It's not going well for in Germany. Apparently, they just passed a law that forces telecom companies to inject spyware into communications of **all** users, not just the ones suspected of illegal conduct. In other words, they legalized mass surveillance.

Link in German. I couldn't find an English version. If you find one, please link it below.

@foreverxml yeah some US companies might already be doing this but there's no law forcing all companies to do it. So users still have the choice go with less invading options.

@ilyess Would @Tutanota be considered a telecom company? I don't want to lose a great email provider.

@foreverxml you're right, I don't think would be considered a telecom company but since they provide encrypted communication services I assumed they would need to abide by the same law imposed on telecom companies. They'll probably keep their E2E channels but inject spyware to give untethered access to the government. Some users might be ok with that. Others certainly won't. I hope we'll hear soon from @tutanota on this subject.

@ilyess the telecom companies cannot do much about it, but the app store operators and application publishers can (and now must). You will get the so-called government trojans coming down the line in packages booby trapped just for you.

Time to get off the app store bandwagon.

@fedops Exactly. That's really unfortunate. It will prevent anyone from offering E2E encrypted communications. I wonder what would happen to @Tutanota after this. If I'm getting this right, it will make their offering illegal?

@ilyess no. Communications will still be end-to-end encrypted, but the trojan will get at the payload on your device, before encryption resp. after decryption.

Think of it as a government-mandated keylogger. What could possibly go wrong...? 🤬


@fedops Exactly! That completely defeats the point of E2E in my opinion. It's like cloud storage services that boast about encrypted data at rest being their way of protecting user . Yes, if you get hacked that data are protected. Great but if you have the decryption keys, that doesn't help privacy all that much. It has to be zero knowledge.


@ilyess agreed. I wouldn't trust any cloud provider's unverifiable statements there anyway. Only way to be sure is to encrypt the data before it leaves your device. Which unfortunately makes e.g. partial syncs harder than they should be. And also doesn't help you with things like o365 which sync your data right out of the applications without you being able to do anything to prevent it.

Sign in to participate in the conversation

This is a brand new server run by the main developers of the project as a spin-off of 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!