Breaking news
…and more

Let's celebrate six years of open source!

Six years ago we published Tutanota as open source. Let's take a look at what we've achieved so far and where we want to go.

2020-09-02
We are happy to celebrate six years of open source with you! Six years ago, we have published the Tutanota web client as open source. Since then, we had to overcome major obstacles and by taking on these challenges, we achieved great things. Nonetheless, our roadmap never ends, and there are many more features that we want to add. We are excited that we can rely on your continuous support. You help us to build an open source email service that can challenge mainstream services such as Gmail and Outlook.

The road to open source

Building a service that offers true open source email is very difficult as a lot of services from Google are so convenient for developers to use that is takes a lot of effort to replace these, namely push notifications on Android and Google's reCaptcha.

Our first step on our road to open source was to publish the Tutanota webmail client as open source on GitHub in September 2014. Since then, hundreds of people have downloaded and built the Tutanota client locally on their device, reported bugs and security weaknesses as well as fixed bugs and added small improvements or helped with our open source translation project.

It's great to have such a vibrant open source community that helps us improve Tutanota constantly!

Why open source is important

We believe that open source is crucial to any security service. Open source guarantees that lots of people can scrutinize the code to make sure no security weaknesses exist within the code. Open source also makes it impossible to sneak an encryption backdoor into the code.

By being open source, we at Tutanota can prove that we actually do what we say: protecting your emails from prying eyes. That's why publishing all Tutanota clients as open is a must.

Important releases

In December 2014, we then released the Tutanota Android and iOS apps - as open source as well, of course. We built our own captcha for being able to prevent abusive mass sign-ups without relying on Google's reCaptcha. Lots of email services, even secure ones, rely on Google's reCaptcha, but this was never an option for us.

The hardest part, however, was to replace Google's push notification service, which we originally used for the Android app, with our own notification service. This was necessary for two reasons:

  • First, we wanted to release the Android app on F-Droid, and F-Droid does not allow any Google dependencies.
  • Second, we wanted to include more information in the push notification, which is impossible when using Google's push notification service as this service can read any data included in the notification.

Finally, we succeeded in building our own notification service.

If you're interested in how we managed to replace Google's push notification service, read this post.

Tutanota - the Google-free email service

The open source email client.

With the app release on F-Droid, Tutanota now proves that it is possible to build a secure email service that is completely Google-free, giving people a real open source email alternative to services like Gmail, Yahoo, Hushmail, GMX, Outlook, Fastmail, Posteo, Startmail, Mailbox.org and Protonmail.

Special challenges due to the encryption

Usage on desktops

Due to the encryption, Tutanota can not be connected with external mail clients via IMAP or POP. Tutanota manages and stores the encryption keys for you. With the help of your password, you can decrypt your keys and then also your data.

This automatic management of encryption keys would not be possible if we enabled integration of Tutanota into external mail clients. To achieve this, it would be necessary to decrypt the data before it reaches the external mail client - which would then defy the concept of end-to-end encryption.

Nevertheless, we understand that our users need to be able to handle their emails locally on a desktop and also to connect multiple email services within one client. To fully comply with user expectations while maintaining our high level of security and privacy, we have identified four challenges:

1. Building desktop clients

We have built and published the Tutanota desktop clients end of 2018. These clients are published as open source and you can even verify the signature after downloading the client. We are now improving and finalizing a few minor features within the Windows, Mac OS and Linux clients before we will push them out of beta.

2. Email import

Importing and encrypting large mailboxes into Tutanota takes up a lot of traffic and computing power. Nevertheless, it is understandable that professional users of Tutanota want to import their old mailboxes and secure them within Tutanota.

That's why we have already drafted an import feature which will allow this in a timely manner in the future. Now, we have to build this complex feature and add it to the Tutanota clients.

3. Offline support

When fetching emails via third party clients, e.g. Thunderbird or Outlook, these emails are also stored locally and are available all the time. Emails stored in Tutanota are currently only available when being online.

However, as everyone needs their emails every now and then - even when no internet connection is present - we plan to add offline availability to the Tutanota clients.

This feature became even more important when Tutanota was under DDoS attack two weekends this August. Even though, we have now improved the DDoS protection method immensely, we understand the need for offline availability and have moved this feature up on our priority list. You can check the roadmap for more details.

4. Conversation view

As most desktop clients as well as webmail providers support conversation view, lots of users are constantly asking for this in Tutanota. We plan to implement a conversation view option into all Tutanota clients so that you can use conversation view in the browser, on your smartphone and with the desktop clients.

Privacy done right

Privacy is at the heart of Tutanota, and as our development steps prove, we never compromise on that. This clear focus on privacy is possible because our founders own 100 per cent of Tutanota. We don't have to explain ourselves against shareholders or any other third party.

To this day, Tutanota has grown organically: With the rising number of paying users, we have employed more developers. So you'll be as excited as we are to hear that in August and September alone, four additional developers have started at our offices in Hanover! And we plan to grow our team even further in the coming months.

All of this has only been possible because of your continuous support. We are very grateful to have such an awesome and loyal user base. We will keep working hard to earn your loyalty.

Thank you!

The team behind your open source email alternative.

Comments

ADD COMMENT