Why email encryption matters

Emails are like postcards. Just imagine you would send all your confidential letters as postcards, open for anyone to copy and read them.

In fact, emails are even worse: Without end-to-end encryption, emails are like digital postcards. Openly accessible to software that scans emails for keywords to filter and analyze the ones that seem important.

Only with proper end-to-end encryption, emails become unreadable to the software, and, thus, to potential hackers and spies alike.

But even when you use end-to-end encryption, there's still the issue with meta data. The way the email system is set up, it is impossible to encrypt or hide meta data from online surveillance. If only journalists, activists and whistleblowers use end-to-end encrypted emails, they become an easy target for state agencies.

That's why it is so important that everyone uses email encryption for as many emails as possible - not just for confidential emails.

Encrypted emails rise in number

As more and more people understand why privacy matters, particularly to fight the surveillance giants like Google and Facebook, it is no surprise that the number of encrypted emails are constantly rising as well.

In Tutanota alone, already 58% of sent emails are encrypted. While there is no calculation of total end-to-end encrypted emails that travel the web, this development speaks a clear language.

Plus, new users join Tutanota every day, which means more emails are being sent by our users.

The future of email encryption

We have reached a point where we can confidently conclude that sending an encrypted email must be as easy as sending a not-encrypted email. Otherwise email encryption will never be adopted by the masses.

That's proven by the fact that 96% of encrypted Tutanota emails are sent to other Tutanota users. Here the email encryption takes place automatically. Only 4% of end-to-end encrypted emails with Tutanota are password-protected and sent to external users, which requires an extra step by the user. Namely, he must set a password to encrypt the email and share the password with the recipient.

As a consequence, we as software developers must focus on making email encryption as easy as possible. With Tutanota we have already achieved this by building the encryption into the software from the start so that internal emails are always encrypted. The user does not even have to click anywhere, the encryption just happens.

Why Tutanota does not rely on PGP

To encrypt the entire mailbox, Tutanota uses standard algorithms also being used by PGP (AES 128 / RSA 2048). Tutanota does not use an implementation of PGP because PGP lacks important requirements that we plan to achieve with Tutanota:

PGP does not encrypt the subject line (already achieved in Tutanota),

PGP algorithms can't be easily updated,

PGP has no option for Perfect Forward Secrecy.

In Tutanota we can easily update the algorithms, and we plan to replace the current algorithms with quantum secure ones in the future. The flexibility of Tutanota enables us to integrate an encrypted calendar, encrypted cloud storage and many more features much easier and faster than it would have been possible with an implementation of PGP. We also plan to add Perfect Forward Secrecy to Tutanota.

Compatibility with PGP

However, most current email encryption systems use PGP. It is important for Tutanota to become compatible with PGP to increase the number of encrypted emails even further. That's why we plan to add Autocrypt support to Tutanota.

While PGP offers very good encryption, it is also very complex and cumbersome. That's why PGP is still barely being used, despite the fact that it was invented more than thirty years ago. This is going to be fixed with Autocrypt (at least to a certain point) and that's also why we plan to become compatible with PGP.

Nevertheless, the easiest way to encrypt an email is using Tutanota: If you don't believe us, check our guide on email encryption to learn how to encrypt an email in seconds.

Let's make email encryption the standard!