not? 🤨

@noisytoot @elly @ptrc unfortunately not. there’s a reason as of why IP warming is a thing, as an example…

@noisytoot @elly @ptrc

the version of dovecot in trixie totally changed its configuration

Hah, I'm just going through this on my mail servers. Damn you, dovecot, how can you do this in a minor version update‽

@nay @elly @ptrc I hadn't heard of IP warming. Does it actually matter if you aren't hosting email for many people/mass-sending emails/hosting large mailing lists?

@ptrc @sarna I'll take "Things that definitely should have gone in the original post" for $500