FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid

Seven years ago, we started building Tutanota, an encrypted email service
with a strong focus on security, privacy and open source. Long before the
Snowden revelations, we felt there was a need for easy-to-use encryption that
would
allow everyone to communicate online without being snooped upon.

Figure 1. The Tutanota team’s motto: “We fight for privacy with automatic
encryption.”

As developers, we know how easy it is to spy on email that travels through the
web. Email, with its federated setup is great, and that’s why it has
become the main form of online communication and still is. However, from a
security perspective, the federated setup is troublesome—to say the
least.

End-to-end encrypted email is difficult to handle on desktops (with key
generation, key sharing, secure storing of keys and so on), and it’s close to impossible on
mobile devices. For the average, not so tech-savvy internet user, there are a
lot of pitfalls, and the probability of doing something wrong is, unfortunately,
rather high.

That’s why we decided to build Tutanota: a secure email service that
is so easy to use, everyone can send confidential email, not only the
tech-savvy. The entire encryption process runs locally on users’
devices, and it’s fully automated. The automatic encryption also enabled us to build
fully encrypted email apps for Android and iOS.

Finally, end-to-end encrypted email is starting to become the standard:
58% of all email sent from Tutanota already are end-to-end encrypted, and
the percentage is constantly
rising
.

Figure 2. Easy email encryption on desktops and mobile devices is now possible for
everyone.

The Open-Source Email Service to Get Rid of Google

As open-source enthusiasts, our apps have been open source from the start, but
putting them on F-Droid was a challenge. As with all email services, we have used
Google’s FCM for push notifications. On top of that, our encrypted email
service was based on Cordova, which the F-Droid servers are not able to
build.

Not being able to publish our Android app on F-Droid was one of the main
reasons we started to re-build the entire Tutanota web client. We are privacy
and open-source enthusiasts; we ourselves use F-Droid. Consequently, we
thought that our app must be published there, no matter the effort.

When rebuilding our email client, we made sure not to use Cordova anymore and
to replace Google’s FCM for push notifications.

Source: Linux Journal