@Libertux Thanks for your feedback and support, it means a lot to us! 😀
@Libertux@liberdon.com
At a first look, @Tutanota is impressive: apparently, you got #privacy right.
At a second look...
Shit! You got #privacy right! 😂
Even the #Android permissions are minimal! 😍
Now, let's be picky, with the sincere hope to help to further improve your product.
Two issues remain open with your services:
1. #DoS / #Censorship
2. #DDoS
3. #Business
Theoretically, you could easily deny your service to a user. So could someone who provide or otherwise control users' connectivity (a State, a ISP or simply a #corporate firewall).
Also you could theoretically be blocked through a DDoS (do you remember the #Chinese attack to #GitHub?).
Finally you could be bought by #Google, #Facebook, #Microsoft, #Alibaba or somebody else for a tons of money. Or you could be otherwise run out of business.
All of these are potential long term threats to your customers and users and share a common root: server code isn't #free.
Are you considering the option to release your server code under a #FreeSoftware license?
I'd suggest a very strong #copyleft, obviously.
This would mitigate all of these potential threats.
I understand that your server code gives you an edge... and as far as I can understand, it doesn't reduce people privacy... as long as the system stay up and reachable. 😉
Let me know your take on this.
And by the way... great work.
Really.
Nice!
I know it might look as a risky move from a business perspective.
But once you'll release your server side code, people will have a very good reasons to trust you as a secure service provider: your customers' trust will be your only competitive advantage.
As for me, I'm already trying your free tier, and so far seems pretty good.
But before switching my other domains I'd like to be sure I could self-host the service if should anything go wrong.
@Libertux@liberdon.com
@Shamar @Libertux Thanks for your feedback. We plan to open source our server side as well to enable companies to self-host Tutanota. This will be a small server, which can run locally.
Nonetheless, all the encryption takes place locally on your device (end-to-end encryption) so our servers don't see your encrypted emails and can't read your data.