Tuta (email) explained

Tuta
Commercial:Yes
Type:Webmail
Registration:Required
Language:Multilingual
Country:Germany
Num Users:Over 2 million
Employees:14 (Nov. 2020)[1]
Owner:Tutao GmbH
Launch Date:2011
Current Status:Online
Tutanota client app
Programming Language:TypeScript and JavaScript
Operating System:Microsoft Windows, macOS, Linux, iOS, Android
Platform:x86-64, iOS, Android
License:GNU GPL v3
Developer:Tutao GmbH

Tuta, formerly Tutanota,[2] is an end-to-end encrypted email app and a freemium secure email service.[3] The service is advertisement-free; it relies on donations and premium subscriptions.[4] As of June 2023, Tutanota's owners claimed to have over 10 million users of the product.[5] The company announced a transition to 100% renewable electricity in March 2019.[6] This decision coincided with employee participation in Fridays for Future protests.

History

Tutanota is derived from Latin and contains the words "tuta" and "nota" which means "secure message".[7] Tutao GmbH was founded in 2011 in Hanover, Germany.[8] [9]

The goal of the developers for Tuta is to fight for email privacy. Their vision gained even more importance, when Edward Snowden revealed NSA's mass surveillance programs like XKeyscore in July 2013.[10]

Since 2014, the software has been open-sourced and can be reviewed by outsiders on GitHub.[11] [12]

In August 2018, Tuta became the first email service provider to release their app on F-Droid, removing all dependence on proprietary code. This was part of a full remake of the app, which removed dependence on GCM for notifications by replacing it with SSE. The new app also enabled search, 2FA and got a new reworked user interface.[13] [14]

In November 2020, the Cologne court ordered monitoring of a single Tuta account that had been used for an extortion attempt. The monitoring function should only apply to future unencrypted emails this account receives and it will not affect emails previously received.[15] [16]

On 7 November 2023, Tutanota announced it was rebranded to simply 'Tuta'.[17] The former domain name tutanota.com now redirects to the shorter tuta.com.

On 11 November 2023, it was alleged that Tuta was being used as a honeypot for criminals with a backdoor from authorities. An ex-RCMP officer, Cameron Ortis, testified that the service was used as a storefront to lure criminals in and gain information on those who fell for it. He stated authorities were monitoring the whole service, feeding it to Five Eyes, which would disperse it back to the RCMP in order to gain more knowledge about the criminal underground. However, no evidence was ever presented to back up this statement, and Tuta refuted the claim.[18] [19] [20]

Encryption

Tuta offers end-to-end encryption for emails sent from one Tuta user to another. Tuta also encrypts all emails and contacts stored in their servers,[21] "except for email addresses of users as well as senders and recipients of emails"[22] and "date of an email sent or received".[23] [24] Emails sent non-encrypted, are encrypted only between the Tuta user and Tuta servers, and then sent unencrypted to destination user.

Tuta uses a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm - AES with a length of 256 bit and RSA with 2048 bit.[25] [26] [27] [28] To external recipients who do not use Tuta a notification is sent with a link to a temporary Tuta account. After entering a previously exchanged password, the recipient can read the message and reply end-to-end encrypted.[29]

Account deletion

Tuta deletes free accounts that have not been logged into for 6 months. According to Tuta, this happens because of security reasons and for keeping the service free.[30]

Tuta has also been GDPR compliant since 2018.[31] [32]

Censorship

Tuta has been blocked in Egypt since October 2019, and blocked in Russia since February 2020 for unknown reasons (although believed to be tied to actions against services operating outside of the country, especially those that involve encrypted communications).[33]

Future

Tuta is working on a cloud storage platform named "TutaDrive"[34] with a focus on post-quantum cryptography. The project, officially named "PQDrive - Development of a Post-Quantum Encrypted Online Storage," is funded by the German government's KMU-innovativ program (€1.5 million), which supports Small and medium-sized enterprises (SMEs) like Tuta. The project receives further support through a €600,000 collaboration with the University of Wuppertal, which will play a key role in research and development.[35]

See also

Notes and References

  1. Web site: Huge community support enabled us to employ our 14th team member: Welcome Jonas!. 18 November 2020. Tutanota. 28 December 2020.
  2. Web site: Rudra . Sourav . 2023-11-07 . Tutanota Rebranding as 'Tuta': What You Need to Know . 2023-11-07 . It's FOSS.
  3. Web site: Natasha. Lomas. Tutanota, An Open Source Encrypted Gmail Alternative, Heads Out Of Beta. 18 March 2015. techcrunch.com. TechCrunch. 4 November 2015.
  4. Web site: Tutanota prices . 2022-09-25 . Tutanota . en.
  5. Web site: Celebrate with us: Tutanota reaches 10 million users! . 2024-05-14 . Tutanota . en.
  6. Web site: Embracing Sustainability: Tuta's Commitment to a Greener Future. Tuta. english. 2024-05-13.
  7. Web site: What does the name "Tutanota" stand for? . 2016-08-06 . https://web.archive.org/web/20160730035355/https://tutanota.uservoice.com/knowledgebase/articles/470097-what-does-the-name-tutanota-stand-for . 2016-07-30 . dead .
  8. Web site: 5 of the Best Secure Email Services for Better Privacy. 23 October 2015. maketecheasier. 13 March 2017.
  9. Web site: 18 January 2012 . Amtsgericht Hannover Aktenzeichen: HRB 208014 . https://web.archive.org/web/20220922211947/https://www.unternehmensregister.de/ureg/result.html;jsessionid=BD504882DD9AA2B27BDDDEEDC883AE27.web01-1?submitaction=showPrintDoc&id=8561326&pid=0 . 22 September 2022 . 22 September 2022 . German Company Register . de . Gesellschaftsvertrag vom 25.11.2011 . dead .
  10. Web site: Encrypted Email: The Privacy Alternative to Gmail. 20 October 2015. StickyPassword. 13 March 2017. https://web.archive.org/web/20170313220327/http://blogen.stickypassword.com/encrypted-email-the-privacy-alternative-to-gmail-cyberaware/. 13 March 2017. dead.
  11. Web site: Secure Mail Service Tutanota Celebrates One Year Open Source. 2 September 2015. Tutanota. 13 March 2017.
  12. Web site: Tutao GmbH. 2020-07-17. GitHub. en.
  13. Web site: How Tutanota replaced Google's FCM with their own notification system. Ivan. 3 September 2018. F-Droid. 28 November 2018.
  14. Web site: Tutanota Becomes the Go-to Open Source Email Service with an App on F-Droid.. 14 August 2018. Tutanota. en-US. 28 November 2018. 13 August 2018. https://web.archive.org/web/20180813150305/https://www.tutanota.com/blog/posts/open-source-email. dead.
  15. Web site: German secure email provider Tutanota forced to monitor an account, after regional court ruling. 8 December 2020. msn.com. en-US. 19 January 2021.
  16. News: Moody . Glyn . German Court Orders Encrypted Email Service Tutanota To Backdoor One Account . 6 September 2021 . techdirt . 9 Dec 2020.
  17. Web site: 2023-11-07 . Time to celebrate: Tutanota is now Tuta. . 2023-11-07 . tuta.com.
  18. Web site: Tuta Is An Independent Company And Not Linked To Five Eyes Secret Services . 2023-11-22 . Tutanota . en.
  19. Web site: Tunney . Catharine . 12 Nov 2023 . Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement . live . https://web.archive.org/web/20231118161815/https://www.cbc.ca/news/politics/ortis-testimony-transcripts-1.7026011 . 18 Nov 2023 . 22 Nov 2023 . CBC.
  20. Web site: 2023-11-15 . Encrypted Email Service Tuta Denies It's a 'Honeypot' for Five Eyes Intelligence . 2023-11-22 . Gizmodo . en.
  21. Web site: Secure mail for everybody!. 13 March 2017.
  22. Web site: Tutanota Privacy Statement . 2022-09-25 . Tutanota . en.
  23. Web site: Encrypted email, free & easy. 14 November 2020. 12 April 2020. https://web.archive.org/web/20200412124836/https://tutanota.com/encrypted-email/. dead.
  24. News: Gregory . Samuel . Temporary Email Address . 28 September 2023.
  25. Web site: What encryption algorithms does Tutanota use?. 17 August 2017. 22 March 2015. https://web.archive.org/web/20150322212605/https://tutanota.uservoice.com/knowledgebase/articles/470732-what-encryption-algorithms-does-tutanota-use. dead.
  26. Web site: Security details about the encrypted email service Tutanota. . 2022-09-25 . Tutanota . en . Tutanota uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end..
  27. Web site: Tutanota vs. ProtonMail: which one is better?. Currently, Tutanota and Protonmail are [...] both offering end-to-end encryption.. 2022-09-22. 2021-12-29. NordVPN. Zen. Bahar.
  28. Web site: AES 256 Is Now Securing All Your Encrypted Tuta Emails . 2024-01-11 .
  29. Web site: Tutanota FAQ . 2022-09-24 . Tutanota . en.
  30. Web site: Tutanota FAQ Inactive-accounts . 2022-09-06 . Tutanota . en.
  31. Web site: Press Inquiries & Media Kit . 2022-09-24 . Tutanota . en.
  32. Web site: GDPR-compliant email service: Tutanota offers easy email encryption for all businesses. . 2022-09-24 . Tutanota . en.
  33. Web site: Tutanota secure email service blocked in Russia. Spadafora . Anthony 18. TechRadar. 18 February 2020. en. 2020-02-22.
  34. Web site: The Race Is On: Tutanota Launches Development of Post-Quantum Secure Cloud. 2024-05-13 . Tuta . en.
  35. Web site: Rudra . Sourav . Tutanota Starts Working on Post-Quantum Secure Cloud . It's FOSS News . 24 May 2024 . en . 4 July 2023.