Tutanota Shows End-To-End Encrypted Email Can Grow If It's Easy To Use

Tutanota, one of the few email services with a focus on end-to-end (client to client) encryption that have appeared after the Snowden revelations, said that as many as 37 percent of its users take advantage of its end-to-end encryption feature. This shows that when end-to-end encryption is easy to use and given as an option, at least a third of the users want to take advantage of it.

According to the company, the rise in end-to-end encryption on its service is due to the fact that its system isn't actually powered by PGP, the traditional protocol used to encrypt emails end-to-end, which many consider too difficult to use.

Cryptography professor Matthew Green, Open Whisper Systems' Moxie Marlinspike, and others have come out and said that we need better alternatives if we're going to try to make end-to-end encryption mainstream.

Tutanota can also be used as a "regular" email service, just like Gmail or Outlook, with the added bonus that you can also encrypt your emails with a password that you must share with the recipient. The encryption is symmetrical rather than asymmetrical, as is the case with PGP, where you must share a long public key with the recipient, and other people have to share theirs with you as well.

The jury is out on whether Tutanota actually uses a "better" end-to-end encryption protocol than PGP, but because users only must know a password they can just remember or change at any time, that makes the whole PGP key management issue a non-issue for Tutanota users.

However, the main hurdle with Tutanota's system is that the password will need to be shared securely as well, before exchanging these end-to-end encrypted emails. One way you could do that is by meeting in person, but the people you're emailing are often going to be far away from you, so it's not exactly feasible.

Another way they could share their passwords is through an end-to-end encrypted messenger such as anything based on the OTR protocol (Pidgin, Cryptocat, Chatsecure, Adium, etc.) or Signal/Textsecure. However, this requires Tutanota users to use other apps to take full advantage of the Tutanota system.

This is why it would probably be best that if Tutanota maintains this system in the future, it could at least integrate a secure end-to-end chat application into it that would allow users to safely share their email passwords.

For those who want to continue using PGP in the meantime, there's Whiteout, MailPile, as well as the Mailvelope browser extension, all of which are trying to make PGP a little easier to use in the browser.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • cannapotta
    I really like Tutanota, but it's still not as hassle-free as secure instant messengers, like Threema, which I even use to chat with my mom!
  • Frank Dragon
    The statement that "a third will use it if it's available" isn't necessarily true. It might be that this "third" specifically sought out Tutanota because of its end-to-end encryption.
    Now if these were users that had been with the service for years in pre-encryption times, and then started to use encryption when it became available, that'd be a reasonable scenario for "a third will use it when it's available".
    Now, it might be true, but beware statistics and 'conclusions' ;)