- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies.
The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
Tutanota (now Tuta) denies this: https://tuta.com/blog/tutanota-not-a-honeypot
Someone also published the story on Reddit calling Tutanota a honeypot, which was removed by the moderators as fake news.
Well there we go. We have our answer. Someone who would put 100% faith in reddit moderators just to support their point is obviously lying.
The fact that they’re still using Reddit as their support forum is indeed disappointing. Deleting an unpleasant post just like that feels oppressive too. If it’s untrue but the concern is reasonable, then perhaps they should have tried to disprove it in an open discussion.
Objectively, though, I have no reason to believe (nor deny) this claim.
This is the best summary I could come up with:
Cameron Ortis, the former RCMP intelligence official on trial in Ottawa, says he was tipped off by a counterpart at a “foreign agency” that the people he’s accused of leaking secrets to had “moles” inside Canadian police services.
“I had sensitive information from multiple sources that each of the subjects had compromised or penetrated Canadian law enforcement agencies,” Ortis testified last week.
The testimony is contained in redacted transcripts released Friday evening, more than a week after the former civilian member began testifying in his defence during his unprecedented trial.
The Crown alleges Ortis used his position as the head of a highly secret unit within the RCMP to attempt to sell intelligence gathered by Canada and its Five Eyes allies to individuals linked to the criminal underworld.
Ortis is accused of sharing information in 2015 with Ramos, the head of Phantom Secure, a Canadian company that made encrypted devices for criminals.
Under cross-examination, Crown prosecutor John MacFarlane asked why Ortis didn’t approach one of the Five Eyes partners to discuss his plans with them “just generally.”
The original article contains 994 words, the summary contains 175 words. Saved 82%. I’m a bot and I’m open source!
Something sounds off here. Maybe the RCMP had a backdoor or a warrant or something into tutanota but it’s not a storefront like the article says.
“A spokesperson for Tutanota, now Tuta, denied the claims. “[Tuta] is not owned or operated by any secret service, nor is it a ‘storefront’ as claimed by Cameron Ortis,””
Why not?
Who is accusing them of this and what is the accuser’s reputation? According to this article, one Canadian official was told by someone that they had a PLAN to use tutanota is a malicious way, but there’s not even an accusation that anything ever happened. https://cyberwarzone.com/is-tutanota-a-honeypot-for-intelligence-agencies/
Tutanota’s reply: "Hi there, these allegations are absolutely false. Tuta was founded in 2011 by Arne Möhle and Matthias Pfau who knew each other from studying together at FHWD university in Germany. To this day, the company is wholly owned by Matthias and Arne, and is not liable to anyone else.
The Tutao GbmH is not owned by any secret service, nor is it a “storefront” as claimed by Cameron Ortis. These allegations are completely untrue.
With offices in Germany we only respond to valid warrants issued by German courts. You can read more on this in our Transparency Report: https://tuta.com/blog/transparency-report
In addition, Tuta is open source and the entire client code is published on GitHub. Thus, everyone can inspect the code and verify how the end-to-end encryption in Tuta works and that there are no backdoors hidden in the code."
In addition, Tuta is open source and the entire client code is published on GitHub.
One can freely share “good” source code while actually using something different; which might be an intrinsic problem of an “open-source” web service. Plus, one has no reason to believe that the service has never been compromised: someone might have a backdoor that Tuta itself is unaware.
I’d like to believe that Tuta is not evil, but ultimately that’s anyone’s guess. I’d recommend true e2e (local-to-local) such as PGP, rather than trusting a middle-man e2e provider.
Some analysis of court papers.
Is Tuta a Government Honeypot?!?
https://odysee.com/@switchedtolinux:0/is-tuta-a-government-honeypot-!-honeypot:2
They are like Proton, crappy business. No real privacy. Step out!
You can use any email provider in a pretty privacy-friendly way, as long as you sign up anonymously, always use it via Tor, and (most importantly) do gpg locally and just paste ascii. Don’t share your secret key with them/anyone!
- Monero users understandably tend to like Monero-accepting services. Tuta does, albeit indirectly; Proton doesn’t. There is also cyberfear.com, a less known anonymous email provider accepting xmr, but maybe no one is sure if it’s okay.
- Despite all potential issues, for normal users who are still using Gmail etc., Proton/Tuta are still recommended (simply because they’re better than Google).