Keep Your Email Private With Tutanota

in #technology7 years ago

keep-your-email-secure-with-tutanota

I have several email addresses that claim to encrypt my data and even the email sent if the other user has an account with the same provider. All of them work well, but Tutanota is my favorite by far for many reasons. The main reason is its open source, and we all know how much I love open source software.

Tutanota is derived from Latin and contains the words "tuta" and "nota" which mean "secure message." - tutanota.com

Encrypted

Yes, it is encrypted but what exactly is encrypted? All of our data in the Tutanota servers are encrypted, and this includes email content, email attachments, and the subject line. What they can see is who sent the email, who received the email, and the date. This unencrypted information is the metadata of the email an is ever encrypted as far as I can find no matter the provider.

But the Tutanota team knows the value of privacy!

We are looking into possibilities to hide the metadata in the future as well. - Tutanota FAQs

That's epic. Tutanota was rated the best privacy email client by Information System students at Vienna University of Business and Economics. Read the PDF here.

No IP Logging

Another plus to using this email provider is that they do not log your IP address when logging in to read your mail. There is no way for me to check if this is true but based on everything else I would be surprised if this is a lie. If you are anxious about IP address logging than connect over Tor or a VPN.

The FAQ page also states that they strip out the IP address information of sent and received emails.

We log IP addresses only in the case that we are presented with a valid German court order for prosecuting a suspected criminal. - Tutanota FAQs

The current beta mail client does store IP address due to user request to check and make sure that the user is the only one accessing the account. However, Tutanota does encrypt the stored information and automatically deletes data that is a week old. This will only be enabled by default in the current beta client. Once the web client moves out of beta in a couple of weeks, the user will have to turn on the IP logging feature manually.

Anonymous Use

We can use Tutanota anonymously since they do not require any personal information an sign-up and will give us the ability to pay for a premium account with Bitcoin shortly. Having the choice to stay anonymous and not give out private information about ourselves is very important.

The more information about our life that is online the more significant the risk of an attacker guessing our security questions or worse yet, having the ability just to look up that very information we should keep private. Being anonymous is not about hiding and doing illegal activity but staying safe in the digitized world.

tutanota-private-keys

Private Key Storage

Tutanota generates our keys when we sign up, and this is all done locally in our browser. The private key is then encrypted with the password we chose to make sure it's a good one. So in a sense, our login password nearly becomes our private key since we do not have to store the key ourselves.

Our password is the primary barrier between our data and an attacker. If they get our password, they will be able to decrypt all our email and send encrypted email to us. This is why I always stress that we need to create strong passwords and use a password manager such as Bitwarden to protect us against fishing attacks.

The Tutanota sign up page does have a password check so you can be well assured that your password at least passes their level of entropy confidence. If your password is not as secure as they would like the "create account" button remains un-clickable.

When logging in, our passwords are salted and hashed to keep any peeping eyes from seeing the password in plain text. They use bcrpyt locally in our web browser, so the server does not have access to the password and in turn the Tutanota team themselves.

Tutanota cannot reset any passwords due to the level of security they chose to give us.

Sending Encrypted Email

This is very easy when sending from one user to another when both use a Tutanota address. This is automatically done for us, and the user experience is identical to any other email service. But of course not everyone has Tutanota (yet...), and there is a way to send them encrypted emails.

To send an encrypted email to someone without a Tutanota address we first must exchange a password for decryption. When doing this, make sure to use an encrypted chat service to keep that password as safe as possible.

Now that the password is determined and shared, we write the email, add the email address, and subject line as we would normally. Before sending we need to enter the password in the box provided to set the password for decryption. This is now saved with the contact information in your address book so that the next email you send to that user we only have to tell Tutanota to encrypt and the app enters that password for us.

Once the intended recipient receives the email they will see a link to Tutanota, they enter the password, and can the read the message that is now decrypted. They can also save these messages on their computer if they desire.

Note: The link within the notification email contains a salt which is needed for decryption along with the password. Thus, someone who wants to intercept your encrypted messages needs the exact link and the password. (An old link gets deactivated as soon as you send a new email to the same email address.) - Tutanota

Click here for an in-depth how-to from Tutanota to learn all the ins and outs of the platform.

Thanks For Reading!

If you have any topics that you would like me to cover please feel free to comment them below and I'll add them all to my list!

All images came from royalty and attribution free sources unless specified.

Looking to take your Steem based creations to the next level?
Join us over at the Creators' Guild Discord group! We are here to encourage, support and increase the creation of quality content.

If you have any questions about the future of Steem
or my witness please feel free to message jrswab#3134 on Discord.

vote-jrswab-for-steem-Witnesses—Steemit.gif

Click here to vote with SteemConnect!
Or go to https://steemit.com/~witnesses
You can see all active witnesses on @drakos' steemian.info


Looking to support my content creation efforts outside of the Steem Blockchain?
Check out jrswab.com/support

smart-steem-gif

Sort:  

Read a bunch of your posts and resteemed a few. I admire your commitment to privacy and all other form sof technology that help to let the individual live freely in this world. We need people like you on blockchain. It's not too hard to find someone to run a server. It's principles that really count.

So I decided to give you my tiny 4.880 MV Vote.
Happy Steeming!

Thank you so much for you vote it helped me out a lot! If you ever want to chat and get to know me more please feel free to message me on your favorite messenger. Just let me know and I'll be more than happy to chat.

Also thanks for the resteems!

Why would someone want to send an encrypted email?

Social Security Numbers, tax information, medical records, records of large purchases, trade secrets for a company, general personal information and so forth. Also it keeps down on companies looking at you emails to push ads on you.

Why would someone do not want to send an encrypted email ?

So much to learn! I notice you mention Bitwarden as a good password manager. What do you think of LastPass?

LastPass is good as well, and I used that for years before finding Bitwarden. Either one will work to protect you from phishing attempts and allow you to make strong, unique passwords for your sites.

Great information! In present world personal information and data security has become a big issue. So, any system/software etc like tutanota can be a great help for us to be sure that our privacy and personal information is safe and secure.

@jrswab is proton mail really safe as they claim?

I was going to ask how protonmail stacks up against this. Afaik protonmail is open source
Screenshot_20180412-104104.png
Another crucial aspect of a web mail client is how easy it is to use. I hate having to log in to protonmail all the time, which is cumbersome because my pw isnt exactly abc123.
But protonmail has funding, which is a big factor in a product's long term success.

I have no idea. That is why I like open-source versions of all apps because someone somewhere will be able to check.

I used to use a deepweb email service earlier and it was really hard to use so I thought of using proton mail.
The encryption is pretty strong I guess