Tutanota provides a secure webmail service. The service allows you to send encrypted emails to recipients both within and outside of the Tutanota service. In other words, if someone you know has a Gmail account and you want to send them an encrypted email, Tutanota allows you to do it.
The company is based in Hanover. Germany doesn’t have the best reputation where privacy is concerned—far from it, in fact—but, according to the company, the emails on their servers are all encrypted, including the subject lines, so all they have to hand over to law enforcement, if served with a valid court order, is encrypted data that even the company itself can’t access.
Before you start thinking the system is perfect, however, realize that there are ways that powerful agencies like the NSA or GCHQ could still get at your emails, if they wanted to, but any encryption is a great tool for boosting your privacy, and Tutanota does seem to provide that.
- Free: 1GB storage, one email address, choice of several Tutanota domains.
- Premium, €1/month: One additional user per €1/month. Each user gets 1GB of storage, five aliases and can use their own domain.
- Outlook, €2/month: One additional Outlook user for €1/month, each user gets 1GB storage, use your own domain, integrate Tutanota with your own email server
- 10GB Storage: €2/month
- 100GB Storage: €12/month
- 1TB Storage: €60/month
You can pay with credit cards, PayPal or Bitcoin.
Tutanota encrypts the name of the sender, the recipient and the date of any emails that you send from their system. The system uses AES 128- and RSA 2048-bit encryption. The AES 128-bit encryption is used when emailing someone outside of the Tutanota system. IP addresses associated with emails are stripped by the system.
Encryption is done locally, on your machine. This does provide end-to-end encryption. The downside is that, if your own machine is compromised, your efforts toward privacy could be subverted. Nonetheless, the security here is likely more than adequate for the vast majority of people who want improved privacy.
When you register with Tutanota, you generate your private key, which is encrypted with your password. The company doesn’t have access to your password; it’s never sent in plaintext. Given that is the case, be sure you store it somewhere safe because, if you lose it, Tutanota can’t get it back for you.
Tutanota is entirely open source.
The company goes out of their way to provide all the technical details on their site, a nice bit of transparency on their part.
Tutanota doesn’t offer many surprises when you log in. Enter your username and your password and you’ll be presented with a pretty standard webmail interface.
When you send an email to someone outside of the system, you’ll be presented with the option to set a password.
The recipient gets a notification that they have an email available to them, pictured below.
When the recipient clicks the link, they’re taken to a password-entry screen. After entering the password, the email opens in a Tutanota webmail interface. The recipient can reply to the email, and receive replies, from that box, but not from their own system.
If you send the same recipient another email, the original password expires immediately.
This system isn’t particularly difficult to use; good news for people who want a simple solution for increased email privacy. There are apps for Android and iOS devices, as well.
Tutanota provides an easy way to send encrypted emails. While you’re not likely to be safe from intensive government spying efforts with it, it’s a good option if you don’t want your emails scanned by a free webmail service like Gmail. The integration with Outlook makes it a potentially very valuable product for business users who need that extra bit of privacy protection, as well.
Golden Frog recently partnered with this company. If you’re already a VyprVPN customer, you can get the premium version of the service with 5GB of storage for €1/month through September 24, 2015. It’s definitely worth considering if you use VyprVPN.