Tutanota, meaning secure message in Latin, is a German based free webmail service with end to end encryption. Your email messages, attachments and subject are all encrypted in your browser using Javascript with a cipher combination of RSA 2048-bit and AES-128-bit before uploading data to Tutanota mail servers in Germany. The encryption keys remain in your power at all times, the company can’t see anything in plain text, they can’t restore your password or reset your account, anybody forgetting their password loses access to the messages.
If German authorities ever serve Tutanota with a court order to hand over a customer’s email inbox content, the company will of course comply with the warrant but all they will be able to deliver will be ciphered files with no decryption key. According to the email exchange I had with Matthias Pfau, one of Tutanota founders, they do not log IP addresses and only keep timestamps, the details are stored anonymously without any reference to your user account. Each mail in your inbox also contains the mail addresses of the recipients in clear text, kept until you delete the email, Tutanota has some ideas about how to hide the recipients address but it has not been implemented yet.
Encryped webmail Tutanota
You can open a Tutanota email account with minimal details, choose a username and password and that is it. During the very short registration you will find a link to a Wikipedia page with instructions on how to choose a strong password, a coloured meter on the page lets you know if your password is secure enough to withstand brute force attacks.
I appreciated the clean smooth webmail interface giving one click access to the different tabs and folders, with a security tab where you can see a list of of the successful and failed account logins with timestamps, no computer IPs are associated with customer accounts since no IP logs are kept.
Sending an encrypted email in Tutanota is effortless, it does not require customers to manage encryption keys or know much about security. The system is compatible with insecure email services like Gmail or Yahoo. When you send a secure email to somebody who is not on Tutanota, instead of receiving the full text, they receive a message with a link inviting that person to visit Tutanota servers to read the encrypted email, only readable with the correct password and decrypted locally in the browser.
By not sending the email message body, any organisation monitoring Internet traffic will not be able to intercept a copy of the encrypted data. A terrific way to stop mass surveillance on the Internet is to never let the data out on the wild web. The same security system that CIA director General Petraeus was using to communicate for an extramarital affair, he used a dead drop email account and never allowed messages to travel the Internet.
One can assume that the CIA director has classified knowledge to know how to best avoid surveillance, and presumably General Petraeus applied that privileged information to protect his own life, it is possible to learn a lot from observing the experts and copycat them.
Tutanota encrypted email exchange
Tutanota free email service is a major improvement over the dead letter box communication system, the company adds an encryption layer, and the people you communicate with do not have to change anything, they can securely reply to you using the same window where they are reading the received message.
Another important security fact about Tutanota is that they hired a German penetration testing company called SySS to try to find security vulnerabilities in their mail service, like cross site scripting. Tutanota was given an all clear certificate attesting that during the network scan and manual hacking that was attempted by security experts it was not possible for SySS to access any confidential data. If that is not reassuring enough, Tutanota source code is available for download released under the GPL license, you can use it to build your own email client or check it for bugs.
The zero knowledge approach of this email service, their no logs no decryption keys available policy, located outside of the UK and USA, very easy registration and utilization make Tutanota one of the best alternatives to Hushmail. If I have to complain about anything, is that, not being German myself, I do not like getting a .de email address (@tutanota.de), I prefer a .com domain to stop people from assuming I am German.
This security model is the future, spy agencies are not going to stop monitoring data travelling across the Internet, so, you just don’t send it, leave it on the server for others to fetch, superb.
Chris
I gave this a try and I would say that it rivals protonmail. You can carry on an encrypted email exchange even with users who do not have a Tutanota account.
anon-b
I’ve been playing with this a bit and it seems a great solution for occasionally emailing with someone who you know is not going to take the time to learn and implement PGP.
Hacker10
Hello anon-b,
I agree with you, this is what I like from Tutanota, I have given up on telling people to encrypt their email messages and Tutanota allows me to secure my messages even when the other side is careless and regardless of what email service they are using.
hacker10
axcris
But if I send 2 messages one after another, the second will delete the first? So, the first wil not be readable for the recipient?
“This email was automatically generated for sending the link. The link stays valid until you receive a new confidential email from me.”
axcris
problem solved: “it will still be readable! It’s the old notification link that does not work anymore due to security reasons. With the new notification link your friend can access both encrypted messages – and answer with an encrypted email.”
Great job – Tutanota team!
hacker10
Hello axcrid,
Thank you for the update, glad to know it is working for you.
hacker10
Janus
Hi hacker10 and others,
As far as I can see and tell this basic of free version is just for one month.
So this is just a temporary mailbox.
Nice but not what I wanted.
In the future they will be another paid version with more storage. I also miss the total size of the free version, and in the FAQ I only see the size of attachments that are sent can be 25 MB.
So I miss the total size of the inbox capacity.
What is the best free secure mailbox with simple encryption is there after the leaks of Eward Snowden by your way?
Thanks, super webpage and reviews you have!!
hacker10
Hello Janus,
Free does not exist, you pay for it, or somebody else pays for it, sometimes in exchange for showing advertisements or whatever.
If you want truly free and with unlimited space, do it yourself, invest one month of your time setting up a mail server at your home and there you go, you have it free, except electricity and hardware.
Even this blog is not free for you, Google Adsense pays me money in exchange for allowing them to track you on the Internet.
Good luck with your search
hacker10
Janus
Hi hacker10,
I’m sure this blog is free for me because I use more then one protection layer, and the last is Tor. So Tor is not the last layer for me defence. I some way I don’t need it, but because I can I do it anyway. Like you I have some thing with privacy and anonymity because that is what Edward Snowden has proved already.
But anyway, you making reviews about anonymity. privacy and security, and some programs that people can use to protect their privacy. Many times you and other privacy minded people talk about those better programs, so people are harder to track & trace.
Encryption, and end-to-end should defend people so nobody cloud read their email. And some of those companies cannot even do that like Tutanota. Some have privacy high on their agenda and are against these spy agencies like startpage, duckduckgo and Protonmail I believe. Now you say we pay anyway.
Hmm that part I don’t understand, can explain that to me (and others)?
If we pay anyway what’s the use of this page, and why make these reviews?
Ooh, and what do you think is the best mail solution there are so many, and I do not have the time to read all your reviews. But I try to read them all.
Not that I do not wanna read them all, but I have found your page just a few weeks ago.
Many thanks,
Janus
Hacker10
Hello Janus,
I will never ask for payment, somebody else is paying for you to have this blog for free.
My best free email is Tutanota. I understand that you are not happy with them but it works for my needs.
Best of luck
hacker10
Janus
Hi hacker10,
It’s not that I’m not happy, but I missed in your review that Tutanota is a temporary mailbox. (one month) so I saw that after the sign-up.
It work perfect and fast, but I though there was no limit in use. Perhaps you could tell that in your next review would be very handy for those that think there is no time limit.
For the rest, also best of luck, and thanks for the good
work. Gonna follow this page for a long time.
P.S. I hear lot’s of good stuff of a vpn from Sweden called Mullvad I believe. So maybe you can do a review about them If you like.
Thanks for your answer.
Janus
Hacker10
Hello Janus,
I had no idea Tutanota is only for one month, on their page it says very clear “Forever free”.
I have an account with them and it is still working.
hacker10
Janus
Hi hacker10,
When i was looking in the F.A.Q. there is this line:
Is there a minimum term for Tutanota?
After your two-weeks trial (free of charges), the minimum term is one month. Each account for Tutanota is billed monthly. If you delete accounts, they will not be billed the next month.
So, I think this is for the basic (free version.
But maybe it’s for that premium version later.
How long do you have your account?
Janus
Hacker10
Hello Janus,
I believe that what you are quoting belongs to the paid for version, but to be sure you would have to contact Tutanota staff.
I have had my free account for more than a month.
hacker10
Janus
Hi hacker10,
Just revieved the answer back from them.
Hello Janus,
thanks for your question. The basic version is forever free with 1 GB of free storage included. The “free trial” refers to the Outlook Addin, not the webmail client that you have signed up for. We haven’t started to sell premium features yet.
We would be very happy if you referred Tutanota to your friends!
Best,
Hanna
Hacker10: Thanks for all, and this little problem is solved.
Janus
Hacker10
Hello Janus,
Thanks for the update, good luck.
hacker10
Jeff
Hi hacker10,
maybe it’s of interest that Tutanota is launching their Android app on Monday?! I’ve already tested the beta version, makes it much more convenient!
Great blog, thanks for your work!
Jeff
Hacker10
Hello Jeff,
That is great news, Tutanota is one of my favourite email services that this is a nice addition.
hacker10
Sarah
Good news: Beta Time Is Over!
http://blog.tutanota.de/beta-time-is-over-release-notes-1-9/2015/03/24/
Mike
Check out https://tutanota.de/blog/ for news. They are actually working on
Encrypted cloud storage
Encrypted calendar
Custom domains
PGP and S/MIME-Support
2-factor Authentication
Mike
vel
So I was going to give this a try as a friend of mine recommended it. Is it really a FREE service? When I read the terms and conditions it was asking for me to provide my banking information…Im sorry, but if a company/program is offering their encryption service for free, why ask for banking information if they will be charging to use the services?
Sarah
@vel
Tutanota for private users is free service
https://app.tutanota.de/#register
Tutanota for business is not free service
https://tutanota.de/outlook
victorio
Dear Vel, this is TutaNota price overview: https://tutanota.de/pricing
As you can see TutaNota has a free solution and you not have to provide any personal information. Best regards!