Searching encrypted data is now possible with Tutanota's innovative feature

To search encrypted data is a complex task as search is usually done on the server of online services. The innovative search feature of Tutanota creates an encrypted search index which can then be searched locally on the users' device.

2017-12-21
Since the start of our fully encrypted mailbox searching encrypted data has been one of the biggest challenges. We are very happy to announce that we as the first encrypted email application worldwide have developed secure full-text search for encrypted data. This feature enables everyone to easily and securely search encrypted emails and encrypted contacts locally on their clients.
SIGN UP

Enabling search tackles the last obstacle for the mass adoption of encryption

Ever since Tutanota started out as a fully encrypted mailbox, the aim was to make end-to-end encryption easy to use so that it becomes massively adopted. By adding an easy-to-use search tool to our new mail client we, are revolutionizing the handling of encrypted data.

Today there are numerous applications available that allow people to communicate end-to-end encrypted. Tutanota now enables people to easily sift through their encrypted emails as well.

[Read here how you can improve your search results.

Enabling search tackles the last obstacle for the mass adoption of end-to-end encryption. Anyone using PGP or any encrypted service knows about the hassle of finding a particular document, a particular email, a particular note. A simple full-text search feature that we are used to from non-encrypted services has not been available to date for encrypted data.

Why is searching of encrypted data complicated?

  1. Search is usually done on the server, which is easy to implement and cheap in terms of required server load.

  2. Encrypted data cannot be searched on the server. Due to the encryption the data on the server can neither be read nor searched.

  3. Encrypted data must be searched locally. This has never been done before and it comes with major challenges: Searching locally on the client must be fast, must be secure, and must be very efficient, especially for mobile users.

Despite these challenges, people need an easy way to search through their emails and contacts. Tutanota solves this dilemma by adding a search feature that searches for encrypted emails and encrypted contacts locally on the client, giving the server zero access.

Search in Tutanota is now as easy as in Gmail or Yahoo, and at the same time secure. There's no reason anymore to stick with one of these legacy big tech services! Check here how to delete your Yahoo account.

How does Tutanota's secure search of encrypted data work?

Tutanota's secure search approach searches the data locally on the client, giving the server zero access. Here's how it works:

  1. The data is indexed.

  2. The search index is encrypted and stored locally on the client.

  3. The search index is searched according to the user's search queries.

  4. The code for Tutanota's search is published as open source so anyone can check it.

What are the benefits of Tutanota's secure search approach?

Tutanota's search implementation takes place locally on the client. This makes sure that the server never sees any data. As all data is encrypted in Tutanota, the server already has no access to the user's emails and contacts. With the innovative local search approach, the server also does not see any search meta data.

When data is searched on the server - as it is done in any other email service such as Gmail, Yahoo, GMX, Outlook, Fastmail, Posteo, Protonmail, Hushmail, Startmail, Mailbox.org - the server sees a lot of meta data: Who searched for what keyword, at what time, and how often. Who searches for particular words when at a particular location? At Tutanota all this information remains hidden from the server because search takes place locally on the client.

On top of that, Tutanota makes sure that no one but the user can read their search index. Even in the event of someone gaining access to a person's hard drive, they will not be able to read this person's search index. Consequently, the encrypted Tutanota emails remain fully secure because the search index is stored encrypted as well.

Open source search feature - free for anyone

The code for searching encrypted data is released under the open source license GPLv3 - as are the entire Tutanota client and the Tutanota Android and iOS apps. At Tutanota we believe that encryption by default is the future that all online services need to adapt to.

By publishing Tutanota as open source, we allow other encrypted apps to also use the code of this new search feature to spread the use of encryption even further. Our aim is that all online data is encrypted so that mass surveillance has to stop.

Uniting ease-of-use with security

Tutanota's new search feature is unique to the world of end-to-end encrypted data: It is very easy to use and fully secure.

We are very proud that we are the first encrypted service that offers full-text search that is as easy to use as any search feature. Our mission is to enable everyone to use encrypted emails and an easy-to-use search feature is a basic requirement for most users. Now everyone can search for their Tutanota emails and contacts just as easily as for Gmail emails - but with the peace of mind that no one is able to spy on what they are searching for.

Please share our passion for privacy and spread the word: Recommend Tutanota to your friends, in person, or via Facebook, Instagram, Twitter or Mastodon.

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The American Privacy Rights Act stands to be America's GDPR
Google Search Is A Problem: How Google Is Crushing Tuta.
The XZ Backdoor and the importance of Open Source Software
Apple is finally giving you the choice: Take it and install a private browser right now!
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate