Hey guys,
I am looking for a new email provider as I am still using gmail and like to get that removed finally. I am currently looking at Tuta and proton. I would be using it mainly for email and the Calendar. most other things I am self hosting but email in particular is not something I like to self host.
Proton being hosted in Switzerland and Tuta being hosted from Germany I think Proton has a edge over Tuta in that regard although I am not very familiar with both country’s privacy laws.
Also how do they compare to each other regarding flexibility in creating email filters and folders. I believe proton hat some restrictions on the amount of email filters if i am not mistaken.
And lastly can you get calendar invites with these email providers? If I like the email provider i might move the business email to one of the providers as well but seeing we get like calendar invites which works fine with outlook. I dont know if this works with the email clients of proton or Tuta.
Also if their is a better email provider i am open to suggestions.
EDIT: Thanks guys! Got many great answers. i think I will get my own domain and try them out both for a while.
First thing you need to understand is that the smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton, so in rare cases. Encryption at rest, which is what tuta-to-proton, gmail-to-tuta etc. can do, is something that a lot of other email providers do too.
I’m currently in the process of moving from Proton to Tuta, because despite several years of promises, the Android client for Proton still doesn’t do non-google push notifications. Also because if you just need email with your own domain, Tuta is much more price-friendly. (The tier also includes unlimited calendars and event invites, which I haven’t tried.) If you also want VPN and encrypted storage, the balance tips.
I don’t use the calendar from either, so can’t talk for their properties. I prefer seamless calendar integration for wrist gadget integration and such, so using NextCloud Calendar + DavX. For smooth integration with encryption, could also look into Etesync. I think you’ll be able to share an ics attachment from either of those through your normal calendar.
Germany is a 14-eyes-country, but since I’m just privacy conscious and my threat model doesn’t include international-coordination-level actors (barely state level, am in the EU but not German, so eh, far enough), it doesn’t matter that much to me. Proton also has to obey court rulings.
The push notifications would be a issue for me. I am using GrapheneOS without any google services.
Also the calendar i am not 100% sure how I want to do it. I currently use Nextcloud and Caldav. Which for me works great when syncing with Etar on my phone and Evolution mail in the desktop. For my dad I have setup caldavsynchronizer for outlook as that is the email client he has used for years. When i would use Tuta id loose the nextcloud calendar because it can in no way synchronize with Tuta. With proton on the other hand I can use the bride for email and use the calendar how i am currently using it together with Etar on the phone.
On the other hand if say Tuta providers a calendar that is integrated and works with both the email client on the desktop and on the phone. the same goal is accomplished.
I’ve been using Proton Mail and GrapheneOS for some time now. Early in I found an app called You Have Mail that solved the pushnotifications problem for me. I’ve never used Tutanota, so I can’t speak for it at all, but I really like Proton.
Thank you for the tip! It feels a bit sketchy to give it my login info though
The app is completely open source: https://github.com/LeanderBB/you-have-mail
Your login data is only stored locally on your device, and used to log in to your Proton account. It’s not sent to a third-party server. This is totally fine.
I stripped down Hydroxide, the OSS version of the Protonmail Bridge, to only send push notifications of new mail via a ntfy.sh server of your choice. Needs a Linux box to run on still, so not for everyone.
Main advantage over the otherwise good You Have Mail android app is that if you already use ntfy for other notifications, there’s no need for a separate app for just mail notifications.
Thanks mate, this is really awesome! Will definitely try it out. Many people might find this useful, consider making a separate post about it. I created a community for UnifiedPush and related topics: [email protected], you’re welcome to post there.
Yeah, tuta is actually on fdroid (should be the minimum bar for open source software from a company like proton) and has an efficient notification service that doesn’t depend on google services at all
multipost
multipost
What all do you consider “synchronizing” to include? I mean, the calendars won’t, but using Etar+NextCloud for calendar, and Tuta for email, has worked fine for me. Of course it means that my calendar isn’t encrypted.
I just tested sending an ICS event to both. The Tuta app offered to open it on Etar, and Etar offered the default calendar with dropdown for others, just like normal. (Strangely it didn’t even offer to open on Tuta’s own calendar, which is in the same app; maybe because I’ve added no calendars there?) Proton’s app (which may be out of date, the mail app isn’t on F-droid, either publicly or in an official repository, and I’m a lazy updater) wanted to open it on Proton Calendar only when I don’t even have it installed.
Proton’s bridge OTOH worked really well for me for syncing to Thunderbird, probably works as well for Office too.
Feeling sort of in same boat here, love proton…minus the google push notifications! For past year or more I’ve had to manually check my proton client daily for new messages on my grapheneos phone, super annoying…not the end of the world but still a neusance
smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton
The difference is that proton tries to be somewhat interoperable with other services. It uses standard PGP encryption, you can import public keys to it from elsewhere, and you can download your private key from them if you need it.
*
Of course I meant that you can easily export the private key from their web client, which is not really a download as such.Depends a lot on your peer group, but I have even fewer contacts that use PGP than ones that use either service. :/ Just tried to keep it simple.
If it’s more than none at all that’s pretty good. But adhering to open standards is also a factor in how we should judge these providers which goes beyond that.
And years of not fully supporting Linux.
Another way to put that is actively pushing/encouraging their “privacy concious” clients onto windows spyware if they want to get the service they paid proton for. Can’t be private on windows folks.
Not privacy focused at all IMO, its all privacy theatre and proton is just money focused.
I switched over to Proton from Gmail about 8-10 months ago and it’s been great so far. Folders and filters have been like what I was used to. The only thing I haven’t played around with much is calendar and invites.
I ended up going for the whole proton bundle since it included the vpn, storage, and custom domains (up to 10 addresses I think)
For me the vpn and storage is not something I am interested in. Bundles in general though. The 10 custom domains is a nice thing for sure.
Using proton for a while, the only pain I have is that it can’t be easily set up in your average mail client (Thunderbird, Outlook, etc.)
Wouldn’t this be solved with the birdge? I am thinking of going the paid plan anyway due to the custom domains.
Yes, that’s what I meant with “not easily”, you need the bridge
Proton have just announced they’re moving to a nonprofit structure if that makes a difference to you; it sure does to me.
This video lays it out perfectly, basically email is not secure. Protocol, not really meant to be, main thing is getting it off of Microsoft or Google servers. I recommend proton, just seems to be more reliable with receiving images and pictures on emails.
I want more from this guy!
I personally suggest Tuta (and I use it daily) over Proton. Several reasons:
Proton:
- it is leaky in terms of social graph encryption. Sun Knudsen has a great video about it (https://youtu.be/GdDFUycXR_M&t=0)
- had this case about the climate activist (https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification). And since they position themselves as a privacy company, this looks disturbing.
- I’d prefer a such a privacy oriented company to be more open to anonymous payment methods.
Overall, Proton seems like a little more privacy-conscious Gmail alternative.
Tuta
- doesn’t use Google/Apple notification servers
- encrypts more stuff than Proton
PS In both cases, emails are not end-to-end encrypted. Even though both are marketed with E2E encryption by default. Again, Sun Knudsen has a great video about the topic (https://youtu.be/G2Jh8bQ2wM8&t=501).
Also, as far as I remember, Proton is more expensive while having less features (the cheapest option) than Tuta.
I found Tuta to be lacking.
Conversation view is incomplete https://github.com/tutao/tutanota/issues/6 - https://github.com/tutao/tutanota/issues/5051
“when you have multiple addresses and custom domains getting hundreds of emails… it takes forever for the emails to load” https://community.centminmod.com/threads/skiff-email.24363/
Search isn’t working in firefox “your browser doesn’t support data storage”. As the search index needs to be stored in your browser, it does not work in private mode/incognito mode.
Free accounts get deleted if you do not log in for six months.
Been using Proton for over 4 years now, and have had no issues with it. I don’t use folders or tags that much, but if you are a paid member, you get unlimited of those. They recently announced calander invites (I personally never want to use them) and it looks like it should work fine. Proton also has unlimited aliases to hide your actual address, which I use all the time (coming over from SimpleLogin.)
The bundle (mail, VPN, calander, pass and drive) is really bang for the buck for what you get, even though you don’t use some of them. You can always upgrade to it later if you wish. And in case you don’t plan on paying, the free versions work just as you expect!
If you have any questions, just ask!
Not trying to make the choice harder, but mailbox.org seems to fit into the choices as well (also hostesd in Germany). Also in terms of hosting in Switzerland, keep in mind that it’s not actually part of the EU, which is the primary/original source for many of the privacy laws you probably care about if you’re looking into these providers.
Migadu and your own domain
@[email protected] I went with Proton and the reason was either that I could import and use my own PGP key, or because it had more general compatibility with other mail services using PGP (well possibly both those reasons). So I could send encrypted mails to Thunderbird users as well as GMail users (who had a PGP encryption extension).
I think they are both fine,
I like that tuta is doing just one thing, ( ignoring the new storage feature ), and trying it’s best at it.
Proton is going to more of a google approach, however the nonprofit goal they just set is pretty awesome.
I got the tuta’s, now non-existent, premium plan, and am using simplelogin relays to protect it. No plan in changing the setup.
Nowadays proton owns simplelogin and I think it offers it’s services to customers, a couple bucks cheaper than my impossible setup, so protonmail it’s probably the best option nowadays.
Protonmail sucks because you can’t use it with 3rd party mail clients like claws-mail or mutt without handing over $$$ (even gmail lets you do this for free, I believe). The plaintext mode in Protonmail appears not to be actually be plain text because I’ve had trouble submitting plaintext patches to the OpenBSD lists several times with it.
Have no experience with Tuta.
Self host on a VPS. OpenBSD makes it easy, follow a guide like this one.
what about Posteo? when I compaired many providers a few years ago they seemed like one of the the most ethical
one caveat: you can’t use your own domain name, for privacy reasons. I wish they gave the option though. maybe it has changed since
no idea about calendar invites
Been using tuta with like 3-4 domains for years. It works fine.
Getting your own domain so you can keep an email address and move providers is the actual right move. Sounds like that’s what you’re going to do.
I’d be careful of Tuta. It’s been stated to be a honeypot run by an unnamed western intelligence agency.https://news.ycombinator.com/item?id=38263621
Recently there was a criminal trial of a 5 eyes spook in Canada. There it was alleged that Tutanota was a intelligence resource. https://www.computerweekly.com/news/366559333/Encrypted-mail-service-Tuta-says-it-was-wrongly-accused-of-being-a-front-for-intelligence-services
Is there any evidence of them being a honeypot? It sounds like that claim was made by someone under trial who might be trying to take the heat off themselves
Not that I know of. If your privacy is important, do you take the chance? I wouldn’t, but it’s up to the individual user to decide. 🤷🏻♂️
Proton is a government honeypot.
Are you gonna take the chance now that there are allegations against proton?
Are you gonna take the chance now that there are allegations against proton?
AFAIK, Proton hasn’t been implicated in any criminal trial involving the Deep State. Do you have some information that the rest of us don’t, or did this allegation come to you in a dreamstate?
The epistemic status of that person saying it vs me is not all that different, neither of us have evidence to present
You should not be using any kind of digital communication for criminal activities. OP, if your only goal is to prevent companies from scanning all of your personal life to show you tailored ads, then either is will be fine. I do prefer Proton though, as their products are more complete
I use and prefer Proton as well.
Well proton has been accused of being a honeypot as well.
Well proton has been accused of being a honeypot as well
Do you have a news source for this allegation?
Just search protonmail honeypot and you get many results. I am not saying it is true. Just saying because a company gets accused of something doesn’t make it true.
The person you are talking to also believes the narratives that Russia spins about their invasion into Ukraine, so the don’t have very sound epistemology to begin with, unfortunately.