New Sponsor: Tutanota [rejected]

We would like to suggest as an endorsed Quilt sponsor.

It would allow us to get unlimited free emails, something we’re currently struggling with, as AWS WorkMail currently costs us $4/user/month which isn’t sustainable.

You can find more information on the Tutanota for Open Source Projects page on their website. From what I could gather, they request a small logo on our website home page in exchange, which would make them an endorsed sponsor.

Tutanota is an open-source, secure, tracking free and green email provider. It can be considered a bit on the more expensive range of providers, due to their services being split into multiple paid addons.

Looking forward to hear your feedback.

We’ve enjoyed using their services in the past and afaik they are pretty decent other than deleting inactive accounts after 6 months or so though I doubt that will happen to sponsered accounts but may be something to look out for if email volume / need to check is low.
Basically we have no objections to this.

I don’t approve. Tutanota has done weird stuff in the past, most notably an advertising controversy where they used a certain racist meme format. Quilt would be impacted by that baggage. In addition, Tutanota does not support open formats like IMAP and OpenPGP, severely limiting what Quilt can do, akin to a walled garden.

I was unable to find info on this controversy - can you give me some idea on the search terms?

It has since been deleted, but a quick search of #Tutanota on the Fediverse will turn up information on it.

1 Like

I’ve done a quick search (using since that’s where I have an account), and come up with the following notes:

  1. I was only able to find this toot in particular regarding the racist meme format, which doesn’t go into any kind of detail. Clearly something happened - I just can’t find any information at all.

  2. Perhaps more concerning is Tutanota’s clear attempts at building a walled garden - as Use Plaintext Email notes:

    • One may not use SMTP or IMAP with Tutanota, two very important open standards
    • Supposedly, Tutanota’s reasoning for this limitation are lies - but no detail is available to back up this claim

    It’s also interesting to note that many users on the Fediverse have pointed out that Tutanota does not properly support standard PGP encrypted email either, and it does not expose a way for you to set up PGP keys belonging to recipients that don’t themselves use Tutanota.

  3. As TechCrunch notes, Tutanota was forced to provide unrestricted access to an email account by a German court ruling. This is not necessarily a deal-breaker on its own, but it’s problematic given that Tutanota bills itself as a privacy-centric encrypted email provider - if that’s the case, why does their processing pipeline make this so trivial?

  4. Tutanota is blocked in Russia (unsurprisingly, as an encrypted email provider), as well as by service providers in several companies. Tutanota users are also unable to use Microsoft Teams for some reason.

I remember what Tutanota posted. They posted:

Don’t get cucked by Big Tech. Switch to an email provider that respects you.

…or something like that. I specifically remember the exact wording of the first sentence though. They attached the Piper Perri Surrounded (nsfw warning) meme with Big Tech logos overlaid on the men’s faces.

I’ve scrolled through all the Mastodon toots containing #tutanota and did some Google searches and couldn’t come up with anything regarding racism, outside of the toot gdude mentioned and Tutanota saying they won’t be using the term blacklist anymore.

Not supporting GPG keyrings isn’t an issue, we don’t really have a need for super advanced encryption. As a matter of fact, I think it is an upgrade from AWS not providing any form of encryption whatsoever. SMTP/IMAP is an issue. The justification given is that the Tutanota server would have to store a decryption key to be able to provide those services, and as far as I know that is correct. I am not too worried about getting data out, as the application is open source and they are fine with reverse engineering to export data, according to their FAQ.

I’ve looked at the German case, they had to backdoor their own app to extract the keys from the user device. As far as I can tell, they did in fact not have access to the encryption key. This is far from ideal, but I can hardly hold it against them considering it was a court order.

I don’t have much to say about it being blocked in Russia. I don’t think anyone who should have a Quilt email is in Russia, and even if they do I’m sure they are smart enough to avoid the block.

Here is something to prove what I’m alleging. This post is now deleted on the instance it originated from, but my instance still has a cached copy of it. I took a screenshot of it and its replies.

1 Like

Thanks for the added context. One of our staff members was able to find the meme in question - I’m neglecting to post it here directly given the context, but it is as described.

Based on the above, we’ve decided to not continue with that sponsorship. Thanks to everyone who provided feedback, it has been quite valuable when evaluating this offer.