Your secure mail service Tutanota has just become more secure! We are happy to announce that we have enabled two-factor-authentication (2FA) for our encrypted Tutanota beta client. We are now working hard on making the client ready for the public beta release in September.
Non-profit organizations (NPOs) need office tools - just like any other business. However, as they use their time and money not to make profits but to improve our society, they should be able to use these tools for free. That's why we have partnered with Stifter-helfen and tech-soup. Now, NPOs can get Tutanota Premium for free!
Data leaks are becoming more and more common - small leaks don't even make it into the news anymore. Recently, there has been an enormous data leak, though, that could have been easily prevented with encryption: A US marketing firm has stored data of 198 million US voters for an unknown period of time easily accessible in the cloud.
The Internet as we know it is a magnificent space where everyone has the right to share their thoughts freely. However, people living in dictatorships experience a much different Internet: Censorship, blocking of major sites or social media platforms are normal to them. If we allow Internet Service Providers (ISPs) to decide what content they want to show us and what content they want to block, this is exactly how we can expect our future Internet to look like. To protect freedom of speech and democracy, we must fight for net neutrality now.
This release is a bug fix release. After our last update the Tutanota emails were not viewed correctly in Chrome browsers on mobile. This has now been fixed.
We are excited to announce that we have added a dark theme to our new Tutanota client. At the moment the new client is still in private beta. But as we have fixed a lot of bugs now, this release is a big step towards the public beta release later this year.
This is Tutanota's transparency report and warrant canary information. While in Germany a gag order is legally not possible, we want to give you peace of mind by publishing a warrant canary. The transparency report is updated every six months. We only release individual mailboxes if we receive a valid German court order. All email content (subject, body, attachments) is end-to-end encrypted, and we cannot decrypt any of this data.
Everybody knows that data protection laws in Germany are very strict, and that German companies are compelled to protect their users' data by law. Nevertheless, also in Germany politicians call for access to users' data to prevent crimes such as terror attacks. This is heavily debated in the media because of Germany's history with state surveillance (ie. the Stasi in former East Germany). While this discussion is much needed to stop the authorities from getting excessive access to citizens' data, it also makes the situation confusing. This post sheds some light into the current situation of data protection laws in Germany.
Terror attacks are tragic. Terror attacks make each one of us long for security. That's why politicians repeatedly call for more surveillance after every terror attack. Most famously Theresa May, who wants to rip up human rights laws to fight terrorism. However, compelling data shows that more surveillance won't help at all: Every identified Islamist terrorist in Europe who killed innocent people with a terror attack since 2014 was already known to the authorities prior to the attack.
Tutanota, the world's first end-to-end encrypted mail service, has recently joined the Open Invention Network. Tutanota joins companies such as Google, IBM, NEC, Red Hat and SUSE, who are all part of OIN. OIN enables open source developers to freely develop and share their work while being protected from patent suits. All members of OIN have joined to voice their support for the principle of non-aggression. We at Tutanota are happy to be part of OIN and to do our share to support and strengthen the open source community.
With just one year to go before the General Data Protection Regulation (GDPR) goes into force, privacy-focused online services have come together to highlight the crucial role of encryption in achieving GDPR compliance. As a key technology to protect employee and customer data, encryption helps organizations reduce GDPR compliance costs and avoid heavy fines.
The WannaCry ransomware attack that affected more than 200.000 computers was also the fault of the NSA and Microsoft. While Microsoft is now offering a patch, the lesson we have to learn from this attack is that we need a different approach so secure the Internet: The open source approach.
The encrypted mail service Tutanota helps over two million users to share their mails securely - also with attachments. However, when the attachments get too large people and businesses need encrypted cloud storage as well. We've spoken to Istvan Lam, CEO of Tresorit, about our shared goal to make end-to-end encryption a tool to be used by the masses.
Two weeks ago a massive email bomb has been executed against Tutanota's main contact mailbox firstname.lastname@example.org, which sent 500.000 newletters to this mailbox rendering it useless. The attacker has automatically signed up Tutanota's main mail address to thousands of online newsletters so that confirmation request mails hit the hello-mailbox continuously. Until we implemented a protection method around half a million unwanted mails were received.
Your connection to Tutanota is protected with an extended validation SSL certificate and Perfect Forward Secrecy. In addition your secure Tutanota mail supports DANE. The DANE protocol effectively protects against MITM attacks and should be implemented by all mail providers.
On Friday we had to replace one broken hard drive. During this process mails that had already been deleted had been accidentally restored. This affected around 10.000 Tutanota users (around 0.5%), who were not able to access all mailbox folders (ie. inbox or drafts). We fixed this problem Saturday evening.
On April 3, 2017, President Trump signed a bill which was designed to cut out all of the FCCs protective laws for consumer internet use in the US. This action effectively opened the floodgates for advertisers and increased the reach of government procurement on data generated by private citizens.
Only recently the American Senate passed S.J.Res 34, an anti-privacy law that allows American ISPs to sell their customers' internet history to the highest bidder. Now activism online against the bill is spreading like fire, one activist even started a fundraising campaign to buy politicians' browsing history. We think this idea is simply amazing and judging from a German example it might actually work.
Our website will be down for server maintenance for about eight hours starting at 10:30 PM (CEST) April 4th. Your encrypted mailbox will still be accessible via app.tutanota.com or via our free and open source Android and iOS apps.
We are excited to release Tutanota Three in private beta. This is our biggest update to Tutanota since we have started building our secure mail client with automatic encryption five years ago. We have re-build Tutanota from scratch to give it a fresh design, to improve performance and to make it fit for the future. Lots of Tutanota users have already signed up for the private beta and will now start testing our brand new client. The public beta will follow shortly, so stay tuned!
Since January 2017 secure mail service Tutanota is seeing an exponential growth in users. This trend has started in the second half of 2016, but has really taken off recently. Simultaneous to this development privacy-focused search engines like Qwant.com and duckduckgo.com are also growing quickly. The reasons - as our users tell us - are not only to be found in politics, but politics do play a big part.
Google has pulled out of E2EMail last week, making it very unlikely that automatic end-to-end encryption will ever be available to millions of Gmail users. It seems as if for Google promising real encryption was only a marketing move after the Snowden revelations in 2013.
Cloudbleed Revealed Personal Information - And: What Is the Real Danger Behind a Service Like Cloudflare?
Cloudflare published a serious bug in its software that revealed user passwords, authentication tokens and cookies of millions of websites. Tutanota was not affected as your secure mailbox does not use Cloudflare or any similar service. But if you are using your Tutanota password for any other service (which you shouldn't!), change it right away. It may be accessible to whoever is looking for it somewhere on the internet.
Now that the Trump family is using encrypted Tutanota emails, the NSA is deeply saddened by the fact that they cannot read Trump's emails anymore. Reliable sources report that the NSA is looking into alternative observation methods to monitor Trump's communication. Now, for the first time, the NSA has deployed radio chips secretly inserted into the POTUS' brain.
After the recent scandal revealing that Trump campaign aides have had repeated contacts with Russian intelligence in 2016, the entire Trump family seems to turn towards encryption to protect their private communication. Several encrypted Tutanota mailboxes were registered yesterday alone with distinct names of Trump family members.
This week well-known German journalist Christian Stöcker posted a commentary with a rather terrifying thesis: Only the bad relations between Trump and the NSA are currently stopping him from abusing the NSA to use this surveillance apparatus for anti-democratic purposes. The US authorities need to prevent him from using their tools to oppress the press and political opponents.
Today is Data Privacy Day. Many people are still not aware of the importance of privacy and how it is being invaded on a day-to-day basis. Yet the invasion of our privacy affects each and every one of us, and it is crucial to spread the word about it.
Eight years ago many people hoped in vain that Obama would reduce NSA surveillance. Now many fear that US surveillance will become even worse under Trump's rule. But faith and fear are wrong guides when it comes to protecting your privacy: Precaution is what we all need.
A couple of months ago we introduced the option to buy additional storage when you need more than the 1 GB that every account gets for free. While we trusted people would be honest and upgrade voluntarily, we had to learn otherwise. With this update we enforce the storage capacity limit for every mailbox.
The highest court in Europe ruled this week that "general and indiscriminate" data retention directives are against European Union law. This is a great victory for our right to privacy. It calls into question many recent surveillance laws passed by European Union member states such as the United Kingdom, Sweden and Germany.
With this update we have significantly improved spam handling by adding DKIM and DMARC to Tutanota. In addition we are changing our support system. Up to now we have answered all support requests. However, with well over one million users, we need to put more time into development than answering innumberable emails every day.
Today's release again contains a couple of bug fixes as well as the possibility to login from not officially supported browsers.
Five years ago we have started our journey to create the most secure email service. Today we see that a growing number of people around the world are turning to encrypted email because they understand the value of their data. This gives us reason to celebrate because only with strong end-to-end encryption we can protect our right to privacy!
Every second person already distrusts companies in using their personal data correctly. Interviews done by Boston Consulting in Europe and in the USA show that this figure could grow immensely as more and more data breaches become public.
Tutanota is an innovative end-to-end encrypted email system that takes your privacy seriously. With the built-in encryption only you can access your data. Tutanota is your fully secure email service that also comes with Android & iOS apps. We continuously improve Tutanota so stay tuned for our upcoming features!
In Germany journalists uncovered that the browser add-on Web of Trust (WOT) saves users' surf history to sell this data. While the company claims that the data being sold is anonymized, the journalists were able to identify several users, among those journalists, judges, policemen and politicians of the German government.
Automatic encryption is one thing that is at the heart of Tutanota, but your secure email can do much more. In the last two years we have implemented several features that most users don't know about. Read on and find out what your encrypted mailbox can do for you!
It is still unbelievable to us that Yahoo gave access to all their email accounts to US authorities. This recent publication of years and years of online surveillance shows again how easy it is to monitor everybody - when the data is not being encrypted. This is why Tutanota encrypts all mailboxes by default.
Some users were experiencing a bug that prevented logging in as external recipient. So here is a small bug fix release.
Today is German Unity Day: On October 3rd in 1990, Germany became one. At the same time it became a truly democratic country. The oppressive system of the German Democratic Republic (GDR) was ended and with it an immense surveillance apparatus disappeared. This is an extremely joyful moment to all Germans, yet, it also has to remind us that we can't take the freedoms we currently enjoy for granted.
Our new release contains a couple of bug fixes as well as the possibility to take over you Tutanota email from your deleted account and re-use it in your Premium account. Just enter your Premium account email address when deleting your old account.
Last Sunday Swiss people voted in favour of a surveillance law which will enable Swiss intelligence agencies to tap phones and snoop on email. 65,5% of the Swiss voted in favour of it. This is the first direct vote in favour of more surveillance in Europe. Does that mean the majority of us wants to be monitored?
Today we are very happy to present an updated version of Tutanota that brings lots of improvements: As many of you requested, you can now get additional storage and additional aliases. If you are using Tutanota with your custom domain, you can now use catch-all.
Today we have released a bug fix for the Tutanota web application.
This week we are celebrating our first Premium release one year ago. The low price for Premium of only 1 Euro per month immediately led to thousands of users upgrading, simply because they wanted to support our privacy-focused email service.
We at Tutanota want to provide you with the most secure email service possible. That's why we have invested a lot of time and effort into updating our encryption algorithms. In the future we will also be looking into ways to make your encrypted mailbox resistant to attacks from quantum computers. Please excuse if we have a short downtime during the release.
Democracies Have Developed Into Surveillance States - Now This Power Could Fall Into the Hands of Extremists
Democracies have created powerful surveillance structures, similar to the ones already being used by current despots. Out of fear from terrorists democratically elected governments around the world have limited everybody's basic rights as citizens. Future authoritarian politicians will use this power against their own enemies: journalists, the opposition, human rights activists, and many, many more.
Surveillance around the world increases, recently fueled by terrorist attacks in France and Belgium. Sadly, the German government is no exception with Merkel saying 'when in doubt we favor security'. However, the German Constitutional Court has proven again that it is an important defender of our right to privacy.
We have partnered with Una to bring to you the most private and secure smartphone: the UnaPhone Zenith. We at Tutanota and Una believe that a phone should not be your personal surveillance device, but simply your personal phone, where all the data remains with you and cannot be exploited.
In case you are already using Android 6 with cloud backups switched on and stored your Tutanota password in the app, please update the Tutanota app immediately to version 2.9.6; then change your password.
Tutanota and Qabel share one goal: Every piece of data has to be encrypted. By developing software that automatically encrypts all data end-to-end, we want to achieve that encryption becomes mainstream. This will enable us to put an end to the illegal mass surveillance online.
After Brussels Attacks Politicians Blame Encryption - Again. For the Sake of Our Freedom, Please Stop!
After the tragic attacks on Tuesday in Brussels, Politicians again rush to blame encryption - even though there is no evidence that the terrorists even used encryption.
We are happy to update the mobile apps for our secure email service Tutanota today! Now you can also use multi-select in the Tutanota apps. Please note: It might take a few hours/days until the new app version is pushed to the stores.
Two years after our first beta release of Tutanota, we have now reached one million users! This is big step for online security because Tutanota automatically encrypts emails end-to-end. Already every second email sent with Tutanota is end-to-end encrypted. This makes illegal mass surveillance of Tutanota mailboxes impossible.
Due to a security update on the Tutanota servers we will expect a short downtime around 16:00 UTC. We will patch the servers because of the security issue CVE-2015-7547 in the operating system.
Today we are happy to announce that you can use inbox rules as a Premium feature! After an intensive internal discussion, we have decided that inbox rules is a feature that only heavy email users who are willing to upgrade need. We keep the price for Premium as low as possible so that everyone can afford it: It’s only 1 Euro per month.
More than four years ago we started building Tutanota. The challenge we were faced with was automatising the key exchange so that every user can encrypt their emails without any hassle. But at the same time we had to make sure that we don't have access to the private keys of our users.
After our draft release yesterday, we experienced some bugs that we wanted to fix immediately. So here is a small bug fix release.
Obviously, Tutanota is located in Germany because it is being built by German engineers. However, we could move our servers to any place in the world. Instead, we decided to place them in Germany. Here is why.
As several of you have noticed, we have a new addition to our Support Team: Meike. We are very happy to welcome Meike and to have her on board here at Tutanota! Most of your questions to us will be answered by her while technical requests are mainly handled by one of our developers.
We are happy to release Tutanota 2.6 today. We have further improved spam protection and fixed minor bugs.
In November, the Interior Minister of Germany, Thomas De Maizière, signed a charta to strengthen confidential communication online. This charta states that is supports and promotes strong end-to-end encryption. While around the world surveillance measures are on the rise, Germany wants to become 'Encryption Site Number One'.
This week the German company Vodafone started an encrypted email service for businesses called 'Secure Email'. We welcome their contribution in making our communication as a whole more secure. It is always good to have competition so that we work even harder in making Tutanota the easiest and most secure email service available to everybody!
We are thrilled that the first version of the Tutanota app has been released for Firefox OS this week. As the Mozilla Foundation and Tutanota share the same goal of making the Web open, accessible and secure, this is the perfect place for our app.
Four years ago we have started our open source project as entrepreneurs at Leibniz University Hanover. Even back then - two years before the Snowden revelations - we were appalled by the common use of surveillance techniques to which email was and is very exposed. We wanted to build the easiest and most secure email service to stop the snooping on all citizens.
We are happy to release Tutanota 2.5 today. With this release we greatly improve spam management. Now each admin can create and manage black- and whitelists for all users.
After the tragic terrorist attacks in Paris, politicians around the world are - again - pushing for more surveillance laws. In doing so they neglect a simple truth: Mass surveillance does not increase security.
Switzerland plans to revise their data retention law BÜPF so that all communication data (post, email, phone, text messages, ip addresses) can be stored for 12 months. The opponents of this law even say that it would allow the monitoring of mobile phones and the installation of trojans on computers, tablets and mobile phones.
We are building Tutanota with WebStorm, an excellent tool for developing web projects. This blog post is for all those guys that are interested in web and software development.
A couple of days ago we have initiated an update of our DNSKEY for tutanota.de and app.tutanota.de. Unfortunately, this update has not been synchronized at our registrar's. Due to this, some users currently can access Tutanota only when switching their connecting server.
Today 404 German politicians have passed a data retention law making Germany yet another one in the long list of countries introducing data retention to 'fight terrorism'. Only 25 years after the end of the German surveillance state GDR, this law once again puts all German citizens under heavy surveillance.
We are very happy to release Tutanota 2.2.2 today! We have added a default signature to all your emails, which you can change to your personal favorite. However, you would do us a great favor if you also kept our statement underneath your emails!
The recent ruling by the European Court of Justice that declared the safe harbor agreement between the US and the EU as invalid was a great victory for data protection. After the Snowden leaks it became clear that data stored in the US was not safe from surveillance that would be illegal in Europe.
We are very happy to having received the IT Security Award 2015 in the category Web Security. This makes us very happy and also proud.
Many NPOs fight political, humanitarian or social causes for the betterment of our global societies. We want to support these organizations. All NPOs can get the secure email service Tutanota Premium with a reduction of 50%, so for only 6 Euro per year.
Today we are publishing a bug fix release that also includes some improvements to the buying process of Premium. We inform you about every update of the client because after each update, your browser re-loads the client code from our servers. This makes the update-process very transparent to you and increases your security.
It is one year since we have published the code of Tutanota as open source, licensed under GPLv3. We are happy about everyone watching our code on Github to make sure that we stay true to our central goal: Protecting the privacy of our users by offering the most secure email service.
One month ago we have published our first Premium features for our secure email service Tutanota. The number of users upgrading to Premium is growing continuously. This lets us cover our expenses so that we can continue developing Tutanota independently and with a clear focus on the privacy needs of our users.
We were rather shocked when we heard about the upcoming Lavaboom shut-down next week. The Lavaboom team was building an encrypted webmail service similar to Tutanota, which seemed very promising. We express our sympathy for Lavaboom and wish their team all the best for the future.
We had a minor bug fix release today. Now you can add custom domain users with less than three characters.
Everybody wants your data. Not just the NSA. Google, Facebook, your phone provider, even your torch app and your local store. Yet, we have to share messages all the time with friends and colleagues, with family and civil services. The only chance we have that this information is not monitored by default is end-to-end encryption.
After our major update for enabling Premium features last week, we had to add some minor bug fixes so that all Premium features run smoothly.
We are happy to announce that our growing user base worldwide is translating the Tutanota app as well as the website. Today we launch the Tutanota Homepage and the You & Us page in several languages.
Tutanota did not work properly in Internet Explorer 11 in the Windows enterprise edition. We have fixed this with a quick bug fix release.
As developers we love Linux, GIMP, OpenOffice and all the other great tools out there. When we started our own project - Tutanota - we knew from the start that we would open source it as well.
With Tutanota 1.9.4 you are now able to sign up with three letters only. In addition we've fixed some bugs and prepared our servers for the major release of custom domains in a few weeks.
The recently discovered vulnerability of the TLS/SSL protocol called "Logjam" did not affect your Tutanota emails. Nevertheless, we checked and updated all our cipher suites directly after the publication of the flaw.
At re:publica in Berlin, Eric Grosse (Google Security) said end-to-end encryption of their future pgp-plugin is not meant for common use as people would not be able to benefit from helpful tools like Google's integrated translation.
Germany plans to introduce a data retention law for call data and IP addresses, but not for emails. While such a law is useless in fighting crimes, it puts every citizen under surveillance. This needs to stop!
After one year of beta testing we are now ready to strip off the diapers! Today Tutanota is leaving its beta phase with the release of brand-new domains: tutanota.com, tuta.io, tutamail.com and keemail.me. Now you can add one free alias to your account.
Every day we strive to make Tutanota more usable and let it grow into a full-fledged email service so that you can leave other services that spy on your data behind for good. Today - with the help of our users - we've achieved a big step.
We were very proud about our Android and iOS app release at the turn of the year. Now we are happy to release an update of Tutanota in general.
When we set out to explore the internet we felt like singing “We are young, we run free” from the Supergrass song Alright (1995). Actually back in the 90s we were young, we were free. Unfortunately it turns out we were green as well. Optimistically we explored all the possibilities of the internet and we gained a lot from it: knowledge, friends, fun.
The technology DANE is an SSL extension that makes websites independent of Certificate Authorities and their possibly bogusly issued SSL certificates.