Tutanota and EasyGPG
Bad news about Tutanota and what it means to us.https://www.reddit.com/r/tutanota/comments/dven2n/re_german_court_orders_open_source_everything/
Apparently, the German government can force Tutanota to give them unencrypted email sent and received by a given account after they receive a court order to do so. Tutanota makes it easy to send unencrypted email if you choose, so this really does mean something.
However, the encrypted email sent with Tutanota is encrypted and decrypted in the browsers of the sender and receiver, so these court orders can not be used to see encrypted email.
Tutanota issues regular reports (linked to in the Reddit discussion) about the court orders they receive.
I have a Tutanota account that I use for EasyGPG. It is mentioned in EasyGPG's built-in Help.
When I use Tutanota, I encrypt with EasyGPG, in addition to any encryption by Tutanota. I do the same with my ProtonMail account. I believe that ProtonMail and Tutanota are far more trustworthy than, for example, Gmail, but I do not trust them as much as I trust gpg
Tutanota mutilates PGP messages by removing all the newlines, turning the entire message into one long line. To read these mutilated messages with gpg
, you would have to manually repair the damage, but with EasyGPG this isn't necessary. EasyGPG will fix the damage.
Here is a PGP message mutilated the way Tutanota mutilates messages.
-----BEGIN PGP MESSAGE-----owJ4nAFUAqv9kA0DAQoBpr2/V1e3MekByyR0AS1d2CosVGhpcyBpcyBhbiBleGFtcGxlIG1lc3NhZ2UuDQqJAhwEAQEKAAYFAl3YKiwACgkQpr2/V1e3MenDoxAA6PpK87My4zKKDsSikAyT/XGee8mDWIjJEVHsupGaryIDE3nOVp4YMRE9Nvt7UhkcC7M9XC0Vu9poxQBEzuasuz1muLRgSwohrurlBERDVJu/4chNz8RrmZjHeR7l0vmMdfTIyatt5uahUCJEgIDxMX3uhsXLY8zE7tfBvnPBjyKRH6Kl2UwtRtn6SWKCY0hMrJiLMkPCBn3QC0+/C1CNunC0c4Pgz7+Mov5SEEv9YUtH/MKo9NL3ILyvdlbHQSi0V9nQhJY0J37pR8n4nsvQP4dQK/tFOcCVfHXU9Oq/f1xFAekD8oPRzgiDrbr9jwwaR1W9xtRceimcXQ9xhw5kkAMjw8SknsHgF+Eu0ucI3KDjI1stF5lBFbKXyd4ylTj1wU2sU8MAeu6OwgfjF4qKSfe3rvAMToHZmR1MfwUt/t9B2DRwMRp5Ri3uit+dKO0HAfcchpUNoHPvUXH+fGla1vdpR8C7If1n48pW1CgVnVc4mJBt5diFEaRD7qEhM9aznjfiaUDRCYzSreOqUdXlriGc97kwmTqglrQFHmDQv7Z+ZKWs88oK5AdAjrGukr4hvbFanwpJYirKvQiHoruT/OSiuj+w330YZGe+0qhr8u7dXzVEblZvws8/86LtaBIIm0AavAvMIx/raXYXDolTRRoCfeER1YERF2r+9KJhCgzWLiLs=6Wbe-----END PGP MESSAGE-----
With EasyGPG, you can read this. By the way, this is signed but not encrypted.
If you want to verify my signature, but you don't have my public key, you can quickly import it by dragging and dropping easygpg.sh
onto your EasyGPG Desktop file. That will also read the 3 PGP messages also in easygpg.sh
I do some other things to keep my Tutanota and ProtonMail email secure.
- I created the accounts using Tor.
- I only access the accounts using Tor.
- I create my user names with this command line: cat /dev/urandom | tr -dc "0-9a-z" | fold -w 8 | head -n 1
- I create my account passwords with the same command line, except that the passwords are 20 to 25 characters long and include both upper and lower case letters.
- I store my passwords in an encrypted file made with EasyGPG's Encrypt a message to me and save it as a text file
To install EasyGPG for the first time, click on the following link. This is a tar.gz
file. Extract the contents of the file, which will be a folder called EasyGPG-Installer
. Open the folder, and double-click Install EasyGPG
. This will create your new EasyGPG folder, and open a window to it.https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz
[The installer is also available on I2P at http://easygpg2.i2p/EasyGPG-Installer.tar.gz
]^1^EasyGPG Web Siteshttps://archive.org/download/easygpg/EasyGPG-Home.html Internet Archive (clearnet)http://easygpg2.i2p/ I2P eepsitehttp://127.0.0.1:43110/1EiCNMUtTVvY34bp4XynVSaR8UdrzvngRi/ ZeroNet zite
See also https://archive.org/details/easygpg.
For news about EasyGPG, click on the #easygpg
^1^ If you run the installer while using I2P, EasyGPG will be downloaded from EasyGPG’s I2P eepsite.