Tutanota private email review (+ vs ProtonMail) - BestVPN.com

Tutanota Review

Our summary

Tutanota is a free, open-source webmail service that offers a high level of privacy. Just don’t expect it to protect you from the NSA.

Our Score



  • 1GB storage for free - can be expanded with premium plans
  • Everything is encrypted – subject body and attachment
  • Completely open source
  • Great Android and iOS apps
  • Can receive an encrypted reply from regular email users
  • You can an use own domain name
Some alternative options for you...
Our Score
Our Score
Our Score

Following Edward Snowden’s revelations that everything we do online is spied on all the time by secretive and vastly powerful government organizations, there is a growing demand for more private internet services. This is never more true than with the outdated and highly insecure, yet still essential for most our day-to-day lives, communication system that is email.

Even more than the likes of the NSA, the advent of web based email that is easy to use, can be readily accessed from any internet enabled device, and which is ‘free’ (but which we pay for by allowing the likes of Google to scan every email and use the information it gleans from this to deliver ever more targeted advertising) presents the single greatest threat to our privacy yet seen.

Although by far the most secure and private way to access email is using a stand-alone email client with PGP encryption (see our tutorial on using Gpg4win as an example of this), preferably using a self-hosted email server, this is a fiddly, inelegant solution that involves a sophisticated understanding of using asymmetric key pairs, something which the vast majority of internet users’ have no ability or desire to master. OpenPGP browser plugins such as Mailvelope are easier (if less secure) to use, but are still too complex for most users.

There is therefore an urgent need for a Gmail-like webmail service that provides all the functionality of something like Gmail, but is both more secure, and which will not spy on its users and then monetize that very personal data (it should be understood, however, that no webmail service can protect against targeted NSA-style surveillance, and that simply by virtue of being a privacy-based encrypted service, users will automatically be of interest to government spying organizations.)

In our article on Free privacy conscious webmail options we examine some good privacy oriented alternatives to Gmail (etc.), but the two new services that are getting the most attention from the security community are ProtonMail and Tutanota, both of which have gone to great efforts to make their services attractive to casual users looking for a more secure email solution but without losing all the aesthetics and functionality offered by their current provider.

We reviewed ProtonMail (which is still in beta) earlier this year, and were broadly impressed with. It is a long way from perfect, but ‘is a very easy to use webmail service (on par with Gmail and suchlike) that is much more secure than most such webmail services, and which will not (cannot) spy on all your correspondence in order to deliver targeted advertising.’

As the two services are in fairly direct competition, we think it will be useful in this review of Tutanova (the ‘name derived from Latin and contains the words “tuta” and “nota” which mean “secure message”’) to compare and contrast them, which will hopefully help to highlight the pros and cons of each.


As with ProtonMail, all Tutanota accounts are currently free, but a premium service will be offered soon (Tutanova also accepts donations). It currently offers the following features:

  • 1GB storage (forever free)
  • Attachments limited to 25MB (for now)
  • 1 free alias is permitted (i.e. 2 email addresses). More will be available to premium users
  • Everything is encrypted – subject, body, and attachment (ProtonMail currently only encrypts the body)
  • Completely open source (code available here)
  • Android and iOS apps
  • Can not only send encrypted emails to users of regular email (as ProtonMail can), but can receive an encrypted reply from them
  • Outlook addon (for premium business users – we did not test this)
  • (Upcoming – use webmail services with own domain name)

The killer feature here is clearly the ability for non-Tutanota users to securely respond to encrypted emails (please see update at end of this article). The fact that Tutanota is open source while ProtonMail is not should in theory give it an edge, but Tutanota’s source code has not been independently audited by reputable researchers, while ProtonMail’s, although closed source, has…


Much is made of the fact that ProtonMail is based in Switzerland (or at least its servers are, the team hails from Harvard University in the US), which because of its strict privacy laws is widely regarded as privacy-friendly. This is, however, to a large extent an illusion (Google Translate), as data retention laws and NSA-style surveillance are alive and well there.

Tutanota is based in Germany, which also has strict privacy laws, but which also practices widespread surveillance of its own, and is provides the base for the NSA’s extensive European operations. You pays your money and takes your chances…

Tutanota does not use two-factor authentication (although his feature is planned at some stage), but then neither does ProtonMail (which does require two passwords, but as these are each ‘something you know’ rather than ‘something you know and something you have’, does not count as 2FA).

Tutanota provides end-to-end encryption, so email stored on Tutanota’s servers is encrypted an cannot be accessed or decrypted by staff members. When asked how Tutanota would respond if asked ask by the police to identify a user, a Tutanota staff member said,

We would refuse requests. Only if a German court issues a warrant, we can be forced to hand over data. However all data on our servers is encrypted and we do not have access to the encryption keys. So the only thing we could hand out is the metadata (from, to, when), we are working on how to conceal these. We do not log IP addresses and anonymous sign up it possible. We strip IP addresses from mails sent and received to guarantee your anonymity.

This sounds all very reassuring, although the website FAQ does note that IP addresses will be logged if ‘we find out that an account is misusing the system.’ As alluded to in the above statement, Tutanova permits users to sign-up anonymously over Tor, which is good news.


As noted above, Tutanota uses end-to-end encryption, and does not know users’ passwords, which are ‘salted and hashed with Bcrypt on your device before being transmitted’ for login. You should beware that because Tutanota does not store any passwords, if you lose yours then it will not be recoverable!

Emails between Tutanota users are encrypted using ‘a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm’, using 128-bit AES with 2048-bit RSA handshake encryption. Emails to non-Tutanota users are encrypted using AES-128. This sounds pretty secure to us, although we do wonder why the industry-standard 256-bit AES encryption was not chosen.

Although ProtonMail’s use of PGP encryption is arguably stronger than that used by Tutanota, Tutanota’s method allows it to encrypt not just the body of the message, but the subject line and attachments as well, which is a definite feather in its cap. Regular messages sent to non-Tutanota recipients are not encrypted in transit, but are stored encrypted on Tutanota’s servers, as are messages and attachments received that arrive in plaintext.

Unfortunately, all encryption is performed in JavaScript by your browser, so as with ProtonMail, this cannot be considered completely secure against a determined attacker.

Tutanota in use

Unlike ProtonMail, signing-in to Tutanota requires entering a single password, which takes you to the main interface.

test mail 1

The basic interface is cleanly laid out and easy to use, but lacks many of the bells and whistles we have come to expect from a webmail service (the most notable of which is the ability to save drafts).

By default, all emails are sent confidentially i.e. encrypted (this can be changed in the settings), which requires entering an agreed upon shared passphrase that the recipient will know (if this is too short then you will receive an alert, but you can choose to override this). Unlike ProtonMail, there is no hint option, so you will have to agree on a password in advance (preferably in person or using secure IM chat).

enencrypted msg

If a recipient uses regular email, they will receive an invitation to view your message securely. Note that while the senders name is shown, the subject, body, and attachments are not.

enencrypted 2

To view your message the recipient follows the supplied link, and enters the agreed upon password.

encrypted 3

This where Tutanota really shines, because non-Tutanota using recipients of secure email are assigned a special ‘personal’ account that allows them to respond to the message securely. All messages sent from a specific Tutanota account are also available through this special account.


Early users complained about the basic Contacts manager, but this has now been fixed and seems to be fully featured. Hopefully the ability to save draft messages will also come soon!

The mobile app

A Tutanota app is available for iOS and Android. We tested the Android version.


The app is simple, but is well laid out and works well. As with the web client, emails are encrypted by default

Email Privacy Tester results

We tested both ProtonMail and Tutanota using the Email Privacy Tester tool developed by Mike Cardwell.

ProtonMail test results

ProtonMail results

Tutanota test results

Tutanota results

A Tutanota spokesperson has made the flowing statement:

We know about the failures from https://emailprivacytester.com They are not crucial and we will fix them within the coming months.

Interestingly, when we performed this test on a Gmail account, it passed with flying colors.


We really like Tutanota. As with ProtonMail, it is certainly not perfect, and should not be considered secure against the NSA – encryption using JavaScript within the browser is not very secure, and Germany is not the ideal location for a privacy service (but then where is?). It is, however, vastly more secure and private than most webmail services, and it has a nice mobile app.

Whether you prefer ProtonMail or Tutanota really depends on what features are important to you – ProtonMail has a much more fully featured interface (Tutanota’s complete lack of a draft function is a total bummer), but Tutanota allows even non-user recipients to reply securely to encrypted emails*, and encrypts the subject line and attachments, in addition to an email’s body.

Both services are currently free (and will continue to offer basic functionality for free), so there is no reason not to try both and see which you prefer (although the waiting list for ProtonMail accounts is quite long). Both services are still under heavy development, so we look forward to seeing how they progress.

*Update 10 March 2015: The ProtonMail team has contacted BestVPN.com to let us know that its latest update (ProtonMail BETA v1.15 ) allows outside users to reply to encrypted messages securely. Please see here for more details. This is great news, and makes choosing between two services even more than ever a matter of personal choice, with ProtonMail having a much more advanced interface, while Tutanota encrypts headers and attachments. As already noted, both services are under heavy development and are adding new features all the time, which can only be a good thing for users of either one.

Update: As of 13 August 2015 ProtonMail is fully open source.

Douglas Crawford
March 12th, 2018

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

74 responses to “Tutanota private email review (+ vs ProtonMail)

  1. knightdragon says:

    I have created two email accounts, both times even if I punch in the correct password I am told that it is invalid. what is up?

    1. Douglas Crawford says:

      Hi knightdragon,

      I’m afraid that you need to ask Tutanota’s support about this.

  2. tutavsprot says:

    ProtonMail Allegedly Proxied by Israeli Firm with IDF Links

    Protonmail has routed all their server to Israeli Radware for scanning for DDos attacks BUT Israeli IDF spy network now has total a grip of protonmail privacy.
    Is this really an issue?
    Just because a company has done business with the Israeli military, does that make it a tool of and spy for that industry?

    ProtonMail is/was under large scale DDoS attack, with bold and resourced attackers unafraid to cause collateral damage to provider infrastructure. ProtonMail said likely attacker is/was nation-state. ProtonMail subsequently announced they received support to filter the attack, rescuing the service. Let us examine final 5 traceroute hops to ProtonMail:

    6. be2115.agr21.fra03.atlas.cogentco.com
    9. ???

    Hop 7 is “Internet Binat” based in Israel.

    %rwhois V-1.5:0010b0:00 rwhois.cogentco.com (CGNT rwhoisd 0.0.0)

    network:Org-Name:Internet Binat
    network:Street-Address:Habarzel 27 Tel Aviv Or Building A 69710 Israel
    network:City:tel aviv
    network:Updated:2015-07-08 17:07:25

    Internet Binat is synonymous with “Bynet Data Communications” which built the Israeli Defense Forces “cloud” server farm, and the IDF Intelligence Corps “technology campus” in the Negev, in deals brokered by Lockheed Martin.



    Binat and Bynet spell their names identically (vet-yud-nun-tuff) in Hebrew, share the same Habarzel 27 address, and are linked by Binat CEO Shmulik Haber.


    Likely the DDoS attack on ProtonMail was orchestrated to follow with an offer of generous “help” it could not refuse, necessarily a re-route of all traffic through third-party “anti-DDoS” systems. Now the “Switzerland” based privacy firm is proxied by an Israeli firm for traffic analysis, network exploitation of users, cryptographic monkeying. Israeli expertise in the latter is unmatched. Classic gov-mil cyber op with great PR happy ending for exploited asset. Users of ProtonMail must not fret; they got lucky with this fumble.
    Don’t trust this security faker; don’t trust the next one.


    They explain first that they work with Radware, which has offices all over the world. I think they work with the German office. But the headquarters is in Israel. Further, all the traffic for DDoS filtering goes through encrypted tunnels. The traffic, when DDoS filtering is active, goes through servers in Germany, not Israel. So it’s is false that they are proxied in Israel–both because that’s not where the servers are and because they are not being “proxied,” which is a misunderstanding of the technology being used. And lastly when they setup the DDoS filtering they went out of their way to find a solution that did not affect the privacy of Protonmail, which required a more expensive complex solution than basic DNS protection.

    Do you know where in germany ? At frankfurt !!!

    Frankfurt where was located the nsa team … proton mail is compromised , works with the nsa by a contract with an israely firm.

    Protonmail runs a smart challenge for an ideal (free software on the front-end – unknown back-end) & for their private ambition (education & origin & competence – not mature : borderline -) applying a trick & tip plan, repeats that they learnt blindly : make money without conscience, morality, involvement.
    That is their signature where the frontier between scam & corruption brings trouble & confusion.

    More importantly, the article focuses on one of the hops when you connect to Protonmail’s servers. But you also hop through a whole slew of other servers that could also do traffic analysis. We already know that NSA can and does set up servers on the internet backbone to watch traffic.

    I feel that protonmail attacks has came from the same people who offered Protonmail an offer that they could not refuse.
    ProtonMail seems to be just a good business oriented email provider with bunch of folks coming from elite universities claiming that switzerland is the safest country for encrypted email provider. I don’t see a reason why it has to be in Switzerland, since it should be encrypted in a way that there is no possibility for decryption. Tutanota does it that way and then it doesnt matter anymore where the servers are, except of the USA where such email provider company cannot even start to operate.
    So any user of an encrypted email service like Protonmail should probably assume that using such a service means they’re email traffic is being watched. If Protonmail’s encryption can’t handle that, then it’s a useless service anyway. And indeed, the whole reason there are encrypted email services to begin with is because email traffic is being watched. Users should already assume their traffic is being analyzed and intercepted. That’s why they use encryption.

    Much is made of the fact that ProtonMail is based in Switzerland (or at least its servers are, the team hails from Harvard University in the US), which because of its strict privacy laws is widely regarded as privacy-friendly. This is, however, to a large extent an illusion, as data retention laws and NSA-style surveillance are alive and well there.

    Protonmail was developed at CERN, the same people who play god with particle accelerators and manufacture black holes. They also started the WWW, which is the very source of most privacy concerns. Trusting them with anything is like trusting drunks with explosives. Oh wait, that’s how we celebrate America’s birthday in this age of terror fears; Protonmail was designed by AMERICANS at CERN. Anyone from Europe and Asia can tell you just how amazingly intelligent Americans are. I’d go with Tutanota, as Germany knows from personal experience just where American “freedom” is heading. Americans don’t even know what privacy or security truly mean. Maps on Wikipedia and probably elsewhere show the location of the Protonmail servers, information you shouldn’t blather about the web if you truly understand those concepts.

    Tutanota is based in Germany, which also has strict privacy laws, but which also practices widespread surveillance of its own, and is provides the base for the NSA’s extensive European operations.

    There is nothing stopping Tutanota (or ProtonMail ect.) from updating the JavaScript sent to your browser with bad code. This one of the main reasons that browser-based JavaScript cryptography is considered very insecure. Basically, services such as Tutanota, ProtonMail are much more private than regular webmail services, but are no protection against a targeted attack by the likes of the NSA.

    * The .com top level domain (TLD) is under the control of the US government (more specifically, the .com TLD is managed by VeriSign which is a US company under US jurisdiction). However, for users who wish to always avoid .com domains, an alternative webmail access is provided.

  3. Dave None Or Your Business says:

    Tutanota out right lies to it’s users. They say that they do not track you IP addresses. However make two accounts on the same day from the same pc. And the 2nd account can not send email until they review your account. There for they know your IP addresses. Also it’s kind of a dumb move on there part. Because they only know my user name and IP address, what are they reviewing.
    So no I do not like Tutanota.

    1. Douglas Crawford says:

      Hi Dave,

      Hmm. This is something you will need to ask Tutanota about. I know that Tutanota has had issues with abuse of its system before (fake accounts setup for use by spambots). It might be possible to detect that two account are being used at the same time in realtime, withot the need to log IPs as such. But as I say, you will need to ask Tutanota about this.

  4. Mario says:

    I read on-line that thay added a lot of interesting features since this review. So now…which is the best?

    1. Douglas Crawford says:

      Hi Mario,

      That is correct. Both services have added lots of new features. I did re-review ProtonMail, but even that is almost a year old now. Until I have time to look at both services in depth, I cannot say with is better now. i do believe, however, that both are very good (as long as you understand the security limitations of all web-mail services).

  5. Justin Coffman says:

    “This sounds pretty secure to us, although we do wonder why the industry-standard 256-bit AES encryption was not chosen.”

    AES-128 is actually considered the industry standard. I commonly see people choosing AES-256 for new implementations, and when asked why, the answer is simply “because it’s stronger.” It’s the Big Number Effect. If you take a look at the cipher suites chosen/prioritized by modern browsers, you’ll find that AES-128 is prioritized over its 256-bit brother, for a couple of reasons.

    First, AES-128 is (at this time, the world of cryptography is ever-changing) well beyond the ability of even state-sponsored actors to break. As there are no known attacks that work against AES (assuming proper implementation), so the only option is to brute force the key. The numbers involved in attempting to crack a single AES-128 key are beyond reasonable even on cosmological timescales. With extremely generous assumptions of current processing capability, it is estimated to take approximately 1 quintillion (1,000,000,000,000,000,000) years (68 million times the present estimated age of the universe, 14.7 billion years) to crack a single AES-128 key. So what if it takes 331 septendecillion (331,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000) years (22.5 quattuordecillion times the age of the universe) to crack AES-256? By the time we break either key, every star in the universe will have ceased to shine, so why is added the added computational complexity in using the 256-bit variant worth it? It’s not.

    Second, due to some of the design choices in the 256-bit variant, there is some thought in the cryptography field that the 128-bit version is actually MORE secure, owing to some theoretical concerns with one of the main components of the 256-bit algorithm. (Specifically, the values selected for the S-box. See https://www.schneier.com/blog/archives/2009/07/new_attack_on_a.html for one such example, and note that it does not apply to the 128-bit variant.)

    1. Douglas Crawford says:

      Hi Justin,

      Yo are correct that AES-128 remains secure as far as anyone is aware. Indeed, I show some similar figures on how difficult it would to brute force here. It is also true AES-128 has a stronger key schedule than AES-256. However, given what we now know about the extent of the NSA’s assault on encryption standards, most experts agree that AES-256 provides a higher security margin. This perception has been reinforced by the US government’s choice of AES-256 for all of its “sensitive” data.

      ut given what we now know about the extent of the NSA’s assault on encryption standards, most experts agree that AES-256 provides a higher security margin

  6. God's watching too says:

    Obviously, your paid off to not post our comments re our experience with these sites.

    Pretty pathetic.

    1. Douglas Crawford says:

      Hi God’s watching too,

      Um. I hand-moderate all comments sent to BestVPN. I only moderate comments that appear to be spam or are actively offensive. Looking back through deleted comments, I can see nothing that belongs to you. Does “these websites” refer to Tutatanota and ProtonMail, or is this just spam?

  7. Random Flaming Faggot says:

    It is important to understand why you want encryption. If you want to avoid being flagged to broad government surveillance bcz you watched a Block Lights Mother video on YouTubed but are not engaged in anything illegal medium security is sufficient to cause the surveillancers to waste time and money cracking your accounts for absolutely nothing. Ditto if you are DMA non-compliant swapping copyrighted songs or general low level technically not-quite legal access which no one really thinks shoulld be illegal anyway unless you have a local DA that ambitiously wants to make an example and maliciously prosecute some schmuck. It could be you. But no Canadian/Swiss/German court would have the patience to put up with an annoying local investigative agency that kept pestering it with frivolous requests-they would only succeed in making a laughing stock of their jurisdiction But these are legal subtlties and I might be wrong. Maybe if you live in Turkey right now when Erduggin is sending thousands into court or jail your privacy is critical even if you have no political or illegal agenda. So there is never such a thing as too much security, but a realistic rather than paranoid assessment of your possible legal liabilities is as important as the tech stuff. That way you don’t have to spend your whole life like a Bond villian plotting your course of privacy protection when it might be entirely uneeded. (BTW if I am not on my VPN all this can be Data-Cruched hence my mispellings).

    1. Douglas Crawford says:

      Hi Random.

      Indeed. This is known as identifying your threat model.

      1. Frans says:

        What do you think about cryptoheaven?

        1. Douglas Crawford says:

          Hi Frans,

          I note that your email @cryptoheaven.com. I’m afraid that I do not generally recommend closed source software, especially when it relates to security. Please see here for why this is.

  8. Reynaldo says:

    My impression reading the emails here is that secure email services are premature because secure systems really don’t exist. Therefore NSA can breaking into anything.
    I saw the FBI head Comey recently saying that it costs $100 (or something like that) for the FBI to break into a gmail account, and gmail, he says, has pretty good security.

    I think the best you can do now is have offline machine for encrypting and decrypting messages and an online machine that interfaces directly to the internet with a very simple communication link, impossible to hack, used for transmitting encrypted messages only. Any complications increase vulnerability to hackers. It doesn’t sound acceptable for cell phone usage, but for a desktop or laptop online machine, that would
    be the sound thing to do if you really need NSA-proof encryption.

    1. Douglas Crawford says:

      Hi Reynaldo,

      Well, if you are worried about the NSA targeting your email in particular, then PGP encrypted/encrypted mail locally is your only hope (and even here I don’t fancy your chances). Against casual blanket government surveillance and your own email provider (e.g. Google) invading your privacy in order to target ads at you, services such as Tutanota and ProtonMail are very good.

  9. Quassar says:

    So which email service use ?!

    1. Douglas Crawford says:

      Hi Quassar,

      Both services are good, and both have added many features since this review. I plan to update this review in the near future, so might try to provide a definitive answer to your question then.

  10. FEDUP says:

    I have a Tutanota account which I used to conduct important research with the Library of Congress, City of Philadelphia, and elsewhere. All replies are stuck in Tutanota, because you can’t back them up or download them. Therefore, I’m stuck going to my account to print-screen something from time to time. Until today: logged in to find ALL GONE !!!! They purged the contents prior to a certain date, leaving me with NOTHING. Do NOT use Tutanota if you don’t want to be robbed of energy and efforts.

    1. Douglas Crawford says:

      Hi FEDUP,

      Ouch! You have my sympathy. I assume that you have contacted Tutanota’s support team about the issue? Are you sure the messages have been not been archived somewhere? I should note that not many would consider the inability to backup emails to be a “feature” when it comes to a secure email service such as Tutanota. I should also note that Tutanota email accounts have a clearly stated storage limit (starts at 1gb, but this is expandable). I wish you luck recovering your emails.

  11. Ant says:

    Douglas, “Unfortunately, all encryption is performed in JavaScript by your browser, so as with ProtonMail, this cannot be considered completely secure against a determined attacker.” – whether there is in the world of e-mail secure services without such problems?

    1. Douglas Crawford says:

      Hi Ant,

      By far the most secure way to send email is using PGP encryption with a dedicated mail client (not webmail). Unfortunately, PGP is a pain to use, which has seriously hampered its adoption (even if you can be bothered to use it, good luck persuading your friends and colleagues to join you!). Please see Secure your email with Gpg4win for a guide to using the Windows implementation of GnuPGP (Gpg4Win). Although not as secure using as GnuPGP with a standalone mail client, the Mailvelope browser extension is much easier to use, and is almost certainly more secure than using ProtonMail or Tutanota. It still requires your contacts to also use some version of PGP, however, and PGP in general does not hide metadata.

    2. John says:

      I’m aware this must be a really newbie question, so forgive me.. But I’ve received an email in tutanova inbox, but none of the hyperlinks are available… how can I click on them?
      Thank you for any reply

      1. Douglas Crawford says:

        Hi John,

        I must admit that I am not clear about what you mean by “none of the hyperlinks are available”. Is this an encrypted email?

  12. arez says:

    Hi, i think the best is posteo mail. all of anonymous.
    any idea?

    1. Douglas Crawford says:

      Hi arez,

      I am not familiar with Posteo.de, but as far as I can see it is not open source, which pretty much discounts in my view.

      1. arez says:

        Hi Douglas Crawford,

        Acutely, i don’t care if i have lots of mails for determining work. I’m interesting to using Protonmail, Posteo and Tutanota ,etc.

        Could u please advice me which mail serve is suitable for me for following objectives? ( for objective 1 which mail i should be using).

        1. Academic ” university” ( as my passport and other documents will be upload and download,..).

        2. MAC laptop ( i want to use for mac id to download Apps,..)

        3. Friends, as using other mail server ( maybe share something like link and video that be safe from meta data, and big data)

        4. Member of some sites that i want to be anonymous who i am ( i will longing from different devices; my mac, iphone, university,.. ).

        **** 5 . iphone and ipad ( *** i’m using not only id apple , but it so important to me because i want to email and transferring and save my very secret information & idea throughout email. ( idont’ trust to icloud or dropbox) ****

        Lastly, if you have any other suggestion, I really appreciate it.

        Thank you.


        1. Douglas Crawford says:

          Hi arez,

          If you want a webmail service that is a lot more secure and private than Gmail etc., then both ProtonMail and Tutanota are good options. Neither service offers an iOS app (yet), but both have good responsive-design websites that should look great in Safari. If you are interested, I have a more up-to-date ProtonMail Review, and plan to update this Tutanota review in the not too distant future. Update: Oops! Tutanota does and always has offered an iOS app.

          1. Number 6 says:

            I’m confused. In the article, you wrote, “A Tutanota app is available for iOS and Android.” Then in a comment 7 months later, you wrote, “Neither service offers an iOS app (yet).” Which is it?

          2. Douglas Crawford says:

            Hi Number 6,

            Um.. because I knew what I was talking about when I wrote the review, but must have forgoten/got confused while answering a comment 7 month later. Mea culpa. Tutanota definitely has an iOS app.

  13. Daniel says:

    I have started using Tutanota. Poking around a bit and came across a review on Quora from Oct 2015: https://www.quora.com/Which-service-offers-the-best-security-for-email-ProtonMail-or-Tutanota/answer/Francisco-Ruiz-5

    Part of what he was saying went over my head. I’m pasting the comments below for your convenience:

    Neither, and this includes Chiaramail as well. The reason is simple enough: even though the crypto code may run on the client, all of these services are server-based at heart. If the server turns evil or is given a gagged subpoena, you have no way to know that the code they are sending to your client (never mind what code they publish on their open-source site) isn’t pulling a fast one on you. They could be sending you code that does not encrypt securely, or that sniffs your passwords, or all of the above. And you’d never know. . . .

    Deep down, they are compromising user security because of their need to make money. Think about this for a moment. Why not do away with their email server and all the other server functions and just limit themselves to send you the JavaScript client-side code? Then you could encrypt and decrypt in your machine and simply cut and paste into Gmail or whatever else you want to use, and you’d never have to change your email address. They use servers because by keeping your data (encrypted, no doubt), or your private key, or whatever, they’ll be able to charge you at some point, especially if you want more storage or more features such as time-limited decryption à la Dmail or Virtru.

    This is why I have developed PassLok, and SeeOnce, and URSA. All three are strictly client-based. If you feel suspicious about the code, you can always take a hash (the apps contain detailed instruction on how to do it even on a smartphone) and compare it with the hash published on a separate page. For extra assurance, you can always watch a video of yours truly reading the SHA256 of the code, which is contained within a single html file that calls nothing outside itself.

    URSA does symmetric encryption plus a bit of steganography: it is roughly equivalent to Tutanota’s non-user mode, minus the email server. SeeOnce specializes in forward-secret encryption based on a variant of the Off the Record (OTR) protocol; a truly unique app that probably has no equivalent out there yet. Finally PassLok encompasses those features, plus more conventional asymmetric encryption and a plethora of steganography tools. A beginner would likely start with URSA, and then move to SeeOnce and finally PassLok, making the crypto learning curve quite flat indeed. All three apps are free, and will continue to be so because it costs us almost nothing to supply them to the public.

    1. Douglas Crawford says:

      Hi Daniel,

      Much of what Ruiz says here is true – there is nothing stopping Tutanota (or ProtonMail ect.) from updating the JavaScript sent to your browser with bad code. This one of the main reasons that browser-based JavaScript cryptography is considered very insecure (and is discussed in the article linked to in the Security section of this review). Basically, services such as Tutanota, ProtonMail and ChairaMail are much more private than regular webmail services, but are no protection against a targeted attack by the likes of the NSA. Remember that purely in terms of technical security, Gmail is very good, its just that Google reads all your mail and will use what it finds to target you with ads). For what its worth, Ruiz’s scripts appear not to be open source, and also rely on JavaScript cryptography within the browser (although I may, admittedly, be wrong about this).

  14. Robert Peters says:

    Surprised you do not comment on neomailbox ??

    1. Douglas Crawford says:

      Hi Robert,

      As far as I know, Neomailbox is not open source and nor has it been independently audited, which pretty much discounts it my view.

    2. Brian says:

      Neomailbox doesnt even allow you to test it, you have to blindly buy a annual account, I think not.

  15. djf says:

    Pretty sure Tutanota is based on harvesting unencrypted incoming/outgoing mail which Tutanota DOES have access to. Although they claim it’s encrypted on their servers Tutanota would be the one that holds the key.

    1. Douglas Crawford says:

      Hi djf,

      Have you any proof of this, because I’m pretty sure it’s not!? Tutanota does NOT claim emails are encrypted on its servers – they are encrypted locally within the browser, with only you (not Tutanota) holding the key. How can we be sure? Well, Tutanota is 100% open source…

    1. Douglas Crawford says:

      Hi johan,

      I am not familiar with the service, but as far as I can tell, it is not open source so I wouldn’t touch it.

  16. Peter says:

    I think Protonmail went open source last August. Sorry if I missed it being mentioned anywhere.

    1. Douglas Crawford says:

      Hi Peter,

      I was off adventuring in Peru during august and missed this (fantastic) news. Thanks for pointing it out! I have added an update to this article and the ProtonMail review.

  17. Brian says:

    Tutanota have now introduced Draft and as I understand it are working on Inbox Rules

    1. Douglas Crawford says:

      HJ=i Brian,

      Thanks for letting us know. When I have the time I’ll check out Tutanota again.

      1. Brian says:

        They now also have inbox rules for premium accounts, the service is really taking shape nicely IMO, I have a protonmail but I am using tuta for my private use.

        1. Douglas Crawford says:

          Hi Brian,

          Both Tutanoita and ProtonMail have added loads of features since I wrote this review (and ProtonMail has gone 100%) open source. Bost services seem to be shaping up very well, and when I have time, I’ll re-review them.

  18. James says:

    Mr. Crawford,

    I’ve recently been looking around for a more secure way to do email, I just can’t shake the constant feeling that some entity is spying on my online activity and pilfering my personal emails, (both of which I know do occur on a regualr basis with the way things are in this day and age). It’s quite unsettling, to say the least.

    Anyhow. I’ve come upon a few options in my research and would like to know if you have any knowledge on an email service called “Jumble”. I’m very new to all this so if Jumble is a ridiculous option for whatever reason, please forgive my naivety. Any info you can supply on Jumble would be greatly appreciated.

    Thank you for all your time effort and help with this ever important subject,


    1. Douglas Crawford says:

      Hi James,

      I’m afraid that I am not familiar with Jumble, but the fact that it is neither open source, nor been independently audited by respected professionals in the field (as ProtonMail has) means that I am unlikely to ever recommend it.

  19. Priv says:

    Great article, but what about Openmailbox? (The fact that apparently there’s not a way to see their privacy policy is a little disturbing, isn’t?).

    1. Douglas Crawford says:

      Hi Priv,

      I have not investigated Openmailbox yet, but plan to at some point i the not too distant future.

  20. Lorenzo says:

    Hey Douglas,

    I’m confused about one thing:
    Are the e-mails encrypted right off the bat or do i have to password protect them personally?

    1. Douglas Crawford says:

      Hi Lorenzo,

      By default, all emails are encrypted, which requires entering an agreed upon shared passphrase that the recipient will know each time (this can be changed in the settings). If a recipient uses regular email, they will receive an invitation to view your message securely.

  21. Robert says:

    Have you any experience with Countermail?

    1. Douglas Crawford says:

      Hi Robert,

      I’m afraid not, but I have put it on our list things to look at.

  22. Cedar says:

    Per my last comment, I was transferring some emails to my new account and wasn’t receiving them.

    A huge downside of Ghostmail is it only accepts emails from other Ghostmail accounts, so I’ve put it to one side.

    1. Privacylover says:

      I have an account with GhostMail and I really like their simple interface and also the encrypted chat and storage. I wrote their support regarding incoming emails, and they replied this will be possible very soon. (They answered me within 1 hour, quite impressive.) Just for your information. Cheers.

  23. Daniel C says:

    What about GhostMail.com? Anyone?

    1. Douglas Crawford says:

      Hi Daniel,

      I have only looked into it briefly, but GhostMail appears to be neither open source nor independently audited, so is unlikely to get a recommendation from us.

    2. Cedar says:

      I see Ghostmail recently went open source (https://blog.ghostmail.com/ghostmail-goes-open-source/). I’m trying to determine the better encryption between Protonmail, Tutanota, and GhostMail: they seems to be the cream of the crop in this category. I have accounts for the latter two and Ghostmail appears to have most things I need. It has an impressive list of features (as listed on their website https://www.ghostmail.com/)

      Douglas, perhaps you could consider reviewing this article. I’d be certainly interested to read your views. Please email me if you do 🙂 I’ve very recently started to comprehend the insidious trend of invasion from governments and organisations into privacy and am switching over to encrypted services. It’s a learning curse, erm I mean curve.

      1. Douglas Crawford says:

        Hi Cedar,

        I will put looking at GhostMail to assess whether a review is justified on my to-do list.

  24. billy says:

    Hiya Douglas

    are you familiar with jumble, its a free, integrated, end-to-end email encryption solution that integrates with existing email systems. Gmail users can sign up and use Jumble They assert that they never hold a copy of your email data and we don’t have access to your encryption keys. This would be good to review. Heres the site https://www.jumble.io

    1. Douglas Crawford says:

      Hi billy,

      It’s the ‘They assert’ part that is the problem. As a general rule I do not trust any service or software that is not open source (or at the least, like ProtonMail, has been independently audited by respected experts in the field.) With closed source platforms we simply have to trust the provider not to do the dirty, which is no security at all…

  25. Max Payne says:

    Hi…Great and helpful article! I use ProtonMail and somehow was not aware that the subject and attachment is not encrypted. I think the day they launch support for custom domains I will switch my business mail to it…

  26. billy says:

    Using protonmail today Douglas I used the “encrypt for outside users” function for the first time as a test. As directed I created a password and a password hint, then sent the email to my destination (my default email). In the email it offers a link below to decrypt the email, however what I cannot get my head around is how can I communicate the password with the recipient in order to decrypt the message, doesn’t this defeat the whole purpose of security, I might as well have sent the email without decrypting? Protonmail do actually say that

    “It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient”.

    My question is if so then how can this be achieved and what is the whole point of this function?

    1. Douglas Crawford says:

      Hi billy,

      Well, assuming that you cannot meet face-to-face (the best method), the best way to communicate securely is via encrypted chat (e.g. TextSecure or Pigin + OTR), or via encrypted VoIP (e.g. Redphone).

      1. billy says:

        Thanks Douglas. I meant to say if I was sending to someone I don’t know like a general email/enquiry email?

        How could I communicate with them that password for them to be able to retrieve the email I sent?

        1. Douglas Crawford says:

          Hi billy,

          If you cannot communicate a shared secret either in person or via secure chat, then you are probably out of luck. If you really need to communicate securely with a stranger then you should contact them through regular means to arrange a physical meetup or secure chat session, during which you can exchange passwords (assuming you can convince them of the need to do this!)

  27. Rags says:

    We cannot trust traditional email anymore. Binfer is a great way to send secure email. It does not store emails anywhere so is very secure. Check it out: http://www.binfer.com.

    1. Douglas Crawford says:

      Hi Rags,

      He have clocked Binfer before, and will take a detailed look at it in a future article (in particular its security implications). Thanks for reminding us!

  28. Duaa says:

    Hi Douglas,
    Great article, I never heard of tutanota before,
    But I use hushmail, do you anything about it ? Is it any good ? Because you never mentioned it

    Thanks a lot

    1. Douglas Crawford says:

      Hi Ben and Duaa,

      I’m glad you like the article. HushMail is does not spy on or exploit its users data for commercial gain, but I noted in our Ultimate Privacy Guide,

      For a while, Hushmail was considered the go-to service for secure webmail, as it offered PGP encryption in a web based service. However, in 2007 a backdoor was used by the owners to capture emails of three accounts, which were then handed over to the Canadian Courts. As Hushmail CTO Brian Smith said in refreshingly honest blog post,

      “[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.”

      It should be noted that any web-based service can in theory be compelled to modify their system to capture users’ decryption keys (as Hushmail did), and Hushmail itself recommends using non web-based services such as GnuPG or PGP Desktop if stronger security is needed.

      Services such as ProtonMail and Tutanota are a new generation of webmail that use end-to-end encryption to overcome (as much as possible) these problems and provide webmail that is genuinely secure (although as we note in thier respective reviews, they are not perfect solutions).

    2. Denis says:

      Hushmail was compromised not long ago. They willingly handed over information about their users to the US government, the level of privacy is absolutely zero. If you want to use one of these anonymous E-mail services, hush mail is one of the worst ones ever.

  29. ben says:

    Great article. what do u think about hushmail.com? better? worse?

    1. Douglas Crawford says:

      Hi ben,

      Thanks.Please see my reply to Duaa.

Leave a Reply

Your email address will not be published. Required fields are marked *