On the occasion of our celebration, we are excited that we can rely on your continuous support. You are helping us to build an open source email service that can challenge mainstream services such as Gmail and Outlook.
The road to open source
Building a service that offers true open source email is very difficult as a lot of services from Google are so convenient for developers to integrate into their products that is takes a lot of effort to replace these, namely push notifications on Android and Google's reCaptcha.
Our first step on our road to open source was to publish the Tutanota webmail client as open source on GitHub in September 2014. Shortly after that, we published open source apps for Android and iOS.
Today, we would like to take a moment to thank the hundreds of people who have downloaded and built the Tutanota client locally on their device, reported bugs and security issues as well as fixed bugs and added small improvements or helped with our translation project.
It is amazing to see that to date already more than 4.ooo people have starred our project on GitHub and more than 400 have forked it!
Join our open source project!
We are happy about everyone joining in on our efforts to bring privacy to the world! Feel free to join us by
- checking our code on GitHub
- translating Tutanota to your native language
- or simply spread the word about Tutanota on social media.
Why open source is important
Open source is crucial to any security service. Open source guarantees that lots of people can scrutinize the code to make sure no security weaknesses exist within the code. Open source also makes it impossible to sneak an encryption backdoor into the code.
By being open source, we at Tutanota can prove that we actually do what we say: protecting your emails from prying eyes. That's why publishing all Tutanota clients as open source is a must.
Important open source milestones
To make Tutanota the best open source email service, we built our own captcha for being able to prevent abusive mass sign-ups without relying on Google's reCaptcha. Lots of email services, even secure ones, rely on Google's reCaptcha, but this was never an option for us.
The hardest part, however, was to replace Google's push notification service, which we originally used for the Android app, with our own notification service. This was necessary for two reasons:
- First, we wanted to release the Android app on F-Droid, and F-Droid does not allow any Google dependencies - which is awesome!
- Second, we wanted to include more information in the push notification, which is impossible when using Google's push notification service as this service can read any data included in the notification.
Finally, we succeeded in building our own notification service.
If you're interested in how we managed to replace Google's push notification service, read Ivan's technical post.
Tutanota - the Google-free email service
With the app release on F-Droid, Tutanota now proves that it is possible to build a secure email service that is completely Google-free, giving people a real open source email alternative to services like Gmail, Yahoo, Hushmail, GMX, Outlook, Fastmail, Posteo, Startmail, Mailbox.org and Protonmail.
Special challenges due to the encryption
Usage on desktops
Due to the encryption, Tutanota can not be connected with external mail clients via IMAP or POP. Tutanota manages and stores the encryption keys for you. With the help of your password, you can decrypt your keys and then also your data.
This automatic management of encryption keys would not be possible if we enabled integration of Tutanota into external mail clients. To achieve this, it would be necessary to decrypt the data before it reaches the external mail client - which would then defy the concept of end-to-end encryption.
Nevertheless, we understand that our users need to be able to handle their emails locally on a desktop and also to connect multiple email services within one client. To fully comply with user expectations while maintaining our high level of security and privacy, we have identified four challenges:
1. Building desktop clients
We have built and published the Tutanota desktop clients end of 2018. These clients are published as open source and you can even verify the signature after downloading the client. Beginning of 2021 we executed an extensive security review on the desktop clients to push them out of beta. You can check the results of the security review here.
We can now safely say that using Tutanota via our desktop clients is the most secure way. You can download the clients here.
2. Offline support
When fetching emails via third party clients, e.g. Thunderbird or Outlook, these emails are also stored locally and are available all the time. Emails stored in Tutanota are currently only available when being online.
However, as everyone needs their emails every now and then - even when no internet connection is present - we plan to add offline availability to the Tutanota clients.
We have now revamped our infrastructure to allow for offline mode and will soon start to implement this feature. You can check the roadmap for more details.
3. Email import
Importing and encrypting large mailboxes into Tutanota takes up a lot of traffic and computing power. Nevertheless, it is understandable that professional users of Tutanota want to import their old mailboxes and secure them within Tutanota.
That's why we have already drafted an import feature which will allow this in a timely manner in the future. Now, we have to build this complex feature and add it to the Tutanota clients.
4. Conversation view
As most desktop clients as well as webmail providers support conversation view, lots of users are constantly asking for this in Tutanota. We plan to implement a conversation view option into all Tutanota clients so that you can use conversation view in the browser, on your smartphone and with the desktop clients.
Privacy done right
Privacy and security are at the heart of Tutanota, and as our development steps prove, we never compromise on that. This clear focus on privacy is only possible because we own Tutanota. We don't have to explain our development decisiont to big investors, shareholders or any other third party.
To this day, Tutanota has grown organically: With the rising number of paying users, we have employed more developers. So you'll be as excited as we are to hear that in the coming months we will continue to onboard more developers at our offices in Hanover!
All of this is only possible because of your continuous support. We are very grateful to have such an awesome and loyal user base. We will keep working hard to earn your trust.