Tutanota vs Protonmail: Which is Most Secure in 2024?

Email is the starting point of most successful data breaches and free email services provide security only up to a point.

When it comes to private and secure email providers, Tutanota and ProtonMail are the most well-known. Tutanota is a German-based email service, and ProtonMail is Swiss-made software.

Germany and Switzerland are pioneers in cutting-edge technology. The location of the headquarters is an important aspect from a privacy-related perspective, as we’ll detail below.

Which of them would suit you best?

Let’s find out! This article is a Tutanota vs. ProtonMail match, where we’ll assess their privacy and security features. In this match-up, we’ll focus on things like:

    • 🔐 End-to-end encryption
    • 🔐 Perfect Forward Secrecy
    • 🔐IP Logging
    • 🔐 Overall Privacy

What Is Tutanota?

Tutanota is a private and encrypted email service that caters to business professionals and regular users alike. Made according to privacy by design principles, Tutanota works on an end-to-end encryption model. Its mission is “to protect journalists, whistleblowers, and human rights activists as well as citizens around the world.”

Tutanota’s email service maintains user privacy by not scanning emails, and by enabling a track-free experience as it keeps your mailbox out of the marketers’ and advertisers’ reach.

What Is ProtonMail?

ProtonMail claims to be a user-friendly email service, enforcing online privacy as the default. Its process of encrypting email communications relies on advanced algorithms that hide your online data, making it inaccessible to anyone, including the ProtonMail team.

ProtonMail joins Tor to provide you with an anonymous email route via an onion site. This option offers an extra encryption layer, as it decreases the odds of wiretapping and protects you against MiTM (Man-in-the-Middle) attacks and DDoS attacks.

Why Is a Secure Email Essential if You Use a VPN?

First off, you might wonder why you need to use a private and secure email service if you’re always connected to a VPN.

A VPN hides your IP address and internet activities and encrypts your entire online traffic. However, it can’t guarantee privacy and security of external services, such as emailing. That’s because once your messages reach the email service servers, their content is no longer encrypted by the VPN.

Within the ecosystem of an email service, the contents of your messages (and any attachments) may be visible to snooping eyes.

The same way you need a VPN to encrypt your online traffic, you need a secure email service to encrypt your emails. Secure email providers like ProtonMail and Tutanota use the same type of encryption VPNs.

Get CyberGhost VPN to secure and encrypt all your online activities, including browsing sessions and streaming habits. Thanks to our strict No-Logs policy, we don’t track your digital whereabouts and we don’t collect and store data.

What Do Both Tutanota and ProtonMail Email Services Have in Common?

Both Tutanota and ProtonMail have built-in TLS (Transport Layer Security). TLS is a security standard most email services use, including Gmail and Yahoo Mail. The difference is that private email services encrypt their servers, not just email content.

Why encrypt email servers? Your email messages are still protected in the event of a data breach. It would take a literal eternity for someone to decipher properly encrypted emails. You don’t get this kind of protection with a popular email service.

ProtonMail and Tutanota provide easy, end-to-end encryption between users of the same service. For instance, two ProtonMail or Tutanota users automatically secure their emails with their own private key no one can read or decipher.

Both email providers apply Perfect Forward Secrecy. This encryption system automatically and frequently changes the keys used to encrypt and decrypt information. The ongoing process ensures minimal damage even if someone catches or steals the most recent key. They only expose a minimal amount of your sensitive data, if any.

Now that you know ProtonMail and Tutanota’s common points, let’s see how each email service stands out.

Differences between Tutanota and ProtonMail

Data Encryption

Tutanota

Tutanota encrypts the email subject, body, attachments, address book, and calendar. In short, you are not exposing your contacts or details of your meetings.

Tutanota also combines AES 128-bit and RSA 2048-bit protocols for complete end-to-end protection.

ProtonMail

With ProtonMail, you don’t get the protection of encrypted email subject lines, but overall, this email service uses AES 256-bit, known as the gold standard of encryption.

Winner: It’s a tie

Screenshot secure email features Tutanota

PGP (Pretty Good Privacy)

Pretty Good Privacy (PGP) is a data encryption and decryption technology famous for maximizing the security of email communications. The sender and the recipient use a PGP public key to encrypt the message and a private key to decrypt it.

Tutanota

Tutanota doesn’t cover PGP, but it does use an advanced protocol similar to the PGP algorithm. The main reason PGP chose not to implement an encryption method is that it would’ve made it more difficult to integrate an encrypted calendar, cloud storage, subject lines, and the plain text above the email body.

In addition, PGP doesn’t suit Tutanota’s plans going forward. The German email provider wants to add the Perfect Forward Secrecy feature and algorithms to adapt to quantum computing – and neither of them support PGP integration.

Screenshot of Tutanota desktop calendar and emails on mobile

ProtonMail

ProtonMail has a built-in PGP integration, allowing you to automatically enable PGP with your chosen contacts. ProtonMail will handle the encryption process, meaning, while your emails arrive in plain text, they’re total gibberish behind the scenes.

Winner: It’s a tie

Anonimity

Tutanota

Tutanota fully supports anonymous online communications based on its privacy policy, as it doesn’t keep or store users’ IP addresses. Their anonymization process removes IP addresses from emails sent and received and prevents automatically loading images attached to emails. This is an extra step to ensure your IP address stays hidden, giving you the option to load external content only from trusted senders.

Moreover, Tutanota doesn’t use cookies on its website, differentiating it from ProtonMail.

Still, Tutanota declares that it can log IP addresses of individuals who are under investigation for serious criminal acts based on valid court orders issued by a German judge.

ProtonMail

ProtonMail also claims it doesn’t hold on to IP addresses, but there’s a nuance to their IP logs policy. The company states it doesn’t keep permanent IP logs with your use of the Services. Still, ProtonMail temporarily keeps IP addresses to prevent fraud or abuses that go against its terms and conditions, like spamming or DDoS attacks.

Also, Swiss law can force ProtonMail to keep IP addresses of crime-related investigations. This kind of situation occurred in September 2021, when French authorities collaborated with the Swiss government on a case of French activists charged with theft. ProtonMail then handed over activists’ IP addresses to Swiss authorities.

Winner: Tutanota

Spam Filters

Both Tutanota and ProtonMail have spam filters.

Tutanota ProtonMail
→ Spam filters are pretty basic and similar to any email service where you can set and filter spam as well as unwanted messages. → Spam detection system that automatically places spam messages in a dedicated folder.

Winner: ProtonMail

Email App Integrations

Tutanota ProtonMail
→ The company’s encryption technology doesn’t allow the inclusion of third-party email services. → ProtonMail supports integrations of popular email apps, including the popular Microsoft Outlook, Apple Mail, and Mozilla Thunderbird.

Winner: ProtonMail

Dedicated Apps

Both ProtonMail and Tutanota offer mobile apps for iOS, Android.

Tutanota ProtonMail
→ Tutanota has a dedicated application for Windows, Mac, and Linux. → ProtonMail doesn’t have an app for desktop, where it’s only available and usable with a browser.

Winner: Tutanota

Sending Messages to Non-users

You might have decided to use one of the two email services, but most of your contacts still rely on the more popular Gmail or others.

Tutanota

Tutanota reslies on AES symmetric encryption, where you have to type in a password and share it with the recipient. The recipient will unlock the message using the shared password.

ProtonMail

ProtonMail uses the same type of encryption as Tutanota, the only difference lies in its limited process (mentioned above), where subject lines or sender’s email addresses aren’t encrypted.

If a popular email provider doesn’t offer end-to-end encryption, there’s a risk it might keep a copy of your email. Still, you can overcome this risk if you don’t include sensitive information in the subject line.

Winner: Tutanota

Sending and receiving emails on ProtonMail

Customer Support

Getting appropriate and straightforward technical assistance is always essential, especially if you’re new to the service.

Tutanota

Tutanota doesn’t provide direct customer support to its free users, but paying subscribers do have access to it. On the other hand, the email service has a subreddit where you can find support documentation and helpful answers to technical questions.

ProtonMail

ProtonMail positively stands out in this segment since it offers support for all users, including those with free accounts. Free users do have longer waiting queues, but it’s still something.

ProtonMail has a significantly larger Reddit community, and you’ll find support articles on ProtonMail’s website much easier compared to Tutanota.

Winner: ProtonMail

Table showing relevant tech and support topics

Open-Source Code (To a Certain Extent)

An open-source code shows a lot of confidence and transparency. Anyone can look at the code and audit it, so you know you can trust the service to handle your data. Tutanota and ProtonMail aren’t fully open-source email services, but there’s a silver lining.

Tutanota

In Tutanota’s case, every part of their software is open source except for their servers. They admitted this detail on the company’s blog and assured users it’s one of their priorities, and they will work on adding it soon.

ProtonMail

ProtonMail mentioned it doesn’t intend to reveal its source code for its back-end servers, as this would disclose “information about how they do anti-spam and anti-abuse.”

Winner: It’s a tie

Data Retention Policies

A company’s headquarters is important when it comes to privacy laws and data retention policies.

Tutanota

Tutanota is crafted by German engineers. Its corporate offices are based in Germany which is part of the 14 Eyes Alliance. It is a surveillance partnership between multiple countries to share intelligence. Despite this drawback, Germany is part of the EU, which means you’ll be protected by the GDPR (General Data Protection Regulation), as well as by headstrong data privacy regulations.

GDPR’s main principle forbids companies to collect and use your personal data without your informed consent. Additionally, Germany amended its German Federal Data Protection Act ( protecting internet users) to align with GDPR. Tutanota also has its servers’ network and data centers in Germany. Based on end-to-end encryption, no third party (even Tutanota staff) can access data stored on their servers.

ProtonMail

ProtonMail takes great pride in its Swiss origin and how its story began at CERN (the European Organization for Nuclear Research). Interestingly, this is the same organization Tim Berners Lee had worked for when he invented the World Wide Web. ProtonMail’s head offices and server infrastructure are in Switzerland – deep under hundreds of meters of solid granite rock, providing full proof protection, possibly even against nuclear attacks.

Switzerland is also a place with strong privacy laws and is notorious for its overall neutrality. The country is outside the European Union (EU), and the European Economic Area (EEA), and not part of any of the 5/9/14 Eyes Alliances.

The Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) protect your ProtonMail data. The terms of these two laws are similar to GDPR, so only a Swiss court can make the company release the limited user information ProtonMail has on you.

Both companies publish and share a transparency report, showing every request they receive and their collaborations with authorities.

Winner: It’s a tie

Pricing and Subscriptions

The good news is both ProtonMail and Tutanota offer a free plan, but each covers slightly different things.

If you choose ProtonMail, the free version only covers 500MB of storage, while Tutanota offers 1 GB of storage. The free plan is available for only 1 user for both email services.

Tutanota

Paid plans for Tutanota range between 1 EUR and 4 EUR/month. The free version of Tutanota is pretty limited and only supports Tutanota domains. Tutanota doesn’t provide customer support to free users.

Considering the affordable price, either the Premium or Teams plan would be a good fit if you want more options. The two subscription plans are also much the same, the notable difference being that the Teams plan offers 10GB of storage instead of only 1GB for the Premium.

Table showing differences of free and paid plans Tutanota

ProtonMail

Paid plans for ProtonMail range between 5 EUR and 30 EUR/month.

ProtonMail covers 3 types of paid plans. Visionary, the most expensive plan at 30 EUR/month, is the only one that includes the company’s VPN service. ProtonVPN Plus and Professional plans are similar. The Professional plan offers 2 custom domains, allows unlimited messages per day, and the support team prioritizes these accounts, along with Visionary users.

Table showing differences of free and paid plans ProtonMail

The free version of each email service should cover everything you need from an email provider if you’re a single user. Tutanota has the disadvantage of not offering support services to free users. If you’re interested in a paid plan, Tutanota is cheaper, but only ProtonMail offers a VPN service in its highest premium plan.

Winner: It’s a tie

Stand Out Options & Features

Tutanota

With Tutanota, you can enjoy Secure Connect – an encrypted communication process dedicated to whistleblowers and news websites.

Secure Connect works like any contact form on a website, only it’s automatically encrypted end-to-end before it reaches the mailbox of the website owner. The feature masks both email content and attached files. Any news outlet platform can add this feature, so potential whistleblowers and activists can contact them safely and privately. Tutanota recommends accessing Secure Connect via Tor for improved identity protection.

Tutanota offers 2FA (Second Factor Authentication) with U2F, giving an additional security layer.

*U2F stands for Universal 2nd Factor – this standard both improves and simplifies the 2FA authentication. You can enable U2F authentication using a physical USB device plugged into your laptop or PC, or a near-field communication (NFC) device using the same technology as a smart card.

If you care about the environment, you might prefer Tutanota. The company states it’s an environmentally friendly service since they only use renewable or green energy.

ProtonMail

The ProtonMail Bridge app is a feature the email service offers within its paid plans. Mostly for tech-advanced users, the Bridge app runs in the background and encrypts online traffic for apps that support IMAP (Internet Message Access Protocol) or SMTP (Simple Mail Transfer Protocol).

The Bottom Line – They’re Both a Great Choice

To sum up, Tutanota and ProtonMail are equally private and secure. The only aspect where Tutanota outranks ProtonMail is its extra features, namely the Secure Connect, U2F option, and the company’s reliance on green energy.

ProtonMail was recently in the media spotlight as the company collaborated with French and Swiss authorities and handed over the IP address of a person charged with theft.

Tutanota’s privacy policy also acknowledges that it will comply with authorities if their users are under criminal investigation. There’s no public knowledge this has ever happened with Tutanota so far.

It all depends on what you’re looking for in a private and secure email provider. To make your decision easier, check the comparison table below.

Comparison of features & options Tutanota ProtonMail
E2EE (end-to-end encryption)
Perfect Forward Secrecy
Encryption standard 128-bit with RSA 2048 bit AES 256-bit
PGP (Pretty Good Privacy)
No IP Logging
(Limited) Open-Source code
Dedicated apps Windows, macOS, Linux, iOS, Android iOS, Android
Customer Support Only for paying users
Free version
Price paid plans € 1-4/ $ 1.13 — 4.5 € 5-30/ $ 5,7-34

While keeping your email communications private works like a charm with either Tutanota or ProtonMail, your IP address is still at risk. Use CyberGhost VPN to make sure your IP address stays hidden at all times!

Do you use any of the two email services? If so, what made you choose it? Let me know in the comments section below.

FAQ

Which email is more secure – Tutanota or ProtonMail?

The two email services are equal in terms of security. Tutanota has a slight edge as it offers U2F for second-factor authentication. It’s an easier method to apply 2FA – a security feature available with ProtonMail as well.

Both email services offer end-to-end encryption, but Tutanota encrypts a larger part of the email ecosystem, including email subject, body, and attachments; ProtonMail doesn’t encrypt subject lines.

While great for privacy, an encrypted email service does not protect all of your personal information. Download CyberGhost VPN and make sure your traffic is protected by world-class AES 256-bit encryption.

Are there apps available for Tutanota and ProtonMail?

Tutanota has a desktop app for Windows, macOS, and Linux, but it also has a dedicated mobile and desktop app for Android and iOS.

Similarly, you can find an iOS and Android app for ProtonMail, but it doesn’t offer a desktop app, so you can only access it on your PC via a browser.

An app provides more online privacy and security compared to a browser. For instance, it’s easier to enable 2FA within an app, which can have an embedded security certificate.

With CyberGhost VPN, you can secure and encrypt online data on up to 7 devices simultaneously.

Does either Tutanota or ProtonMail have a free subscription?

Both Tutanota and ProtonMail offer a free account option with basic features. Tutanota’s free account includes 1GB of storage, while ProtonMail offers 500MB.

The free subscriptions do have their limitations. For instance, ProtonMail limits free users to 150 messages each day, while Tutanota limits free users to one calendar and only allows Tutanota domains.

Whether you choose a Tutanota or ProtonMail free subscription, combine your encrypted email service with a premium VPN. You can try CyberGhost VPN risk-free thanks to our lengthy 45-day money-back guarantee.

Should you use a VPN when sending emails?

Even if you use a secure and encrypted email service, you should always browse online with a connected VPN.

A VPN adds an additional security layer to all your online communications and traffic. Even though you encrypt your email messages the rest of your online activities are exposed. Websites and online platforms can still uncover your location or track your activity.

CyberGhost VPN is a reliable VPN service with a strict No-Logs policy. We don’t log your activity, sell it, or share it with third parties.

Leave a comment

As I understand it, both Tutanota and ProtonMail need a similar recipient to provide an encrypted conversation. What happens if the end user have another address such as for example gemail.com?

Reply

Hi, Ghostie,
 
Both Tutanota and Proton have options to password-encrypt emails that are sent to external recipients.
 
Stay safe!

Thanks! Great article.

Reply

Write a comment

Your email address will not be published. Required fields are marked*