Encrypted Email Goes Mobile With Tutanota

One of the problems mentioned in Making Encrypted Email Usable is the disconnect between the desktop, where there are PGP encryption applications or browser plugins, and the mobile world, where puzzle-box software leaves users feeling frazzled rather than freed.

German provider Tutanota, literally ‘secure message’ in Latin, has undertaken making encrypted email painless even when mobile, combining a novel set of approaches. They don’t offer PGP so you can’t interoperate with existing encrypted mail users, but they do provide a smooth user experience, with an easy path to bringing your friends & family into their protected email fold. They announced an Android application today, and with an IOS application under review by the first of the year, everyone will be able to enjoy the privacy and simplicity this platform offers.

Also read: Making Encrypted Email Usable

Tutanota Features

Tutanota User Interface
Tutanota User Interface

There are a couple of obvious positives about Tutanota that are immediately apparent to skilled privacy advocates upon first approach. The site will happily let you register for an account via a Tor exit node, and they do not require any “know your customer” moves like registering via another email or accepting an SMS message. This is entirely counter to all of the major providers like Google and Yahoo, who have been continually adding hassles for the last two years.

Once inside Tutanota it’s like a visit to a Zen temple; more attention is paid to keeping things open and roomy. There are half a dozen options at the upper right and their icons are large, which is a big relief for older eyes. Inside each option things are just as neat.

If you send an email to an associate using another provider, they receive an email with a link to the message. They must use a password that the two of you agreed upon via some other means of communication, such as chat or a phone call, in order to open it. Once they do, they are presented with the same interface a user with an account sees, and there is a register icon to draw them into using Tutanota directly.

Tutanota’s Prospects

The simplicity of Tutanota is its strong point and presenting an outside with the same interface, and the register option is simply brilliant. This email system can go viral, despite using its own arrangements rather than PGP. Having mobile clients means they’ve just caught up with Iceland’s Unseen.

The minimalist nature of the client is complimented by the lengthly FAQ for the system. Questions that would be covered by a single concise paragraph for those acquainted with PGP are instead broken down into individual issues with very short answers.

Those who have been experimenting with email privacy have likely used Canadian provider Hushmail, which offers a very similar feature set. Tutanota permits you to delete your account, offering a bit more control than Hushmail, which will flush an account after it’s been idle for a few weeks. Tutanota also has something that Hushmail has never provided – the Tutanota GitHub offers the source for their web interface, so they are subject to third party code audits, the gold standard in security.

The two big gaps in Tutanota are its lack of backward compatibility with the much larger pool of PGP users and no desktop client support. PGP could perhaps be supported in the future, but this seems unlikely given the focus on keeping things simple and clean. Someone may pick apart the web interface source code and create a plugin for use with a desktop client like Mozilla’s Thunderbird, but that seems clumsy. Until these are corrected, Tutanota may be a thing that privacy focused individuals have, but it won’t be their only email, it’ll be a tool they use to help their less aware associates level up in privacy skills.

Also eye catching is the free lifetime gigabyte of email storage and no obvious revenue model, at least not yet. Hushmail funds their free effort by also offering a premium service that costs $50 per year. The rule that if you’re getting a service for free, the product is your data. Iceland’s Unseen fell under criticism like this, but have since rolled out a commercial product for business and they are offering a general purpose hosting service, too.

Germany’s Tutanota and its peers, Iceland’s Unseen and Swiss ProtonMail, all address the email privacy issue as their core offering. The wildcard for them and every other email provide on the planet is the recent announcement of the Dark Internet Mail Environment. This effort by Lavabit, which self-immolated rather than expose Edward Snowden, and Silent Circle, which counts PGP author Phil Zimmerman among its founders, is going to redraw the secure email landscape. The question which needs to be asked of all of these providers is “How hard is it for you to upgrade to DIME?”

Images from Tutanota and Shutterstock.