Tutanota doesn’t share their security audits, which Proton does.
Also, IIRC Tutanota uses their own custom encryption implementation, while Proton contributes to open source OpenPGP projects.
And when in the past the the Swiss gov ordered Proton to do some limited tracking for a specific user, after that they went to the court and succeeded in changing the law so it’s no longer possible to order this tracking.
Proton might not be ideal, but they seem to actually care about making the Internet a safer place.
I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. tutanota.com/encryptionThere’s even a section which discusses why they do not use PGP. So it’s not like they can’t add it, they just don’t because it lacks “important requirements”. Plus they even are slowly developing a protocol that is post-quantum secure to encrypt their emails with.
I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. tutanota.com/encryption
These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.
There is no way to do key distribution outside of Tutanota’s service.
I’m not really saying that what Tutanota does is insecure, but historically doing security on your own instead of using established standards has not been a winning move.
Plus their unwillingness to open source it and not sharing the audits just doesn’t inspire my confidence.
Overall they’re probably fine, but these are some of the main reasons I ultimately chose Proton instead.
BTW, they’re not “slowly developing” post-quantum encryption, they’re just saying they may do that at some point in the future - which everyone will have to do anyway when we get to this point.
Plus their unwillingness to open source it and not sharing the audits just doesn’t inspire my confidence.
The server side isn’t open source, and you can’t verify that is what is actually running in production. While we do recommend it I don’t personally use their products.I like the use of email clients, particularly customized to my needs.
Nested folders was only a very recent feature added tutanota.com/blog/posts/subfolders and without that I wouldn’t even consider a provider as I use this for organization. Of course as you can’t use your own email client, downloading email from Tutanota can be a bit of a pain too, you can only export per-folder into Mbox.
Proton lost me in the testmonth. I wanted to cancel the auto renewing subscription about two weeks before it would habe been renewed and realized that they immediately removed all subscription-features. That disappointed me so much. That’s not fair, I think.
Ok, I meant what are the problem in their services? I personally really hate their Android email app, which have annoying bugs, but for the rest I’m pretty happy.
Oh sorry! I mostly hated their VPN app on linux: it’s not like their VPN is a brand new service and still they can’t manage to make it work painlessly. Switched to Mullvad and now I can forget to even have a VPN. And also the Android mail app could be better indeed.
All in all it seems to me that Proton makes sense if you can have the entire package: but once you have problems with one or more of their services (VPN, email) and need to look elsewhere, then you can find good alternatives at cheaper prices.
+1 as a Proton unlimited user. Yes, proton has some unfinished products, I mainly purchased it for vpn and email( also SimpleLogin). So others are a bit of extra for me. After some time, I also plan to switch from Bitwarden to proton pass. If macOS client comes, then I will also switch to proton drive.
Proton Drive client for macOS is on beta right now.
We’re also beginning the beta for our upcoming macOS desktop app for Proton Drive. As with the other Proton betas, we’re starting with Proton Lifetime accounts today, with Visionary users to be invited later. While community feedback is always important, it’s especially vital at these early stages, so we will send beta invites via email based on our ability to keep up with the feedback. We’ll collect feedback both on Reddit and at drive@proton.me. Once the macOS app is released, we’ll also work on our planned Linux version.
Tutanota is mainly an email service, with very basic calendar and contact functionality. Proton has a suite of apps, including Mail, Drive, VPN, Calendar, and Pass. I got the Tutanota subscription when it was €1/month and it works well for me.
I used to use both mail mobile apps, but found out that Proton Mail notification doesn’t work without Google Play Services, which is a deal breaker for me. So I use Tutanota as my main email and Proton as my backup and for its Drive. Either way, I’m just glad to leave Gmail.
Protonmail’s interface and mobile app is more refined and faster than Tutanota’s, and PM has more features on their free tier than what Tutanota provides on their free tier. Having said that, both are great email providers. I have accounts on both but I tend to use PM more at this point in time.
I’ve been using Proton for a few months now and I like it. It’s under Swiss law and not part of that Five Eyes agency, so I at least feel like my data is secure. Their iOS app is actually really nice and easy to use if that will make or break something for you OP.
<Edit> Whoa, didn’t mean to spark this level of heated comments. To be clear, I use Proton Mail as my daily email and really enjoy it.
Apparently the popular sentiment is that Proton Mail is a perfectly respectable and trustworthy service. I have no hard evidence to the contrary.
I suppose the intent of my comment was: don’t do illegal/immoral things, but especially don’t expect Proton Mail to protect you if you are doing illegal things.
Based on popular sentiment, it seems I’d be best just deleting this comment, but in the interest of ensuring complete records, I’ll leave it up. Lol, bring on the downvotes. </Edit>
Don’t have any real evidence to substantiate this, but I’ve heard there’s some indicators that Proton is a honey pot for the feds. You can find the occasional youtuber talking about it.
That said, I use Proton Mail to escape the corporate data collection apparatus and really like it. No experience with Tutanota to give a proper comparison.
“I have no evidence, but let me make an unsubstantiated claim and mention there’s YouTube videos about it and then recommend the very thing I said might be problematic”
Bulls*t. What the random YouTubers claim without evidence is also nonsense. It’s remarkable to allege that an open source and audited app is a honeypot. Well, find it guys, it’s open source.
I didn’t watch the video, because I don’t have 15 minutes to listen to what sounds like a conspiracy theory, but the source link for his info he put in description is dead, so that doesn’t inspire confidence…
Anyway, how would a Swiss company be a honey pot for the feds?
I do think this video lays out a clear case that Proton is not as open and anonymity focused as it could be. While going from those facts to a postulation that it’s a fed honey pot is probably a stretch, to use this as grounds to say “Proton isn’t as trustworthy as they claim to be” seems reasonable.
Yeah, I think that’s a reasonable expectation from the service. The notion that it’s an end-all-to-beat-all service is foolish, but when properly incorporated into an otherwise robust personal protection plan, it can probably help with security.
Plus one for Proton. I’ve used Tutanota but enjoy the Proton suite. It’s been a while since I used Tutanota so can’t remember if they have a suite or not
I have been using both Posteo and Tutanota for a while. Tutanota has much more modern looking webmail and custom domains support. Both rock solid though
Add comment