Tutanota - open source encrypted email

[pjwalsh]

Quote:

Originally Posted by winstonsmith

What about open source? I don't see this in the list...

Server location, and use of OpenPGP.js, are other important features that should be included in such a comparison.

[rockman]

Quote:

Originally Posted by pjwalsh

Server location, and use of OpenPGP.js, are other important features that should be included in such a comparison.

Why server location? If you treat all remote servers as the adversary with client encryption, this is moot. Yes?

What is the significance of calling out OpenPGP.js?

I keep saying this across many forums: Make email encryption, such as PGP and key management, secure and as easy as using Gmail - you win.

[pjwalsh]

With the latest Tutanota release, 3-letter registrations are allowed.

https://tutanota.com/blog/posts/release-notes-1-9-4

[pjwalsh]

Quote:

Originally Posted by rockman

Why server location?

Because it determines the statutory environment, is important or at least of interest to many users, and is typically disclosed by the other encrypted mail services. The purpose of the table of features is comparison, no?

--
ProtonMail has labels but the table indicates it doesn't, so I don't know how accurate it is? Configurable expiry is a significant feature, not listed. The comparison seems skewed to features Scryptmail happens to have, but maybe that's to be expected.

[rockman]

Quote:

Originally Posted by pjwalsh

Because it determines the statutory environment, is important or at least of interest to many users, and is typically disclosed by the other encrypted mail services. The purpose of the table of features is comparison, no?

Good point. Yes, I agree with you.

Quote:

Originally Posted by pjwalsh

ProtonMail has labels but the table indicates it doesn't, so I don't know how accurate it is? Configurable expiry is a significant feature, not listed. The comparison seems skewed to features Scryptmail happens to have, but maybe that's to be expected.

More good catches. While other services have marketing-driven content too, some do not go nearly into the detail with SCRYPTmail's web site content.

I asked a simple question to the support alias of another email encryption provider, and still have not received a response. I couldn't find the answer publicly documented by them. The question: "What happens when I revoke my key"? That's a fundamentally important detail to know.

[scryptmail]

Quote:

Originally Posted by pjwalsh

Because it determines the statutory environment, is important or at least of interest to many users, and is typically disclosed by the other encrypted mail services. The purpose of the table of features is comparison, no?

--
ProtonMail has labels but the table indicates it doesn't, so I don't know how accurate it is? Configurable expiry is a significant feature, not listed. The comparison seems skewed to features Scryptmail happens to have, but maybe that's to be expected.

I should agree with you. The table requires constant maintenance and would cause more questions than answers. I will take it down with new release. Also, we probably should respect topic and discuss benefit of tutanota nor SCRYPTmail or protonmail.
Which I think, are trying to accomplish different goals.

However I would love to touch server location as it appears two of this particular services putting enormous accent on and I believe driving people's focus from the real problem of quality of service and encryption. If you solely rely on current laws by protecting your data, tomorrow laws can be changed and seemingly excellent protection become mere empty words.

There is good article show nature of Swiss privacy laws: http://www.forbes.com/sites/robertwo...s-prosecution/

Including recent FIFA scandal.

Bottom line, all servers location can be evaluated by Snowden's case. He didn't choose Swiss or Germany, and I bet he has a good reason to do so. He even afraid to travel to Norway to claim award.
Judging by facts location should be in Russia, nor EU or even China.

[popowich]

Quote:

Originally Posted by scryptmail

I should agree with you. The table requires constant maintenance and would cause more questions than answers. I will take it down with new release.

With Sergei's permission I made a copy of the table and will help to keep it updated

It's located here: Encrypted Email Service Providers

[pjwalsh]

Quote:

Originally Posted by winstonsmith

What about open source?

Yes, open source is important, which is why I mentioned OpenPGP.js.

The thread hasn't yet enumerated Tutanota's current features, so from their website -

Implemented Features:
(as of May 15)

• Send / receive end-to-end encrypted emails
• Automatic encryption of subject, body and attachments
• External recipients can answer with an encrypted email (password exchange needed)
• Encrypted storing of all contacts
• Send / receive 'normal' emails, but stored encrypted
• Delete emails physically
• Apps for Android & iOS
• Folder management
• Register one free alias
• Password can be changed, but resetting is impossible for security reasons
• 20 languages available, more will come
• Choose from several domains
• Up-to-date SSL-configuration, plus support of PFS and DANE
• Published Tutanota client code as open source
• Prevent automatic image loading
• Spam protection

Upcoming Features:
(bold in next release)

• Custom Domains (premium)
• Upgrading existing account for business use (premium)
• Adding aliases (premium)
• Contact import
• Adding storage (premium)
• Signature
• Drafts
• Customize notification email
• Two-factor authentication (2FA)
• Conversation view
• Search (currently only search within browser works with ctr+f)
• HTML writing tools
• Multiple email selection
• Encrypted calendar
• Encrypted cloud storage
• PGP support
• Enable offline usage

[pjwalsh]

The Android and iOS apps allow for push notifications of new Tutanota email even if you are logged out.

The apps as well are open source (GPL3), and can be downloaded directly from Tutanota.

https://tutanota.com/blog/posts/get-...or-ios-android

--
They also have a plugin for Outlook.

--
http://tutanota.uservoice.com/knowledgebase

[scryptmail]

Would be nice to see their back-end code to be open sourced as well.

I'm not sure if you can tie openPGP to them, as it require to extract or import recipient public key, and if I remember correct they don't have that option. Or exchange PGP emails with third parties

[rockman]

Correct, and they said PGP is a way off on the roadmap. "PGP is planned but will probably not be available before end of this year."

https://tutanota.uservoice.com/forum...66-pgp-support

[pjwalsh]

Tutanota and Open Source:

https://tutanota.com/blog/posts/open-source-tutanota
June 12

--
https://github.com/tutao/tutanota
https://github.com/tutao/tutanota/releases

[pjwalsh]

Data Privacy Protection: Why Germany?

June 30 blog post. Three or four reasons why Germany is a good choice of jurisdictions for a privacy-focused email service.

[mister]

https://tutanota.de/blog/posts/transparency-report
https://www.reddit.com/r/linux/comme...lv3_publishes/
These guys seem to be garnering an excellent reputation

[zimmermanfan]

Tutanota has partnered with vyprvpn.. apparently there are discounts and/or perks for those using both. Seems like a bizarre partnership, since vyprvpn charges in USD and has no anonymous payment methods.