German based encrypted email startup, Tutanota, recently ended its beta test status and is now available to everyone. Almost 100,000 users signed up to send and receive secure email. Tutanota was founded in 2011 with the idea of making secure email easier to use than the other encrypted email products: ProtonMail, StartMail and Hushmail. The emphasis is on usability, a clean interface,and attachment encryption.
Tutanota automatically encrypts all your data on your device. Your emails as well as your contacts stay private. You can easily communicate with any of your friends end-to-end encrypted. Even subject and attachments are encrypted.
Tutanota encryption is done locally, on the client device, secured with a user’s own password, before being uploaded and sent to the recipient via Tutanota’s servers, and then decrypted on the recipient’s device. As a result, no [lain text information ever ytavels “over the wire.” The company’s employees have no method of decrypting the data being sent through its mail servers. As a result, the company cannot be strong-armed by governments to hand over data. Nor is it data-mining your emails to sell intel to advertisers.
“We use end-to-end encryption. That means if you encrypt some data it’s always encrypted on the client, so in the browser, in the app, and it cannot be decrypted except by the person this data was encrypted for,” says co-founder Arne Möhle. “This decryption again happens on the client. So if you send an email this email is encrypted on your client, sent through the Tutanota service and is then decrypted on the receiving client again.”
Tutanota obviously is designed to make it impossible for any government or civilian hacker from ever accessing a user’s information. It will avoid problems such as U.S.-based Silent Circle’s recent shut down to avoid U.S. government demands to hand over information about Silent Circle’s customers. (Silent Circle has since moved its headquarters to Switzerland. Switzerland legally protects the right to private communications, including email, in its constitution.) With Tutanota, the company will never possess information about its users and therefore cannot give any such information to governments or to anyone else.
With Tutanota, a user can send encrypted email messages to non-Tutanota users. However, the recipient must have a password that is known only to the sender. (Tutanota never knows anyone’s password.) When the recipient receives the encrypted email message, he or she is told:
“I have sent you a confidential email via Tutanota. Tutanota encrypts emails automatically end-to-end, including all attachments. You can reach your encrypted mailbox and also reply with an encrypted email with the following link:
“Show encrypted email
“Or paste this link into your browser:
“This email was automatically generated for sending the link. The link stays valid until you receive a new confidential email from me.”
The recipient clicks on the link and is taken to Tutanota’s servers and then must enter the previously-agreed-upon password. The email message is then displayed. The recipient also may optionally reply to the message and the reply also is encrypted. No unencrypted messages are ever stored on Tutanota’s servers.
Tutanota has a freemium business model, with a free version of the product that offers up to 1 gigabyte of storage, and premium paid versions planned to monetize the consumer version in future. While the service is available to all free of charge, donations are accepted. The software is open source, meaning that anyone can examine to source code to look for “back doors” or other security problems. Software is available for Windows, Macintosh, Android, and Apple iOS (iPhone, iPad, and iPod Touch). At this moment, email addresses are available only with the Tutanota.com domain or one of four other domain names owned by the company. However, that will soon change. The company plans to add support for using the service with the user’s own domain.
I signed up today for Tutanota’s service.