{"id":443,"date":"2018-10-17T11:40:10","date_gmt":"2018-10-17T11:40:10","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/17\/foss-project-spotlight-tutanota-the-first-encrypted-email-service-with-an-app-on-f-droid\/"},"modified":"2018-10-17T11:40:10","modified_gmt":"2018-10-17T11:40:10","slug":"foss-project-spotlight-tutanota-the-first-encrypted-email-service-with-an-app-on-f-droid","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/17\/foss-project-spotlight-tutanota-the-first-encrypted-email-service-with-an-app-on-f-droid\/","title":{"rendered":"FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid"},"content":{"rendered":"<p>\nSeven years ago, we started building <a href=\"https:\/\/tutanota.com\">Tutanota<\/a>, an encrypted email service<br \/>\nwith a strong focus on security, privacy and open source. Long before the<br \/>\nSnowden revelations, we felt there was a need for easy-to-use encryption that<br \/>\nwould<br \/>\nallow everyone to communicate online without being snooped upon.\n<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"&quot;&quot;\" height=\"483\" src=\"https:\/\/www.linuxjournal.com\/sites\/default\/files\/styles\/max_650x650\/public\/u%5Buid%5D\/team_1280_white.png\" width=\"650\" \/><\/p>\n<p><em>Figure 1. The Tutanota team&#8217;s motto: &#8220;We fight for privacy with automatic<br \/>\nencryption.&#8221;<\/em><\/p>\n<p>\nAs developers, we know how easy it is to spy on email that travels through the<br \/>\nweb. Email, with its federated setup is great, and that&#8217;s why it has<br \/>\nbecome the main form of online communication and still is. However, from a<br \/>\nsecurity perspective, the federated setup is troublesome\u2014to say the<br \/>\nleast.\n<\/p>\n<p>\nEnd-to-end encrypted email is difficult to handle on desktops (with key<br \/>\ngeneration, key sharing, secure storing of keys and so on), and it&#8217;s close to impossible on<br \/>\nmobile devices. For the average, not so tech-savvy internet user, there are a<br \/>\nlot of pitfalls, and the probability of doing something wrong is, unfortunately,<br \/>\nrather high.\n<\/p>\n<p>\nThat&#8217;s why we decided to build Tutanota: a secure email service that<br \/>\nis so easy to use, everyone can send confidential email, not only the<br \/>\ntech-savvy. The entire encryption process runs locally on users&#8217;<br \/>\ndevices, and it&#8217;s fully automated. The automatic encryption also enabled us to build<br \/>\nfully encrypted email apps for Android and iOS.\n<\/p>\n<p>\nFinally, end-to-end encrypted email is starting to become the standard:<br \/>\n<a href=\"https:\/\/tutanota.com\/blog\/posts\/secure-email-encryption\">58% of all email sent from Tutanota already are end-to-end encrypted, and<br \/>\nthe percentage is constantly<br \/>\nrising<\/a>.\n<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"&quot;&quot;\" height=\"650\" src=\"https:\/\/www.linuxjournal.com\/sites\/default\/files\/styles\/max_650x650\/public\/u%5Buid%5D\/new_client_white_sending.png\" width=\"650\" \/><\/p>\n<p>\n<em>Figure 2. Easy email encryption on desktops and mobile devices is now possible for<br \/>\neveryone.<\/em><\/p>\n<h3>\nThe Open-Source Email Service to Get Rid of Google<\/h3>\n<p>\nAs open-source enthusiasts, our apps have been open source from the start, but<br \/>\nputting them on F-Droid was a challenge. As with all email services, we have used<br \/>\nGoogle&#8217;s FCM for push notifications. On top of that, our encrypted email<br \/>\nservice was based on Cordova, which the F-Droid servers are not able to<br \/>\nbuild.\n<\/p>\n<p>\nNot being able to publish our Android app on F-Droid was one of the main<br \/>\nreasons we started to re-build the entire Tutanota web client. We are privacy<br \/>\nand open-source enthusiasts; we ourselves use F-Droid. Consequently, we<br \/>\nthought that our app must be published there, no matter the effort.\n<\/p>\n<p>\nWhen rebuilding our email client, we made sure not to use Cordova anymore and<br \/>\nto replace Google&#8217;s FCM for push notifications.\n<\/p>\n<h3>\nThe Challenge to Replace Google&#8217;s FCM<\/h3>\n<p>\nGCM (or, as it&#8217;s now called, FCM, for Firebase Cloud Messaging) is a service<br \/>\nowned by Google. Unfortunately, FCM includes Google&#8217;s tracking code for<br \/>\nanalytics purposes, which we didn&#8217;t want to use. And, even more<br \/>\nimportant: to use FCM, you have to send all your notification data to Google.<br \/>\nYou also have to use Google&#8217;s proprietary libraries.\n<\/p>\n<p>\nBecause of privacy and security concerns, we didn&#8217;t send any info in<br \/>\nthe notification messages. Therefore, the push notification<br \/>\nmentioned only that you received a new message without a reference to the mailbox<br \/>\nin which that message has been placed.\n<\/p>\n<p>\nWe wanted our users to be able to use Tutanota on every ROM and every device,<br \/>\nwithout the control of a third-party. That&#8217;s why we decided to take on the<br \/>\nchallenge and to build a push notification service ourselves.\n<\/p>\n<p>\nWhen we started designing our push system, we set the following goals:\n<\/p>\n<ul>\n<li>\nIt must be secure.\n<\/li>\n<li>\nIt must be fast.\n<\/li>\n<li>\nIt must be power-efficient.\n<\/li>\n<\/ul>\n<p>\nWe&#8217;ve researched how others (Signal, Wire, Conversations, Riot,<br \/>\nFacebook and Mastodon) have been solving similar problems, and we had several<br \/>\noptions in mind, including WebSockets, MQTT, Server Sent Events and HTTP\/2<br \/>\nServer Push.\n<\/p>\n<p>\nWe settled for the SSE (Server Sent Events), because it seemed like a simple<br \/>\nsolution. By that, I mean &#8220;easy to implement, easy to debug&#8221;.<br \/>\nDebugging these types of things can be a major headache, so one should not<br \/>\nunderestimate that factor. Another argument in favor of that solution was relative power<br \/>\nefficiency. We didn&#8217;t need upstream messages, and constant connection was<br \/>\nnot our goal.\n<\/p>\n<h3>\nSo, What Is SSE?<\/h3>\n<p>\nSSE is a web API that allows a server to send events to connected<br \/>\nclients. It&#8217;s a relatively old API, which is, in my opinion, underused.<br \/>\nWe&#8217;d never heard of SSE before the federated network Mastodon, which<br \/>\nuses SSE for real-time timeline updates, and it works great.\n<\/p>\n<p>\nThe protocol itself is very simple and resembles good old polling. The client<br \/>\nopens a connection, and the server keeps it open. It&#8217;s different from<br \/>\nclassical polling in that we keep this connection open for multiple events.<br \/>\nThe server can send events and data messages, they&#8217;re just separated by<br \/>\nnew lines. So the only thing the client needs to do is to open a connection<br \/>\nwith a big timeout and read the stream in a loop.\n<\/p>\n<p>\nSSE fits our needs better than WebSocket would (it&#8217;s cheaper and converges<br \/>\nfaster, because it&#8217;s not duplex). We&#8217;ve seen multiple chat apps<br \/>\ntrying to use WebSocket for push notifications, and it didn&#8217;t seem power-efficient.\n<\/p>\n<p>\nWe had some experience with WebSocket already, and we knew that firewalls<br \/>\ndon&#8217;t like keepalive connections. To solve this, we used the same<br \/>\nworkaround for SSE that we did for WebSocket. We sent &#8220;heartbeat&#8221; empty<br \/>\nmessages every few minutes. We made this interval adjustable from the server<br \/>\nside and randomized it not to overwhelm the server.\n<\/p>\n<p>\nIn the end, we had to do some work\u2014I could describe loads of challenges<br \/>\nwe had to overcome to make this finally work, but maybe some other time. Yet,<br \/>\nit was totally worth it. Our new app is still in beta, but thanks to<br \/>\nnon-blocking IO, we&#8217;ve been able to maintain thousands of simultaneous<br \/>\nconnections without problems. Our users are no longer forced to use Google<br \/>\nPlay Services, and <a href=\"https:\/\/tutanota.com\/blog\/posts\/open-source-email\">we&#8217;ve been able to publish our app on<br \/>\nF-Droid<\/a>.\n<\/p>\n<p>\nAs a side-note: wouldn&#8217;t it be great if the user could just pick a<br \/>\n&#8220;push notifications provider&#8221; in the phone settings and the OS managed<br \/>\nall these hard details by itself, so every app that doesn&#8217;t want to be<br \/>\npoliced by the platform owner didn&#8217;t have to invent the system anew? It<br \/>\ncould be end-to-end encrypted between the app and the app server. There&#8217;s<br \/>\nno real technical difficulty in that, but as long as our systems are<br \/>\ncontrolled by big players, we as app developers have to solve this by<br \/>\nourselves.\n<\/p>\n<h3>\nTutanota Is the First App of an Email Service Available on F-Droid<\/h3>\n<p>\nOur app release on F-Droid really excites us, as it proves that it is possible<br \/>\nto build a <a href=\"https:\/\/tutanota.com\">secure email service<\/a> that&#8217;s completely<br \/>\nGoogle-free, giving people a real open-source alternative to the data-hungry<br \/>\nmarket-leader Gmail.\n<\/p>\n<p>\nThis is a remarkable step, as so far no other email service has managed (or<br \/>\ncared) to publish its app on F-Droid. The reason for this is that, in<br \/>\ngeneral, email services rely on Google&#8217;s FCM for push notifications, which<br \/>\nmakes an F-Droid release impossible.\n<\/p>\n<p>\nThe F-Droid team also welcomed our move in the right direction:\n<\/p>\n<blockquote>\n<p>\nWe are<br \/>\nhappy to see how enthusiastic Tutanota is about F-Droid and free software,<br \/>\nhaving rewritten their app from scratch so it could be included. Furthermore,<br \/>\nthey take special measures to avoid tracking you, and the security looks<br \/>\nsolid with support for end-to-end encryption and two-factor<br \/>\nauthentication.\n<\/p>\n<\/blockquote>\n<p>\nWe are very excited about this release as well. And, we are thankful for the<br \/>\ndedication and hard work of the numerous F-Droid volunteers helping us to<br \/>\npublish our app there. We are also proud that the new Android app finally<br \/>\ncomes without any ties to Google services. As a secure email service, this is<br \/>\nvery important to us. We encourage our users to <a href=\"https:\/\/tutanota.com\/blog\/posts\/how-to-leave-google-gmail\">leave<br \/>\nGoogle<\/a> behind,<br \/>\nso offering a Google-free Android app, therefore, is a minimum requirement<br \/>\nfor<br \/>\nus.\n<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"&quot;&quot;\" height=\"650\" src=\"https:\/\/www.linuxjournal.com\/sites\/default\/files\/styles\/max_650x650\/public\/u%5Buid%5D\/new_client_darktheme.png\" width=\"650\" \/><\/p>\n<p>\n<em>Figure 3. The new Tutanota client comes with a dark theme\u2014a nice and minimalistic<br \/>\ndesign that lets you easily encrypt email messages to every email address in the<br \/>\nworld.<\/em><\/p>\n<h3>\nA Privacy-Focused Email Service for Everyone<\/h3>\n<p>\nWe&#8217;ve been using Tutanota ourselves for a couple years now. The new<br \/>\nTutanota client and apps are fast, come with a nice and minimalistic design,<br \/>\nenable search on encrypted data, and support 2FA and auto-sync. Since we&#8217;ve<br \/>\nadded search, there&#8217;s no major feature missing for professional use<br \/>\nany longer, and we&#8217;ve noticed the numbers of new users rising constantly. We recommend<br \/>\nthat everyone who wants to stop third parties from reading their private<br \/>\nemail to<br \/>\njust give it a try.\n<\/p>\n<p> <a href=\"https:\/\/www.linuxjournal.com\/content\/foss-project-spotlight-tutanota-first-encrypted-email-service-app-f-droid\" target=\"_blank\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Seven years ago, we started building Tutanota, an encrypted email service with a strong focus on security, privacy and open source. Long before the Snowden revelations, we felt there was a need for easy-to-use encryption that would allow everyone to communicate online without being snooped upon. Figure 1. The Tutanota team&#8217;s motto: &#8220;We fight for &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/17\/foss-project-spotlight-tutanota-the-first-encrypted-email-service-with-an-app-on-f-droid\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-443","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/443","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=443"}],"version-history":[{"count":0,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/443\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=443"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=443"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=443"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}