Proton AG acquires SimpleLogin, an email alias service

Martin Brinkmann
Apr 9, 2022
Updated • Apr 9, 2022

Proton AG, the Swiss company behind the popular privacy-friendly products ProtonMail and ProtonVPN has acquired the email alias service SimpleLogin.

SimpleLogin is an open source email alias service that has free, commercial and Enterprise plans. Email alias services act as proxies that protect user email addresses online. Users sign-up online using an email alias that is provided by the service to protect their own email address. All communication is forwarded to the user's email address automatically. Options to reply from the email alias and other features are supported by many services, including SimpleLogin, as well.

Email spam and other unwanted content can be blocked using an email alias service, as it is usually just a flip of a button to disable an alias and block any future communication.

We mentioned SimpleLogin as an excellent alternative to Mozilla's Firefox Relay service, as it is offering more features for a lower price.

The acquisition by Proton AG has no affect on SimpleLogin's service according to the announcement on the SimpleLogin blog. The current open source model won't change and users may use the email alias service with all email providers just like before. Proton AG will provide additional resources for the development of SimpleLogin.

SimpleLogin mentioned the following improvements that are coming to its service in the near future:

  • The service will benefit from the Proton infrastructure and expertise in "running an email service that’s been battle-tested".
  • Uptime and incidence handling will improve thanks to a 24/7 team.
  • Ability to leverage Proton's "expertise in email and application security", and to benefit from "ProtonMail's anti-abuse and anti-spam technologies".

SimpleLogin's code has been audited already and the infrastructure has been hardened. Development will be faster thanks to increase of development team members.

Proton AG plans to integrate the SimpleLogin service better into its ProtonMail email service.

Closing Words

ProtonMail users could use SimpleLogin already, but the upcoming integration of the service will make things easier and the entire process smoother. ProtonMail benefits from the move in several ways: it adds capabilities to its service in the short term that were not as good as those of competing services, and it is getting another revenue source.

Now You: do you use SimpleLogin or ProtonMail? What is your take on the acquisition?

Proton AG acquires SimpleLogin, an email alias service
Article Name
Proton AG acquires SimpleLogin, an email alias service
Proton AG, the Swiss company behind the popular privacy-friendly product ProtonMail, has acquired the email alias service SimpleLogin.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. nobs said on August 4, 2022 at 9:16 am

    Proton is a solid, privacy oriented company. I am using their services since many years and my experience contradicts the false rumors that are spread in some of the comments to this post.

    Authoritarian governments don’t like companies like Proton to succeed. They can resort to smear campaigns in order to try to limit Proton’s success. The list of unfounded rumors under this article looks like such an attempt. If they really go that far, it confirms Proton’s success in avoiding censoring and freedom of speech limiting rules imposed by those governments.

  2. Jay said on April 11, 2022 at 10:16 pm

    As usual, I feel that much of what Mr. Heart says is not helpful and ignore it. Spreading ludicrous misinformation and rumors is expected on a political comment page, however it is not desired on a technical one. Iron Heart, you are, of course, most welcome to respond, please note that I will not be reading it since I will not visit this thread again.

    There are many independent audits of Proton Technologies products and services that document it’s security and privacy. I will not include a ton of URL links since anyone can relatively easy time finding them.

    1. Iron Heart said on April 12, 2022 at 7:42 am

      Since this person won’t have a conversation about his naivety, what I am saying is directed at people who have read this character assassination of mine:

      A connection to Tesonet was admitted to by Proton Technologies staff. Officially, for all to read. Their backstory is oddly the same one that Surfshark told us and Surfshark has already merged with yet another Tesonet-connected VPN service, NordVPN. All of this was reported by mainstream tech websites and not just whispered in some dark corner of the Internet.

      “Independent” audits have nothing to do with ownership structure, and they are not looking at the entire network at all, but rather only at select servers shown to them.

      I think Jay is a p*ssed off Proton Technolgies customer who will continue to use Tesonet’s service no matter the evidence against it, because he believes in their official marketing. In my opinion, and as the saying goes, “A fool and his money…”

  3. Anonymous said on April 11, 2022 at 2:36 pm

    >they’re overly political in their business PR. A VPN and Mail provider should just be that, nothing more, but you have their CEO making blog posts about “liberating people” and whatnot.

    There blog posts are straight up cringey. The whole compnay acts like they are some type of revolutanries and whatnot.

    Users want a normal private email provider/vpn/other stuff the company provides and not over the counter political stuff about journalists, freedom, activists, NGO, blah blah.

  4. Anonymous said on April 10, 2022 at 10:44 pm

    “We mentioned SimpleLogin as an excellent alternative to Mozilla’s Firefox Relay service, as it is offering more features for a lower price.”

    Also, the Proton team has demonstrated its ethics enough, and more than just by never backstabbing its users (which should go without saying as the bare minimum before any trust is given but isn’t even true in the case of Mozilla Corporation).

    While on the contrary Mozilla Corporation’s current philosophy is centered on monetizing private user data as much as possible, with the added problem that it has many times done so deceptively, not the kind of people you want in control of your emails if you can avoid them.

  5. Matti said on April 10, 2022 at 4:02 pm

    Not sure how I feel about this. I use SimpleLogin and like the service. It’s very useful if I need to create an alias on the fly when signing up for something.

    I don’t really like Proton AG though. Aside from the alleged ties with NordVPN’s parent company and selling out teen protesters, they’re overly political in their business PR. A VPN and Mail provider should just be that, nothing more, but you have their CEO making blog posts about “liberating people” and whatnot.

    SimpleLogin claims they’ll continue to operate in a provider-agnostic manner, but who knows….

    1. thebrowser said on April 10, 2022 at 10:02 pm

      > SimpleLogin claims they’ll continue to operate in a provider-agnostic manner

      But this only means you’ll be able to use SimpleLogin with email providers other than ProtonMail.

      The main concern about this news is that if ProtonMail gets compromised in any way, or decides to start acting maliciously, SimpleLogin will be affected by extension. The symbiotic relationship between these two companies is clear, but this is a “never put your eggs in one basket” type of situation.

  6. Pet said on April 10, 2022 at 9:47 am

    Lol, some people live a nightmare. I cant find any other word for living a life by feeling that i am followed and watched upon 24/7. Some guys think they are so unique that all tech companies care about them. None cares about you guys. None care about where you taking your shit everyday.
    If you don’t want to be a part of the internet human society then don’t use internet. Take the mountains and live there in peace. Lots of goats even to fulfill your sexual needs.

    1. Klaas Vaak said on April 10, 2022 at 11:12 am

      @Pet: when you go to the toilet presumably you have nothing to hide, yet you close and/or lock the door. Why is that? The answer is simple: privacy. It is the same for those who use the internet: even if they have nothing to hide, like you in the toilet, they want privacy because in principle it is nobody’s business what they do on internet. Period.

      1. Anonymous said on April 11, 2022 at 7:04 am

        yeah +1 to what @Klaas Vaak said. except its not just internet now, even software nowadays has gone overboard.

    2. owl said on April 10, 2022 at 10:25 am

      Handle @Pet,
      The perfect name for you.
      Your reference to “a part of the internet human society” is, in a word, “guinea pig”.
      Certainly, people with values like yours would not be seen as human (respect for basic human rights) by anyone. Oh, what an empty-human, you’re.

  7. User said on April 10, 2022 at 4:15 am

    My experience with ProtonMail not is good. I sended a email to [email protected] with a doubt. I questionated if is possible use more of 1 account free and your team responded “Yes”. Result? Two accounts disabled and losed important archives in e-mail. Ok, I cometed a error. But totality of responsability is mine? No, because support team responded “Yes” about more of 1 account. Abuse team not reconsidered and empurred 100% of responsability for me only.

    I consulted ProtonMail team about my doubt. Is obligation of ProtonMail team send forever information corrects.

    1. Clairvaux said on April 10, 2022 at 12:41 pm

      I doubt very much Proton Mail customer support answered just “yes”, when asked whether more than one free account was permitted. The question is regularly asked on their Reddit, and the answer is never “yes” or “no”. It always takes a whole paragraph.

      Proton Mail moderators will always say, in effect : more than one free account is permitted, but too many is not, and we’re not saying how many is too many. Also, if you break other rules (notably sending spam, or faking your identity at others sites), that tolerance will be revoked and your accounts banned.

      Beware if you use several free accounts to open cryptocurrency accounts. Many banned accounts seem to be in this category. One should be mad to trust money to a free email account, anyway.

      There is an appeal procedure. You can ask the decision to be reviewed.

      I personally think the whole thing is ridiculous, and they would be much better off forbidding more than one free account, like many other online service providers, such as Tutanota. But the truth is that you can, and may, have several free accounts at Proton Mail.

      1. User said on April 10, 2022 at 2:48 pm

        ProtonMail banned account because is more of one account only and not others motives. And the situation is that I consulted “I can create?”

      2. User said on April 10, 2022 at 2:37 pm

        Obvious that not responded only “Yes”. But the answer was that a user can use more of one account. After abuse team responded that is a single account. In others words, divergence in support team. I exposed “I consulted ProtonMail Team”.

        The question is simple.

        “No, single account” equal justificative of Abuse Team. But answer of [email protected] occassioned my error.

        Learning: Not is about your service, is about consumer.

    2. JB said on April 10, 2022 at 8:04 am

      If you have important email, next time pay for an account.

      1. User said on April 10, 2022 at 2:40 pm

        Wow, thank you. Divergence of answer of support team is null now.

        I exposed “I consulted ProtonMail Team”.

        “Is obligation of ProtonMail team send forever information corrects.”

      2. Klaas Vaak said on April 10, 2022 at 9:35 am

        @JB: does a paid email account by definition provide the kind of security Protonmail purports to provide?

  8. Simon said on April 10, 2022 at 2:55 am

    If you believe in the existence of tech companies with highly paid team(s) of developers dedicated to your security and privacy then you are, my friend, delusional or really high on something.

    1. Klaas Vaak said on April 10, 2022 at 7:02 am

      @Simon: instead of using an ad hominem attack your comment would be more credible if you refute what is written with facts. As it is, you come across as delusional, not being able to face reality. I may be wrong, of course, but as long as you don’t have any arguments you lost it.

  9. Proton can't be trusted said on April 9, 2022 at 10:50 pm

    1. Protonmail Behaves like a CIA/NSA “Honeypot”

    Protonmail has an Onion domain that allows users to visit their site using the TOR browser. Protonmail even has an SSL cert for that onion address even though it’s completely unnecessary. When a user makes a new account with Protonmail on TOR they are re-directed from Protonmail’s “.onion” to “.com” address. This breaks your secure encrypted connection to their onion address, enabling your identification. There are absolutely no technical reasons for this feature. In fact, the only other websites that operate like this are suspected NSA/CIA Honeypots.

    This is a huge security issue that was either created because Protonmail is managed by Particle physicists who do not understand computer security OR they have been forced to operate their website in a similar way as CIA/NSA honeypots. Both possibilities are serious concerns.

    2. Protonmail Does Not Provide “End to End Encryption”

    Professor Nadim Kobeissi mathematically proved that Protonmail does not provide End to End Encryption. Meaning, Protonmail has the ability to decrypt their own user’s data. When this was shown to be true, Protonmail users were outraged they had been lied to. Protonmail was forced to issue a public statement. Their statement begins like you would expect it would.. by shitting on the security researcher that revealed their dishonesty. Then they continued to say: “We lied to our users because other email companies did”. No apologies. They can decrypt any of their user’s data be sending them scripts that allow them to do so. However they advertise that they can not. Protonmail’s admission proves they offer the same security that Gmail offers. Both Gmail and Protonmail offer encryption that they can decrypt whenever they want.

    3. Protonmail’s Was Created Under CIA/NSA Oversight

    Gmail & Protonmail were both created in CIA/NSA funded departments with their oversight. Protonmail has tried to hide this part of their history. We wrote a whole article about it here.

    4. Protonmail is Part Owned by CRV and the Swiss Government

    After a successful crowdfunding campaign with promises to “remain independent” Protonmail sold equity ownership to CRV and FONGIT. At the time of the equity sale a CRV founder, Mr Ted Ditersmith, was working for the US State Department closely with President Obama. His position as a delegate required close contact with CIA & NSA administration. Mr. Ted Ditersmith had also witnessed the Edward Snowden revelations and made statements that he planned to use his corporate knowledge to “fight terrorism”. FONGIT is a Non Profit organization that is financed by the Swiss Government. Protonmail staff member, Antonio Gambardella, also works for the Swiss Government.

    5. CRV, In-Q-Tel & the CIA

    The CIA openly operates a front company, In-Q-Tel, whose stated purpose is to invest in tech companies on behalf of the CIA. In-Q-Tel has stated they have a specific interest in the information contained in e-mails and encrypted communication. In-Q-Tel has been shown to be the bridge between the CIA and Gmail. An analysis of staff members reveals CRV & In-Q-Tel connections. The US media confirms these connections when they interview CRV so that they can understand In-Q-Tel. Additionally, The mastermind, cryptographer & back end developer that created Protonmail, Wei Sun, now works for Google.

    6. Protonmail Follows CIA Email format & Metadata Requirements

    Leaked documents at Wikileaks show that the CIA requires emails to be stored as an EML filetype. There are several ways to store emails, and Protonmail has selected the format that the CIA requires. Protonmail offers no protection for users’ metadata and has officially stated that they turn metadata over to Law Enforcement. Edward Snowden revealed that the US government cares least about the content of emails. Mr. Snowden revealed the US Law Enforcement cares most about who a person is talking to, the dates & times of the emails, and the subject of the email. Subject and metadata encryption are not difficult to provide. However, Protonmail refuses to offer any protection on data that is most valuable to the CIA & FBI and they store it as plain text (No encryption). Edward Snowden stated the NSA “isn’t able to compromise the encryption algorithms underlying these technologies. Instead, it circumvents or undermines them by forcing companies to cooperate in other ways. Protonmail has refused to protect the information the NSA wants, this is a concern.

    7. Swiss MLAT Law Could Give the NSA Full Access

    Protonmail’s Servers Reside In Switzerland, a country with an MLAT treaty that could allow the NSA to continue it’s the mission of recording “nearly everything” about a person’s internet communication. Any doubts the MLAT treaty applies are removed when you take into account that Protonmail is part-owned by FONGIT, a Swiss Government-financed company. Protonmail has also recently revised its Privacy Policy to include wording and requirements from the MLAT treaty. Their actions show they are capitulating with the MLAT treaty. Revisions include a change to their privacy policy allowing them to track your location while you use their service in some situations.

    8. Protonmail Uses Radware for DNS/DDOS Protection

    Privacy companies like Protonmail are required to use a DNS/DDOS service because of the frequent attacks against their service. Protonmail uses a company called Radware for this purpose. Radware is a low-quality service that has failed to provide adequate protection. Protonmail has been taken offline, sometimes by teenage kids, because they insist on using a sub-par service. It’s worth noting that Radware’s international office is a few miles away from the headquarters of the most powerful Intelligence agency on earth, The Isreali Mossad. Radware can gain complete access to all Protonmail user’s accounts in two ways. They could inject a few lines of code that would reveal all users log in username and passwords, thus allowing them to log in as if they are that user. They could also be given users usernames & passwords by Protonmail. Remember Protonmail has admitted they can access all user’s accounts and decrypt their data. Additionally, it has been reported that Radware has direct connections to the Israeli Defense Force.

    9. Protonmail engages in illegal cyberwarfare

    In 2017 Protonmail seems to have used illegal cyber warfare capabilities to unlawfully break into a suspects server. You can see the tweet they posted and read about it here. They soon deleted the tweet and said: “We cannot confirm nor deny if anything happened.” In 2013 the European Union parliament voted to make hacking a crime that carried a prison sentence of 2 years. “Hacking back” is also illegal under Swiss law. Based on Protonmail’s admissions only, they conducted an illegal hack.

    10. Protonmail has a history of Dishonesty

    From Protonmail’s creation lied to their users. Starting when they crowdfunded $550k to “remain Independent”, a promise they broke almost immediately by selling equity ownership to a US corporation with ties to President Obama and John Podesta.

    11. Protonmail does not protect users, if it could cause any legal risk

    Protonmail collaborating with EUROPOL in a clear case of political repression against anti-gentrification activists in Paris, and setup IP logging specifically for that user… So even in the clearest violations they are not standing up for users if it means taking legal risks for them.

    12. Protonmail censoring “untruth” information about themself, even if you are a small blog

    Prontonmail joining the long list of censor trolls asking registrars about identity of domain owner?! (see an aforementioned abuse complaint from Proton AG). They broke away from a tradition of free speech (debunk claims publicly), and from a traditional form of law enforcement. It is very unusual for corporate trolls with armies of lawyers to contact anyone to censor such vague claims on a random blog in a dark corner of the internet. It’s not exactly like the website named like or whatever.

    In our opinion Protonmail is not an email solution you would use if you want privacy or security. Your emails are probably going to end up in a US data center right next to your Gmail emails.

    1. Clairvaux said on April 10, 2022 at 12:32 pm

      @ Proton can’t be trusted

      Of course you did not write this yourself. You give the game away when you say “we”. So what’s the source of that paranoid disinformation ? You’re not saying.

      Debinking just two items out of your long conspiratorial list :

      “11. Protonmail does not protect users, if it could cause any legal risk”

      “Protonmail collaborating with EUROPOL in a clear case of political repression against anti-gentrification activists in Paris, and setup IP logging specifically for that user… So even in the clearest violations they are not standing up for users if it means taking legal risks for them.”

      Let me correct this : Proton Mail does not protect criminals, and that’s a very good thing, too. This was not “political repression”, and “anti-gentrification activists” are communist scum anyway.

      Those people were successfully, and fortunately prosecuted by the French courts because they illegaly occupied private property, and assaulted policemen.

      It’s illegal to do illegal things in France, in Switzerland and in all countries in the world.

      If you think end-to-end encrypted email providers are there to enable criminals, you’re deeply deluded. Proton Mail has always said that it will help law enforcement in this case, and all other companies will do the same.

      Are you a criminal yourself ? Do you support criminals ?

      Just because your friends are communists does not mean they get a free pass to break the law.

      Also :

      “2. Protonmail Does Not Provide “End to End Encryption” ”

      “Professor Nadim Kobeissi mathematically proved that Protonmail does not provide End to End Encryption.”

      No he did not. This has been thoroughly debunked by Proton Mail.

      1. Klaas Vaak said on April 10, 2022 at 1:33 pm

        @Clairvaux: is there a rule against copy/pasting someone’s info instead of using one’s own words?

      2. Iron Heart said on April 10, 2022 at 1:03 pm


        Enjoy your Tesonet frontend, buddy.

    2. Klaas Vaak said on April 10, 2022 at 8:03 am

      @Proton can’t be trusted: thanks for sharing that.

  10. lomi said on April 9, 2022 at 9:26 pm

    “Proton AG plans to integrate the SimpleLogin service better into its ProtonMail email service.”

    As a paying Proton user, I think that would be a nice addition, won’t complain.

  11. Ray said on April 9, 2022 at 9:19 pm

    Thanks Martin I use both SimpleLogin to protect my main Gmail address & ProtonMail for when I want to easily encrypt emails such as sensitive financial emails.

  12. Iron Heart said on April 9, 2022 at 3:49 pm

    > Now You: do you use SimpleLogin or ProtonMail?

    I don’t use or endorse any product or service owned by, or connected with, the Proton Technologies AG. Reason being the *cough* rumors *cough* that they may enjoy a very close connection with the data mining company Tesonet:

    Since certain elements in this comment section are sill in denial about that, let me tell you that other sources already confirm the Tesonet – NordVPN connection:

    I let you be the judge. Not touching Proton Technologies AG with a ten foot pole here. The “backstory” of ProtonVPN is strangely similar to what the SurfShark guy said:

    Can they at least bother to be more creative with their excuses? Two Tesonet-connected companies, SurfShark and NordVPN, already merged. SurfShark’s backstory is the same one as the one of ProtonVPN. ProtonVPN has strange connections to Tesonet… LOL.

    Kape Technologies and Tesonet are actually behind most VPNs. The former is a British ad company owning, among others, ExpressVPN (Hong Kong based, btw). The latter is a data mining operation.

    1. Klaas Vaak said on April 10, 2022 at 6:48 am

      @Iron Heart: many thanks for that, most interesting. I stopped using Protonmail a couple of years ago when I read what they were doing – more in the links below. I now use Tutamail instead.

      It is amazing how many people still swear by Protonmail, but then again, you see similar behavior when it comes to political issues.

      1. Iron Heart said on April 10, 2022 at 1:00 pm

        @Klaas Vaak

        Proton Technologies AG is shady AF if you ask me, just my opinion based on what I’ve read, including your links

        However, I don’t really see how we can hammer them for the content of your last link. If they receive a valid court order in the country they operate in, they have to cooperate or be fined / searched / shut down / whatever. Even if they don’t log IP addresses in general, they would have to start doing it for a specific person if required by court order.
        Same goes for Tutanota in Germany, if they receive a valid court order and if their appeals are rejected, they have to start monitoring specific accounts.

        My main issue with Proton Technologies AG lies with their business connections, this is already enough reason for me never to consider them, your links are further confirmation. Tutanota seems to be truly independent (not connected to any big enterprise) and the persons behind the company are publicly known. Tutanota’s main problem is not within the company itself; their main problem is the increasingly privacy-unfriendly stance of Germany.

      2. Klaas Vaak said on April 10, 2022 at 1:31 pm

        @Iron Heart: I agree that if they get asked to turn data over to the authorities, provided they have that data. Do you remember Snowden’s email provider, Lavabit? I cannot remember exactly whether they refused to handover his data, or whether they could not because they could not access it.

        That is what a really good, real privacy-oriented email provider should do. I am not aware of any such providers, and I also know that, at the end of the day Tutamail would have to comply with a German court order. Actually, that does not bother me because I am not doing anything “funny”, I just don’t want Protonmail type behavior, which, if I am not mistaken, Tutanota does not.

        Good “talking“ to you again.

      3. Iron Heart said on April 10, 2022 at 4:47 pm

        @Klaas Vaak

        I don’t think there is any service worldwide that doesn’t have to start monitoring a user if a valid court order is handed to them. Best case scenario, IMHO, is a service that doesn’t log IP addresses by default, only does short-term backups for outages, and doesn’t insist on getting your private keys for encryption purposes. Such services do exist, and as you say, if one is not involved in any criminal activity, I would consider these services “private”.

        I always check the privacy policy and also research the ownership of the companies. Being owned by an entity being engaged in privacy destruction, or being owned by an entity that has multiple similar services under its wing, are both big No Nos for me, and both are true for Proton Technologies AG from what I gather.

        As for Tutanota, yeah, they have to comply as well of course: and

        Germany actually used to have solid privacy laws up until a few years ago. This stems from history; Nazi Germany and the socialist GDR, both complete surveillance states among all the other crimes done there, and this has given Germany a bad reputation both from their own citizens and from foreign powers, so they took this topic pretty seriously afterwards. However, in recent years, politics shifted in a direction that doesn’t seem to respect privacy as much anymore. Some of the highlights: Germany allows law enforcement and all of its secret services to hack computers and smartphones now, monitoring basically everything happening there – before that was limited to secret services. Your ISP is supposed to cooperate with that here btw. They also tried to implement KYC for E-Mail services though that failed, if it would have gone through, you would have no longer been able to sign up to e.g. Tutanota without going through a full KYC process (totally ridiculous for an E-Mail service if you ask me). Germany repeatedly tried to implement long data retention times for several services though that got cancelled by the EU, more than once. Germany is also leading in an EU initiative that means to give master keys for all chats for any given service to the government even if communication should be E2E encrypted etc.

        These developments mainly took place in the closing years of Merkel’s chancellorship. Now, don’t get me wrong, I don’t want to compare Germany to any totalitarian dictatorship both past and present; I am just saying their rules for privacy protection are no longer as ironclad as they used to be. Source: I live there, and follow the politics of the nation that touch on the digital world.

        So Tutanota’s problems are mainly coming from the politics of their jurisdiction, and I give props to them because they are fighting these developments in court. They also said that they would leave the country if the situation became totally untenable, which leads me to my next point:

        I have no idea how credible the story of Snowden – Lavabit really is. As far as the story goes, Snowden used them for outside communication during his leaks, government of course noticed of that, and tried to get control over Snowden’s account from Lavabit. Then Lavabit supposedly shut down because they didn’t want to hand anything over. Of course I have heard the story, but I am hard-pressed to believe it. As much as I can understand Snowden from an ethical perspective, what he did was technically treason, and I am pretty sure that assisting in an act of treason is punishable in the US as well. So once the Lavabit guy refused to hand anything over and destroyed all data, I am pretty sure this would at least have resulted in incarceration for him, yet he roams free. I press X to doubt here, @Klaas Vaak. The relaunch of Lavabit a few years ago didn’t exactly help me believe the story either, if the company really responded to a data request by shutting down operations, I believe they would never have seen the light of the day as a business again in the US. Just my 2 cents, though, I am of course not familiar enough with Lavabit to have a fully fleshed out opinion here, it’s really just a guess.

        It’s good to see you again, indeed. Long time no speak. :)

      4. Klaas Vaak said on April 11, 2022 at 5:53 pm

        @Iron Heart: thanks for that detailed explanation. The development in Germany does not look pretty, but it is happening worldwide in 1 form or another.

        Nevertheless, in the Hackread article you linked to, the Tutanota representative stated this:

        “We can’t decrypt any encrypted data, and nothing changes in regards to our end-to-end encryption.

        According to the ruling of the Cologne Regional Court, we were obliged to release unencrypted incoming and outgoing emails from one mailbox. Emails that are encrypted in Tutanota already or sent end-to-end encrypted cannot be decrypted by us, not even after the court order.”

        In other words, the emails you exchange with other Tutamail users will remain undecryptable, if I understand it well.

        The article dates back to Dec 2020 and I don’t know what the status is with the backdoor. I use Tutamail for some of my emails, although I rarely come across other Tutamail users, unfortunately.

        Cheers for now.

      5. Iron Heart said on April 11, 2022 at 6:57 pm

        @Klaas Vaak

        My understanding is that they can’t decrypt anything that already got into the inbox encrypted, and that they can’t decrypt new E-Mails either, IF you encrypted them yourself. As far as I can tell, they were asked to create a shadow copy of new E-Mails (incoming, and outgoing) of the suspect before they got encrypted, provided that the suspect relied on their(!) encryption.

        It is also noteworthy that they went to court over this, they are taking their guarantees seriously.

        As I said, I believe Tutanota to be one of the “good guys”, so to speak. Their owners are publicly known, their privacy policy is clear, there don’t appear to be any shady business connections in the background either. They go to court often if they are asked to hand over anything. As of now, I do trust them based on the available info.

        My point was just that their jurisdiction is changing and not in a good way. Now it hits criminals that would arguably be persecuted anyway, no matter the jurisdiction, but my concern is that the state will eventually also make life worse for Joe Average, i.e. just implement unethical surveillance. That must not concern us for now though, as I said, in the current state of affairs I would trust Tutanota with my data.

        ProtonMail on the other hand? No further comment.


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.