Tutanota / Mailbox.org?
-
Mailbox encrypts the email at rest on their servers but with the encryption keys they own. Protonmail, in contrast, uses zero access encryption where they encrypt your data with your public key and they do not know or have access to your private key to be able to decrypt the data even if they wanted to.
Mailbox has a zero access encryption service called (I think) Guard that basically encrypts the email with PGP where they would no longer be able to decrypt your email. But it’s not enabled by default.
That's true once it's received, but it's still processed by proton and now we know they are pro-nazi so who knows what they would do.
You can avoid this with pgp as stated (default for proton to proton messages), but I don't think it's worth considering the at rest encryption at proton anymore.
-
Posteo rocks.
This is accurate
-
This is accurate
Its simple as hell, out of the way. Its a no fuss email that seems to have all the features you'd want. It just works. Carbon neutral and all the good stuff we all like to boot.
-
If you want a compatible, interoperable email service, then Mailbox. Tutanota is a propietary, centralised email system.
So any concern about mailbox.Org severs being in Berlin and Germany being apart of the 14eyes alliance?
-
we encrypy our stuff for you, trust us bro
Their clients are open source. Might not be "standard" like PGP, but if you could read code, you could verify that it's encrypted before it gets sent.
-
With that you mean it's standard access IMAP/SMTP from any client you want, as opposed to Proton/Tutanota and their custom apps right? Yeah, I prefer a standard protocol and my own app.
Yes. You can get it with proton too, but you need your own domain for that iirc.
-
I don't know mailbox.org but tuta will try to upsell you, eventually. It's going down the same path as Proton is so maybe stay away from it if you want to get away from Proton.
-
Hi guys!
I'm looking for a Proton alternative. So far I've seen these two recommended. I was wondering what are the pros/cons of each? Seems Tutanota offers more bang for the buck in mailbox size etc, but I'm not sure. I'd also like to have a better integration with Android, because Proton's email/calendar apps suck big time.
Thanks!
-
I'm all for options, to be honest. What ideally I'd like is some sort of good encrypted email based in some safe European country, which can achieve decent Android integration. Proton apps are pretty useless to that effect (lack of offline basic functionalities, the calendar app isn't even an android calendar provider).
I'm not too hard in moving around my emails, since for the last few years I've been giving my email @duck.com which actually ends up sending to my final email after some tracking cleaning. Changing email provider would entail only updating my @duck.com destination.What ideally I’d like is some sort of good encrypted email [...], which can achieve decent Android integration. Proton apps are pretty useless to that effect [...]
Don't need provider-specific apps if their services use standard protocols:
- IMAP: Fair Email or K-9 Mail(/Thunderbird)
- CalDAV: DAVx⁵
-
Sigh...right. But people DO need email. For banks. For taxes. For governments, healthcare, and lots of other crap.
So yeah, I'm skipping the whole "encrypted mailbox no-knowledge", since it's both cumbersome and useless unless anyone around you ALSO uses it (otherwise, those super private emails can be way more easily intercepted during transit than in your inbox anyway).
I just want some attempt at privacy from some EU nation while keeping some decent interoperability.
-
SimpleX becomes a pain when using multiple devices
-
So any concern about mailbox.Org severs being in Berlin and Germany being apart of the 14eyes alliance?
Tutanota is also german, if I am not mistaken.
-
Sigh...right. But people DO need email. For banks. For taxes. For governments, healthcare, and lots of other crap.
So yeah, I'm skipping the whole "encrypted mailbox no-knowledge", since it's both cumbersome and useless unless anyone around you ALSO uses it (otherwise, those super private emails can be way more easily intercepted during transit than in your inbox anyway).
I just want some attempt at privacy from some EU nation while keeping some decent interoperability.
Librem
-
Tutanota is also german, if I am not mistaken.
-
Hmmmmm I'd say Librem is US-based. Not to mention their whole mess with delivering pre-orders (and normal orders) of their Librem phone. Last time I checked they still didn't fulfill most of their orders right?
...Nah I think this shouldn't be where to trust my email. -
Hi guys!
I'm looking for a Proton alternative. So far I've seen these two recommended. I was wondering what are the pros/cons of each? Seems Tutanota offers more bang for the buck in mailbox size etc, but I'm not sure. I'd also like to have a better integration with Android, because Proton's email/calendar apps suck big time.
Thanks!
Mailbox.org is great, their webmail setup is good and has contacts and calendar and all the things you would expect to have. With Cal/CardDAV and ActiveSync support too.
-
Hi guys!
I'm looking for a Proton alternative. So far I've seen these two recommended. I was wondering what are the pros/cons of each? Seems Tutanota offers more bang for the buck in mailbox size etc, but I'm not sure. I'd also like to have a better integration with Android, because Proton's email/calendar apps suck big time.
Thanks!
I have used both. Both are good. Tuta doesn't support people as people said, but I think you'll find that the amount of people you will interact with that can and want to use pgp encrypted email is slim.
The way tuta works is you can send and receive regular email. And when you send it encrypted, the recipient gets a regular email that's says something like"you received a confidential email" (you can edit the text). That person then follows a link in the email and you need to provide them with a password (ideally you provide this password out of band... by text or chat or something... but you can of course just send by regular email).
After they log in, they are basically on a limited web interface to tuta where they can only exchange emails with you (but they can see every email between the two of you in their "inbox).
It's a pretty good system. There is also encrypted calendar and contacts. They have webmail of course and also apps. There's a dedicated calendar app.
Mailbox.org is actually more of a full office suite at this point. The web interface isn't as tight and can be confusing. They can handle your pgp keys or you can do it yourself. You need to decide if you care about trusting someone else with your keys. I actually still have my mailbox.org address because I like the domain. It forwards to my tuta email.
Oh yeah, tuta also allows you to use any of a number of their domains or you can bring your own (pricing may vary). They also have aliasing and catch-all addresses for custom domains.
Both are based in Germany for what it's worth. German privacy laws are pretty strict. For any law enforcement to be granted access to any of your stuff there needs to be a court hearing. They have a warrant canary and transparency report here https://tuta.com/blog/transparency-report .
Also, because tuta is end to end encrypted, all they can release is encrypted data. There's is more of an explanation at rhe bottom of that transparency report post about what can be requested and what data they even have on users. Mailbox.org might have similar policies but I haven't taken the time to find them.
One thing I will note is that tuta has HSTS enabled I believe so if you're behind a corporate firewall that does certificate snooping by way of MITM when you try to access, it won't connect.
-
Wouldn't that be only between Tutanota users anyway? Sure, you could use PGP manually, but it is more annoying, I prefer the seamlessness of doing so in my client. Not to mention not having an option if you, say, don't like the UI!
Wouldn’t that be only between Tutanota users anyway?
Just since nobody else answered your question: No. A Tuta user can send an encrytped message to anyone (including non-Tuta users). Those users then get an unecrypted message, saying "Click here to read your message", which takes them to the Tuta site, which lets them see the message. The non-Tuta user can then reply to the Tuta user as they like.
But you're right about the UI. Tuta users have to use the Tuta UIs (mobile, desktop, web).
-
I have used both. Both are good. Tuta doesn't support people as people said, but I think you'll find that the amount of people you will interact with that can and want to use pgp encrypted email is slim.
The way tuta works is you can send and receive regular email. And when you send it encrypted, the recipient gets a regular email that's says something like"you received a confidential email" (you can edit the text). That person then follows a link in the email and you need to provide them with a password (ideally you provide this password out of band... by text or chat or something... but you can of course just send by regular email).
After they log in, they are basically on a limited web interface to tuta where they can only exchange emails with you (but they can see every email between the two of you in their "inbox).
It's a pretty good system. There is also encrypted calendar and contacts. They have webmail of course and also apps. There's a dedicated calendar app.
Mailbox.org is actually more of a full office suite at this point. The web interface isn't as tight and can be confusing. They can handle your pgp keys or you can do it yourself. You need to decide if you care about trusting someone else with your keys. I actually still have my mailbox.org address because I like the domain. It forwards to my tuta email.
Oh yeah, tuta also allows you to use any of a number of their domains or you can bring your own (pricing may vary). They also have aliasing and catch-all addresses for custom domains.
Both are based in Germany for what it's worth. German privacy laws are pretty strict. For any law enforcement to be granted access to any of your stuff there needs to be a court hearing. They have a warrant canary and transparency report here https://tuta.com/blog/transparency-report .
Also, because tuta is end to end encrypted, all they can release is encrypted data. There's is more of an explanation at rhe bottom of that transparency report post about what can be requested and what data they even have on users. Mailbox.org might have similar policies but I haven't taken the time to find them.
One thing I will note is that tuta has HSTS enabled I believe so if you're behind a corporate firewall that does certificate snooping by way of MITM when you try to access, it won't connect.
Thanks I really appreciate elaborated comments about both. I think I'm going to skip the Tuta encryption for now. While it has a way of keeping it encrypted for the destination, it involves the final user having to click some links in order to open the encrypted mail. I mean...I think most of the people I'd write to would hate having to do extra steps just to see an email I wrote. So I guess I'd have to stick to unencripted, and then the advantage is kinda lost. I'd like a fully encrypted mailbox, yeah, but not at the cost of making it incompatible with any other app or email standards. I guess I didn't have a great experience with Proton apps for Android.
Don't take me wrong, I'd love to have a fully encrypted mailbox, but not by making it all cumbersome.
