Encrypted mail services: what to choose?
Konstantin Dokuchaev, the author of the All-in-One Person blog and the @themarfa telegram channel, spoke specifically about Netology about two mail services: Tutanota and ProtonMail and explained which one to choose and why.
Today you will not often hear about the importance of private correspondence, about the methods of its protection and encryption of correspondence. But I still decided to take a look at two popular mail services with end-to-end encryption: Tutanota and ProtonMail. They offer secure messaging with encrypted all emails. Let's take a closer look at what the two services give, and whether it is worth hiding your correspondence from the FSB or other special services and competitors.
Tutanota is a free email service from the Germans that provides mail encryption for its customers.
')
Pros:
Minuses:
Registering with the service is much easier than with regular email providers. All you need to do is choose a mailbox name and enter a password, after which you can immediately start using your new secure mail.
As can be seen from the screenshot below, Tutanota does not have a colorful interface. But this is not the main thing. As in any mail service, there is a standard distribution of letters into folders: Inbox, Drafts, Sent, Trash, Archive and Spam. When you create a new letter or reply to a received one, you will also find all the standard functions: forwarding, hidden recipients and so on. You can also attach files to letters.
For incoming emails, you can configure filtering rules. Of the interesting things in Tutanota worth noting the possibility of attaching several aliases to one mailbox. True, this possibility is only in the paid version of the service. The maximum limit on the letter with the investment is 25 MB.
Like most security-fighting services, Tutanota posted their source code on Github. Therefore, the developer community can independently check the service code for "bookmarks" and other unsafe things.
Encryption and decryption of data always occurs locally on the device during authorization in the service. Your password is used as the encryption key. Therefore, it should not be forgotten, since even developers are not able to help him remember. An exception is the corporate version of Tutanota. In it, the domain administrator can reset user passwords.
All correspondence is encrypted end-to-end and is not transmitted to any third parties. The letters themselves are encrypted: subject, content, attachments and contact list. Tutanota have access only to the metadata of the letter, such as the sender, the recipient and the date of the letter. That, in principle, is understandable, but the developers promise in the future full encryption of letters.
Encryption of letters when sending between Tutanota users is performed using standardized AES algorithms with a 128-bit encryption key and RSA with 2048 bits. Letters to third-party services are encrypted using AES 128 bits. The encryption algorithm is clearly shown in the picture below, which shows the sending and receiving of messages inside and outside the service.
You can send a letter to another mail service in two ways: secure and not. Let's talk about the protected method. To send such letters, you need to exchange a unique password with the recipient, which will encrypt all your correspondence. This can be done through any third-party service or verbally. After the first email is sent and the recipient enters the password, the encryption key is stored in your address book and you can forget about it. All mail will be automatically encrypted.
Such letters cannot be viewed in standard mail clients. The recipient will receive a link where he can access the letter in the browser of a computer or smartphone.
Tutanota servers are located in Germany, which means that the service is subject to the laws of this country. But in any case, developers cannot disclose the correspondence. As I said above, all correspondence is encrypted locally and a third party cannot access it.
The anonymity of the service is already noticeable at the registration stage, where no personal data is required from you. IP-addresses are not stored by the service and are cut off when sending emails. Thus, your location is permanently hidden. For premium features, you can pay with an anonymous Bitcoin currency. Of course, the service maintains technical logs for error handling. But they are stored for 14 days and do not contain any personal information about the user.
Now let's talk about the more well-known service for the secure exchange of mail ProtonMail .
Pros:
Minuses:
ProtonMail does not request any personal information during registration. You are required to choose a name for the mail and specify a password with which the letters will be encrypted. An optional field is an additional email address to which you can reset your password. During the registration process, encryption keys are generated, and at the end, a captcha appears to ensure your humanity.
The ProtonMail interface is less austere than its counterpart. Here, in addition to standard mail functions, you can find such familiar things as stars for selected letters and shortcuts. The interface can be customized and change the display of letters from horizontal to vertical. Letters can be sorted by various parameters. For example, by date or volume. In addition, the developers have provided a search by mail.
In general, ProtonMail is more similar to our usual mail services, and in terms of its functions it is not inferior to competitors. Moving letters, viewing the "body" of the letter, convenient formatting and much more. In the service settings, you can enable two-factor authentication, disable the ability to recover the password and adjust the logging level.
All data transmitted through the service is protected by encryption. The “body” and attachments of the letter are end-to-end encrypted, but the subject of the letter is not protected. This is due to the fact that developers use the PGP-algorithm, which depends on the standards for data transfer via SMTP protocol. The developers made this concession in order not to limit the encryption of letters only between the clients of the service. PGP-algorithm allows you to use the correspondence, regardless of the email client.
To send letters outside the service, you can use the protected method and unprotected. In the first case, your letters remain encrypted end-to-end. In the second, the TLS encryption method, which supports most of the popular mail services, will be used to send letters. However, in this case, third parties have the opportunity to gain access to your correspondence. At the same time, all mail inside ProtonMail is inaccessible to third parties regardless of the method of sending emails.
ProtonMail servers are located in Switzerland and the developer is subject to the laws of this country. With a legitimate request from the court, developers are able to provide the subject of all letters.
Since the entire service infrastructure is based on working with the PGP algorithm, the developer’s site does not describe specific encryption characteristics. But Wikipedia knows everything:
Both services show themselves as excellent solutions for the protection of private mail correspondence, and you can choose any of them. The main parameters of the choice are the price and compatibility with other mail clients.
A cheaper option is Tutanota. But there are several major drawbacks. First: you can not use third-party email clients. Second, the recipients of your letters in third-party services will be forced to read the correspondence in the browser with a password.
ProtonMail is a kind of encrypted mail for housewives. Minus: price. Most likely, you will have to pay a subscription to the service. On the other hand, you get the possibility of "seamless" correspondence with the whole world, regardless of the email provider or client.
April 21 in "Netology" starts the course " Big Data: Basics of working with large data arrays ". On it we will talk about what it is, what the analysis methods are, on what the systems are built and how the systems work and we will learn how to work with arrays of big data. Working with Big Data, you can upgrade your skills, learn how to apply data in life and work, and understand why to encrypt or not encrypt your correspondence.
Today you will not often hear about the importance of private correspondence, about the methods of its protection and encryption of correspondence. But I still decided to take a look at two popular mail services with end-to-end encryption: Tutanota and ProtonMail. They offer secure messaging with encrypted all emails. Let's take a closer look at what the two services give, and whether it is worth hiding your correspondence from the FSB or other special services and competitors.
Tutanota
Tutanota is a free email service from the Germans that provides mail encryption for its customers.
')
Pros:
- Russian interface.
- Simple registration.
- Free rate.
- Web version, iOS and Android.
- Ability to deploy a server on your domain.
Minuses:
- In a free account, only 1 GB of storage.
- No cloud storage support.
- No two-factor authentication.
- There is no possibility of receiving mail via IMAP by third-party clients.
Registering with the service is much easier than with regular email providers. All you need to do is choose a mailbox name and enter a password, after which you can immediately start using your new secure mail.
As can be seen from the screenshot below, Tutanota does not have a colorful interface. But this is not the main thing. As in any mail service, there is a standard distribution of letters into folders: Inbox, Drafts, Sent, Trash, Archive and Spam. When you create a new letter or reply to a received one, you will also find all the standard functions: forwarding, hidden recipients and so on. You can also attach files to letters.
For incoming emails, you can configure filtering rules. Of the interesting things in Tutanota worth noting the possibility of attaching several aliases to one mailbox. True, this possibility is only in the paid version of the service. The maximum limit on the letter with the investment is 25 MB.
About security
Like most security-fighting services, Tutanota posted their source code on Github. Therefore, the developer community can independently check the service code for "bookmarks" and other unsafe things.
Encryption and decryption of data always occurs locally on the device during authorization in the service. Your password is used as the encryption key. Therefore, it should not be forgotten, since even developers are not able to help him remember. An exception is the corporate version of Tutanota. In it, the domain administrator can reset user passwords.
All correspondence is encrypted end-to-end and is not transmitted to any third parties. The letters themselves are encrypted: subject, content, attachments and contact list. Tutanota have access only to the metadata of the letter, such as the sender, the recipient and the date of the letter. That, in principle, is understandable, but the developers promise in the future full encryption of letters.
Encryption of letters when sending between Tutanota users is performed using standardized AES algorithms with a 128-bit encryption key and RSA with 2048 bits. Letters to third-party services are encrypted using AES 128 bits. The encryption algorithm is clearly shown in the picture below, which shows the sending and receiving of messages inside and outside the service.
You can send a letter to another mail service in two ways: secure and not. Let's talk about the protected method. To send such letters, you need to exchange a unique password with the recipient, which will encrypt all your correspondence. This can be done through any third-party service or verbally. After the first email is sent and the recipient enters the password, the encryption key is stored in your address book and you can forget about it. All mail will be automatically encrypted.
Such letters cannot be viewed in standard mail clients. The recipient will receive a link where he can access the letter in the browser of a computer or smartphone.
Tutanota servers are located in Germany, which means that the service is subject to the laws of this country. But in any case, developers cannot disclose the correspondence. As I said above, all correspondence is encrypted locally and a third party cannot access it.
The anonymity of the service is already noticeable at the registration stage, where no personal data is required from you. IP-addresses are not stored by the service and are cut off when sending emails. Thus, your location is permanently hidden. For premium features, you can pay with an anonymous Bitcoin currency. Of course, the service maintains technical logs for error handling. But they are stored for 14 days and do not contain any personal information about the user.
Protonmail
Now let's talk about the more well-known service for the secure exchange of mail ProtonMail .
Pros:
- Web interface and mobile applications.
- Two-factor authentication.
- Thin appearance settings.
- Security Settings.
- PGP encryption.
Minuses:
- There is no Russian language.
- In the free version, only 150 messages are available per day.
- The free version has 500 MB of storage.
- Restrictions are expanding, but remain even in the paid version (there is a tariff plan without restrictions).
ProtonMail does not request any personal information during registration. You are required to choose a name for the mail and specify a password with which the letters will be encrypted. An optional field is an additional email address to which you can reset your password. During the registration process, encryption keys are generated, and at the end, a captcha appears to ensure your humanity.
The ProtonMail interface is less austere than its counterpart. Here, in addition to standard mail functions, you can find such familiar things as stars for selected letters and shortcuts. The interface can be customized and change the display of letters from horizontal to vertical. Letters can be sorted by various parameters. For example, by date or volume. In addition, the developers have provided a search by mail.
In general, ProtonMail is more similar to our usual mail services, and in terms of its functions it is not inferior to competitors. Moving letters, viewing the "body" of the letter, convenient formatting and much more. In the service settings, you can enable two-factor authentication, disable the ability to recover the password and adjust the logging level.
About security
All data transmitted through the service is protected by encryption. The “body” and attachments of the letter are end-to-end encrypted, but the subject of the letter is not protected. This is due to the fact that developers use the PGP-algorithm, which depends on the standards for data transfer via SMTP protocol. The developers made this concession in order not to limit the encryption of letters only between the clients of the service. PGP-algorithm allows you to use the correspondence, regardless of the email client.
To send letters outside the service, you can use the protected method and unprotected. In the first case, your letters remain encrypted end-to-end. In the second, the TLS encryption method, which supports most of the popular mail services, will be used to send letters. However, in this case, third parties have the opportunity to gain access to your correspondence. At the same time, all mail inside ProtonMail is inaccessible to third parties regardless of the method of sending emails.
ProtonMail servers are located in Switzerland and the developer is subject to the laws of this country. With a legitimate request from the court, developers are able to provide the subject of all letters.
Since the entire service infrastructure is based on working with the PGP algorithm, the developer’s site does not describe specific encryption characteristics. But Wikipedia knows everything:
“PGP encryption is carried out sequentially by hashing, data compression, encryption with a symmetric key, and, finally, encryption with a public key, and each stage can be carried out by one of several supported algorithms. Symmetric encryption is performed using one of seven symmetric algorithms (AES, CAST5, 3DES, IDEA, Twofish, Blowfish, Camellia) on the session key. A session key is generated using a cryptographically robust pseudo-random number generator. The session key is encrypted with the recipient's public key using RSA or Elgamal algorithms (depending on the type of the recipient's key). Each public key corresponds to a username or email address. The first version of the system was called the Trust Network and was contrasted with the X.509 system, which used a hierarchical approach and was based on certification centers, added to PGP later. Modern versions of PGP include both. ”
Which service to choose?
Both services show themselves as excellent solutions for the protection of private mail correspondence, and you can choose any of them. The main parameters of the choice are the price and compatibility with other mail clients.
A cheaper option is Tutanota. But there are several major drawbacks. First: you can not use third-party email clients. Second, the recipients of your letters in third-party services will be forced to read the correspondence in the browser with a password.
ProtonMail is a kind of encrypted mail for housewives. Minus: price. Most likely, you will have to pay a subscription to the service. On the other hand, you get the possibility of "seamless" correspondence with the whole world, regardless of the email provider or client.
From the Editor
April 21 in "Netology" starts the course " Big Data: Basics of working with large data arrays ". On it we will talk about what it is, what the analysis methods are, on what the systems are built and how the systems work and we will learn how to work with arrays of big data. Working with Big Data, you can upgrade your skills, learn how to apply data in life and work, and understand why to encrypt or not encrypt your correspondence.
Source: https://habr.com/ru/post/324618/
All Articles