Tutanota encrypts not just bodies and attachments of emails, but also the subject line, which can contain very sensitive information. ProtonMail uses PGP encryption, which lacks important requirements that Tutanota is able to fix. In addition, there are quite important differences in the encryption methods used.
One major differentiation here is that in Tutanota external recipients can access the entire email thread via the shared password while recipients of encrypted messages from Proton Mail are limited to just seeing one message.
Please consider this as a purely temporary measure until your notification receiving protocol is established.Īnd judging by the data I have, you receive this request regularly, but for some reason you stubbornly ignore it.Both Proton Mail and Tutanota offer end-to-end encryption for all emails, and both enable users to use a password for encrypting emails sent to recipients that don’t have an address with an encrypted email provider. This particular dependency poses a serious threat to the privacy of your users, as it gives Google the ability to see the client's IP address, the fact of using Proton, and the time of receipt of the notification, which can be used to de-anonymize users.Īs an interim solution to the problem, I propose to release on F-Droid a version of the F-Droid mobile app without notification support. Secondly, your Android mobile app uses malicious services of the evil Google corporation to receive notifications, and given the unhealthy love of this evil corporation to spy on users, sell their data and actively cooperate with governments, I consider such a function unacceptable and ask to eliminate any dependence on the services of the evil Google corporation. This topic, by the way, has already been brought up on your subreddit:
As an alternative, you can use AWS or Cloudflare BUT NOT Google. And, even though all traffic through evil corporation is encrypted, evil corporation, at least, will see client's IP address, and given the unhealthy love of this evil corporation to spying on users, selling their data and active cooperation with governments, I consider this function unacceptable and ask to stop using evil corporation services. I did some investigation and found out that the "Allow alternative routing" function uses Google evil corporation servers.
0 kommentar(er)
