Hi guys!
I’m looking for a Proton alternative. So far I’ve seen these two recommended. I was wondering what are the pros/cons of each? Seems Tutanota offers more bang for the buck in mailbox size etc, but I’m not sure. I’d also like to have a better integration with Android, because Proton’s email/calendar apps suck big time.
Thanks!
Mailbox.org is great, their webmail setup is good and has contacts and calendar and all the things you would expect to have. With Cal/CardDAV and ActiveSync support too.
Tutanota for max security (no imap/pop3 support). Other services for using IMAP/POP3. But really, you shouldn’t be using email anyway if your goal is max security and privacy, simplex.chat is better for that.
SimpleX becomes a pain when using multiple devices
Sigh…right. But people DO need email. For banks. For taxes. For governments, healthcare, and lots of other crap.
So yeah, I’m skipping the whole “encrypted mailbox no-knowledge”, since it’s both cumbersome and useless unless anyone around you ALSO uses it (otherwise, those super private emails can be way more easily intercepted during transit than in your inbox anyway).
I just want some attempt at privacy from some EU nation while keeping some decent interoperability.
Librem
they look interesting but I can’t find out anything about where they have their servers located.
Hmmmmm I’d say Librem is US-based. Not to mention their whole mess with delivering pre-orders (and normal orders) of their Librem phone. Last time I checked they still didn’t fulfill most of their orders right? …Nah I think this shouldn’t be where to trust my email.
Posteo rocks.
This is accurate
Its simple as hell, out of the way. Its a no fuss email that seems to have all the features you’d want. It just works. Carbon neutral and all the good stuff we all like to boot.
Posteo
Take a look into Posteo if having a custom domain is something you can live without.
Posteo
Wow…This one seems to be a very good one as well. How come it’s not even mentioned in privacytools.io or privacyguides.org?
Not sure.
It’s not as popular, but i use it with my own PGP keys & Thunderbird and it’s great!
You also get SMTP with posteo, if that is important to you.
With that you mean it’s standard access IMAP/SMTP from any client you want, as opposed to Proton/Tutanota and their custom apps right? Yeah, I prefer a standard protocol and my own app.
Yes. You can get it with proton too, but you need your own domain for that iirc.
If you want a compatible, interoperable email service, then Mailbox. Tutanota is a propietary, centralised email system.
So any concern about mailbox.Org severs being in Berlin and Germany being apart of the 14eyes alliance?
Tutanota is also german, if I am not mistaken.
That’s right feels a bit silly now
This. You can’t use your client, not on your phone nor on your PC. Therefore Tutanota was never a viable option
Tuta also doesn’t easily support pgp and has no plans to integrate it. “we encrypy our stuff for you, trust us bro”
we encrypy our stuff for you, trust us bro
Their clients are open source. Might not be “standard” like PGP, but if you could read code, you could verify that it’s encrypted before it gets sent.
I’m just teaching myself - maybe good practice.
I have concerns about mailbox being under jurisdiction of 14eyes.
Wouldn’t that be only between Tutanota users anyway? Sure, you could use PGP manually, but it is more annoying, I prefer the seamlessness of doing so in my client. Not to mention not having an option if you, say, don’t like the UI!
People not talking about Startmail or Disroot. Not good options?
Disroot is fine
I’m all for options, to be honest. What ideally I’d like is some sort of good encrypted email based in some safe European country, which can achieve decent Android integration. Proton apps are pretty useless to that effect (lack of offline basic functionalities, the calendar app isn’t even an android calendar provider). I’m not too hard in moving around my emails, since for the last few years I’ve been giving my email @duck.com which actually ends up sending to my final email after some tracking cleaning. Changing email provider would entail only updating my @duck.com destination.
Following up…Yeah, why not Startmail or Disroot? Startmail seems to offer more bang for the buck than Mailbox. I’m not sure how many aliases you get if you get a paid plan in disroot.
EDIT: I…misread. Startmail offers half-priced plan the first year, then goes ahead and doubles it, getting pricier than Proton, Mailbox and about everyone else I think.
What ideally I’d like is some sort of good encrypted email […], which can achieve decent Android integration. Proton apps are pretty useless to that effect […]
Don’t need provider-specific apps if their services use standard protocols:
- IMAP: Fair Email or K-9 Mail(/Thunderbird)
- CalDAV: DAVx⁵
Mailbox.org offers 2GB of space for their free tier, and Tuta is 1GB.But I would just look at the recommendations on privacyguides.org. They break down what each service does well and what things you should know, like how Mailbox uses PGP and Tuta uses some other (valid) encryption method.
Edit: Could have sworn Privacy Guides said Mailbox had a free tier.
Didn’t know Mailbox had a free tier! Gotta check that out.
Edit: Mailbox still doesn’t have a free tier. It’s just a one month trial.
For what’s worth, I’m going to give it a shot on the month trial. But I already see the middle tier for 3€ offers 10GB email only. I think I can fit my current old mail backup in about 4GB, but it would be slightly tight, I guess. I’m on an older Proton plan which charges about 3USD per month (by-yearly) and it gets me about 20GB. I think shared between cloud and email (I’m not actually interested in the cloud part, I have Seafile for that).
Damn, thought they did. Could have sworn Privacy Guides said it was free.
As far as I’m aware, there is a huge difference between these three in that Mailbox.org is not end-to-end encrypted. So if that is an important feature for your use case, that may disqualify them from your options.
However, mailbox can still be encrypted with pgp, and has some built in supports which make this easier.
One problem I had with proton/tuta is that you cannot use a third party app due to the encryption, which you can with mailbox. A problem I have with mailbox is that it does not support fido2 for login or 2fa, which could be a security concern.
Thanks, these are the kind of valid points I’m looking for. I noticed the lack of 2fa when I was registering for the demo, they only asked for a backup email or a phone number…neither too privacy-friendly there. But I guess I can live with that.
Yep, good point.
Email is never “end to end encrypted” outside of layering something else on like PGP- which you could use with any email service.
It is under certain circumstances. Specific to ProtonMail, it is E2E encrypted if you send a message to another ProtonMail user. They also have a feature where you can send an encrypted email to an outside address. I think in that case the recipient gets a link where they can then input the decryption password to read the message.
But you’re right about any email you receive (from a non-ProtonMail address). Those can not be E2E encrypted and are only stored encrypted at rest.
Protonmail uses pgp under the hood. Their encryption was only ever within proton accounts because they had an automatic key lookup system. You can of course add your own keys, but most didn’t. Still pgp.
Huge beginner here, but privacytools.io says Mailbox is encrypted? Is it the “end to end” part? How did you find out they’re not? https://www.privacytools.io/privacy-email
Mailbox encrypts the email at rest on their servers but with the encryption keys they own. Protonmail, in contrast, uses zero access encryption where they encrypt your data with your public key and they do not know or have access to your private key to be able to decrypt the data even if they wanted to.
Mailbox has a zero access encryption service called (I think) Guard that basically encrypts the email with PGP where they would no longer be able to decrypt your email. But it’s not enabled by default.
That’s true once it’s received, but it’s still processed by proton and now we know they are pro-nazi so who knows what they would do.
You can avoid this with pgp as stated (default for proton to proton messages), but I don’t think it’s worth considering the at rest encryption at proton anymore.
It’s not on your list but I’ve had a Mailfence email for the last couple of years and they’ve been solid.
You could also use YUNOhost to host your own on a VPS. I had no experience before setting mine up and it was fine. Unlimited email accounts and aliases out of the box, plus you can host other stuff besides, like a website, file server or even a fediverse instance.
I’d try avoiding email hosting. I’ve heard way too many times that it’s too much pain when it fails, and when it fails basically emails are bounced. I can’t afford to miss taxes emails or other important stuff.
I don’t know mailbox.org but tuta will try to upsell you, eventually. It’s going down the same path as Proton is so maybe stay away from it if you want to get away from Proton.
Oh, I see Well, as long as they still offer the cheaper option I need, I don’t really care, it’s not the prettiest sales tactic but at least I can still chose
With tuta, I was locked into using their apps which kind of sucked. I moved to mailbox.org with the intent of encrypting my inbox but never did in the end. I’m happy to have IMAP/SNMP back that’s for sure.
Edit to add: been with mailbox.org 2 years and they’ve never tried to up sell me. Each Christmas I get a coupon or something to invite someone but I’ve never used it.
I’m sorry, english is not my first language but what do you mean by advising to stay away from Tuta?
“stay away” from something, means to avoid it, they are saying to not use it
Haha no I get that. The question is more like, why stay away from Tuta
Oh lol.
tuta will try to upsell you
“upsell” refers to a sales tactic, where a salesperson keeps trying to convince you to buy something more than you might need. Basically, you want to buy a $200 TV, and the sales person tells you: “Hey this $700 TV is much better, it has 8K High Definition, Premium Speakers… etc, etc…”
And then you say: “No thanks, I just want the $200 TV 😅”
But they keep repeating the $700 tv over and over and it gets annoying. That’s what the user is claiming that Tuta is doing.
