Type of site | Webmail |
---|---|
Available in | Multilingual |
Headquarters | |
Owner | Tutao GmbH |
Employees | 14 (Nov. 2020) [1] |
URL | tuta |
Commercial | Yes |
Registration | Required |
Users | Over 2 million |
Launched | 2011 |
Current status | Online |
Developer(s) | Tutao GmbH |
---|---|
Stable release | 220.240321.0 [2] / 21 March 2024 |
Repository | github |
Written in | TypeScript and JavaScript |
Operating system | Microsoft Windows, macOS, Linux, iOS, Android |
Platform | x86-64, iOS, Android |
License | GNU GPL v3 |
Website | tutanota |
Tuta, formerly Tutanota, [3] is an end-to-end encrypted email app and a freemium secure email service. [4] The service is advertisement-free; it relies on donations and premium subscriptions. [5] As of June 2023, Tutanota's owners claimed to have over 10 million users of the product. [6] The company announced a transition to 100% renewable electricity in March 2019. [7] This decision coincided with employee participation in Fridays for Future protests.
Tutanota is derived from Latin and contains the words "tuta" and "nota" which means "secure message". [8] Tutao GmbH was founded in 2011 in Hanover, Germany. [9] [10]
The goal of the developers for Tuta is to fight for email privacy. Their vision gained even more importance, when Edward Snowden revealed NSA's mass surveillance programs like XKeyscore in July 2013. [11] [ unreliable source? ]
Since 2014, the software has been open-sourced and can be reviewed by outsiders on GitHub. [12] [13]
In August 2018, Tuta became the first email service provider to release their app on F-Droid, removing all dependence on proprietary code. This was part of a full remake of the app, which removed dependence on GCM for notifications by replacing it with SSE. The new app also enabled search, 2FA and got a new reworked user interface. [14] [15] [ non-primary source needed ]
In November 2020, the Cologne court ordered monitoring of a single Tuta account that had been used for an extortion attempt. The monitoring function should only apply to future unencrypted emails this account receives and it will not affect emails previously received. [16] [17]
On 7 November 2023, Tutanota announced it was rebranded to simply 'Tuta'. [18] The former domain name tutanota.com now redirects to the shorter tuta.com. [3]
On 11 November 2023, it was alleged that Tuta was being used as a honeypot for criminals with a backdoor from authorities. An ex-RCMP officer, Cameron Ortis, testified that the service was used as a storefront to lure criminals in and gain information on those who fell for it. He stated authorities were monitoring the whole service, feeding it to Five Eyes, which would disperse it back to the RCMP in order to gain more knowledge about the criminal underground. However, no evidence was ever presented to back up this statement, and Tuta refuted the claim. [19] [20] [21]
Tuta offers end-to-end encryption for emails sent from one Tuta user to another. Tuta also encrypts all emails and contacts stored in their servers, [22] [ unreliable source ] "except for email addresses of users as well as senders and recipients of emails" [23] and "date of an email sent or received". [24] [25] Emails sent non-encrypted, are encrypted only between the Tuta user and Tuta servers, and then sent unencrypted to destination user. [24]
Tuta uses a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm - AES with a length of 256 bit and RSA with 2048 bit. [26] [27] [28] [29] To external recipients who do not use Tuta a notification is sent with a link to a temporary Tuta account. After entering a previously exchanged password, the recipient can read the message and reply end-to-end encrypted. [30] [ non-primary source needed ]
Tuta deletes free accounts that have not been logged into for 6 months. According to Tuta, this happens because of security reasons and for keeping the service free. [31]
Tuta has also been GDPR compliant since 2018.[ better source needed ] [32] [33]
Tuta has been blocked in Egypt since October 2019, and blocked in Russia since February 2020 for unknown reasons (although believed to be tied to recent actions against services operating outside of the country, especially those that involve encrypted communications). [34]
Tuta is working on a cloud storage platform named "TutaDrive" [35] with a focus on post-quantum cryptography. The project, officially named "PQDrive - Development of a Post-Quantum Encrypted Online Storage," is funded by the German government's KMU-innovativ program (€1.5 million), which supports Small and medium-sized enterprises (SMEs) like Tuta. The project receives further support through a €600,000 collaboration with the University of Wuppertal, which will play a key role in research and development. [36]
Instant messaging (IM) technology is a type of online chat allowing immediate transmission of messages over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.
Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password and stored for pickup by the recipient, or the message can be sent in cleartext. In July 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.
End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.
The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.
Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.
LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.
iMessage is an instant messaging service developed by Apple Inc. and launched in 2011. iMessage functions exclusively on Apple platforms – including macOS, iOS, iPadOS, and watchOS – as part of Apple's approach to inter-device integration, which has been described by media outlets as a means of achieving vendor lock-in.
Tresorit is a cloud storage platform that offers functions for administration, storage, synchronization, and transfer of data using end-to-end encryption. More than 13,000 companies use Tresorit to protect confidential data and share information securely. It is also used widely by Government organizations and NGOs as well as privacy-conscious individuals to protect sensitive data from unauthorized access and data-breaches. As of today, the encryption of Tresorit has never been hacked.
Wickr is an American software company based in New York City, known for its instant messenger application of the same name. The Wickr instant messaging apps allow users to exchange end-to-end encrypted and content-expiring messages, and are designed for iOS, Android, Mac, Windows, and Linux operating systems. Wickr was acquired by Amazon Web Services (AWS) mid-2021 and discontinued the free version of the app in December 2023.
TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.
Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.
Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email addresses for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.
Signal is an encrypted messaging service for instant messaging, voice calls, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.
Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.
Mailfence is secure encrypted email service that offers OpenPGP based end-to-end encryption and digital signatures. It was launched in November 2013 by Belgium-based company ContactOffice Group that has been operating an online collaboration suite since 1999.
Proton AG is a Swiss technology company offering privacy-focused online services. It was founded in 2014 by a group of scientists who met at CERN and created Proton Mail. Proton is headquartered in Plan-les-Ouates, Switzerland. It is supported by FONGIT and the European Commission.
NordLocker is a file encryption software integrated with end-to-end encrypted cloud storage. It is available on Windows and macOS. NordLocker is developed by Nord Security, a company behind the NordVPN virtual private network, and is based in the UK and the Netherlands.
A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geo-blocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.
Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).
Skiff is an email service startup company and collaboration tool, that provides privacy-friendly end-to-end encrypted Email and Cloud services. The company's commercial strategy is focused in offering to its clients a Source-Available or Open-Source, transparent and audited Email, Calendar, and Cloud Storage services without trackers or advertisements.
Gesellschaftsvertrag vom 25.11.2011
Tutanota uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end.
Currently, Tutanota and Protonmail are [...] both offering end-to-end encryption.
{{cite web}}
: CS1 maint: numeric names: authors list (link)