Get an encrypted email provider free or premium service here... https://tutanota.com/
Back when email was new, sending a message was about as private as mailing a missive on a picture postcard. Anybody
who saw an email go by could read it, and even change it. Modern email systems at least use basic HTTPS encryption,
but for truly private communication you need a dedicated email encryption system. Used by millions, Tutanota is
one such system, and its designers place an admirable emphasis on security.
You can use Tutanota for free if youâre willing to accept a few limitations. The free edition lets you send and
receive all the secure messages you want, and it includes a secure calendar. Searching encrypted email is
limitedâwith the free edition you can only search messages up to a month old. Paying the 12⬠per year subscription
($14.60 as of this writing) removes that search limitation, lets you have multiple calendars, and adds features
including filtering rules and five alias email addresses (more about those later).
Preveil and Virtru are totally free, while a year of Private-Mail, ProtonMail, or StartMail will run you $49.99,
$48, or $59.95, respectively. ProtonMail and Private-Mail each offer free tiers, with limitations. With a free
ProtonMail subscription you can send 150 messages per day, with 500MB of storage for your inbox. Thereâs also a
limit on folders and tags. A free Private-Mail account gets you just 100MB of inbox storage, plus 100MB of storage
for encrypted files. Paying for Private-Mail raises these limits and enables use of identities (parallel to
Tutanotaâs alias feature). With any of these products, youâre wise to start with a free subscription and convert
to a paid account only after youâre sure itâs a fit.
Encrypt Everything, Openly...
You expect that an encrypted email product will store your messages in encrypted form, only applying decryption when
you need to view them. Of course, the encryption system must be zero-knowledge, meaning that even if the Department
of Justice crashes in waving subpoenas, the provider canât view or share your data. The process of sending and
receiving emails is encrypted as well. But thatâs just the beginning when you're using Tutanota.
Tutanota encrypts all stored contact information, except when itâs being used to direct a message to a contact. It
even encrypts the headers and subject lines of your messages.
An encryption system that relies on using a top-secret algorithm is a ticking time bomb. If some clever hacker
reverse engineers the algorithm, that system is suddenly wide open. A truly secure system performs its protective
tasks even when everyone knows exactly how it works. Tutanotaâs various algorithms are open source, meaning anyone
can view and review exactly how they work. Putting more eyes on the code makes it less likely that any security
flaws slip past.
Unusual Email Search...
With Gmail, Yahoo, and other non-encrypted email systems, you can easily search and find old messages. When did I
send that invoice? Do I have a reply showing that it was received? This sort of search is typically a server-side
operation, so it doesnât matter what device triggered the search.
Hereâs the catch. In a proper zero-knowledge encryption system, thereâs no way to see message content on the server,
much less search it. Secure search is necessarily a local affair, and itâs not easy. Tutanota creates a local
encrypted index of your emails and uses that index to perform your searches. The service warns that the index files
can be large.
While the server doesnât participate in search or indexing, the process of building the index requires a lot of
back-and-forth with the server. Busy servers cost money, which is why Tutanotaâs free edition indexes only the past
monthâs messages. With a premium subscription, you can search your entire store of messages.
Getting Started With Tutanota
Preveil and Virtru Email Protection for Gmail work with your existing emailâin fact, Virtru only works with Gmail
addresses. Most secure email products instead require that you spin up a pristine new account for your encrypted
messaging. Tutanota falls into the latter camp. To sign up, you simply choose your username. The signup page lets
you know if the name youâve typed is available. For example, I found that ***@tutanota.com was not available, but
neilj was.
When I created a free account, I found that the process included a simple CAPTCHAâthe system displayed a picture of
a clock and asked me to enter the time displayed. The next page showed a lengthy recovery code and advised me to
store it in a safe place. If you forget your password or lose your two-factor authentication device, you can regain
access to your account with the code.
After that, I signed in, ready to experience TutanotaâŠand hit a temporary roadblock. To prevent mass registrations
without compromising privacy, Tutanota puts new accounts on hold for 48 hours. Note that, with a free account, you
donât give any information at all to Tutanota. No address, no credit card, no emergency email contact. Youâre as
anonymous as can be.
As noted, you can upgrade that free account to Premium once youâve confirmed that you like the system. If you jump
straight to signing up for a Premium account, the onboarding process naturally requires a credit card number. And
Premium accounts arenât subject to the 48-hour hold.
Hands On With Tutanota
Once youâve logged in, Tutanota looks much like any other web-based email system. You see the typical list of folders
(Inbox, Drafts, Sent, Spam, and so on) at the left, with the contents of the selected folder in the middle and a
preview of the selected message at right. A thin strip at the left edge holds a menu of icons representing help,
settings, and so on.
Dark mode is all the rage these days, and Tutanota goes with the flow. If light text on a dark background is your jam,
just tweak a setting to make Tutanota go dark.
As with most encrypted email systems, sending a message to another user of the system is a snap. When youâve entered
the email address (or selected it from your Contacts) the app reports âThis message will be sent end-to-end
encrypted.â Like most encrypted email servers, Tutanota offers a full WYSIWYG editor. Private-Mail is an exception;
its encryption system strips out all formatting. You compose your Tutanota message, add any attachments, and send it
off. Itâs just like using any webmail system, except that your communication is encrypted seven ways from Sunday.
Encrypted email systems have different ways of handling messages outside their own network. With PreVeil, the recipient
must set up a free account to read the messages. ProtonMail and StartMail use a simplified encryption system for
outside messages, one that requires you to convey a password to the recipient using a channel other than email.
Tutanota falls in the latter group, but it makes the process as easy and secure as possible.
Tutanota Premium Compose Message
When you compose a message to an outside address, the app requests a password. Before sending the message, you transmit
that password using a text, a phone call, an encrypted Signal message, or whatever means suits you best. Tutanota
stores the password securely along with the Contact card for the recipient.
Your correspondent receives a notification that an encrypted message is available, with a link to see it online. The
link opens what is in effect a stripped-down version of Tutanota. The full WYSIWYG editor is available for secure
responses, as are Inbox, Drafts, Sent, and Trash folders. But thatâs the extent of it.
If youâre going to use Tutanota with a friend regularly, youâll have a better time if the friend signs up too. Clicking
the share icon in the left-rail menu brings up a boilerplate message explaining Tutanota, with a link to sign up. You
can send the message as-is or edit it to make it more personal.
ProtonMail and StartMail use Pretty Good Privacy (PGP) for their message encryption. With these two, you can send secure
email to any PGP user, after an initial key exchange. Tutanota does use PKI (Public Key Infrastructure) encryption, but
the PGP implementation doesnât permit the total end-to-end encryption that Tutanotaâs designers required. In truth, I
doubt many consumers have the skills to connect an email encryption system to another implementation of PGP.
Two-Factor Authentication...
Thereâs no point in going to the trouble of using an encrypted email system if you donât take care to secure your
account. For starters, your password should be lengthy and unguessable. Just use your password manager to generate a
random password like I1Zs$1%2fSf2XrRmW8s9.
Itâs conceivable, though, that even a super-tough password could be exposed, perhaps in a data breach. Like Private-Mail,
ProtonMail, and StartMail, Tutanota offers two-factor authentication. For maximum security you should dig in and engage
this feature.
Click the Settings gear in the skinny left-rail menu, then click the three-line menu and select Login from the list of
settings choices. Click the plus sign below the Second factor authentication label. By default, Tutanota uses Google
Authenticator, or any workalike TOTP (Time-based One Time Password) app. You snap the QR code with your app or enter the
secret key, and then you enter the resulting six-digit code back in Tutanota. From now on, logging in requires both your
master password and a code from the app.
You can also choose to authenticate using a Yubikey or another U2F (Universal Two Factor) security key. Doing so is a
simple matter of inserting the key in a USB slot and touching its button. This lets Tutanota memorize the keyâs details
and use it for authentication going forward.
Tutanota lets you configure multiple security keys, and you can also enable both types of two-factor authentication at
once. In that case, it first asks for the security key but accepts the six-digit code if you cancel security key
authentication. Whichever two-factor option you choose, the application strongly advises that you record the new
recovery key generated at this time, so you can regain access if you lose your second factor.
Full-Fledged Calendar...
Every ordinary webmail service seems to come with a calendar. It makes sense, in a way. If you get an emailed meeting
invitation, it's awfully convenient to put it on your calendar with just a click. Tutanota has a calendar built in, too,
and it's encrypted to protect your schedule from snoops. Do you really need protection from calendar snoops? Probably
not, but having a calendar with your email is very handy, and since the email is encrypted, so is the calendar.
Even a free Tutanota account comes with a calendar. Your paid account lets you create multiple calendars. Thereâs an
option to share calendars on a read-only, read-write, or fully managed basis. However, if you try to use it youâll find
that this feature requires an upgrade from the Premium edition.
If youâre moving from another calendar system, Tutanota can import from various standard calendar-sharing formats. It
supports all-day events, repeating appointments, and all the features youâd expect.
Private-Mail also includes a calendar, and it works fine on a single device. However, we found the machinations
required to sync the calendar across multiple devices to be beyond the skills of the average user.
Email Aliases and Filter Rules
Your paid Tutanota account lets you define up to five email aliasesâalternate addresses that all feed into your Inbox.
At first, I figured this to be a kind of Disposable Email Address (DEA) system, but itâs not practical for that
purpose.
A true DEA system like ManyMe or Burner Mail lets you generate a new email address for every online interaction. The
online merchant or other contact never sees your true email address. And if you start getting spam on one of your DEAs,
you can just disable it.
With Tutanota, you choose your own email aliases; once chosen, theyâre locked in. Even if you disable an alias, it still
counts against your total of five. The company suggests using aliases to do things like separate work and home emails,
or have emails triggered by a newsletter go to a newsletter-specific alias.
The similar features in Private-Mail and StartMail also come with limitations. Private-Mail limits you to five email
identities, or 20 if you spring for the very expensive Pro edition. StartMail limits you to 10 permanent identities,
as well as unlimited temporary ones that expire in no more than two weeks.
Filter rules are another premium feature. You can create rules to divert messages to specific folders based on words
found in the subject line or header, or based on whoâs in the Sender, To, Cc, or Bcc fields. For example, I created a
rule to send any message with âwebinarâ in the subject directly to trash. Really, I doubt many will use this feature.
Other Platforms...
On the desktop, Tutanota functions entirely within the browser, so it doesnât matter whether youâre using macOS or
Windows. There is also an Android app and an iPhone app.
When I installed the app on an Android device and went to log in, I worried a bit about my two-factor authentication.
What if it wanted the Yubikey? I neednât have worried. The app asked for the six-digit Google Authenticator code, but
also allowed me to authenticate by approving the new device from an existing Tutanota session.
On Android, the app looks and acts almost exactly like the web-based version, with reasonable accommodations. The list
of messages in the selected folder becomes the main view, with the folder list and left-rail menu available at the tap
of an icon. Tapping a message opens it so you can view or reply. Even the settings are almost all the same (though you
canât configure use of a security key for two-factor authentication). The iOS edition likewise matches the web-based
version as closely as possible.
Give Tutanota a Try...
Thinking about protecting your communications with Tutanota Premium? One benefit is that you donât have to pay right
away. You can get a good feel for the serviceâs features by using the free edition. In fact, you may find that the
free edition does everything you need. If not, the subscription price is quite low compared to other for-pay email
encryption services.
Get a free or premium service here... https://tutanota.com/
Stay secure.