The Tutanota Calendar is a huge step for us in becoming an encrypted groupware solution. Encrypted email, encrypted address book, the encrypted contact form Secure Connect – and now an encrypted calendar: Our vision of the future is that people can easily make use of the cloud without giving away any of their personal data. Tutanota’s built-in end-to-end encryption makes this possible.
Encrypted calendar – free for all
The Tutanota encrypted calendar (beta) already comes with great usability:
- automatic end-to-end encryption of all data
- accessible on every device
- automatic end-to-end encryption of notifications
- integrated into the Tutanota email client
The secure calendar is the highest voted for feature by all our users. This comes at no surprise as people currently only have the option to host their calendar locally themselves if they want a private option.
All available online calendars – Google Calendar, Apple Calendar – store users’ data in the cloud so that the provider can easily access all personal data. Tutanota stores the users’ data in the cloud as well – to be precise on our own German-based servers. But due to the built-in end-to-end encryption only the users with their password can access the data.
Behind the scenes: How we built the Tutanota Calendar
On May 16th, we kicked off development of the Tutanota Calendar. Our free secure calendar is seamlessly integrated into the encrypted email client Tutanota. It uses the same innovative encryption technology, which enabled us to quickly develop the Tutanota Calendar.
Our sole focus had to be UI and functionality as the encryption and security was already taken care of. This is a great benefit as it enabled us to build the encrypted calendar in less then two months.
Tech insights: Even notifications are encrypted
The only encryption task we had to solve was encrypting notifications to the end user. Without encrypting notifications, our encrypted calendar would have been released even earlier, but this was not an option. We at Tutanota follow the concept that security and privacy is baked into our code from the start, and we don’t compromise on that.
While encrypting notifications might seem like a minor security measure, it is in fact huge: Notifications are sent to the users’ device so that they know when a specific appointment is about to happen. If this information was not encrypted, we as the provider would have full access to the users’ information along with all the info contained in the notification.
Encrypting notifications was a hard task and took more time than expected, but now all notifications are end-to-end encrypted, even the time when a notification is sent to the user is obscured from our servers so that we remain in the dark about our users’ appointments.
Security baked into the Tutanota open source code
The importance of secure notifications is also the reason why we do not use Google's notification service FCM for our Android app. Since the release of our Tutanota Android app on F-Droid, we can offer a secure email app, completely free from Google.
The entire client code of our open source email service is published on GitHub: web client, Android & iOS apps as well as our desktop clients for Windows, Linux and Mac OS. Since we first published Tutanota in March 2014, we encrypted all stored data. This includes all emails and contacts stored in Tutanota as well as all calendar entries.
Instead of allowing people to use standard desktop clients via IMAP/Pop where the data is not encrypted locally, we have built our own secure desktop clients and added an innovative search feature that searches the data locally. This way we make sure that all user data is always protected with strong encryption and cannot be compromised.
Future improvements for the Tutanota Calendar
The now released secure calendar is a beta version. Features that are already included:
- daily & monthly view
- add / delete event with start & end time
- add / delete all-day event
- event details: title, description, location
- recurring events
- encrypted reminder for events on Android, iOS and web
- 1 personal calendar per user
Features that are planned before leaving beta status:
- weekly view
- display calendar week numbers
- upcoming events view
- enable shared calendars
- event reminder for the Tutanota desktop client
- notes per user (only needed for shared calendars)
- list of attendees with status
- create event from email
- enable search in calendar
- display birthdays of contacts
- import / export calendars
- send, accept, decline invitations via email (iCal support)
- add personal calendars
- sharing calendars within company / with customers
- sharing calendars with other Tutanota users
- customize colors for calendar
- customize names for calendar