Half-way into our beta phase last year, we felt confident that the code is ready for everyone to look at. We invested time and effort to complete the documentation to enable people to build and run their own version of Tutanota locally. Then we published Tutanota on GitHub under GPL v3-license. We encourage you to review the code so that bugs or even security vulnerabilities get noticed more quickly. At Tutanota we follow Linus's Law: "Given enough eyeballs, all bugs are shallow."
Open source: Trust is not necessary
Of course we have put Tutanota to an extensive penetration test (done by SySS GmbH) before releasing it to the public. During the tests the experts were not able to hack into the system or retrieve any encrypted data. Yet, we felt obliged to give more people the opportunity to look at the code and to scrutinize it. The more people there are who can see and test a set of code, the more likely possible flaws will be caught and fixed. In addition opening the code also means that we can't hide any flaws or backdoors. Publishing the code is a security measure that forces us not to become evil. And this is important. While we never plan on becoming evil, publishing the code openly eliminates a major weakness that any closed source software has: Trust. You do not need to trust us. You can even build and run Tutanota yourself.
A thriving community improves Tutanota constantly
We actively invite you to give feedback and to support us in our fight for privacy. After open-sourcing the code last year in September we were astonished by how much feedback we received. Since the majority of our users are not developers - our number one goal is to offer an encrypted tool so easy that anybody can use it - many have asked if they could help in any other way, for example by translating Tutanota. The requests became so numerous that even though it is a bit of extra work maintaining Tutanota in several languages we've decided to start a translation project. So far we have published 20 language versions of Tutanota, with our upcoming release of custom domain support many more will follow. We never expected to receive so much support from our community - not just with the translation, but also by spreading the word via Social Media or by directly recommending Tutanota to friends. We are a small team focusing all our efforts on development so any support - even if it's a simple 'Hi, keep up the good work' - empowers and motivates us to make Tutanota a little bit better every day.