Tutanota vs. ProtonMail: which one is better?

But which one should you choose? We dissect both to give you an honest verdict. So let's check this “Tutanota vs. ProtonMail” battle.

Tutanota is a free, secure email provider based in Germany. Its name comes from the Latin words “Tuta” and “Nota,” which translate to “secure note.” Tutanota claims to be the world's most secure and private mailbox. With research in quantum cryptography already underway, it's hard to believe otherwise.

ProtonMail is a free, secure, Swiss email provider. Using open-source and zero-knowledge architecture, their security is so robust that not even they can read your emails. Their servers are also hidden under a kilometer of granite in a former military bunker, with multiple password layers. An attack would need to be nothing short of nuclear.

Let's talk about the data laws under which these companies operate.

Tutanota

Tutanota is based in Germany (one of the Fourteen Eyes). Germany may be one of the Fourteen Eyes, but it is protected by The German Federal Data Protection Act – a modification of the general EU GDPR law. Essentially, it prohibits the collection and use of personal data unless the law specifically permits it or you have given your informed consent.

ProtonMail

ProtonMail uses its Swiss location to take advantage of the DPA and DPO acts. Switzerland is renowned for being neutral territory – being outside of US and EU jurisdiction. Offering some of the strongest privacy protection in the world, their 1993 Federal Act on Data protection strictly prohibits any processing of personal data without explicit consent.

However, on 5 September of 2021 the Swiss government forced ProtonMail to hand over IP addresses of French activists charged with theft and destruction of property. In this case, French authorities asked the Swiss government for assistance.

The next day ProtonMail stated in their privacy policy statement that it can be legally compelled to log one’s IP address as part of a Swiss criminal investigation. However, it also stated that the law cannot force it to compromise encryption.

Tutanota

Tutanota encrypts the email subject, body, and all attachments. The bonus is an end-to-end encrypted address book and calendar, ensuring that your contacts and meetings are kept top secret.

It combines AES 128-bit and RSA 2048-bit protocols to give you end-to-end protection. Their stronger key schedule arguably makes it more secure than AES 256-bit. Emails to non-Tutanota users are encrypted using AES-128-bit. Passwords are hashed using bcrypt and SHA256, with connections to the Tutanota servers secured using TLS.

Tutanota encrypts more sections of your email and inbox than ProtonMail (your calendar and address book) while also giving you a zero-knowledge text search. No one at Tutanota can see what you search for within your emails. Tutanota also makes it impossible to trace messages back to the user at least by using their IP.

Tutanota also differs from ProtonMail by strengthening 2FA with U2F that gives an additional layer of security.

ProtonMail

ProtonMail offers nearly the same level of end-to-end encryption, though it does NOT encrypt email subject lines. What they must be given credit for is usability: enjoy conversation views, group sending, and Bond-style self-destructing emails for quick security. Your full-text searches are NOT encrypted, however.

Similar to Tutanota, ProtonMail also makes it impossible to trace users by their IPs. ProtonMail encrypts their emails much like Tutanota does, except that it uses AES 256-bit, known as the gold standard of cryptography. Messages to non-ProtonMail users are password protected, expire after 28 days with no sign-up required. It is, however, left up to the user to share the password securely.

Both ProtonMail and Tutanota messages are encrypted every step of the way, leaving little to no room for interception. Messages are encrypted while:

• Stored on their servers.
• In transit between their servers and user devices.
• In transit within their secure networks.

Both of these services also offer spam filtering.

Are Tutanota and ProtonMail open source? Both Tutanota and ProtonMail are open source-based, crucial for ensuring the highest levels of security. Open-source software is open to the world's security experts for inspection.

Tutanota

Tutanota takes no chances. For end-to-end encryption between Tutanota users and non-users, the users must exchange a password securely beforehand. This ensures the message can only be read by the intended and verified recipient.

The question is, do you want the hassle of Tutanota's additional password step for extra U2F authentication and a zero-knowledge full-text search? Or are you willing to sacrifice your subject line to enjoy ProtonMail's zero-knowledge calendar and end-to-end encrypted address book?

ProtonMail

ProtonMail lets you select an “Encrypt for Outside” option that enables end-to-end encryption between ProtonMail users and non-ProtonMail users. Nothing between you can be read, not even by the creators themselves.

Otherwise, messages are encrypted with TLS (all popular email providers support TLS). These encrypted messages are not end-to-end secured, which means that the provider can read and hand your messages over.

ProtonMail doesn't offer end-to-end encryption on subject lines or recipient/sender email addresses. This means that emails sent to popular providers who don't offer end-to-end encryption likely retain a copy of the email.

Tutanota

As well as a web version, Tutanota has desktop clients for Windows, Mac OS, and Linux, with apps for Android, iOS.

ProtonMail

ProtonMail can be used on the web like regular email. Or you can download the Android or iOS app. As a paid user, you can also install the ProtonMail Bridge app. It runs in the background to encrypt all mail that enters and leaves your computer.

Tutanota

If storage is important and you like to keep a backlog of emails, Tutanota's free account has double the storage of ProtonMail's free account.

For personal use, you can choose a free account with 1GB storage (about 300 emails a day) or a premium account for €1.2 per month or €12 annually. The free account is limited to one user, or premium users can pay €1 extra to add a user.

Businesses can purchase premium accounts (€24 per year) or pro accounts (€84 per year, excluding tax). The pro account comes with ten times more storage, custom branding, and up to 20 aliases. All business accounts include custom domains and customer support.

Tutanota also lets you build your plan with the features you really want. Just use their pricing calculator on their website to create your ideal subscription.

ProtonMail

With that being said, even though ProtonMail’s free account has half the storage of Tutanota, that's still up to 150 messages a day, and it supports third-party clients. Of course, both are 100% ad-free.

The free Protonmail account is single use only, and comes with 500MB of storage. You can, however – create three separate folders within your mailbox to stay organised.

For a Professional or Visionary account, prices range from €8 to €30 per month. Both offer add-ons for extra storage and aliases, with prices starting at €1 per GB each month.

You can check out their plans here and here.

Tutanota

Tutanota offers email support only for paid users, which limits its availability. While extensive Reddit threads and a knowledge base exist for Tutanota, they are not as rich as ProtonMail's.

ProtonMail

ProtonMail has customer support for both paid and free users as well as extensive Reddit coverage. It has a larger knowledge base than Tutanota.

Tutanota

Tutanota has an autoresponder, custom domain aliases, and secure calendar features. One of Tutanota's exceptional features is its SecureConnect. It allows you to inject a code into your website that creates a contact form as secure and private as Tutanota is.

ProtonMail

ProtonMail has many additional features, including an autoresponder and custom domain aliases, as well as a secure calendar, which is still in the beta stage. It also has ProtonMail Bridge — a feature that runs in the background and encrypts IMAP- and SMTP-supporting application messages. However, it is available only for desktop devices (Windows, macOS, Limux).

Both Tutanota and ProtonMail score equally high in this area. They are both easy to use and set up. They provide clear instructions for a user during the installation and setup process.

Both services are also easy to navigate, and you can use their multiple functionalities without much fuss. Their interfaces are nice, friendly, and clear so that users have all the features and functionality that they need at hand.

So, which is more secure: Tutanota or ProtonMail? Technically, you are extremely secure with either Tutanota or ProtonMail. Both use the world's most potent end-to-end encryption methods and zero-knowledge infrastructure, and both keep you secured even amidst non-users. In some specific instances however, both can be seen to prioritize storage over secrecy, or non-user accessibility over security for example. The choice really depends on what you value the most. For example, conscious consumers will be pleased to hear Tutanota runs entirely on green electricity.

Remember, encryption is not end-to-end encryption. The former is used by almost every popular email service today, enabling them to keep copies of your emails and potentially pass them on to third parties — depending on the data laws they operate under. Switch to free secure emails instead.