Is Tutanota a honeypot?

I keep hearing people say that Tutanota is a honeypot, but have been unable to find any evidence to back it up.

Does anyone know if it is/isn’t a honeypot and if it is, it would be preferred if I could see some evidence.

1 Like

That is the problem with these kinds of claims; they don’t have any evidence to present and thus, you should just ignore them.


Reminds me of the Proton case with the environmental activist, people get too annoyed when companies are required to do stuff by the court. If you want to blame someone, it’s the government that wrote the laws; not the companies that follow them


I’ve read a bit about Proton being a honeypot (because they received some money from American intelligence agencies at the beginning) but this is the first time I’ve heard that specifically about Tutanota.
My response here does nothing to further this conversation. I’m flagging it.

Etienne Maynier had an international warrant though Europol, he knew they would comply with the warrant. He just wanted Proton to remove the no logging text from the website, because it wasn’t technically true, they will log if law enforcement has a warrant.

People love to claim that both Proton and Tutanota are honeypot because they will comply with warrants, but this is not a secret the TOS/EULA clearly says this is the case.


One big red flag for a honey pot is when the service states ‘We won’t comply with court orders’ etc…

Both Proton and Tutanota state that when they are legally obliged to they will but, both companies fight where they can when they receive court orders.

IMHO this shows me that they aren’t honeypots. Plus they are both open-source and audited, a honey pot wouldn’t be open-source and audited.


I am a tutanota user myself since i do not trust the proton ecosystem however there is like absolutly zero evidence that they are a honeypot

Would you mind giving any reasons to why you don’t trust Proton, as I am a Proton (& Tutanota) user.

1 Like

Ehm… because they want that you use their email vpn calander drive and now they even own simplelogin i just do not want everytging in one bascket and i simply just do not trust them to handle everything like i know you can use one of there seevices or two or how much you want but i just do not like that they want everyone to put everything in there service. Tutunota does not really have that because they only have a email and basic calander and basic contacts. And proton is just nothing for me since their apps are all on different platforms and they are not all on all devices and proton does make everything a different app when tutanota has one app with email basic calander and basic contacts and tutanota even has dekstop apps. Like i know you cannot combine a vpn in a mail app but proton can easily combine for example the mail and calander apps. That are the issues i have with proton and the first one is really what gets me to avoid them so i do not use any proton services and i was a simplelogin user untill the proton thing came around now i am using anonaddy for alliases because i simply do not want to use proton it does not matter if it is a direct proton service like protonmail or a indirect service like simplelogin i just avoid them all

The argument doesn’t really work with privacy.

Given the same amount of personal information to 5 different companies doesn’t limit the risk, it just increases your exposure.

Yeah but then they only have 1 thing if you use 1 service for everything everything can be easily exposed

With Proton, it’s not the same information as they are all different products.

Mail would have different information to a VPN or calendar, for example. Giving one company all of this increases risk as if they are breached, it would affect everything. On the other hand, using many different companies increases the chance of one is breached, but limits the information that could be accessed if any are breached.

I also am not a massive Proton fan for the same reason. Although I only really want a VPN and email as I self host my owe Nextcloud instance for a lot of other things (files, notes, etc)

Even if a company gets compromised, it’s most likely only the customer information and user credentials that are stolen. I don’t think there is anything wrong with using Tutanota+Mullvad+AnonAddy+NextCloud, but I don’t think you can use the argument that you are hedging your bets.

Then it’s probably not a honeypot.

That is a fair point. One thing I would like to point out, even though a ‘Proton Account’ gives you access to all of their services you can only use one if you want, you aren’t forced to use all of their services (technically you have to use Proton Mail as it is the base of the account and how you manage it but, you don’t have to use it for anything other than account management)

One of Proton’s goals is to help people switch from product suites like Google’s to a more privacy respecting one (Proton’s). This lets everyone use their services and switch from Google (or similar) with relative ease. For more advanced users you can only use one service if you choose.

Note: I am not in any way saying that you are wrong to trust Proton, I just like to know the reasons behind why people don’t use services in case I missed something. All of your reasons are very valid reasons for not trusting a service :grinning:

1 Like

And with this goal I feel they are doing a fantastic job.
The vast majority of people will never care about privacy like we do. Proton is just giving them an almost effortless alternative.

1 Like

Found this from searching and wanted to add this article

That counterpart, according to Ortis, briefed him about a “storefront” that was being created to attract criminal targets to an online encryption service. A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies.

The plan was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.

I’d like to add Tuta response Tuta Is An Independent Company And Not Linked To Five Eyes Secret Services


Yeah, it’s a fair response. Not debating that. But the testimony is under oath and very specific. I don’t know if privacy communities want to be in the middle of this and it’s safer just to not recommend Tuta.

Could be interesting to have a Techlore video on this topic

1 Like

It’s hard to say how specific the testimony is given that the testimony isn’t actually publicly available anywhere, and everyone is just basing their theories based on quotes the CBC pulled from it.

His testimony is basically hearsay in the first place, which usually isn’t admissible in courts, and then the CBC’s probably-out-of-context reporting just adds an additional layer to that.