Tutanota private email review (+ vs ProtonMail)

Following Edward Snowden’s revelations that everything we do online is spied on all the time by secretive and vastly powerful government organizations, there is a growing demand for more private internet services. This is never more true than with the outdated and highly insecure, yet still essential for most our day-to-day lives, communication system that is email.

Even more than the likes of the NSA, the advent of web based email that is easy to use, can be readily accessed from any internet enabled device, and which is ‘free’ (but which we pay for by allowing the likes of Google to scan every email and use the information it gleans from this to deliver ever more targeted advertising) presents the single greatest threat to our privacy yet seen.

Although by far the most secure and private way to access email is using a stand-alone email client with PGP encryption (see our tutorial on using Gpg4win as an example of this), preferably using a self-hosted email server, this is a fiddly, inelegant solution that involves a sophisticated understanding of using asymmetric key pairs, something which the vast majority of internet users’ have no ability or desire to master. OpenPGP browser plugins such as Mailvelope are easier (if less secure) to use, but are still too complex for most users.

There is therefore an urgent need for a Gmail-like webmail service that provides all the functionality of something like Gmail, but is both more secure, and which will not spy on its users and then monetize that very personal data (it should be understood, however, that no webmail service can protect against targeted NSA-style surveillance, and that simply by virtue of being a privacy-based encrypted service, users will automatically be of interest to government spying organizations.)

In our article on Free privacy conscious webmail options we examine some good privacy oriented alternatives to Gmail (etc.), but the two new services that are getting the most attention from the security community are ProtonMail and Tutanota, both of which have gone to great efforts to make their services attractive to casual users looking for a more secure email solution but without losing all the aesthetics and functionality offered by their current provider.

We reviewed ProtonMail (which is still in beta) earlier this year, and were broadly impressed with. It is a long way from perfect, but ‘is a very easy to use webmail service (on par with Gmail and suchlike) that is much more secure than most such webmail services, and which will not (cannot) spy on all your correspondence in order to deliver targeted advertising.’

As the two services are in fairly direct competition, we think it will be useful in this review of Tutanova (the ‘name derived from Latin and contains the words “tuta” and “nota” which mean “secure message”’) to compare and contrast them, which will hopefully help to highlight the pros and cons of each.

Features

As with ProtonMail, all Tutanota accounts are currently free, but a premium service will be offered soon (Tutanova also accepts donations). It currently offers the following features:

• 1GB storage (forever free)
• Attachments limited to 25MB (for now)
• 1 free alias is permitted (i.e. 2 email addresses). More will be available to premium users
• Everything is encrypted – subject, body, and attachment (ProtonMail currently only encrypts the body)
• Completely open source (code available here)
• Android and iOS apps
• Can not only send encrypted emails to users of regular email (as ProtonMail can), but can receive an encrypted reply from them
• Outlook addon (for premium business users – we did not test this)
• (Upcoming – use webmail services with own domain name)

The killer feature here is clearly the ability for non-Tutanota users to securely respond to encrypted emails (please see update at end of this article). The fact that Tutanota is open source while ProtonMail is not should in theory give it an edge, but Tutanota’s source code has not been independently audited by reputable researchers, while ProtonMail’s, although closed source, has…

Privacy

Much is made of the fact that ProtonMail is based in Switzerland (or at least its servers are, the team hails from Harvard University in the US), which because of its strict privacy laws is widely regarded as privacy-friendly. This is, however, to a large extent an illusion (Google Translate), as data retention laws and NSA-style surveillance are alive and well there.

Tutanota is based in Germany, which also has strict privacy laws, but which also practices widespread surveillance of its own, and is provides the base for the NSA’s extensive European operations. You pays your money and takes your chances…

Tutanota does not use two-factor authentication (although his feature is planned at some stage), but then neither does ProtonMail (which does require two passwords, but as these are each ‘something you know’ rather than ‘something you know and something you have’, does not count as 2FA).

Tutanota provides end-to-end encryption, so email stored on Tutanota’s servers is encrypted an cannot be accessed or decrypted by staff members. When asked how Tutanota would respond if asked ask by the police to identify a user, a Tutanota staff member said,

‘We would refuse requests. Only if a German court issues a warrant, we can be forced to hand over data. However all data on our servers is encrypted and we do not have access to the encryption keys. So the only thing we could hand out is the metadata (from, to, when), we are working on how to conceal these. We do not log IP addresses and anonymous sign up it possible. We strip IP addresses from mails sent and received to guarantee your anonymity.’

This sounds all very reassuring, although the website FAQ does note that IP addresses will be logged if ‘we find out that an account is misusing the system.’ As alluded to in the above statement, Tutanova permits users to sign-up anonymously over Tor, which is good news.

Security

As noted above, Tutanota uses end-to-end encryption, and does not know users’ passwords, which are ‘salted and hashed with Bcrypt on your device before being transmitted’ for login. You should beware that because Tutanota does not store any passwords, if you lose yours then it will not be recoverable!

Emails between Tutanota users are encrypted using ‘a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm’, using 128-bit AES with 2048-bit RSA handshake encryption. Emails to non-Tutanota users are encrypted using AES-128. This sounds pretty secure to us, although we do wonder why the industry-standard 256-bit AES encryption was not chosen.

Although ProtonMail’s use of PGP encryption is arguably stronger than that used by Tutanota, Tutanota’s method allows it to encrypt not just the body of the message, but the subject line and attachments as well, which is a definite feather in its cap. Regular messages sent to non-Tutanota recipients are not encrypted in transit, but are stored encrypted on Tutanota’s servers, as are messages and attachments received that arrive in plaintext.

Unfortunately, all encryption is performed in JavaScript by your browser, so as with ProtonMail, this cannot be considered completely secure against a determined attacker.

Tutanota in use

Unlike ProtonMail, signing-in to Tutanota requires entering a single password, which takes you to the main interface.

The basic interface is cleanly laid out and easy to use, but lacks many of the bells and whistles we have come to expect from a webmail service (the most notable of which is the ability to save drafts).

By default, all emails are sent confidentially i.e. encrypted (this can be changed in the settings), which requires entering an agreed upon shared passphrase that the recipient will know (if this is too short then you will receive an alert, but you can choose to override this). Unlike ProtonMail, there is no hint option, so you will have to agree on a password in advance (preferably in person or using secure IM chat).

If a recipient uses regular email, they will receive an invitation to view your message securely. Note that while the senders name is shown, the subject, body, and attachments are not.

To view your message the recipient follows the supplied link, and enters the agreed upon password.

This where Tutanota really shines, because non-Tutanota using recipients of secure email are assigned a special ‘personal’ account that allows them to respond to the message securely. All messages sent from a specific Tutanota account are also available through this special account.

Early users complained about the basic Contacts manager, but this has now been fixed and seems to be fully featured. Hopefully the ability to save draft messages will also come soon!

The mobile app

A Tutanota app is available for iOS and Android. We tested the Android version.

The app is simple, but is well laid out and works well. As with the web client, emails are encrypted by default

Email Privacy Tester results

We tested both ProtonMail and Tutanota using the Email Privacy Tester tool developed by Mike Cardwell.

ProtonMail results

Tutanota results

A Tutanota spokesperson has made the flowing statement:

‘We know about the failures from https://emailprivacytester.com They are not crucial and we will fix them within the coming months.’

Interestingly, when we performed this test on a Gmail account, it passed with flying colors.

Conclusion

We really like Tutanota. As with ProtonMail, it is certainly not perfect, and should not be considered secure against the NSA – encryption using JavaScript within the browser is not very secure, and Germany is not the ideal location for a privacy service (but then where is?). It is, however, vastly more secure and private than most webmail services, and it has a nice mobile app.

Whether you prefer ProtonMail or Tutanota really depends on what features are important to you – ProtonMail has a much more fully featured interface (Tutanota’s complete lack of a draft function is a total bummer), but Tutanota allows even non-user recipients to reply securely to encrypted emails*, and encrypts the subject line and attachments, in addition to an email’s body.

Both services are currently free (and will continue to offer basic functionality for free), so there is no reason not to try both and see which you prefer (although the waiting list for ProtonMail accounts is quite long). Both services are still under heavy development, so we look forward to seeing how they progress.

*Update 10 March 2015: The ProtonMail team has contacted BestVPN to let us know that its latest update (ProtonMail BETA v1.15 ) allows outside users to reply to encrypted messages securely. Please see here for more details. This is great news, and makes choosing between two services even more than ever a matter of personal choice, with ProtonMail having a much more advanced interface, while Tutanota encrypts headers and attachments. As already noted, both services are under heavy development and are adding new features all the time, which can only be a good thing for users of either one.

Update: As of 13 August 2015 ProtonMail is fully open source.