Tutanota team here, we saw this post so need to set some things right:<p>This is not a vulnerability in Tuta. We have built Tuta with multiple layers of protection for our users. We currently use TLS and DANE to protect authentication and data integrity and (only tunneled) RSA-OAEP and AES-CBC to provide confidentiality. We have always communicated this transparently, it is nothing new. Neither the confidentiality nor the integrity of our users' data has been at risk.<p>However, we know that the implementation is not perfect regarding this detail. That is why we have also implemented the following security features since this has been reported first:<p>* 2-factor authentication<p>* Simple verification of downloaded Tutanota apps<p>We are currently starting to roll out new encryption algorithms. Enforcing MACs is part of this upgrade, just as post-quantum secure algorithms, authentication and signature verification. We already have a working prototype of this hybrid encryption protocol.<p>Tl;dr<p>There is no known vulnerability in Tuta. Security is the heart of Tuta, and we always fix reported vulnerabilities immediately.<p>Additionally, we'd like to add some facts about this blog post:<p>As part of their blog post, Proton confirms, that they indeed don't encrypt email addresses and names on their address books. So Proton basically knows all your contacts email addresses and names even if you don't send emails to them.<p>Proton claims that their Calendar metadata is encrypted besides date and time of events. So they don't encrypt that and claim it is not possible. In Tuta, even date and time of your events are encrypted as we handle notifications locally on users' devices - not on our servers.<p>Both services compete to see who offers the best security. This is basically good for all users. We are convinced that our product is more secure and are working hard to constantly improve security.