Open-sourcing Tutanota: Why it was important to us

There recently was a post about Tutanota on Full Disclosure: <a href="http:&#x2F;&#x2F;seclists.org&#x2F;fulldisclosure&#x2F;2015&#x2F;Jun&#x2F;58" rel="nofollow">http:&#x2F;&#x2F;seclists.org&#x2F;fulldisclosure&#x2F;2015&#x2F;Jun&#x2F;58</a><p>What I find even more worrying than the issue itself is the reaction. It indicates that the developers lack basic crypto skills and that this service was never reviewed by anyone with crypto knowledge.

After clicking through the link, I have no idea what &quot;Tutanota&quot; is. Am I supposed to know? Hubris (of course everyone knows what Tutanota is)? Proximity (working with it every day, forgot to give a one-sentence explanation)? Deviousness (reader says, &quot;what the hell is Tutanota? I better click through and find out)?.

Has anyone tried this? How does it compare to <a href="https:&#x2F;&#x2F;www.mailpile.is&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.mailpile.is&#x2F;</a>?

Do one thing and do it well... I like how simple the interface is and how trivial it is to toggle between sending encrypted emails and non-encrypted.<p>Great move opensourcing this. I respect the devs stated ethos and reasons for doing this. Hopefully this project will benefit from &#x27;Linus&#x27; Law&#x27; and will get help to address the sec issues noted in the full disclosure.<p>I would like to be able to integrate this with something like keybase - but where i hold the private key (which you can do with keybase but it is not the default).<p>An interesting project and seemingly moving in the right direction.

What bothers me most is that i can&#x27;t download any e-mail (like normal e-mail clients) to my local machine (on OS X and&#x2F;or Linux). So, i can&#x27;t make any backups either and if the Tutanota servers disappear (for whatever reason, maybe beyond their control like Lavabit), i no longer have access to any of my e-mails :s<p>(same problem with their iOS clients, no connection to the servers = no access to any of your e-mails)

I think this service proves the lack of value of code review or code release in isolation. They give you the option to save your login on a &quot;private computer&quot;, which stores a cookie that will be sent over non-encrypted connections.<p>Which means that if the user connects to a wifi connection that you control, you can trivially inject something which will cause the browser to make a http connection to www.tutanota.com and leak the cookie.<p>There&#x27;s more to security than encryption and open source code. #include plug for FastMail - we know what we&#x27;re doing.<p>We don&#x27;t do the end-to-end encryption, because pre-agreeing to a high security password is nearly as much work as setting up PGP - and with PGP you&#x27;re not trusting that Tutanota are actually running the code that they claim to be running.<p>Besides which, Tutanota don&#x27;t actually send an encrypted email, they send a link back to their server where you can read the secure message - which means you&#x27;re going to need to be online whenever you&#x27;re reading a tutanota message - with access to their server, and you&#x27;re going to have to agree on a highly secure password with everyone you correspond with.<p>I haven&#x27;t tried unsending an email or revoking a password yet... maybe I&#x27;ll try revoking the password...<p>WOAH. OK, so I did this:<p>Account A == brong@tutanota.com, signed up for testing Account B == brong@brong.net, my personal email.<p>I created a shared password &quot;this is bound to work&quot; on account A and sent myself an email to account B. It came with a link that I clicked, which asked for the shared password, and logged me into the tutanota interface as brong@brong.net I guess, then I:<p>1) deleted the contact from my tutanota account to try to revoke the send message.<p>2) clicked the link from brong@brong.net, which took me to the email.<p>3) replied from the tutanota interface as brong@brong.net.<p>4) replied from the tutanota interface to THAT email as brong@brong.net. It asked for a new shared password, because I had removed the old one when I deleted the contact.<p>5) clicked the new link in my brong@brong.net account. I got an error, because my shared password was now wrong. I entered my password, and I could read BOTH the emails, including the one only sent with the old shared password.<p>At least the old link is invalid, but any new links shows old email that was sent with a different shared password.<p>I am left concluding that this is so much snake oil. <i>sigh</i>. I know encrypted email is all the rage these days, but I&#x27;m not sure that I would trust a site just because it used the right buzzwords. Two massive security fails in 15 minutes&#x27; testing.

At the end of the day only PGP and IRL discussions offer some kind of privacy.

Highly secure messaging, email, and Internet services has a long history in military and defense sector with issues well-understood. I mention here [1] the framework I used in high assurance security engineering. The system must be built using strongest engineering techniques with the right requirements. It must run on an endpoint with specialist security engineering techniques resistant to talented hackers. The protocols, parsers, networking stacks, and so on must be <i>carefully</i> implemented to prevent problems. Modern attackers are hitting various firmware, too, so protection is needed from devices. Then, we must be sure the software displayed to us for all this is what&#x27;s actually running, on non-subverted hardware, and with non-malicious insiders.<p>The whole thing is beyond tricky to the point that no hosted service is rated to high security in any honest way (eg outside hand-waiving arguments). The only proven model has standalone apps (eg PGP, Nexor Sentinel) acting as proxies between trusted mail&#x2F;messaging apps and untrusted side. Ideally, user-controlled, vetted code handles secrets with untrusted side (eg Internet host) simply a transport or storage layer that has no influence on endpoint or security past availability. The trusted software must also run on strong endpoints that don&#x27;t run any other risky software. Given target market, that disqualifies most users of email and messaging software in general.<p>So, about this one. It seems to not meet many of these requirements and its users don&#x27;t either. That puts it in Low-Medium assurance category where it might still be helpful against regular black hats, snoops, and attackers without 0-days in what their users have. That will necessarily require decent design &amp; implementation. I commend them on having it pen-tested &amp; open-sourced for review to that effect.<p>Meanwhile, users wanting to increase resistance to High Strength Attackers should use air gapped, hardened NIX boxes with GPG or Markus Ottela&#x27;s Tinfoil Chat. Snowden leaks showed using GPG correctly, esp with Tor correctly, gave NSA hell. Markus has also improved TFC many times in response to our critiques to the point that many attack vectors are impossible, risk is lower in others, and endpoint risks are possibly lower than all solutions if right hardware is used. Still work to be done but he&#x27;s way ahead of the competition.<p>Note: I second rossjudson that the site, although with beautiful artwork, should be redesigned so it&#x27;s clear what the app does without a lot of digging. I&#x27;ve seen competing apps where they were clear on the specifics upfront while still not drowning readers in technical detail. The technical detail was a link or so away if I needed it. Right not, it looks too much like a marketing team&#x27;s work.<p>[1] <a href="https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2013&#x2F;01&#x2F;essay_on_fbi-ma.html#c1102869" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2013&#x2F;01&#x2F;essay_on_fbi-...</a>

&gt; Why it was important to us<p>So that people would actually know you exist?

From what I could tell, this is only the Web front-end client, not the backend server stack. Therefore, it is not possible to run a full Tutanota server using the open-sourced code. I would love to be wrong about this, but I don&#x27;t think I am.

Probably just a personal preference, but I must say this looks a lot better than the Fastmail interface.<p>And it&#x27;s not US based either which is another plus.