Tutanota Germany-based encrypted webmail

Discussion in 'privacy technology' started by dogbite, Jul 6, 2014.

  1. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,804
    Tuta nota is Latin for secure message so it does have a worthy meaning, but I agree in modern English it looks and sounds kinda nonsensical as one word.
    But, you know at least you can impress people that don't know Latin if they question it so it might actually work in your favour at a job application lol
     
    Last edited: Dec 7, 2017
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,659
    Location:
    UK
    Of course, if you go for the paid account, you can use your own domain.
     
  3. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,804
    I had another look at Tutanota, they do have alternate free domains too like keemail.me.

    Their security model is very good.
    As is their signup process.
    • Download app
    • Enter desired username
    • Enter password
    That's all there is to it, none of the surveillance state BS you would normally associate with signing up to online services. No phone numbers no mothers maiden name no home address no secret questions no capture code bs either.

    Email is stored encrypted and they cannot decrypt it themselves because your encryption key is never sent to them. A bcrypt hash is created from your encryption key, this is used to log in.
    Email is retrieved, still encrypted, then decrypted on your own device.
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,293
    Four Years of Easily Encrypted Emails: Together We Are Stopping Mass Surveillance.
    April 18, 2018
    https://tutanota.com/blog/posts/secure-mail-turns-four
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,659
    Location:
    UK
    An additional feature of Tutanota's paid service is an alias facility. These are full addresses, although you cannot do any wildcarding or dynamic addresses. They are also moderately costly, you can extend beyond the standard 5 aliases included.

    The nice thing is that these are valuable in keeping your real address pristine and protected, and to an extent, limiting privacy exposures from back-end correlation between people trading email addresses. Rather obviously, Tutanota's business model is also not that of Google's.
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,332
    Location:
    USA still the best. But getting worse!
    Are there alternatives @.... there instead of @tutanota.com? If so link to those please.
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,534
    tutanota.com
    tutanota.de
    tutamail.com
    tuta.io
    keemail.me
     
  8. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,659
    Location:
    UK
    And the accounts on each are distinct - some people were confused whether they registered on com or de for example.
     
  9. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,332
    Location:
    USA still the best. But getting worse!
    Thank you. If I jump it'd probably be tutamail.com. Less confusing to others. Wish Tutanota had more alternatives.

    Again if & or when I jump. I dread notifying all who have the old address of the new address. Is there a hold your hand tutorial on how to do this? Like the USPS movers guide. And unlike porting a phone number somebody can get my old email address. What to do about that?
     
  10. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,659
    Location:
    UK
    I think it depends on your desired use of your new address, and why you are moving from the old one(s).

    You could, for example, retain the old address and forward it for a while to the new one. Tell those you want to know about the new one. As I've indicated, it can be valuable to never/rarely give out your "real" address, at least with the aliases you can bin them if they get spammed, and it would be less impactful anyway.
     
  11. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    4,332
    Location:
    USA still the best. But getting worse!
    Also with the paid email providers I want to import all my 20 years of emails.

    How the **** do I know how much space I'll need to buy? Cause that'll influence if, what or when I buy.

    My reason for strongly wanting to switch to a paid service is everybody is changing their TOS. I'm getting 3+ change of TOS each month. I got one from Garmin GPS for example.
     
  12. longshots

    longshots Registered Member

    Joined:
    Oct 20, 2017
    Posts:
    61
    Location:
    Australia
    @zapjb - you don't have to give up your old address just because you move to a new one. You would have to check the TOS which should indicate how long an account can remain dormant before deletion. I found the easiest way to keep any accounts that I didn't want deleted was by sending 1 email every 3 months from that account. And if you use an app like PopPeeper to monitor the old account it's even easier.
    And I apologise in advance if anything I say is offensive [that is not my intention], but WTF are you doing with 20 years of emails?? I guess there may be a reason to keep some older stuff, but 20 years? Any email I receive is lucky to stay alive 20 hours. As an aside, my mobile has NO sent or received texts/calls listed either. I'd hate to see yours. [be gentle with your reply]
    I use the paid version of Protonmail and find it serves me well. But I agree with @deBoetie about giving out real addresses. I have 5 outlook.com addresses which I use when needed to register at different websites - ebay, Amazon, etc.
    When, and or if, I decide to [semi]trust that account I change my email to the next level - outlook.com address 4. May sound fiddly but it works for me. Here I just used a Protonmail alias, cos you'll seem like such nice folk.
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,659
    Location:
    UK
    @zapjb - I'm not clear how you want to store all your historical email. The classical way of doing so is to employ local storage derived from pop3 or Imap download (either by Outlook or Thunderbird). For a lot of reasons, I don't want to leave my digital life on a web-service account anyway. It's not something I'd choose to put on Tutanota either, even if that were possible.

    There are some reasonable tools for searching the offline mail archives and the files can clearly be encrypted and not cloud-based. Cost of local storage is negligible.

    If you want to have more control and moderate costs (at the expense of not having encrypted email or 2fa), then a good hosting/domain provider should be able to do this for you on a domain you procure. Some also allow wildcard/dynamic aliasing. Then, the only Tos you're dependent on is that of the hosters, whose business model should not be scanning your content!

    The other service I'm using is 33mail which allows dynamic on the fly email alias forwarding, which allows you to provide unique email addresses to any account handle. You don't have to pre-provision.

    I'd caution from having too much faith in email system integrity/privacy/security. Even with Tutanota/Protonmail, you're only really end-to-end encrypted on the service itself.
     
  14. Abdallah

    Abdallah Registered Member

    Joined:
    Oct 28, 2013
    Posts:
    124
    Location:
    N/A
    Anybody know how such services deal with govt requests? I mean account deletion and so.
     
  15. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,804
    Do you know of any instances where that happened?
     
  16. Abdallah

    Abdallah Registered Member

    Joined:
    Oct 28, 2013
    Posts:
    124
    Location:
    N/A
    Just to know, because some E2E encryption services responded to such type of requests in the past by giving meta data or deleting/suspending user accounts
     
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,050
    A headsup on tutanotas updated T&C

     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    8,293
    Public Beta of the New Tutanota Android App Has Started. Get the Brand-New App Now!
    July 12, 2018
    https://tutanota.com/blog/posts/secure-mail-android-app-beta
     
  19. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,075
    Nice read. I am NOT a member of the beta testing community on this project so I'll have to wait awhile to try the U2F supported new beta client. I am patient so no worries. A quick read through shows end to end encryption and zero knowledge for their build strategy, which I love if it is completely true. Combined with absolute full blown U2F I'ld have to give it a serious look under the hood. When it comes to my "real name" emails I am confident in the security of Google, but it sucks knowing they can read anything they want at anytime regardless of how they might word that they won't. Google could hand over all my content with a simple court order. I am not a sought criminal or anything, but its not too reassuring knowing your entire history is an open book to your provider.
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,188
    I tried them again recently via Tor. And had no hassle getting a working account.
     
  21. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,050
    Can I ask, was there a stand down period at all before you could use the account?
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,188
    Maybe a day, as I recall.
     
  23. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,050
  24. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,804
    Hmmm I wonder whats with the single account rule. With terrabyte drives at $50 its not like storage is a premium thing nowadays.
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,188
    How would they know how many accounts one might have? If they do, you've been careless.

    And this isn't like having multiple forum accounts, for playing sock puppet games. There are entirely defensible reasons to have multiple unlinked email addresses. I've probably had hundreds of them. Mostly abandoned, of course. But whatever ...
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.