I’ve been using Tutanota for a while now. Been interested in people’s opinions about Tutanota and Protonmail.
Tutanota doesn’t share their security audits, which Proton does.
Also, IIRC Tutanota uses their own custom encryption implementation, while Proton contributes to open source OpenPGP projects.
And when in the past the the Swiss gov ordered Proton to do some limited tracking for a specific user, after that they went to the court and succeeded in changing the law so it’s no longer possible to order this tracking.
Proton might not be ideal, but they seem to actually care about making the Internet a safer place.
I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption There’s even a section which discusses why they do not use PGP. So it’s not like they can’t add it, they just don’t because it lacks “important requirements”. Plus they even are slowly developing a protocol that is post-quantum secure to encrypt their emails with.
