What is Tutanota?
Tutanota is a free, secure email provider based in Germany. This secure email service’s name comes from the Latin words “Tuta” and “Nota,” which translate to “secure note.” Tutanota claims to be the world’s most secure and private mailbox. With research in quantum cryptography already underway, it’s hard to believe otherwise.
What is ProtonMail?
ProtonMail is a free, secure, Swiss email provider. Using open-source and zero-knowledge architecture, their security is so robust that not even they can read your emails. Their secure email servers are also hidden under a kilometer of granite in a former military bunker, with multiple password layers. An attack would need to be nothing short of nuclear.
Are these email providers fully anonymous?
Email providers like Tutanota and ProtonMail cannot make you fully anonymous . No secure email service — nor any other privacy tool — can provide complete anonymity.
True online anonymity is impossible, but you can use services like these to enhance your privacy and make your data safer. However, whether you’re using mainstream services like Apple Mail or Gmail, or privacy-focused options like Tutanota or ProtonMail, other aspects of your online presence can still give you away. When you log onto any internet service, you leave a trail of clues to your identity: IP address, geolocation data, and more.
You can take steps to limit these clues, but you cannot eradicate them completely. Sending anonymous emails may not be possible, but if you just want to boost your privacy, using a secure email service Tutanota and ProtonMail can help.
Tutanota vs. ProtonMail
When it comes to your cybersecurity, you need to make an informed decision. As such, we’ll compare each grading category individually between both encrypted email services so you can make the right choice.
Let’s talk about the data laws under which these companies operate.
Tutanota is based in Germany (one of the Fourteen Eyes). Germany may be one of the Fourteen Eyes, but it is protected by The German Federal Data Protection Act – a modification of the general EU GDPR law. Essentially, it prohibits the collection and use of personal data unless the law specifically permits it or you have given your informed consent.
ProtonMail uses its Swiss location to take advantage of the DPA and DPO acts. Switzerland is renowned for being neutral territory – being outside of US and EU jurisdiction. Offering some of the strongest privacy protection in the world, their 1993 Federal Act on Data protection strictly prohibits any processing of personal data without explicit consent.
However, on 5 September of 2021 the Swiss government forced ProtonMail to hand over IP addresses of French activists charged with theft and destruction of property. In this case, French authorities asked the Swiss government for assistance.
Tutanota encrypts the email subject, body, and all attachments. The bonus is an end-to-end encrypted address book and calendar, ensuring that your contacts and meetings are kept top secret.
It combines AES 128-bit and RSA 2048-bit protocols to give you end-to-end protection. Their stronger key schedule arguably makes it more secure than AES 256-bit. Emails to non-Tutanota users are encrypted using AES-128-bit. Passwords are hashed using bcrypt and SHA256, with connections to the Tutanota servers secured using TLS.
Tutanota encrypts more sections of your email and inbox than ProtonMail (your calendar and address book) while also giving you a zero-knowledge text search. No one at Tutanota can see what you search for within your emails. Tutanota also makes it impossible to trace messages back to the user at least by using their IP.
Tutanota also differs from ProtonMail by strengthening 2FA with U2F that gives an additional layer of security.
ProtonMail offers nearly the same level of end-to-end encryption, though it does NOT encrypt subject lines. What they must be given credit for is usability: enjoy conversation views, group sending, and Bond-style self-destructing emails for quick security. Your full-text searches are NOT encrypted, however.
Similar to Tutanota, ProtonMail also makes it impossible to trace users by their IPs. ProtonMail encrypts their emails much like Tutanota does, except that it uses AES 256-bit, known as the gold standard of cryptography. Messages to non-ProtonMail users are password protected, expire after 28 days with no sign-up required. It is, however, left up to the user to share the password securely.
Both ProtonMail and Tutanota messages are encrypted every step of the way, leaving little to no room for interception. Messages are encrypted while:
- Stored on their servers.
- In transit between their servers and user devices.
- In transit within their secure networks.
Both of these services also offer spam filtering.
Are Tutanota and ProtonMail open source? Both Tutanota and ProtonMail are open source-based, crucial for ensuring the highest levels of security. Open-source software is open to the world’s security experts for inspection.
Sending emails to non-users
Tutanota takes no chances. For end-to-end encryption between Tutanota users and non-users, the users must exchange a password securely beforehand. This ensures the message can only be read by the intended and verified recipient.
The question is, do you want the hassle of Tutanota’s additional password step for extra U2F authentication and a zero-knowledge full-text search? Or are you willing to sacrifice your subject line to enjoy ProtonMail’s zero-knowledge calendar and end-to-end encrypted address book?
ProtonMail lets you select an “Encrypt for Outside” option that enables end-to-end encryption between ProtonMail users and non-ProtonMail users. Nothing between you can be read, not even by the creators themselves.
Otherwise, messages are encrypted with TLS (all popular email providers support TLS). These encrypted messages are not end-to-end secured, which means that the provider can read and hand your messages over.
ProtonMail doesn’t offer end-to-end encryption on subject lines or recipient/sender email addresses. This means that emails sent to popular providers who don’t offer end-to-end encryption likely retain a copy of the email.
As well as a web version, Tutanota has desktop clients for Windows, Mac OS, and Linux, with mobile apps for Android, iOS.
ProtonMail can be used on the web like regular email. Or you can download the Android or iOS mobile apps. As a paid user, you can also install the ProtonMail Bridge app. It runs in the background to encrypt all mail that enters and leaves your computer.
Storage and pricing
If storage is important and you like to keep a backlog of emails, Tutanota’s free account has double the storage of ProtonMail’s free account.
For personal use, you can choose a free account with 1GB storage (about 300 emails a day) or a premium account for €1.2 per month or €12 annually. The free account is limited to one user, or premium users can pay €1 extra to add a user.
Businesses can purchase premium accounts (€24 per year) or pro accounts (€84 per year, excluding tax). The pro account comes with ten times more storage, custom branding, and up to 20 aliases. All business accounts include custom domains and customer support.
Tutanota also lets you build your plan with the features you really want. Just use their pricing calculator on their website to create your ideal subscription.
With that being said, even though ProtonMail’s free account has half the storage of Tutanota, that’s still up to 150 messages a day, and it supports third-party clients. Of course, both are 100% ad-free.
The free Protonmail account is single use only, and comes with 500MB of storage. You can, however – create three separate folders within your mailbox to stay organized.
For a Professional or Visionary account, prices range from €7.99 to €12.99 per month. Both offer add-ons for extra storage and aliases, with prices starting at €1 per GB each month.
Tutanota offers email support only for paid users, which limits its availability. While extensive Reddit threads and a knowledge base exist for Tutanota, they are not as rich as ProtonMail’s.
ProtonMail has customer support for both paid and free users as well as extensive Reddit coverage. It has a larger knowledge base than Tutanota.
Tutanota has an autoresponder, custom domain aliases, and secure calendar features. One of Tutanota’s exceptional features is its SecureConnect. It allows you to inject a code into your website that creates a contact form as secure and private as Tutanota is.
ProtonMail has many additional features, including an autoresponder and custom domain aliases, as well as a secure calendar, which is still in the beta stage. It also has ProtonMail Bridge — a feature that runs in the background and encrypts IMAP- and SMTP-supporting application messages. However, it is available only for desktop clients (Windows, macOS, Limux).
Accessibility and setup
Both Tutanota and ProtonMail score equally high in this area. They are both easy to use and set up. They provide clear instructions for a user during the installation and setup process.
Both services are also easy to navigate, and you can use their multiple functionalities without much fuss. Their interfaces are nice, friendly, and clear so that users have all the features and functionality that they need at hand.
|Offers end-to-end encryption|
|Centralized service provider|
|Offers customer support for all users|
|Has the most free storage|
|Offers useful extra features|
Standout options and features
Both options offer a variety of standout features, though the Tutanota email service definitely has an edge here.
The fact that Tutanota offers customer support for all users, both premium and free users, is noteworthy. Tutanota’s SecureConnect feature, which allows you to easily create a contact form on your website, is also a very useful bonus.
ProtonMail’s ProtonMail Bridge feature, which encrypts IMAP- and SMTP-supporting application messages, should also be mentioned here. While it is only available for desktop clients, it will still be a useful security feature that many users will want to take advantage of.
Verdict: Tutanota or ProtonMail?
So, which secure email service is safer and more private: Tutanota or ProtonMail? Technically, you are extremely secure with either Tutanota or ProtonMail. Both use the world’s most potent end-to-end encryption methods and zero-knowledge infrastructure, and both keep you secured even amidst non-users. In some specific instances however, both can be seen to prioritize storage over secrecy, or non-user accessibility over security for example. The choice really depends on what you value the most. For example, conscious consumers will be pleased to hear Tutanota runs entirely on green electricity.
If neither option is appealing to you, there are many other alternatives, though none can be considered anonymous email accounts.
Remember, encryption is not end-to-end encryption. The former is used by almost every popular email service today, enabling them to keep copies of your emails and potentially pass them on to third parties — depending on the data laws they operate under. Switch to free secure emails instead.
For those you value their online privacy, it’s always good to use multiple forms of cybersecurity. Using encrypted email services is a great idea, but using a VPN is an even better one. Once you’re connected to a VPN server, any prying eyes won’t be able to see your online activity.