this post was submitted on 18 Jun 2024

47 points (100.0% liked)

Privacy

787 readers

2 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

Which Email provider Tuta or Proton? (lemmy.dbzer0.com)

submitted 3 months ago* (last edited 3 months ago) by kylian0087@lemmy.dbzer0.com to c/privacy@lemmy.ml

27 comments fedilink hide all child comments

Hey guys,

I am looking for a new email provider as I am still using gmail and like to get that removed finally. I am currently looking at Tuta and proton. I would be using it mainly for email and the Calendar. most other things I am self hosting but email in particular is not something I like to self host.

Proton being hosted in Switzerland and Tuta being hosted from Germany I think Proton has a edge over Tuta in that regard although I am not very familiar with both country's privacy laws.

Also how do they compare to each other regarding flexibility in creating email filters and folders. I believe proton hat some restrictions on the amount of email filters if i am not mistaken.

And lastly can you get calendar invites with these email providers? If I like the email provider i might move the business email to one of the providers as well but seeing we get like calendar invites which works fine with outlook. I dont know if this works with the email clients of proton or Tuta.

Also if their is a better email provider i am open to suggestions.

EDIT: Thanks guys! Got many great answers. i think I will get my own domain and try them out both for a while.

top 27 comments

sorted by: hot top controversial new old

[–] 211@sopuli.xyz 35 points 3 months ago* (last edited 3 months ago) (4 children)

First thing you need to understand is that the smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton, so in rare cases. Encryption at rest, which is what tuta-to-proton, gmail-to-tuta etc. can do, is something that a lot of other email providers do too.

I'm currently in the process of moving from Proton to Tuta, because despite several years of promises, the Android client for Proton still doesn't do non-google push notifications. Also because if you just need email with your own domain, Tuta is much more price-friendly. (The tier also includes unlimited calendars and event invites, which I haven't tried.) If you also want VPN and encrypted storage, the balance tips.

I don't use the calendar from either, so can't talk for their properties. I prefer seamless calendar integration for wrist gadget integration and such, so using NextCloud Calendar + DavX. For smooth integration with encryption, could also look into Etesync. I think you'll be able to share an ics attachment from either of those through your normal calendar.

Germany is a 14-eyes-country, but since I'm just privacy conscious and my threat model doesn't include international-coordination-level actors (barely state level, am in the EU but not German, so eh, far enough), it doesn't matter that much to me. Proton also has to obey court rulings.

[–] kylian0087@lemmy.dbzer0.com 15 points 3 months ago* (last edited 3 months ago) (5 children)

The push notifications would be a issue for me. I am using GrapheneOS without any google services.

Also the calendar i am not 100% sure how I want to do it. I currently use Nextcloud and Caldav. Which for me works great when syncing with Etar on my phone and Evolution mail in the desktop. For my dad I have setup caldavsynchronizer for outlook as that is the email client he has used for years. When i would use Tuta id loose the nextcloud calendar because it can in no way synchronize with Tuta. With proton on the other hand I can use the bride for email and use the calendar how i am currently using it together with Etar on the phone.

On the other hand if say Tuta providers a calendar that is integrated and works with both the email client on the desktop and on the phone. the same goal is accomplished.

[–] Samlane86@lemmy.ml 13 points 3 months ago* (last edited 3 months ago) (1 children)

I've been using Proton Mail and GrapheneOS for some time now. Early in I found an app called You Have Mail that solved the pushnotifications problem for me. I've never used Tutanota, so I can't speak for it at all, but I really like Proton.

[–] onion@feddit.de 4 points 3 months ago* (last edited 3 months ago) (1 children)

Thank you for the tip! It feels a bit sketchy to give it my login info though

[–] Andromxda@lemmy.dbzer0.com 2 points 3 months ago

The app is completely open source: https://github.com/LeanderBB/you-have-mail
Your login data is only stored locally on your device, and used to log in to your Proton account. It's not sent to a third-party server. This is totally fine.

[–] iiGxC@slrpnk.net 3 points 3 months ago

Yeah, tuta is actually on fdroid (should be the minimum bar for open source software from a company like proton) and has an efficient notification service that doesn't depend on google services at all

[–] 211@sopuli.xyz 2 points 3 months ago* (last edited 3 months ago)

multipost

[–] 211@sopuli.xyz 1 points 3 months ago* (last edited 3 months ago)

multipost

[–] 211@sopuli.xyz 1 points 3 months ago

What all do you consider "synchronizing" to include? I mean, the calendars won't, but using Etar+NextCloud for calendar, and Tuta for email, has worked fine for me. Of course it means that my calendar isn't encrypted.

I just tested sending an ICS event to both. The Tuta app offered to open it on Etar, and Etar offered the default calendar with dropdown for others, just like normal. (Strangely it didn't even offer to open on Tuta's own calendar, which is in the same app; maybe because I've added no calendars there?) Proton's app (which may be out of date, the mail app isn't on F-droid, either publicly or in an official repository, and I'm a lazy updater) wanted to open it on Proton Calendar only when I don't even have it installed.

Proton's bridge OTOH worked really well for me for syncing to Thunderbird, probably works as well for Office too.

[–] JurassicPork@lemmy.one 7 points 3 months ago

Feeling sort of in same boat here, love proton....minus the google push notifications! For past year or more I've had to manually check my proton client daily for new messages on my grapheneos phone, super annoying....not the end of the world but still a neusance

[–] kbal@fedia.io 3 points 3 months ago* (last edited 3 months ago) (1 children)

smooth end-to-end encryption works only tuta-to-tuta or proton-to-proton

The difference is that proton tries to be somewhat interoperable with other services. It uses standard PGP encryption, you can import public keys to it from elsewhere, and you can download your private key from them if you need it.

* Of course I meant that you can easily export the private key from their web client, which is not really a download as such.

[–] 211@sopuli.xyz 1 points 3 months ago (1 children)

Depends a lot on your peer group, but I have even fewer contacts that use PGP than ones that use either service. :/ Just tried to keep it simple.

[–] kbal@fedia.io 2 points 3 months ago

If it's more than none at all that's pretty good. But adhering to open standards is also a factor in how we should judge these providers which goes beyond that.

[–] TheSun@slrpnk.net 2 points 3 months ago* (last edited 3 months ago)

And years of not fully supporting Linux.

Another way to put that is actively pushing/encouraging their "privacy concious" clients onto windows spyware if they want to get the service they paid proton for. Can't be private on windows folks.

Not privacy focused at all IMO, its all privacy theatre and proton is just money focused.

[–] Creat@discuss.tchncs.de 5 points 3 months ago

Not trying to make the choice harder, but mailbox.org seems to fit into the choices as well (also hostesd in Germany). Also in terms of hosting in Switzerland, keep in mind that it's not actually part of the EU, which is the primary/original source for many of the privacy laws you probably care about if you're looking into these providers.

[–] acetone@szmer.info 5 points 3 months ago

Migadu and your own domain

[–] IDew@lemm.ee 4 points 3 months ago

Been using Proton for over 4 years now, and have had no issues with it. I don't use folders or tags that much, but if you are a paid member, you get unlimited of those. They recently announced calander invites (I personally never want to use them) and it looks like it should work fine. Proton also has unlimited aliases to hide your actual address, which I use all the time (coming over from SimpleLogin.)

The bundle (mail, VPN, calander, pass and drive) is really bang for the buck for what you get, even though you don't use some of them. You can always upgrade to it later if you wish. And in case you don't plan on paying, the free versions work just as you expect!

If you have any questions, just ask!

[–] GadgeteerZA@fedia.io 3 points 3 months ago

@kylian0087@lemmy.dbzer0.com I went with Proton and the reason was either that I could import and use my own PGP key, or because it had more general compatibility with other mail services using PGP (well possibly both those reasons). So I could send encrypted mails to Thunderbird users as well as GMail users (who had a PGP encryption extension).

[–] xilona@lemmy.ml 1 points 3 months ago (1 children)

Run your own email server and don't ever send anything you don't want it to be public over email!

Email is NOT SECURE, no matter what you do!

Peace!

[–] kylian0087@lemmy.dbzer0.com 3 points 3 months ago

It is a necessary evil. Better make it as good as possible. Hosting your own mail server is not feasible in most cases

[–] trickster@infosec.pub 1 points 3 months ago

I personally suggest Tuta (and I use it daily) over Proton. Several reasons:

Proton:

it is leaky in terms of social graph encryption. Sun Knudsen has a great video about it (https://youtu.be/GdDFUycXR_M&t=0)
had this case about the climate activist (https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification). And since they position themselves as a privacy company, this looks disturbing.
I'd prefer a such a privacy oriented company to be more open to anonymous payment methods.

Overall, Proton seems like a little more privacy-conscious Gmail alternative.

Tuta

doesn't use Google/Apple notification servers
encrypts more stuff than Proton

PS In both cases, emails are not end-to-end encrypted. Even though both are marketed with E2E encryption by default. Again, Sun Knudsen has a great video about the topic (https://youtu.be/G2Jh8bQ2wM8&t=501).

Also, as far as I remember, Proton is more expensive while having less features (the cheapest option) than Tuta.