Tutanota – for those unaware – is a popular encrypted email provider. It’s one of the darlings of the privacy world with a small team, low prices, and a plethora of unique, nifty privacy-friendly features. They are often touted as one of the biggest competitors to ProtonMail. Why am I talking about this? Because Tutanota made a change recently that really pissed off a lot of users and I think that’s a discussion worth having. Tutanota, like many privacy-respecting services, works on a “Freemium” business model. Basically the core functionality is free, but extra features cost money. Tutanota offers six plans across two modes: three individual plans and three business plans. Previously, two specific features were included in the individual premium plans: multiple custom domains (ex, “nate@thenewoil.xyz”) and calendar invites. (Tutanota was the first service I’m aware of to roll out an encrypted calendar feature, and while Proton was not far behind, Tutanota’s remains much more feature-rich at the time of this writing).

Last week, Tutanota announced that they had added a new feature for businesses: out-of-office autoresponders. I’m sure you’ve probably seen this before if you’re reading this: you send an email then immediately get a reply from that person that says “I’m on vacation until [date], please direct any urgent inquiries to my coworker at this number” or whatever. However, they also made a few less-prominently announced changes: multiple custom domains and calendar invites would also become business-only features.

The outrage began immediately. No doubt at least some of this is in part due to the internet’s incessant entitlement, the idea that anybody who makes a product and asks money in return is a sell-out, capitalist, unethical scumbag who’s just in it for the money. But putting the mob mentality aside, a few good points were made here. First and foremost, Tutanota did not immediately broadcast this change. Sure, they made a blog post, but it wasn’t worded well. The headline made no mention of changes to existing features. I don’t believe in getting your information from headlines alone, but that headline gives me as a premium user no reason to suspect that my features are changing. In fact, you have to scroll almost halfway down the page to see the sub-header “Changes for current users.” And to make matters worse, this was a blog post. It was shared via their Twitter and Mastodon, but it was not announced in an email to most users until the following day – presumably after backlash from the community pointing out this lack of communication, though that could just be coincidence. That means that had this email not been sent, a large number of their users may never have been made aware. Now to Tutanota’s defense, I have heard rumors that they are offering to grandfather in people who request it for certain features – like the calendar invites – or partial refunds to those who request it. I have done neither so I can’t confirm or deny that. Regardless, this event raises significant questions about the intersection of privacy and business.

Hosting anything is not easy. I self-host a Nextcloud server and I’ve written a blog post in the past about how this was not an easy endeavor initially. It was time consuming, requiring hardware and lots of trial-and-error, and at the end of the day my server is still extremely slow and occasionally breaks. Hosting anything at scale is a nightmare. That’s one reason I’ve never expanded my Nextcloud instance to the general public. Once you open something up to the public, there’s a whole new host of questions and issues that go into it. I have to manage user quotas to ensure nobody takes over the entire server, I have to make sure it’s safe from cyberattack, and I have to ensure that I’m protecting user data from things like law enforcement or unethical ISP snooping on my own network. Publicly offering a privacy service is a responsibility, and people will expect you to be responsible.

This is where things get especially tricky. Let’s talk about money. I personally believe that information should be free. The world is a better place when we’re all educated and knowledgeable and we have the knowledge to improve ourselves to reach our goals. That’s why there’s so much emphasis on sending kids to school in developing nations. Knowledge opens doors that would otherwise remain closed. Not always, of course, but generally speaking. But what about services? If you offer a service, do you have any right to expect payment? I’m not sure there’s a right answer here. I also believe that privacy is a human right, and as such human rights should be accessible. Saying “it rains, you can go collect that water” does not count as honoring the human right to water, and neither does saying “here’s a free course in programming, go build your own messenger.” Even if it was, there’s real costs that go into that aside from time. There’s the components that make up the electronic device, there’s the physical infrastructure of the internet, the devices needed for storage, and of course the knowledge to repair those devices when they break which is a completely different skill set than programming. Knowing how to select the right components to build a computer and knowing the right software to use on that computer are two distinct but equally critical skill sets – I know that they’re not mutually exclusive, that’s just an example.

Sometimes very specialized skills ARE mutually exclusive simply due to time and resource constraints. In my industry – audio/video – I once heard somebody lament “why are there so many audio engineers and no lighting engineers? You can throw a rock and hit ten audio engineers – all of the super talented – but if you can find one mediocre lighting guy you’re lucky.” The reason might be because a Shure SM57 – the most versatile and universal professional microphone around – costs $80 brand new. Meanwhile, an entry level light costs $500 – entry level, that’s not even a good one you’d find at any given event. And let’s not even talk about space and storage constraints (a light fixture is many times larger than most microphones), the fact that you can only use one light at a time while you can record and playback multiple mics at once, etc. The point is, the barrier to entry for lighting is much higher. Likewise, the barrier to entry to get really good at any specific tech-related skill can also often be high. Learning HTML and CSS is a breeze. Learning python and Javascript is still on my to-do list.

Regarding the ethics of asking for money, if I may continue with the audio/video example, my audio equipment gets the crap beat out of it. I let someone borrow some microphones once so he could record himself playing drums for streaming and self-critique purposes. He’s also a musician and understands the value – both literal and otherwise – of this equipment and even he still accidentally broke a microphone clip. Things break. Things get outdated. They go bad, they need to be replaced. And that’s a real thing. If I’m offering a public PeerTube instance, what happens when my server gets old and needs a new processor? Sure, I could go out and replace it at my own expense, but is it really unethical to ask the people who also use that instance to pitch in a few bucks to help? Most people would expect to pitch in toward the food bill when eating out at a restaurant. On the other hand, nobody asked me to do that. Nobody said “I want this from you specifically.” In some cases, nobody said “I want this” in the first place. It was my (hypothetical) prerogative to offer the service in question. Seems pretty crappy of me as a person to go “I made a thing at the request of no one and I deserve to be paid for it.” Nobody asked me to make The New Oil, and while I do try to monetize it I also realize that nobody owes me jack. I chose to sink my own time and money into it and that was my choice.

I think the ethics really get muddled when it comes to scale. Let’s suppose Decentralize Today offered an email service for free. Let’s say they made it very clear at the outset that this was purely a hobby service, supported in good faith, but they made no promises to its longevity or security. In such a case, I think we could all agree that you’d have to be pretty dumb to expect it to not get hacked by the NSA or not to shut down in a year. But let’s suppose they launched that exact same service and said “We want this to grow into a serious competitor on par with Proton or Tutanota.” At that point you might be willing to say something like “competition is a good thing, and DT’s never led us astray yet so I’ll go ahead and pay for this to support them.” Now there’s an expectation, not just because of the claims, but because you’ve actually invested. They made the promise that this product would scale and compete. You accepted that promise in return for money. Now you expect that product to be safe, to last a long time, and to grow. You might even be willing to invest right now even though there’s only basic send/receive/encrypt features with the assumption that more robust features are to come in the future – like custom domains and inbox filters. (Note: I’m not aware of any DT plans to add email, this was a purely hypothetical example.)

The problem with scale is that the above example doesn’t account for change. You pay $5/month and get email, but what happens when the company explodes? Signal notoriously crashed in January 2021 because of a sudden influx of users. That’s a whole different blog post in and of itself, but the point is sometimes when a service becomes overnight popular it’s not until that point that the developers realize that the current system isn’t working. They may roll out a feature that works fine at $5/month in small user quantities but in large quantities becomes much more costly. Or maybe they roll out a feature initially with the intention to offer it to everyone and then realize it requires more work than initially estimated. If I had a dime for every time we had a job run over in my day job because of unforeseen obstacles or the number of service calls we had to do after the job was over because some component of the system didn’t function as anticipated. What’s the right answer here? Is it better to get rid of the feature altogether so that nobody feels cheated? Is it better to re-assign the feature to a more appropriate price point? People are people. It’s easy to Monday-morning-quarterback by saying “well you should’ve done XYZ,” but people aren’t perfect and don’t always have the benefit of hindsight. Sometimes they make mistakes.

Let me be clear: I’m not trying to say what Tutanota did was right or that they handled it correctly. What I am saying is that sustainability in a capitalist world is a nuanced thing, and that only gets trickier when privacy becomes one of your core goals, business models, or missions. Maybe the system needs to change (probably, if we’re being honest), maybe the business needs to be more mindful when navigating the minefield that is this subject. Regardless, this is something that I think warrants some thought and discussion. While nuance is critical, it’s also important that we hold providers accountable when they fall short. Was this a failing? Or was this just a necessary evil? If you’re reading this and you’re planning the next game-changing privacy solution, I hope you’ll consider this. And if you’re reading this and you’re a customer, I hope you’ll remember this next time you get burned. The world is full of gray areas, and I don’t claim to have all the answers. But I hope this blog has at least raised some points to consider. I think that service providers who are genuinely trying deserve our support and forgiveness, but nobody deserves a blank check.

Share this post