this post was submitted on 18 Jun 2024
68 points (97.2% liked)

Privacy

32173 readers
1174 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
68
submitted 5 months ago* (last edited 5 months ago) by [email protected] to c/[email protected]
 

Hey guys,

I am looking for a new email provider as I am still using gmail and like to get that removed finally. I am currently looking at Tuta and proton. I would be using it mainly for email and the Calendar. most other things I am self hosting but email in particular is not something I like to self host.

Proton being hosted in Switzerland and Tuta being hosted from Germany I think Proton has a edge over Tuta in that regard although I am not very familiar with both country's privacy laws.

Also how do they compare to each other regarding flexibility in creating email filters and folders. I believe proton hat some restrictions on the amount of email filters if i am not mistaken.

And lastly can you get calendar invites with these email providers? If I like the email provider i might move the business email to one of the providers as well but seeing we get like calendar invites which works fine with outlook. I dont know if this works with the email clients of proton or Tuta.

Also if their is a better email provider i am open to suggestions.

EDIT: Thanks guys! Got many great answers. i think I will get my own domain and try them out both for a while.

all 48 comments
sorted by: hot top controversial new old
[–] [email protected] 40 points 5 months ago* (last edited 5 months ago) (4 children)

First thing you need to understand is that the smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton, so in rare cases. Encryption at rest, which is what tuta-to-proton, gmail-to-tuta etc. can do, is something that a lot of other email providers do too.

I'm currently in the process of moving from Proton to Tuta, because despite several years of promises, the Android client for Proton still doesn't do non-google push notifications. Also because if you just need email with your own domain, Tuta is much more price-friendly. (The tier also includes unlimited calendars and event invites, which I haven't tried.) If you also want VPN and encrypted storage, the balance tips.

I don't use the calendar from either, so can't talk for their properties. I prefer seamless calendar integration for wrist gadget integration and such, so using NextCloud Calendar + DavX. For smooth integration with encryption, could also look into Etesync. I think you'll be able to share an ics attachment from either of those through your normal calendar.

Germany is a 14-eyes-country, but since I'm just privacy conscious and my threat model doesn't include international-coordination-level actors (barely state level, am in the EU but not German, so eh, far enough), it doesn't matter that much to me. Proton also has to obey court rulings.

[–] [email protected] 17 points 5 months ago* (last edited 5 months ago) (6 children)

The push notifications would be a issue for me. I am using GrapheneOS without any google services.

Also the calendar i am not 100% sure how I want to do it. I currently use Nextcloud and Caldav. Which for me works great when syncing with Etar on my phone and Evolution mail in the desktop. For my dad I have setup caldavsynchronizer for outlook as that is the email client he has used for years. When i would use Tuta id loose the nextcloud calendar because it can in no way synchronize with Tuta. With proton on the other hand I can use the bride for email and use the calendar how i am currently using it together with Etar on the phone.

On the other hand if say Tuta providers a calendar that is integrated and works with both the email client on the desktop and on the phone. the same goal is accomplished.

[–] [email protected] 13 points 5 months ago* (last edited 5 months ago) (1 children)

I've been using Proton Mail and GrapheneOS for some time now. Early in I found an app called You Have Mail that solved the pushnotifications problem for me. I've never used Tutanota, so I can't speak for it at all, but I really like Proton.

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

Thank you for the tip! It feels a bit sketchy to give it my login info though

[–] [email protected] 2 points 5 months ago

The app is completely open source: https://github.com/LeanderBB/you-have-mail
Your login data is only stored locally on your device, and used to log in to your Proton account. It's not sent to a third-party server. This is totally fine.

[–] oranki 6 points 5 months ago (1 children)

I stripped down Hydroxide, the OSS version of the Protonmail Bridge, to only send push notifications of new mail via a ntfy.sh server of your choice. Needs a Linux box to run on still, so not for everyone.

Main advantage over the otherwise good You Have Mail android app is that if you already use ntfy for other notifications, there's no need for a separate app for just mail notifications.

https://github.com/0ranki/hydroxide-push

[–] [email protected] 2 points 5 months ago

Thanks mate, this is really awesome! Will definitely try it out. Many people might find this useful, consider making a separate post about it. I created a community for UnifiedPush and related topics: [email protected], you're welcome to post there.

[–] [email protected] 3 points 5 months ago

Yeah, tuta is actually on fdroid (should be the minimum bar for open source software from a company like proton) and has an efficient notification service that doesn't depend on google services at all

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago)
[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)
[–] [email protected] 0 points 5 months ago

What all do you consider "synchronizing" to include? I mean, the calendars won't, but using Etar+NextCloud for calendar, and Tuta for email, has worked fine for me. Of course it means that my calendar isn't encrypted.

I just tested sending an ICS event to both. The Tuta app offered to open it on Etar, and Etar offered the default calendar with dropdown for others, just like normal. (Strangely it didn't even offer to open on Tuta's own calendar, which is in the same app; maybe because I've added no calendars there?) Proton's app (which may be out of date, the mail app isn't on F-droid, either publicly or in an official repository, and I'm a lazy updater) wanted to open it on Proton Calendar only when I don't even have it installed.

Proton's bridge OTOH worked really well for me for syncing to Thunderbird, probably works as well for Office too.

[–] [email protected] 9 points 5 months ago

Feeling sort of in same boat here, love proton....minus the google push notifications! For past year or more I've had to manually check my proton client daily for new messages on my grapheneos phone, super annoying....not the end of the world but still a neusance

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton

The difference is that proton tries to be somewhat interoperable with other services. It uses standard PGP encryption, you can import public keys to it from elsewhere, and you can download your private key from them if you need it.

* Of course I meant that you can easily export the private key from their web client, which is not really a download as such.

[–] [email protected] 1 points 5 months ago (1 children)

Depends a lot on your peer group, but I have even fewer contacts that use PGP than ones that use either service. :/ Just tried to keep it simple.

[–] [email protected] 2 points 5 months ago

If it's more than none at all that's pretty good. But adhering to open standards is also a factor in how we should judge these providers which goes beyond that.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

And years of not fully supporting Linux.

Another way to put that is actively pushing/encouraging their "privacy concious" clients onto windows spyware if they want to get the service they paid proton for. Can't be private on windows folks.

Not privacy focused at all IMO, its all privacy theatre and proton is just money focused.

[–] nnullzz 15 points 5 months ago (1 children)

I switched over to Proton from Gmail about 8-10 months ago and it’s been great so far. Folders and filters have been like what I was used to. The only thing I haven’t played around with much is calendar and invites.

I ended up going for the whole proton bundle since it included the vpn, storage, and custom domains (up to 10 addresses I think)

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

For me the vpn and storage is not something I am interested in. Bundles in general though. The 10 custom domains is a nice thing for sure.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (1 children)

Using proton for a while, the only pain I have is that it can't be easily set up in your average mail client (Thunderbird, Outlook, etc.)

[–] [email protected] 2 points 5 months ago (1 children)

Wouldn't this be solved with the birdge? I am thinking of going the paid plan anyway due to the custom domains.

[–] [email protected] 2 points 5 months ago

Yes, that's what I meant with "not easily", you need the bridge

[–] voracitude 15 points 5 months ago

Proton have just announced they're moving to a nonprofit structure if that makes a difference to you; it sure does to me.

[–] Rerum 9 points 5 months ago (1 children)

This video lays it out perfectly, basically email is not secure. Protocol, not really meant to be, main thing is getting it off of Microsoft or Google servers. I recommend proton, just seems to be more reliable with receiving images and pictures on emails.

https://youtu.be/iH626CXyNtE?si=Zj6axq_RMou0NfrD

[–] [email protected] 1 points 5 months ago

I want more from this guy!

[–] [email protected] 8 points 5 months ago

I personally suggest Tuta (and I use it daily) over Proton. Several reasons:

Proton:

  1. it is leaky in terms of social graph encryption. Sun Knudsen has a great video about it (https://youtu.be/GdDFUycXR_M&t=0)
  2. had this case about the climate activist (https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification). And since they position themselves as a privacy company, this looks disturbing.
  3. I'd prefer a such a privacy oriented company to be more open to anonymous payment methods.

Overall, Proton seems like a little more privacy-conscious Gmail alternative.

Tuta

  1. doesn't use Google/Apple notification servers
  2. encrypts more stuff than Proton

PS In both cases, emails are not end-to-end encrypted. Even though both are marketed with E2E encryption by default. Again, Sun Knudsen has a great video about the topic (https://youtu.be/G2Jh8bQ2wM8&t=501).

Also, as far as I remember, Proton is more expensive while having less features (the cheapest option) than Tuta.

[–] [email protected] 6 points 5 months ago

Been using Proton for over 4 years now, and have had no issues with it. I don't use folders or tags that much, but if you are a paid member, you get unlimited of those. They recently announced calander invites (I personally never want to use them) and it looks like it should work fine. Proton also has unlimited aliases to hide your actual address, which I use all the time (coming over from SimpleLogin.)

The bundle (mail, VPN, calander, pass and drive) is really bang for the buck for what you get, even though you don't use some of them. You can always upgrade to it later if you wish. And in case you don't plan on paying, the free versions work just as you expect!

If you have any questions, just ask!

[–] MaximilianKohler 6 points 5 months ago

I found Tuta to be lacking.

Conversation view is incomplete https://github.com/tutao/tutanota/issues/6 - https://github.com/tutao/tutanota/issues/5051

"when you have multiple addresses and custom domains getting hundreds of emails... it takes forever for the emails to load" https://community.centminmod.com/threads/skiff-email.24363/

Search isn't working in firefox "your browser doesn't support data storage". As the search index needs to be stored in your browser, it does not work in private mode/incognito mode.

Free accounts get deleted if you do not log in for six months.

[–] [email protected] 4 points 5 months ago

Migadu and your own domain

[–] ransomwarelettuce 3 points 5 months ago

I think they are both fine,

I like that tuta is doing just one thing, ( ignoring the new storage feature ), and trying it's best at it.

Proton is going to more of a google approach, however the nonprofit goal they just set is pretty awesome.

I got the tuta's, now non-existent, premium plan, and am using simplelogin relays to protect it. No plan in changing the setup.

Nowadays proton owns simplelogin and I think it offers it's services to customers, a couple bucks cheaper than my impossible setup, so protonmail it's probably the best option nowadays.

[–] [email protected] 3 points 5 months ago

@[email protected] I went with Proton and the reason was either that I could import and use my own PGP key, or because it had more general compatibility with other mail services using PGP (well possibly both those reasons). So I could send encrypted mails to Thunderbird users as well as GMail users (who had a PGP encryption extension).

[–] [email protected] 3 points 5 months ago

Not trying to make the choice harder, but mailbox.org seems to fit into the choices as well (also hostesd in Germany). Also in terms of hosting in Switzerland, keep in mind that it's not actually part of the EU, which is the primary/original source for many of the privacy laws you probably care about if you're looking into these providers.

[–] [email protected] 3 points 5 months ago

Protonmail sucks because you can't use it with 3rd party mail clients like claws-mail or mutt without handing over $$$ (even gmail lets you do this for free, I believe). The plaintext mode in Protonmail appears not to be actually be plain text because I've had trouble submitting plaintext patches to the OpenBSD lists several times with it.

Have no experience with Tuta.

Self host on a VPS. OpenBSD makes it easy, follow a guide like this one.

[–] Imhotep 2 points 5 months ago* (last edited 5 months ago)

what about Posteo? when I compaired many providers a few years ago they seemed like one of the the most ethical

one caveat: you can't use your own domain name, for privacy reasons. I wish they gave the option though. maybe it has changed since

no idea about calendar invites

[–] eramseth 2 points 5 months ago

Been using tuta with like 3-4 domains for years. It works fine.

Getting your own domain so you can keep an email address and move providers is the actual right move. Sounds like that's what you're going to do.

[–] [email protected] -3 points 5 months ago (1 children)

Run your own email server and don't ever send anything you don't want it to be public over email!

Email is NOT SECURE, no matter what you do!

Peace!

[–] [email protected] 3 points 5 months ago

It is a necessary evil. Better make it as good as possible. Hosting your own mail server is not feasible in most cases