Establishing Digital Trust: Don't Sacrifice Security for Convenience
The German encrypted email provider Tutao, which was launched in 2012 in response to Edward Snowden's revelations regarding NSA surveillance, last week announced the availability of its Tutanota Free email service.
The company, founded by three former students from Leibniz University Hannover, currently offers 1GB of storage for free, with larger storage capability and additional functionality available soon on a subscription basis.
Company co-founder Arne Moehle said in a statement [PDF] that the service promises total data privacy. "All user data is encrypted locally on the user's device before being transmitted to our German-based servers," he said. "The data cannot be accessed by anybody. Not even we have access."
That also means that the company can't reset user passwords.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Common Web applications have made it very convenient for users by having the reset password option," Moehle said. "With this they also have made it very convenient for themselves because they can access all user data and misuse it for commercial purposes or hand it over to anybody else. We -- by default -- cannot do this."
Tutao co-founder Matthias Pfau said the company plans to make the source code for Tutanota freely available. "Email encryption is the best tool to stop mass surveillance on the Internet, and we want to make sure that everybody gets ... easy access to this technology," he said.
Just under a year ago, two secure email services, Lavabit and Silent Mail, were both shut down. Lavabit owner and operator Ladar Levison wrote at the time, "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit."
A few months later, Levison and Silent Circle announced the formation of the Dark Mail Technical Alliance, which is working to develop what it describes as "a unique end-to-end encrypted protocol and architecture that is the 'next generation' of private and secure email."
And another secure email service, Switzerland-based ProtonMail, announced last week that PayPal had frozen its account without explanation.
"When we pressed the PayPal representative on the phone for further details, he questioned whether ProtonMail is legal and if we have government approval to encrypt emails," company founder Andy Yen said in a statement.
The following day, Yen stated, "PayPal has let us know that the restrictions on our account have now been lifted and we have been able to extract our funds."
Anuj Nayar, PayPal's senior director of global initiatives, told The Register that ProtonMail's account had been frozen by accident. "We made a mistake, and as soon as we found out we called and apologized," he said.