Tuta (email)

Last updated
Tuta
Tuta logo.svg
Tutanota screenshot.png
Screenshot of Tutanota
Type of site
 Webmail
Available inMultilingual
Headquarters
Germany
OwnerTutao GmbH
Employees14 (Nov. 2020) [1]
URL tuta.com
CommercialYes
RegistrationRequired
Users Over 2 million
Launched2011
Current statusOnline
Tutanota client app
Developer(s) Tutao GmbH
Stable release
220.240321.0 [2] / 21 March 2024;2 months ago (21 March 2024)
Repository github.com/tutao/tutanota/
Written in TypeScript and JavaScript
Operating system Microsoft Windows, macOS, Linux, iOS, Android
Platform x86-64, iOS, Android
License GNU GPL v3
Website tutanota.com

Tuta, formerly Tutanota, [3] is an end-to-end encrypted email app and a freemium secure email service. [4] The service is advertisement-free; it relies on donations and premium subscriptions. [5] As of June 2023, Tutanota's owners claimed to have over 10 million users of the product. [6] The company announced a transition to 100% renewable electricity in March 2019. [7] This decision coincided with employee participation in Fridays for Future protests.

Contents

History

Tutanota logo from 2014 to 2024 Tutanota logo.svg
Tutanota logo from 2014 to 2024

Tutanota is derived from Latin and contains the words "tuta" and "nota" which means "secure message". [8] Tutao GmbH was founded in 2011 in Hanover, Germany. [9] [10]

The goal of the developers for Tuta is to fight for email privacy. Their vision gained even more importance, when Edward Snowden revealed NSA's mass surveillance programs like XKeyscore in July 2013. [11] [ unreliable source? ]

Since 2014, the software has been open-sourced and can be reviewed by outsiders on GitHub. [12] [13]

In August 2018, Tuta became the first email service provider to release their app on F-Droid, removing all dependence on proprietary code. This was part of a full remake of the app, which removed dependence on GCM for notifications by replacing it with SSE. The new app also enabled search, 2FA and got a new reworked user interface. [14] [15] [ non-primary source needed ]

In November 2020, the Cologne court ordered monitoring of a single Tuta account that had been used for an extortion attempt. The monitoring function should only apply to future unencrypted emails this account receives and it will not affect emails previously received. [16] [17]

On 7 November 2023, Tutanota announced it was rebranded to simply 'Tuta'. [18] The former domain name tutanota.com now redirects to the shorter tuta.com. [3]

On 11 November 2023, it was alleged that Tuta was being used as a honeypot for criminals with a backdoor from authorities. An ex-RCMP officer, Cameron Ortis, testified that the service was used as a storefront to lure criminals in and gain information on those who fell for it. He stated authorities were monitoring the whole service, feeding it to Five Eyes, which would disperse it back to the RCMP in order to gain more knowledge about the criminal underground. However, no evidence was ever presented to back up this statement, and Tuta refuted the claim. [19] [20] [21]

Encryption

Tuta offers end-to-end encryption for emails sent from one Tuta user to another. Tuta also encrypts all emails and contacts stored in their servers, [22] [ unreliable source ] "except for email addresses of users as well as senders and recipients of emails" [23] and "date of an email sent or received". [24] [25] Emails sent non-encrypted, are encrypted only between the Tuta user and Tuta servers, and then sent unencrypted to destination user. [24]

Tuta uses a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm - AES with a length of 256 bit and RSA with 2048 bit. [26] [27] [28] [29] To external recipients who do not use Tuta a notification is sent with a link to a temporary Tuta account. After entering a previously exchanged password, the recipient can read the message and reply end-to-end encrypted. [30] [ non-primary source needed ]

Account deletion

Tuta deletes free accounts that have not been logged into for 6 months. According to Tuta, this happens because of security reasons and for keeping the service free. [31]

Tuta has also been GDPR compliant since 2018.[ better source needed ] [32] [33]

Censorship

Tuta has been blocked in Egypt since October 2019, and blocked in Russia since February 2020 for unknown reasons (although believed to be tied to recent actions against services operating outside of the country, especially those that involve encrypted communications). [34]

Future

Tuta is working on a cloud storage platform named "TutaDrive" [35] with a focus on post-quantum cryptography. The project, officially named "PQDrive - Development of a Post-Quantum Encrypted Online Storage," is funded by the German government's KMU-innovativ program (€1.5 million), which supports Small and medium-sized enterprises (SMEs) like Tuta. The project receives further support through a €600,000 collaboration with the University of Wuppertal, which will play a key role in research and development. [36]

See also

Related Research Articles

<span class="mw-page-title-main">Instant messaging</span> Form of communication over the internet

Instant messaging (IM) technology is a type of online chat allowing immediate transmission of messages over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.

Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password and stored for pickup by the recipient, or the message can be sent in cleartext. In July 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

iMessage Instant messaging service by Apple

iMessage is an instant messaging service developed by Apple Inc. and launched in 2011. iMessage functions exclusively on Apple platforms – including macOS, iOS, iPadOS, and watchOS – as part of Apple's approach to inter-device integration, which has been described by media outlets as a means of achieving vendor lock-in.

Tresorit is a cloud storage platform that offers functions for administration, storage, synchronization, and transfer of data using end-to-end encryption. More than 13,000 companies use Tresorit to protect confidential data and share information securely. It is also used widely by Government organizations and NGOs as well as privacy-conscious individuals to protect sensitive data from unauthorized access and data-breaches. As of today, the encryption of Tresorit has never been hacked.

Wickr is an American software company based in New York City, known for its instant messenger application of the same name. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, and are designed for iOS, Android, Mac, Windows, and Linux operating systems. Wickr was acquired by Amazon Web Services (AWS) mid-2021 and discontinued the free version of the app in December 2023.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email addresses for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.

<span class="mw-page-title-main">Signal (messaging app)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice calls, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

<span class="mw-page-title-main">Mailfence</span> Encrypted email service

Mailfence is secure encrypted email service that offers OpenPGP based end-to-end encryption and digital signatures. It was launched in November 2013 by Belgium-based company ContactOffice Group that has been operating an online collaboration suite since 1999.

Proton AG is a Swiss technology company offering privacy-focused online services. It was founded in 2014 by a group of scientists who met at CERN and created Proton Mail. Proton is headquartered in Plan-les-Ouates, Switzerland. It is supported by FONGIT and the European Commission.

NordLocker is a file encryption software integrated with end-to-end encrypted cloud storage. It is available on Windows and macOS. NordLocker is developed by Nord Security, a company behind the NordVPN virtual private network, and is based in the UK and the Netherlands.

A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

<span class="mw-page-title-main">Skiff (email service)</span> Email service and collaboration suite

Skiff is an email service startup company and collaboration tool, that provides privacy-friendly end-to-end encrypted Email and Cloud services. The company's commercial strategy is focused in offering to its clients a Source-Available or Open-Source, transparent and audited Email, Calendar, and Cloud Storage services without trackers or advertisements.

References

  1. "Huge community support enabled us to employ our 14th team member: Welcome Jonas!". Tutanota. 18 November 2020. Retrieved 28 December 2020.
  2. "Release 220.240321.0 (Desktop)". 21 March 2024. Retrieved 29 March 2024.
  3. 1 2 Rudra, Sourav (2023-11-07). "Tutanota Rebranding as 'Tuta': What You Need to Know". It's FOSS. Retrieved 2023-11-07.
  4. Natasha, Lomas (18 March 2015). "Tutanota, An Open Source Encrypted Gmail Alternative, Heads Out Of Beta". techcrunch.com. TechCrunch . Retrieved 4 November 2015.
  5. "Tutanota prices". Tutanota. Retrieved 2022-09-25.
  6. "Celebrate with us: Tutanota reaches 10 million users!". Tutanota. Retrieved 2024-05-14.
  7. "Embracing Sustainability: Tuta's Commitment to a Greener Future". Tuta. Retrieved 2024-05-13.
  8. "What does the name "Tutanota" stand for?". Archived from the original on 2016-07-30. Retrieved 2016-08-06.
  9. "5 of the Best Secure Email Services for Better Privacy". maketecheasier. 23 October 2015. Retrieved 13 March 2017.
  10. "Amtsgericht Hannover Aktenzeichen: HRB 208014" (in German). German Company Register. 18 January 2012. Archived from the original on 22 September 2022. Retrieved 22 September 2022. Gesellschaftsvertrag vom 25.11.2011
  11. "Encrypted Email: The Privacy Alternative to Gmail". StickyPassword. 20 October 2015. Archived from the original on 13 March 2017. Retrieved 13 March 2017.
  12. "Secure Mail Service Tutanota Celebrates One Year Open Source". Tutanota. 2 September 2015. Retrieved 13 March 2017.
  13. "Tutao GmbH". GitHub. Retrieved 2020-07-17.
  14. Ivan (3 September 2018). "How Tutanota replaced Google's FCM with their own notification system". F-Droid. Retrieved 28 November 2018.
  15. "Tutanota Becomes the Go-to Open Source Email Service with an App on F-Droid". Tutanota. 14 August 2018. Archived from the original on 13 August 2018. Retrieved 28 November 2018.
  16. "German secure email provider Tutanota forced to monitor an account, after regional court ruling". msn.com. 8 December 2020. Retrieved 19 January 2021.
  17. Moody, Glyn (9 Dec 2020). "German Court Orders Encrypted Email Service Tutanota To Backdoor One Account". techdirt. Retrieved 6 September 2021.
  18. "Time to celebrate: Tutanota is now Tuta". tuta.com. 2023-11-07. Retrieved 2023-11-07.
  19. "Tuta Is An Independent Company And Not Linked To Five Eyes Secret Services". Tutanota. Retrieved 2023-11-22.
  20. Tunney, Catharine (12 Nov 2023). "Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement". CBC. Archived from the original on 18 Nov 2023. Retrieved 22 Nov 2023.
  21. "Encrypted Email Service Tuta Denies It's a 'Honeypot' for Five Eyes Intelligence". Gizmodo. 2023-11-15. Retrieved 2023-11-22.
  22. "Secure mail for everybody!" . Retrieved 13 March 2017.
  23. "Tutanota Privacy Statement". Tutanota. Retrieved 2022-09-25.
  24. 1 2 "Encrypted email, free & easy". Archived from the original on 12 April 2020. Retrieved 14 November 2020.
  25. Gregory, Samuel. "Temporary Email Address" . Retrieved 28 September 2023.
  26. "What encryption algorithms does Tutanota use?". Archived from the original on 22 March 2015. Retrieved 17 August 2017.
  27. "Security details about the encrypted email service Tutanota". Tutanota. Retrieved 2022-09-25. Tutanota uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end.
  28. Bahar, Zen (2021-12-29). "Tutanota vs. ProtonMail: which one is better?". NordVPN. Retrieved 2022-09-22. Currently, Tutanota and Protonmail are [...] both offering end-to-end encryption.
  29. "AES 256 Is Now Securing All Your Encrypted Tuta Emails". 2024-01-11.
  30. "Tutanota FAQ". Tutanota. Retrieved 2022-09-24.
  31. "Tutanota FAQ Inactive-accounts". Tutanota. Retrieved 2022-09-06.
  32. "Press Inquiries & Media Kit". Tutanota. Retrieved 2022-09-24.
  33. "GDPR-compliant email service: Tutanota offers easy email encryption for all businesses". Tutanota. Retrieved 2022-09-24.
  34. Spadafora, Anthony 18 (18 February 2020). "Tutanota secure email service blocked in Russia". TechRadar. Retrieved 2020-02-22.{{cite web}}: CS1 maint: numeric names: authors list (link)
  35. "The Race Is On: Tutanota Launches Development of Post-Quantum Secure Cloud". Tuta. Retrieved 2024-05-13.
  36. Rudra, Sourav (4 July 2023). "Tutanota Starts Working on Post-Quantum Secure Cloud". It's FOSS News. Retrieved 24 May 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.