We’ve had a couple of tough rounds, but this one is the closest yet. Thankfully, you can try both services to see which you like more. Like the last round, this one comes down to personal preference. Tutanota certainly feels better to use, but ProtonMail is far more flexible. There’s a setting for just about everything, from setting an auto-responder to importing custom CSS to change the theme. It’s a small issue, but it makes the interface feel less polished than Tutanota’s.īeyond that, ProtonMail comes into its own in the settings menu.
For example, every time you open the application, there’s an ad occupying half the screen asking you to upgrade. ProtonMail is much of the same, though there are a few small issues. Nevertheless, quickly swiping between different screens brings this effortless feel that’s never bogged down by loading screens. Tutanota feels good to use, which is a weird thing to say for an email provider. What stands out to us is not the layout, but the responsiveness. If you’ve used any email service, you shouldn’t have any issues getting around Tutanota. Starting with Tutanota, it has a standard webmail layout. Still, there are some differences between them. No matter which you choose, you’ll have a pleasant experience. ProtonMail and Tutanota are evenly matched in usability (both received the same score in this section in our reviews). ProtonMail is a very privacy-focused service, too, but a few slight advantages push Tutanota further in the lead. It doesn’t even use cookies on its website, which is a dedication to privacy far exceeding even the most secure VPNs. If you’re concerned about your privacy, Tutanota is probably the best option on the market. Thankfully, though, these IP addresses are put through an anonymization process, so no address could be tied to any user or any content. However, Tutanota does collect IP addresses.
It maintains a zero-knowledge model, like ProtonMail, meaning Tutanota can’t see your password or private encryption key, so by extension, it can’t see your messages. Tutanota doesn’t get into the privacy weeds. The number is pretty high - it complied with nearly 1,500 requests in 2019 alone - but that may be due to ProtonMail’s large customer base, not an overt willingness to compromise user privacy. ProtonMail maintains a transparency report where it documents every request it receives for information, as well as how many requests it has complied with. The Swiss privacy laws are some of the best in the world, protecting your data from domestic and international threats. The company is based in Switzerland, and for ProtonMail, all of the server infrastructure is located there, too. Proton Technologies - the umbrella company that encompasses ProtonMail and ProtonVPN - is a privacy-focused company.
Thankfully, both services have applications for Android and iOS. ProtonMail is based in our browser, and although browser security has gotten much better in the last decade or so, browsers are still less secure than a local application. Past that, Tutanota has another security advantage over ProtonMail: dedicated applications. Also, PGP doesn’t have an option for perfect forward secrecy, meaning if someone can compromise a past session, they can compromise a future one, too. There’s no way around it, and no matter if you’re using Hushmail or Gmail, your subject lines won’t be encrypted with PGP.
The largest issue with PGP right now is that it doesn’t encrypt the subject line. There are a few distinguishing factors, though.
It’s still built on the same recognized algorithms and, on a technical level, it functions much in the same way as PGP services. The difference is that Tutanota doesn’t use OpenPGP - or PGP at all, for that matter. It uses RSA for user-to-user communications and AES for user-to-non-user communications.
Starting with ProtonMail, it’s an OpenPGP service, utilizing the long-standing email encryption standard: RSA for messages between users and AES for messages from a user to a non-user (read our description of encryption for more). Tutanota and ProtonMail take fundamentally different approaches to email security, despite the fact that the end result is mostly the same.