There are plenty of secure and encrypted email services out there to choose from, but for most users, it comes down to a choice between two leading services: Tutanota vs. ProtonMail. Is the industry-leading ProtonMail a clear winner, or does it depend on what you’re looking for? Read our Tutanota review to find out!
Tutanota is a German secure email provider. The name comes from two Latin words – “Tuta” (secure or protected) and “Nota” (message, note). Germany is one of the Fourteen Eyes countries, which may concern some users, but Tutanota is very open about what the authorities can and can’t do with your emails and how they’re protected from prying eyes. Can they resist government pressure and secure your emails effectively?
ProtonMail is a leading secure email provider based in Switzerland, a country with strong privacy laws. The service was founded at CERN by three co-founders and stores some of its servers in a former military bunker hidden under a kilometer of granite, giving them an impressive security backstory. When we compare ProtonMail and Tutanota, however, we’ll see if their features really match their story.
When it comes to ensuring your security while using email, these two services are comparably powerful. Your choice will probably come down to the different features these services offer and how you can use them.
NOTE: If you don’t like either, check out other privacy-oriented emails here.
Tutanota uses a hybrid method combining the AES 128-bit and RSA 2048-bit protocols. AES 128 encrypts your messages, and although there are more powerful protocols out there, this one’s plenty secure enough for today’s climate. RSA 2048 uses mathematical algorithms similar to those used in encryption to sign your emails, making the recipient absolutely certain that it’s you who sent them and that they haven’t been modified in any way.
ProtonMail encrypts their emails much like Tutanota does, except that it uses AES 256 and it adheres to the OpenPGP standard. This is an important distinction because it changes how these email services behave with users outside of their systems.
Both services provide simple end-to-end encryption for emails sent within their user base. This means that only you and the recipient can read the email. If either company is compromised physically or digitally by hackers, thieves, or the government, it doesn’t matter – your inbox, your contacts, and all of your messages are encrypted. They can’t see a thing.
What happens when you send an encrypted email to someone who doesn’t use their services? Tutanota and ProtonMail handle these cases differently. ProtonMail supports OpenPGP, which is an email encryption protocol supported by many other services as well (beyond ProtonMail or Tutanota). That means that if the recipient has configured PGP on their email (which, admittedly, can be tricky), you can send end-to-end encrypted emails to users in other systems as well. There is a drawback, however – in order to comply with the standards for OpenPGP, ProtonMail cannot encrypt your subject line, which can tell snoopers a lot about what’s in your email.
Tutanota does things differently. They don’t support OpenPGP and encrypt your subject line, but how do they deliver end-to-end encryption to inboxes belonging to other services. They don’t, in a sense, but the privacy they deliver is just about the same. Instead of sending your actual message, they send an invitation to the recipient to decrypt your message and view the email on their website. To do so, however, they’ll have to enter a password that you’ve shared securely beforehand. ProtonMail does the same thing if your out-of-system recipient doesn’t have OpenPGP set up.
The best mark of transparency is the publication of open-source code, which both ProtonMail and Tutanota have done. This allows sophisticated users to see exactly how the services work with their services and maintain their security.
Open-source code also allows any security auditor to review the code and notify the company about any potential vulnerabilities they find. That means a more secure service for you.
The country a service is in determines how your right to privacy is protected and what authorities (or just legal claimants) can do to get at your personal information. There are different vulnerabilities for both services when it comes to their locations, but remember – they both store your data fully encrypted and claim to be incapable of decrypting it themselves. If anyone gets their hands on your stored emails and information, they’ll get encrypted files that they can’t use.
Tutanota is based in Germany. Germany has a reputation for valuing personal privacy and protecting it by law, and it’s also bound by the GDPR – perhaps the strongest collection of privacy laws in the world right now. However, the NSA has facilities in Germany, leading many to assume that they spy on Germany and the rest of Europe from Germany. If so, this may call into question the government’s dedication to personal privacy.
ProtonMail is based in Switzerland. Because it’s not part of the EU, Switzerland is not bound by the GDPR. However, given the importance of its intensely private banking industry in Switzerland, it’s clear that the country values privacy from both a legal and cultural standpoint. If data is stored inaccessibly, a judge can still grant access to it, but Swiss law demands that the owner of the data (you) must be informed before this is done.
Tutanota has its standard web version, an Android app, an iOs app, and an Amazon app.
ProtonMail has its standard web version, an Android app, and an iOs app.
Tutanota provides its own desktop client for Windows, Mac OS and Linux, while Protonmail offers a Bridge app to link with your own desktop email client on those same systems.
Both email services can be had for the low monthly price of nothing, but they also offer additional perks to paying clients depending on the price and their needs. Generally, Tutanota’s premium accounts run a bit cheaper but also offer less storage space.
A free Tutanota account gets you 1GB of storage, a Tutanota domain email address, and limited search functionality. A free ProtonMail account gets you 500MB of storage and a limit of 150 messages a day. Both services only offer customer support to paying accounts, meaning that you’ll have to consult with the community if you have any tech issues.
Given that both Tutanota and ProtonMail perform very well from a security standpoint with very minor differences, some users’ decisions may come down to how easy each service is to use. Again, both are reasonably accessible, but they have their own pros and cons that may sway you one way or the other.
Both systems welcome free users, so it’s worth trying them both out and seeing which one works better for you. Personally, I’d lean towards Tutanota’s service for more users due to the larger storage limits and the more convenient pricing bracket. I like having a backlog of emails, so the extra storage space helps. However, ProtonMail is a perfectly fine service as well, and it might be the best choice for different uses or users.
To expand your security even further, use NordVPN together with Tutanota or ProtonMail. Not only will your emails be secure, but all of your traffic will be secured as well!