This might come out as a bit of a rant, but I just wanted to post it here anyway since it’s the only social media I use.
Recently, I’ve been making some steps to improve my privacy. GrapheneOS, Linux on my PC, open source software, moving away from Google stuff. So, next logical step was for me to switch away from Gmail. I went with Tutanota, since they’re based in EU, their mobile app is on F-Droid and doesn’t require Google Play Services. So I made an account, switched a bunch of my private account e-mails from Gmail to Tuta, and was basically done. Two days later, I wake up to a “invalid credentials” message. I checked the option to remember my password on my PC, so I thought it was weird. I checked my phone, and it turns out I was logged out of the app too. I tried changing my password with recovery code, thinking something went wrong (though unlikely since I used a password manager), but I got an error on that one too. So I contacted Tutanota, almost a week ago. No response.
I tried looking on various sites to check if people had a similar issue. I found a few reports on Reddit. The moderator of Tuta says to contact the e-mail address that I sent a message to already, but people complained that they haven’t gotten a response either. I found out that similar reports were happening for a while now, accounts being flagged for seemingly no reason. I found one post from October, 2024, from a frustrated user. He said he was in the same situation, and when he finally got the reply, Tutanota said they can’t do anything. When I found that post, I was really disheartened. I’ve already went back on a bunch of accounts to @gmail.com account, for safety, but there is still a few that I’m not even able to access because they use e-mail 2fa. Some of them being accounts for various government public services.
So this one gave me a pause on my privacy journey. I never encountered problems like this one before. A service blocking my account without any message or warning. No contact from support. Being locked out of my accounts. I’ve lost a lot of enthusiasm to replace a few proprietary services that I have left.
Annoying experience you’ve had there.
I have never had any problem. I have my own domain names, I host them privately and on a webhotel. And then I use Thunderbird - and it just works.
I’m really sorry this happened to you OP.
I would really recommend that you consider getting a custom domain for your email. many are not that expensive and if you do, then you can just point that domain at whatever email provider you want without changing your email on the services.
in this scenario, it would let you setup that domain on another provider and at least get access to any emails going forward.
Just curious was this a Tuta paid account, or a free one?
Tuta is very strict with the free accounts and flag them for all sorts of reasons. They take their time to “approve” free accounts just to be able to use them. And on top of that they might nuke your account anyway if they think it is being used for spam/illegal activity/whatever or they think it’s not being used.
But I thought those are just issues with their free accounts, presumably their paid accounts don’t get flagged for those things… or so I thought.
Also to echo the other comments - best to buy and own your own domain for your email, that way it doesn’t matter where the email is being hosted in case you need to switch email providers.
I went through a similar situation with openmailbox dot org, though of course in their case the entire service suddenly shut down. Terrible position to be in. I eventually recovered most, but not all, accounts using that email address. Huge PITA.
Thank you first of all OP for actually sharing your experience. I’ve known Tuta was sketchy for a while, yet in every single post anyone talks about switching emails, every other reply is always “Tuta! :)”
And I feel because everyone is so unanimously vouching for Tuta, people who may use other niche services don’t feel as encouraged to share what they may have “Oh, guess everyone likes Tuta.”
Stfu about Tuta. Seriously.
And ftr, no OP you’re not alone. I’ve seen countless other domains engage in the same draconian 2FA shit where they do a better job of locking you out of your own accounts than actually protecting your privacy. It’s unfortunately becoming an industry standard model from the looks of it.
If they “can’t do anything” on their own service then how can they be trusted at all?
They’re either lying outright, or are so deeply incompetent that they don’t know how their own software works and can’t touch it to try to resolve a problem for fear of breaking something.
my new Tuta account got “frozen” for 48h after creating it. Tuta said to prevent mass-sign-ups of bots and prevent spam…
they are active on mastodon. message them publicly there and tag them
Instead of having your online accounts registered directly to your @tuta.io address (or your gmail address, or any webmail address), buy a domain name and have the accounts registered to that and then set the DNS to forward all mail from that domain to your webmail account of choice. That way, if the webmail service fucks up, the worst-case scenario is that you change the forwarding again and you’ve only lost the contents of the previous emails sent, not access to receive future ones.
(Caveat: when you send an email it’ll by default be coming from your webmail provider address, not your custom domain address, and I’m not sure how to fix that – I’ve only recently started switching to the scheme myself – but if your main issue is receiving 2FA emails and such that’s not a big deal.)
That’s mostly just a setting in the provider to verify your domain. Most out it behind a paywall though.
You’ll need to set a few DNS entries so that places know that server is allowed to send email from those servers.
To be fair though, the exact same thing can happen to you on gmail too. They are not unknown to immediately block your account if something flags it to them and getting a quick response there is not a given either.
I guess that’s true. This might make me question using some online services and providers altogether if I can avoid it. For example, I don’t think I’ll ever use an online password manager and just stick with local one. Having a situation like this with Bitwarden/Proton Pass would be a nightmare.
Search selfhosted on Lemmy and reddit. Take control of your own data and also lean why so many choose not to.
E-mail seems a divisive topic on that though. You find either people whobsay, selfhosted my mail for 4 decades already, never ran into issues! While the other end of the spectrum is not to ever ever eeever try selfhosting e-mail, it is not worth it.
I self-hosted my email for several years. It was fairly easy, asides from some HTTPS cert issues that I had to correct (and took ages to propagate). But I switched away - I don’t have the expertise to ensure it was safe and secure.
Yeah it certainly is. I do feel that the people who claim to have had no problems don’t send much email. It’s easy to receive email.
I pay purely mail 10usd to host mine but it’s my work email so I can’t afford any fuck ups (more than I already make)
I had the exact same issue when I created a Tuta email, thankfully they solved my problem in less than 24h after I emailed them about this.
Just send an e-mail. your account was flagged as bot.
Why would they flag a human as a bot?
I have been disappointed in tuta myself as well. They seem to be too privacy and security focused at the cost of being hard to use.
It seems OP was attempting to move several addresses. Several sign ups from one source is probably an uncommon practice for typical users.
I choose mailbox as my email service, it’s mature, based in Germany, privacy focused and has given me zero issues in terms of my emails going into people’s spam folders.
Mailbox.org has been great for me too.
I also had a problem a few years ago with Tutanota and when I emailed for help, no response. I just gave up and accepted that those emails were lost forever. I now have Protonmail and I’ve been happy with them.
Try posteo. They at least allow third party clients and they have some cool features.
I tried Tudor and proton’s free tier, and I couldn’t deal with how they can’t use a normal email client.
On the other hand, I’ve been trying to use Thunderbird with my next cloud calendar and it keeps hanging for me on Ubuntu. So maybe trying to use Thunderbird is a recipe for disaster as well. I don’t know what to do.
Yeah, fuck those bait and switch tactics.
