Now Reading
Encrypted Email Goes Mobile With Tutanota

Encrypted Email Goes Mobile With Tutanota

by Neal RauhauserJanuary 8, 2015

One of the problems mentioned in Making Encrypted Email Usable is the disconnect between the desktop, where there are PGP encryption applications or browser plugins, and the mobile world, where puzzle-box software leaves users feeling frazzled rather than freed.

German provider Tutanota, literally ‘secure message’ in Latin, has undertaken making encrypted email painless even when mobile, combining a novel set of approaches. They don’t offer PGP so you can’t interoperate with existing encrypted mail users, but they do provide a smooth user experience, with an easy path to bringing your friends & family into their protected email fold. They announced an Android application today, and with an IOS application under review by the first of the year, everyone will be able to enjoy the privacy and simplicity this platform offers.

Also read: Making Encrypted Email Usable

Tutanota Features

Tutanota User Interface

Tutanota User Interface

There are a couple of obvious positives about Tutanota that are immediately apparent to skilled privacy advocates upon first approach. The site will happily let you register for an account via a Tor exit node, and they do not require any “know your customer” moves like registering via another email or accepting an SMS message. This is entirely counter to all of the major providers like Google and Yahoo, who have been continually adding hassles for the last two years.

Once inside Tutanota it’s like a visit to a Zen temple; more attention is paid to keeping things open and roomy. There are half a dozen options at the upper right and their icons are large, which is a big relief for older eyes. Inside each option things are just as neat.

If you send an email to an associate using another provider, they receive an email with a link to the message. They must use a password that the two of you agreed upon via some other means of communication, such as chat or a phone call, in order to open it. Once they do, they are presented with the same interface a user with an account sees, and there is a register icon to draw them into using Tutanota directly.

Tutanota’s Prospects

The simplicity of Tutanota is its strong point and presenting an outside with the same interface, and the register option is simply brilliant. This email system can go viral, despite using its own arrangements rather than PGP. Having mobile clients means they’ve just caught up with Iceland’s Unseen.

The minimalist nature of the client is complimented by the lengthly FAQ for the system. Questions that would be covered by a single concise paragraph for those acquainted with PGP are instead broken down into individual issues with very short answers.

Those who have been experimenting with email privacy have likely used Canadian provider Hushmail, which offers a very similar feature set. Tutanota permits you to delete your account, offering a bit more control than Hushmail, which will flush an account after it’s been idle for a few weeks. Tutanota also has something that Hushmail has never provided – the Tutanota GitHub offers the source for their web interface, so they are subject to third party code audits, the gold standard in security.

The two big gaps in Tutanota are its lack of backward compatibility with the much larger pool of PGP users and no desktop client support. PGP could perhaps be supported in the future, but this seems unlikely given the focus on keeping things simple and clean. Someone may pick apart the web interface source code and create a plugin for use with a desktop client like Mozilla’s Thunderbird, but that seems clumsy. Until these are corrected, Tutanota may be a thing that privacy focused individuals have, but it won’t be their only email, it’ll be a tool they use to help their less aware associates level up in privacy skills.

Also eye catching is the free lifetime gigabyte of email storage and no obvious revenue model, at least not yet. Hushmail funds their free effort by also offering a premium service that costs $50 per year. The rule that if you’re getting a service for free, the product is your data. Iceland’s Unseen fell under criticism like this, but have since rolled out a commercial product for business and they are offering a general purpose hosting service, too.

Germany’s Tutanota and its peers, Iceland’s Unseen and Swiss ProtonMail, all address the email privacy issue as their core offering. The wildcard for them and every other email provide on the planet is the recent announcement of the Dark Internet Mail Environment. This effort by Lavabit, which self-immolated rather than expose Edward Snowden, and Silent Circle, which counts PGP author Phil Zimmerman among its founders, is going to redraw the secure email landscape. The question which needs to be asked of all of these providers is “How hard is it for you to upgrade to DIME?”

Images from Tutanota and Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • dan7000

    The thing all the competitors including hushmail don’t have — and Tutanota does have — is storing your emails encrypted on their servers even when they are not sent as encrypted emails. With Hushamail, only emails sent as “encrypted” (basically sends a link to a website instead of sending the email) are stored encrypted on Hushmail’s servers. And nothing you receive from outside is encrypted. With protonmail, things you email out seem to always be stored encrypted even if you sent them in non-encrypted form, but for some reasons, things you receive are never encrypted (unless sent my another protonmail user).
    As far as I’ve found, only Tutanota stores *all* emails in encrypted, zero-knowledge form on its servers – including unencrypted emails you receive or send to third-party mail users.

    • George

      Not true, ProtonMail saves all messages encrypted with the users Public key, even messages are received from non-ProtonMail email addresses.

  • Talat kabal

    Hey, do you know there is also that exist? It’s nearly the same concept. Mailfence is an Email solution that emphasize on online privacy and security. This email service was developed to maximize freedom on the internet and allows to protect your basic civil rights

  • Mick

    Indeed a good service – but don’t holds a firm standing against some of the other remarkable players, that does everything on the client-side and truly provides end-to-end encryption (which by far is the only way that can ensure one’s online data confidentiality and integrity during transit).

    Following are some of those outstanding services.

    > (a pure end-to-end encryption service – that does not only provide confidentiality and integrity but also authentication via the capability of digital signatures, based on OpenPGP – it provides user full control over their keys and does it all in a very user-friendly manner)

    > (another nice end-to-end service – that provides great reliability and hot features like disposable email addresses etc, based on OpenPGP and has a nice descriptive interface)

    > (one of the most famous group of people who are not only providing great privacy solutions, but also helping like-minded people to grasp their OpenPGP understanding in a better and effective manner)

    Now, the ultimate tool when it comes to OpenPGP and end-to-end encryption – is always have been GnuPG, though the reason it never really get lifted up is due to its complexity in terms of usability from a typical user standpoint (however, implementations like Gpg4Win, GPGSuite, Seahorse does come in handy).

    Nevertheless, it always drops down to one’s preferences and requirements (I personally use mailfence which is free, interoperable, without ads, completely locally hosted and provides an entire collaboration suite i.e. messages, contacts, calendar, documents, polls, tags ….)

    Again, its a matter of personal preference and the extent to which one understand end-to-end encryption technologies (OpenPGP, S/MIME etc, which most of the people don’t) – that contributes in the rightness and wrongness of their online privacy decisions.