תוכניות עתידיות

בדקו את התוכנית שלנו כדי לראות מה נוסיף בהמשך ל-Tutanota.

The following is a list of new features we plan to implement.

Do you think we missed an important feature? Discuss it with us and the community on our Reddit forum.

Please check our issue tracker at GitHub for more details on bug fixes that we are currently working on.

#2968: Add proper MAPI support to Tutanota Desktop
desktopready

Under Windows, it is possible to directly access the default mail client from various context menus, like right clicking a file -> Send To -> Mail recipient.

This is made possible by providing a dll that implements a set of functions from a Office SDK header (MAPI.h) and putting a path to that dll into the registry:

reg2
reg
(this is using Thunderbird's DLL for illustration)

Tutanota Desktop should provide such a DLL to improve OS integration on Windows. A simple wrapper that passes the relevant information to a new Tutanota process via CLI arguments should be enough, since Tutanota currently handles all CLI arguments, even those of processes that were killed due to the single-instance lock.

Documentation:
The mapi header docs: https://docs.microsoft.com/en-us/windows/win32/api/mapi/
The Implementation used by Thunderbird: https://hg.mozilla.org/comm-central/file/tip/mailnews/mapi/mapiDll
Download of the header Sources: https://www.microsoft.com/en-us/download/details.aspx?id=12905

#590: Offline usage

As a user i want to be able to access my mailbox when there is no or just a poor internet connection available (e.g. travelling). I need to have access to my emails, contacts and calendar entries so i can at least read the content.

After log in to my mailbox i currently have to wait each time in every view until the progress spinner is completed to see the content. I expect that the content that i have accessed before is visible right after login without any larger delays.

When i am online again or if i log in with an internet connection there should be a non blocking indicator that the content of my mailbox is synchronized with the server.

Acceptance criteria:

  • Create design document for offline mode including thread model for unauthorized db access.
  • Build search index prototype using offline storage so the same data is used (e.g. Mail/MailBody). Do performance tests
  • Offline access is available on desktop and mobile apps
  • Instances that have been accessed by the users or by the search indexer should be available for offline access.
  • Access to mails, mail bodies
  • Attachments should not be available.
  • Access to contacts
  • Access to calendar events
  • Restricted access to settings

Implementation hints
For detailed description and discussion see the wiki page for offline storage (/pages/viewpage.action?pageId=38898504 )

#3444: Provide option to lock saved credentials with PIN/biometrics
desktopandroidios

As a user of the Tutanota mobile or desktop app i want to be able to protect my stored credentials with the PIN/fingerprint of my device. If i choose "Store credentials" from the login screen the app should display options of how to secure my stored credentials. The option should be used for all further stored credentials. The selection can later be changed in the settings.

Every time i need to access the stored credentials the app should ask for the chosen option.

Acceptance criteria:

  • Provide options to secure the saved credentials after creating a persistent session using "Store credentials"
  • Ask for biometrics/pin when accessing credentials
  • Usage of biometric unlock option should not be required.
  • Setting to change selection
  • Migrate existing credentials and ask for options when opening new app version.

Implementation hints
We currently use the local storage of the web view to store the credentials. It is the same mechanism that is used for the web browser. We want to change the storage location to the secure storage of the device which is already used to store the device keys that are used to decrypt calendar event reminder notifications.

With this issue we will not automatically lock the application. We will protect how the saved credentials are stored on the device by encrypting them with a device key. The device key should be stored in the secure storage of the device. We will not have direct access to that key but instead we need to ask the system to decrypt the credentials.

When setting up the this for the first time the user should have the following options:

  1. Use biometrics
  2. Use system password/pin (or biometrics)
  3. Use device lock (no user interaction when accessing credentials)

Every time user needs to access the credentials we will ask for authentication.This is the case when:

  1. Access login screen
  2. Save additional credential
  3. Delete credentials

Together with @charlag @rosso-ptg @bedhub we discussed if it is acceptable to ask for authentication again upon delete or logout because it might be ask too often. We decided that it is acceptable for now.

We will do biometrics/pin protection for mobile apps only. For desktop clients we will store the key to decrypt credentials in the keychain of the system. Which usually will be unlocked when user logs in.

We decided that we will use intermediate key in encryption chain which can do multiple operations. This will allow us to do multiple operations on multiple credentials. Keeping it in memory for a short time has almost no effect on security but improves user experience a lot.

#443: Support FIDO U2F security key in Android app
android

I have a linked FIDO U2F security key to Tutanota.
I expect to be able to use that token for 2FA in the android application when logging in.

#516: Provide a way to configure/change the Sender Name based on the aliases

Right now, the Sender Name is set at account level. If we happen to have an alias where we don't want to expose that name –for any reason(s)-, there is no way we can do that – or yes, there is: changing the account's Sender Name back and forth...really not an option.

This is one of the most important things that are currently missing in the service.

#6: Conversation view

Gmail has conversation view.

I have been looking for a privacy-conscious email service that offers this
as well. I have been using OpenMailbox and RiseUp, however they both
use RoundCube software.

RoundCube has had a ticket open on this for 9 years so who knows when they
will implement this, if ever. Please add conversation view so I can dump Gmail
for good.

#1579: Shared team calendars

As administrator I can create and delete shared team calendars. I can assign and remove users of my account to them without invitations. I can invite users outside my account with group invitations.

#1756: Calendar Widget
androidios

I want to put the Tutanota calendar to my homescreen.

#1066: Better contact integration on Android and iOS
androidios

I want to use my contacts from the dialer app 👍

#393: Recipient groups

Allow grouping recipients to send an email to all of them.

#3443: Allow write access in offline mode

As a Tutanota user i still want to be able to do certain write operation while i am using the Tutanota application in offline mode These action should get synchronized after i am online again. Such actions are:

  • Create/update draft, event, contact
  • mark an email as read
#529: Disposable e-mail addresses

Disposable e-mail addresses are a randomly generated string of characters that are used to create a unique alternate e-mail address:

  • e7cdd5980fe842e9bf3031e9f3f5a42f@tuta.io
  • 2ad3fdb18d1842d5826824c78b9338ae@tuta.io

The difference between regular e-mail aliases and disposable ones is that the latter are intended to be temporary, for instance, you can use them for a short-term purpose before deleting the address to prevent your real address from being sold and added to Spam lists.

Additionally, a description field (or something similar), along with the e-mail address itself is a nice-to-have in order to associate/know the service or Web site in question.

Disposable e-mail addresses are just for receiving e-mail – they should not be used to send e-mails.

It's important to emphasize that this is completely different from the usual disposable e-mail address services one can find out there.

#318: organize emails by tags/labels

I'm new in tutanota but the first thing I looked for in the UX is the ability to tag/label my mails.
It is a very simple and powerful feature, superior to folders as many tags could be applied to an email when only one folder could be associated with it.

I think you should consider this feature as it will dramatically enhance the user experience and it's relatively simple to implement.

#175: Photo in contact

new attributes are now available see #168

#198: Autocrypt support

Hi there, is Tutanota planning to follow the path of other mail clients and implement Autocrypt? Seems like most major clients are planning on releasing support for it soon (K9, Thunderbird, Mailpile). Would be nice if Tutanota follows and stays compatible.

#843: Full unicode emoji support

We should display a selector for emojis
We can use svgs from https://twemoji.twitter.com/ (https://github.com/twitter/twemoji)

#528: Tor onion service

As evidenced on Tutanota's own blog, the organization is pro-privacy and pro-Tor/VPN usage - and thank god for that!

In order to further protect Tor users (who by definition value privacy more), how about setting up an onion address to access the webmail at, in parallel to the clearnet site?

This approach is used by, among others, ProtonMail, ProPublica, The NYT, etc.

If feeling ambitious, why not make it a nextgen onion address? :)