Matthias Pfau: Tutanota and the Battle Against Mass Surviellance

Mattihias PfauMatthias Pfau is co-founder and developer of the encrypted email service Tutanota. Tutanota is part of what can be considered a post-Snowden development movement that aims to short-circuit government mass surveillance capabilities. I spoke to Matthias to discuss his project and where he believes that the battle between privacy advocates and governments is heading. 

John Little: So how is Tutanota doing? How is it being received? Do you think the project will be sustainable from a financial standpoint?

Matthias Pfau: Very good. We are experiencing massively increasing sign-up rates with thousands of new users coming in daily. I think people value most that their entire mailbox is encrypted and that we truly have no access. We plan to build upon this by adding features like an encrypted calendar and other groupware functions in the future. We have a lot on our list, and we would like to develop much faster, but we keep our budget tight. The upside: Tutanota already is sustainable: We’ve released our first Premium features with custom domain support three months ago. Many of our existing users switched to Premium immediately so that Tutanota: we have reached break-even.

What excites us the most is that many of our users simply upgrade because they WANT to pay for a secure service that respects their privacy without really needing the offered Premium features. That proves that people are realizing how harmful it is that companies and other third parties spy on their data. We believe that this is the start of a trend and that more and more people will make the switch away from the Googles of the world soon.

John Little: A number of other encrypted email services have been rushed into service recently. ProtonMail is a good example. How does Tutanota plan to differentiate itself in this emerging market? And will the market still exit if the massive players like Google move to more secure models?

Matthias Pfau: We believe that there are not too many encrypted services, but too few. The more services there are, the more people discuss these option and become aware of the fact that it has become very, very easy to keep their data private. What we can say about Tutanota is this: We encrypt the entire email – subject, body, attachments automatically. We encrypt all your data stored in Tutanota, even your contacts. We have build a scalable encryption solution that we can easily transfer to future additions like an encrypted calendar or encrypted cloud storage. It took us about three years to lay a solid foundation (server structure, encryption method, flexibility to change encryption algorithms when needed) for Tutanota so that we are well prepared for the future. We also have an up-time higher than 99.99 percent so that Tutanota is always available.

Plus Tutanota is a true open source project. You can GitHub: build and run Tutanota locally if you want to be more independent from us.

We don’t think that Google is a threat to Tutanota. Their business model relies on the fact that they can search their user’s data and post targeted ads. The security options Google implements will continue be add-ons only. In contrast to that, encryption is the default in Tutanota.

John Little: One challenge users face at the moment is fragmentation. We can send encrypted communications to other users on the same platform but not between platforms in many cases. Is this something that Tutanota is working on? Are you actively discussing this with other companies and developers?

Matthias Pfau: You are completely right, this is definitely an issue we need to tackle. We would like to make Tutanota interoperable with other services. We’ve been in contact with Openmailbox and know that they are open to the idea. However, we want to focus on developing more features for our users first. In addition, people on Tutanota can send end-to-end encrypted emails to anybody when they exchange a password. And many of our users do this as we can see from the encryption rate: To date already 37% of emails sent from Tutanota are end-to-end encrypted. This is a great success as it makes mass surveillance very, very hard, if not impossible.

John Little: The hacker community is diverse but Edward Snowden’s revelations seemed to have an impact on a significant percentage of the hackers I know. The reaction was an almost universal shift away from cooperation or sympathy with governments in places where there had been some success in getting the two camps to better understand each other. What’s your sense of where the community stands now?

Matthias Pfau: We are not in direct contact with the community so we can’t really say. What we see in Politics, however, is that politicians tend to act against the common opinion of IT security experts when it comes to the internet. One of the best examples is data retention: Even many IT experts and criminal investigators state that data retention does not help to prevent terrorist attacks. Nevertheless, politicians around the world resort to this method to prove to their voters that they do everything they can to increase security. In fact, this is just a big show that every tech-savvy person sees through, thus, they feel appalled by politicians and their actions against their citizen’s rights.

John Little: Let me clarify a bit because I did not intend to imply maliciousness with the term “hacker.” Stepping back away from this specific battle alone (although it is obviously the most extreme point of tension) how do you think governments who absolutely need the skills of developers, cryptographers, and security experts restore some of the goodwill that has been lost over privacy issues?

Matthias Pfau: We did not understand your questions to imply maliciousness. Governments in many cases seem not to understand how to make the Internet more secure, but rather rely on mass surveillance tactics. In my opinion they can only restore the goodwill of the community – not just hackers, but all privacy-advocates – if they get proper consultation from Internet activists such as the EFF or in Germany As long as they tend to work against these groups instead of listening to their advice, the prospects for Internet laws are very bad.

John Little: We’ve seen fundamental changes in the public’s understanding of security in the past few years but there is still a long way to go. Do you think that we are moving towards ubiquitous encryption? Five or ten years from now will we see platforms or apps succeeding without it?

Matthias Pfau: At least that is what we are trying to achieve! We, as tech companies, have to make encryption so easy and running so smoothly in the background that the consumer has no reason anymore to use non-encrypted services. Given the extent of surveillance done by Secret Services and marketing companies around the world, this our only chance. Without self-protection, all our secrets including health issues, family problems, drinking habits and so on will become publicly accessible soon. This is not the kind of world I dream of for my children.

John Little: States have immense capabilities and they have directed significant resources at intercepting encrypted communications. It’s what intelligence agencies do – and always have done. How do you see this battle playing out from a technical perspective? Could consumer level encryption eventually leave even the most sophisticated agencies in the dark? Could large governments essentially render consumer encryption models irrelevant (as some would argue that they have done already)? Or does the situation continue to remain murky as advantages shift slightly back and forth?

Matthias Pfau: The more people use encryption, the harder it gets for governments to monitor the Internet. This also makes mass surveillance as it is currently done impossible. Governments can still try to monitor individuals with targeted attacks. We have to be honest here: Encryption does not protect someone when he is committing crimes. But that’s not the point. The point is that illegal surveillance of everybody’s data becomes impossible and that is well-achievable with encryption technologies such as Tutanota.

John Little: Do you get the sense that governments are starting to come around to the idea that strong consumer encryption, encryption free of backdoors or other weaknesses, is an inevitable necessity? Do you get the sense that you’re winning?

Matthias Pfau: That’s hard to tell. Of course we would wish for such a move, but politics is hard to predict. We do, however, see that governments themselves increasingly understand that they need strong encryption that is easy to use. The more politicians understand that encryption is to their own benefit, the more likely it gets that they will also consider it to be valuable for all their citizens. So, let us say, we are hopeful!


Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone

Government Email Problems, Wikileaks, Russia, Drone Leaks, NASA Security and Other Counterintelligence Nightmares

The Covert Contact podcast kicks off again with an admittedly rambling, but hopefully entertaining, start as I review a number of high profile security issues with counterintelligence pro William Tucker. We look at the hack of DCIA John Brennan’s AOL account, Hillary Clinton’s email problems, and then ponder the broader risks associated with the personal accounts of key U.S. officials. And while we’re at it what’s with the curious lack of interest that organizations like Wikileaks have in exposing officials in Russia or North Korea. What’s up with that? Then we move on to drone leaks and drone policy before closing out the show with a look at the almost depressingly terrible security practices exhibited by NASA in the Bo Jiang case. Again, it’s a bit of a ramble but hopefully a fun one.

You can follow William J. Tucker on Twitter and read his guest posts on Blogs of War:

Everybody Spies – and for Good Reason
Hawaii a Priority Target for Foreign Espionage
Would the U.S. Really Kill Edward Snowden?
Snowden’s Snowjob?

Other Covert Contact Episodes Featuring William:
Episode 15: Hillary Clinton’s Email Server: Dissecting the Risks with William Tucker
Episode 12: Counterintelligence: William J. Tucker Breaks Down the Challenges


Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone

Encrypted Communication Has Never Been Easier – Security Never More Challenging

ProtonMailJust over two years ago I decided to spend some time digging into an emerging class of encryption tools that were making a solid run at simplifying the notoriously cumbersome use of PGP.

“So I stopped being lazy and have encryption implemented across all of my devices. Now, I have a 4096-bit RSA OpenPGP key, The Chrome extension Mailvelope is handling Gmail encryption, Thunderbird and Enigmail are configured on the Linux box, and IPGMail is setup for the same on my iPhone.”

Now I wasn’t looking to implement the strongest security model. I just wanted to see how challenging it would be to implement and use reasonably safe tools across all of my devices. These tools, all of which sprang to life pre-Snowden, did represent a huge improvement in usability but none of them would have passed the mom test.

Fast forward a very short two years and the landscape is starting to look very different. Free elegant encrypted email services like ProtonMail (listen to my interview with co-founder Andy Yen) and Tutanota are now viable alternatives to Gmail for millions of people. Encryption is baked-in and transparent to the user. If you were creating your first email account today there would be no reason not to start with an encrypted-by-default solution and we are rapidly approaching the point where the absence of end-to-end encryption in some of these tools will be perceived as a fatal flaw by consumers. Tresorit

Encrypted cloud storage is significantly easier to use as well. Here we see the same kind of evolution from plugins or add-on applications that add encryption capabilities to standalone tools like SpiderOak and Tresorit that encrypt by default. These services greatly simply security by making it a nearly invisible function of the software. Are they as easy to use as Dropbox? Close, but not quite. However, they are reasonably easy. In fact, I use Tresorit for all of my file storage across all of my computers and phone. The convenience penalty is now so slight that it is essentially negligible for a large portion of the user base.

SignalBut nowhere has the shift toward usability been more evident than in the mobile app market. People have literally thousands of options to choose from. Although it must be said that the number of good options is substantially lower than the total. Still, the barriers to encrypted text messaging, photo sharing, and even voice conversations on your phone just don’t exist. Secure communication is drop dead simple.

And Now A Warning

The tools that I’ve mentioned here are all reasonably secure. Reasonably. That’s a very important caveat but what does it mean? It means that, as I’ve said before, true security requires more than tools. Every tool and every model has numerous attack vectors. If your secrets are juicy enough, say they’re interesting to a superpower or country with advanced intelligence collection capabilities, then they will find a way to literally or metaphorically read your mail.

Reasonably secure in this context means that people who are not targets of incredibly sophisticated adversaries can expect these tools to do exactly what they say they do. If you are Edward Snowden or on this exclusive list then these tools are not for you. In fact, the internet is not for you at all unless you’re willing to employ a radically different security model. ProtonMail is even honest enough to remind its users of that in a breakdown of their threat model:

ProtonMail Warning

You’re probably not the next Snowden (lucky you!) but all of us have to think about who we are, who wants our information (seemingly everyone), why they want it, and what precautions must be taken to prevent that disclosure. Security requires more than an app. It requires thought. And this is why it will always be difficult – even as the tools get easier to use.


Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone

The Linux Foundation’s Linux Workstation Security Checklist

Linux workstation security checklistKonstantin Ryabitsev’s high-level security recommendations for Linux Foundations systems administrators is probably not the kind of document that most of you would read. In fact, I’ve known a shocking number of SysAdmins who wouldn’t take the time to read something like this. But trust me it’s worth reading – even if you don’t understand it.

Now you’re probably wondering how reading something that you don’t understand could be useful. That’s a very understandable point of confusion. But when it comes to security the things that you don’t know or don’t understand are the things that could literally or metaphorically kill you. The stuff you don’t know is the most important stuff.

A lot of very technical people follow and read Blogs of War but I am primarily sharing this for the benefit of the other 99% – those of you who probably won’t fully understand Konstantin’s recommendations.


Because if you’re even remotely interested in security this will give you topics for exploration. This is a pretty cool jumping off point for those of you who want to learn more about securing yourself and your hardware. And don’t get too hung up on the Linux-specific recommendations because many of the concepts and vulnerabilities are universal. If you’re not interested in learning more about this topic that’s fine too – as long as you’re comfortable with the risk.


Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on LinkedInDigg thisPrint this pageEmail this to someone