Tutanota vs Protonmail

in #privacy7 years ago (edited)

These are two encrypted email providers. We're using both of them. Here is our review:

Updated 9 December 2017.

Disclaimer : we are not affiliated to any of these Companies, this article is 100 % our own findings and there is no affiliate marketing in place through the links provided below for your convenience.

Our specifications sheet:

  • End-to-end, zero-knowledge encryption (note 1).
  • Open-Source (note 7).
  • Own business domain (note 2).
  • Administration of users (note 3).
  • Resistance to state-sponsored criminals (note 4).
  • Cost-effective for large user base (note 5).
  • Multi-platform (note 6).
  • Emergency support by the provider.

From there, it’s easy to get a lot of solutions out of the list. Basically it quickly came down to Tutanota vs Protonmail. Interesting fact: The NSA requested a backdoor from them but they refused. We use both of them, but Tutanota is the one supporting our domain name with the Premium package. The main differences between Tutanota and Protonmail are the price and storage capacity (note 8).

Shared features between Tutanota Premium and Protonmail Plus:

  • End-to-end, zero-knowledge encryption (note 1).
  • Open source (note 7).
  • Own business domain (note 2).
  • Each user can set up multiple aliases (note 3).
  • Multi-platform (note 6).
  • Web-based on desktops.
  • Password protected emails for external users (note 10).
  • No IMAP/POP3 support (note 16).
  • No logging of users’ data.
  • Local encryption of data (note 13).
  • Drag and drop messages (note 17).
  • Bitcoin payments (note 20).
  • Two factor authentication (note 24).
  • Professional plan with multi-user support (note 8).
  • Only with Tutanota Premium:

  • No recovery (email or SMS). The admin can recover for a user from the admin panel though (note 9).
  • Doesn’t ask for a GSM phone number (note 19).
  • Auto-synchronization with several devices and browsers.
  • Servers are located in Germany therefore under German privacy protection laws (note 11). Read our article : Data Privacy in the 21st century: Germany vs Switzerland.
  • Dual encryption mechanism (note 12).
  • Uses DANE on top of SSL and PFS (note 23).

Only with Protonmail Plus:

  • Auto-destruct emails between Protonmail users. Possible for external users if you set up a password protected email.
  • You get a notification on your recovery email when you have a new email.
  • Can disable recovery email.
  • Asks for a GSM phone number (note 19).
  • PGP encryption available (note 14).
  • Servers are located in Switzerland, therefore under Swiss privacy protection laws (note 15). Read our article : Data Privacy in the 21st century: Germany vs Switzerland.
  • Contacts import-export.
  • Language support: French, German, Russian, Spanish, Polish, Turkish, Ukranian, Dutch.
  • Auto Unsubscribe (note 18).
  • PIN protection for mobile apps.
  • Auto-responder (note 22).
  • Custom filters with Sieve (note 21).
  • Desktop client bridge (note 25).

Serious alternatives:

  • Countermail
  • Mynigma
  • Virtru

Notes:

(1) In any case, it’s end-to-end encrypted only between users of the same solution. Only PGP is a universal way of sending encrypted emails to anyone, but unfortunately not enough people know how to use this. Zero knowledge encryption means key must be stored on the user’s device otherwise it’s not protected against state-sponsored criminals. Of course, this doesn’t mean they couldn’t give the government plain text messages — just that it would require them to actively attack the user in order steal the required password, up to now they haven’t done it, and most probable will not do so in the foreseeable future. It also means the provider is unable to recover (decrypt) data if password is lost. Tutanota explains that if they were requested to hand over inboxes (keeping in mind that this happens only with a valid German court order for criminal prosecution), all the data will be encrypted, even the Inbox rules are encrypted.

(2) That one may present an attack opportunity to state-sponsored criminals through DNS records, so you must host your domain in a place that is going to protect access, not in the same country as your email provider. Look at states that are not part of the fourteen eyes with a record for respecting privacy and democracy. End-to-end protection provides the safeguard in case emails are intercepted. Or just stay with the provider’s domain (Tutanota.com or Protonmail.com).

(3) Multiple Users can each have multiple aliases. A user has its own access, username, password and mailbox. Aliases are like forwarding emails to/from the original email. For example you would have an original email like name.surname@youdomain with aliases
like blabla01@yourdomain blabla02@yourdomain etc. So if someone is sending an email to any alias it will be forwarded to the main name.surname@yourdomain. The benefit of that being that you can create/destroy emails easily.

(4) Police, prosecutors etc. Their crimes are “legal” since they’ve corrupted state institutions. They are the most dangerous sort of criminals, to an individual or to a country. If they’ve done something illegal, they can cover it up any ways they like. They can intercept and read IMAP, POP3, TLS, SSL. They can spoof your email provider SSL certificate. They can have access to your SMS, emails, meaning a recovery option is often an easy attack possibility for them. That’s why you should always use encryption software, encrypt your devices, and buy hardware outside the country you operate.

(5) We have hundreds of contractors using our emails as such a synchronised and unified solution is needed so as to minimise possible leakage of information to third parties.

(6) Must be accessible from iOS, Android, Windows, Linux and Mac desktops. We don’t do Windows phones or Blackberry because it would restrict so much the list, it’s almost impossible to find a solution.

(7) Open source doesn’t guarantee someone has actually taken the time to audit the code for backdoors or weaknesses, but it shows a will to be transparent. Tutanota claims to be auditing regularly their codes and was subject to an extensive penetration test by the SySS GmbH.

(8) Tutanota business plan is 1$/user/month. Protonmail business is 6,25€/user/month and is limited to 5 users. With Protonmail you can create administrators for your organisation whom can manage regular users’ accounts. Tutanota is cheaper than Protonmail but offers less storage space (1Go vs 5Go).

(9) In Protonmail it is possible to disable the email recovery feature.

(10) You need to send the password through another communication channel.

(11) We’re not sure if this is good as Germany is a member of the five eyes. On the one
hand we know there is a lot of NSA hardware on German soil, basically this is from where they spy on Europe. On the other hand it means German people are used to fighting back. In any case Tutanota claims they won’t give backdoors to these agencies and would even move the Company to another country if they were forced to build backdoors through a law. Here is their stand about the situation: https://tutanota.com/blog/posts/data-protection-germany

(12) Tutanota uses a dual encryption mechanism private key + password. A private key is generated in the browser upon registration and is used for encryption/decryption. This private key is then encrypted with the login password.

(13) Emails are stored encrypted locally on the devices.

(14) Tutanota is planning to develop an API to allow users to use PGP in a user friendly manner.

(15) By remaining outside of US and EU jurisdictions they provide a safer location to protect confidential data.

(16) IMAP and POP3 are not secure because they download emails locally unencrypted therefore they can be read in transit and/or on the devices.

(17) This feature allows to organize your inbox quick and easy by making use of your custom folders/labels. Just hold down your message and drag it into the appropriate folder/label.

(18) The auto-unsubscribe feature makes it easier to unsubscribe from email lists or newsletters that you’re not keen on receiving anymore. It works by identifying the unsubscribe link in the hidden header and by making it available in the top right corner of your message. To remove your email address from mailing lists, just click “Unsubscribe”.

(19) Protonmail will twist your arm to get your GSM phone number. They pretend you can fill a captcha instead but this process is so long most will give up. SMS can very easily be intercepted by state-sponsored criminals, it’s the worst recovery option imaginable.

(20) It is now possible to use Bitcoin when you wish to upgrade your ProtonMail and Tutanota mail account to different premium plans, top-up your account, or make donations.

(21) The ProtonMail default filter options are useful for basic tasks and very easy to implement to help users keep a well organized inbox. A custom filter with Sieve is the advanced version of filtering, allowing nearly infinite personalization capabilities. This type of advance filtering is a global standard following the Sieve programming language. This is definitely a feature for power users, but it makes ProtonMail filters infinitely powerful.

(22) With this new feature, users can now set an auto-reply to incoming messages that can be personalized. This way, if you are on vacation or out of the office, you can automatically let customers know that you are gone.

(23) On top of its automatic end-to-end encryption, it uses DNSSEC, DANE, DMARC, DKIM, PFS & STARTTLS to secure your connection to Tutanota to the maximum. The DANE protocol effectively protects against MITM attacks and should be implemented by all mail providers.

(24) With Tutanota, TOTP has been added as an option for two-factor authentication to the beta client. This release comes shortly after the option of using two-factor authentication (2FA) with a security device (U2F). TOTP allows users to use an authenticator app such as Google Authenticator or Authy for generating codes. In addition to your password, these codes are used as the second factor to login to your Tutanota account. With TOTP the codes are only valid for a short period of time so you can’t run into issues in case you lost the codes.

(25) The ProtonMail Bridge adds IMAP and SMTP support to ProtonMail and is available to all paid ProtonMail members. It allows you to send and receive encrypted emails from within your mail client of choice. The Bridge supports Apple Mail, Thunderbird, Outlook 2011, and Outlook 2015 on macOS, and Thunderbird, Outlook 2010, Outlook 2013, and Outlook 2016 on Windows.

We’ve tested this and more:

  • bulletmail.org
  • chiaramailcorp.com
  • confidantmail.org
  • countermail.com
  • darkmail.info
  • invmail.io
  • mailbox.org
  • mailfence.com
  • msgsafe.io
  • mynigma.org
  • openmailbox.org
  • posteo.de
  • riseup.net
  • runbox.com
  • safe-mail.net
  • scryptmail.com
  • shazzlemail.com
  • unseen.is
  • virtru.com
  • zeromail (via zeronet)
  • zwooky.com