Tuta has issued a statement that refutes claims by a former police officer that it operated as a “storefront” for intelligence gathering, calling the allegations false.
Tuta (formerly known as ‘Tutanota') is a Germany-based end-to-end encrypted email service focused on privacy and security, following minimal data collection practices and performing no user tracking. You can read more about Tuta in our in-depth Tuta review.
Former RCMP (Royal Canadian Mounted Police) officer Cameron Jay Ortis recently testified that Tutanota is a fake service set up by ‘Five Eyes‘ intelligence agencies to have criminals use it and collect data about their activities. Ortis is currently on trial in Ottawa, accused of selling state secrets to criminals.
“If targets begin to use that service, the agency that's collecting that information would be able to feed back that information into the Five Eyes system, and then back into the RCMP,” Ortis stated, according to publicly released court hearing documents.
This came as a shock to many users of the service who entrusted it. Tuta was quick to respond to the allegations, releasing a statement on Monday vehemently denying any link to Five Eyes or any other secret service.
“[Tuta] is not linked to any secret service, and there is no backdoor included. It is not even necessary to trust our words, as our entire client code is published so that anyone can verify that there is no backdoor.”
Tuta
The statement underlines that the company was founded in 2011 by Arne Möhle and Matthias Pfau, who knew each other from their time at the FHWD University in Hanover. Despite receiving state grants to develop post-quantum secure cloud storage and file-sharing solutions for the German state, Tuta has remained in the hands of its co-founders all this time, independent and free from any influence or control by state entities, law enforcement, or intelligence agencies.
Maintaining offices exclusively in Germany means that Tuta is legally obliged to respond only to warrants issued by German courts. Information about compliance with these requests is communicated via regularly updated transparency reports. It's worth noting that the ‘Five Eyes' surveillance alliance implicated in Ortis' plea doesn't include Germany, but the country is part of the broadened '14 Eyes' group.
Ultimately, Tuta emphasizes the absence of supporting evidence for Ortis' claims and his failure or reluctance to provide any evidence to back his claims about the service's true purpose. The company denounces these allegations as unfounded and “dangerous.”
“Such slanderous statements by Mr. Ortis are a slap in the face to everything that we as an individual company and as a community believe and fight for,” concludes Tuta's statement.
Allegations by people under tremendous legal pressure may successfully plant the seed of doubt around trustworthy services, but we do not see any reason that Tuta users should be worried at this point. It would be prudent to wait for concrete evidence substantiating any of these allegations before taking so bold claims against the email service seriously.
Poppy
Tutanota/“Tuta” no longer allows me to retrieve my email [from an account I’ve paid quite a lot for, almost since Tutanota first existed] when I use my VPN (Perfect Privacy, a very reputable—and secure/reliable—VPN), no matter which of seven or so of the Perfect Privacy servers (in a variety of jurisdictions) I’ve tried. Changing devices/computers, trying different trusted browsers (and even Safari), clearing all caches; etc.—none of this helps in the least. The problem is with not only the app, but the “Tuta” site, as well.
I find it telling that, as soon as I disconnect from my VPN, I’m able to connect (and could sign in to get my mail presumably, but now I’m afraid to do that: I started being very security/privacy-focused after my terribly abusive ex-spouse essentially much ruined my existence after [years ago] hiring a hacker to, well, in effect, ruin my existence after I left with our children to escape myriad types of persistent abuse.
I *can* easily connect to, and retrieve, Apple email with my VPN on. As well, I started transitioning to one of the other email services listed above [I don’t want this to read as an endorsement attempt, so I won’t mention which], and I *can* connect with that one without problem.
Support is totally unhelpful with this: no reasonable, possible explanation has been provided—e.g., I wondered if they’d been getting DoS attacks or whatever via Perfect Privacy’s IP addreses and were thus, blocking traffic from the VPN, but, no, this is “not a problem [they] are experiencing.” Instead, I was told that I should have my computers and devices [um, I guess every one of them] checked for unspecified “problems,” though as I noted, I’m having no such problems with *any* other site or app I’ve trusted.
This recent development has helped me accept my previously already-high suspicions that the informant (mentioned in the—um, too brief) article, above *is* providing relevant, accurate information about a service which I previously trusted a great deal (largely because, way back, Sven recommended it—and all *did* seem fine with it then, so I do not at all blame Sven.)
When things like this occur, it not only just generally sucks, but [especially for vulnerable people who do need very secure means of communicating, to protect from recurrence of past, devastating breaches,] it further erodes the idea that anyone/anything can be trusted. Thanks, “Tuta.”
Abcd
How does the company generate cash, and what about the server-side + data?
test
Lots of paid psyops in the comments.
I guess they didn’t read this part of the article “our entire client code is published so that anyone can verify that there is no backdoor”
Armand
Tutanoti eh?
Anonymous
This disclosure by Mr Ortis could be the truth; besides, why would someone lie about this? What incentive would an individual have to make such elaborate statements if they were falsehoods? Perjury in Canada is a serious offence and carries a possible maximum prison sentence of 14 years. What else can Tuta do but deny it and attempt to discredit the whistleblower by asserting slander?
So, if this is true, you have to ask, “How could Tuta possibly assist in monitoring criminal activity when, as they claim, their email service is end-to-end encrypted? Does this mean they can decrypt users’ emails to monitor nefarious activity and report it to the authorities?
Grey Wanderer
Whatever the case might be here, tutti frutti are pro-censorship, just like Mozilla:
https://tuta.com/blog/posts/how-free-web-fuels-conspiracy-theories
They may be for privacy and all that, but only as long as their business requires it. In reality, I don’t believe they Actually care. Such people, sooner or later, will sell you with no hesitation. Don’t get fooled by technicalities, focus on the people behind the facade, on how they think, speak and express(expose) themselves.
MoonPie
This is clearly slander by a criminal who got caught and wanted to vent his ager at someone.
Anon
The one part that makes me believe the Former RCMP guy is that he is on trial for selling state secrets makes me believe he is indeed telling the truth. Because if he were lying then he physically cannot be selling state secrets. I very well could be wrong about this but from what I’ve seen he seems legit.
Nikola
It is important to know what state secrets he was selling, according to the legal accusations. Were they related to Tuta or to something else? This article doesn’t give any info on that.
If they were about Tuta, then, yes, he is almost surely right and Tuta is secret agency service. If he was selling secrets unrelated to Tuta, then we should wait for more info on the matter.
Anonymous
Exactly . They kinda gave it away with that one detail .