馃敂馃惁 Thunderbird Fans, this one's for you! Tuta Mail & Tuta Calendar are now available as add-ons in Thunderbird.
Find out how to add Tuta as an add-on 馃憠 https://tuta.com/de/blog/tuta-add-on-in-thunderbird
Enjoy! 鉂わ笍
1
Discussion
Loading...
Post
Why do I need an addon? The entire point of wanting to use Thunderbird is for it to integrate into the regular UX of Thunderbird. Not to have it in a browser tab within Thunderbird...
1
There's no standardized way of handling end-to-end encryption in Email, so a few providers ( @Tutanota and Proton, to my knowledge) offer their own in-house solutions for it.
These solutions render the services incompatible with the standards powering clients like Thunderbird. It also is limited to emails within the same provider.
The only real solution would probably be an update of the e-mail protocol to allow for standardized E2EE.
@agowa338
3
There is, openPGP and S/MIME, but the problem is they don't work keyless/password less for the vast vast majority of email use cases.
Thunderbird and Proton have made their own proprietary alternatives... *which also don't support the same thing outside of their own ecosystem which means they are useless for 99.9% of email usecases* just like the standard alternatives. They only work for vendor lock-in communication and marketing.
It is the XKCD standards comic.
2
@justenoughducks @sab @Tutanota @agowa338
you're wrong on everything you've said
pgp works without password (probably not recommended)
when someone sends me (i am not using proton) from proton an email. proton gets my pgp pubkey automatically, without user interaction and encrypts the email to me and i can get the pubkey of every user at proton over an api from proton and encrypt my email to them (not automatically)
thunderbird is a client and not an email provider. they don't have some own proprietary alternatives. everyone can use pgp with thunderbird
1
@nathanael @justenoughducks @sab @Tutanota
Also PGP as well as S/MIME have provider independent RFC standards. Including ones for public key distribution via DNS.
Which e.g. #posteo_de implements.
1
@nathanael @justenoughducks @sab @Tutanota
Oh and because I just saw this article in the timeline (and what Tutanota is doing here is exactly the same as Online Password managers are doing):
@justenoughducks @sab @Tutanota
Well and at tuta all depends on your password and if you assume that the service itself is compromised even changing your password wouldn't do anything as it works by argon2 encrypting your private key and storing that encrypted blob on their server.
Oh and because of all of that abundance of for "AI" that also governments are currently investing in (in addition to the big tech companies) brute-forcing it becomes quite feasible...
1
@nathanael @sab @Tutanota @agowa338
To be fair to Tuta, by using their own system they managed some improvements over the standard PGP that Proton uses, eg. Header encryption and Post-Quantum Security. I still prefer the open standards used by Proton and hope that PGP will enable these two features soon.
1
@gommehammer @nathanael @sab @Tutanota
Which you can't verify and for whom you won't even notice being stripped away...
1
@agowa338 @nathanael @sab @Tutanota The Tuta client is fully open source, so it should be possible for someone with coding experience to notice drastic changes like the removal of encryption.
1
1 more replies (not shown)