Tuta (formerly Tutanota) is a secure email service run by a small team of privacy enthusiasts in Germany. Although it may not be widely known, Tuta is a serious player among secure email providers. It uses a hybrid encryption system that avoids some of the drawbacks of PGP, and is protected by the GDPR and other pro-privacy EU regulations.
In this new and updated Tuta review, we’ll be posting hands-on test results while sharing our research findings and personal experience in using this email provider for the past few years.
The Tuta team has a strong vision for their product:
In the future Tuta will be the privacy-respecting alternative for Google with a calendar, notes, cloud storage – everything encrypted by default!
That being the case, we’re really going to put Tuta through the wringer to see if they deserve your hard-earned money and attention. Let’s take a look!
| Based in | Germany |
| Storage | 1 – 1,000 GB |
| Price | €3.00/mo. |
| Free Tier | Up to 1 GB |
| Website | Tuta.com |
+ Pros
- Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Can search body of encrypted messages
- Can send encrypted messages to non-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open source code (including mobile apps)
- Good apps for mobile devices
- Free accounts with 1 GB of storage
- Encrypted calendar with iCard support
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains and other price+ features
- Discounts and additional support for non-profits
- Two factor authentication (2FA) support
- Publishes regular Transparency Reports
– Cons
- Does not work with PGP
- Potential delays with account approval
- Currently no way to import existing emails
- Can be affected by EU’s schizophrenic stance on encryption
Tuta features overview
Tuta uses industry-standard end-to-end encryption algorithms for email and other user data. All data is encrypted at rest and only decrypted in your browser or email client. Because it does not use PGP encryption, Tuta also encrypts the subject line of messages. This is a noteworthy difference from some other secure email services, as we discussed in the ProtonMail review.
Additional interesting features of Tuta include:
- Anonymous signup process does not require you to give them a phone number or other personally identifiable information.
- Open source code, including apps.
- Web app and desktop apps for Windows, Mac OS, and Linux.
- Android and iOS mobile apps, with Google-free access to Android app through F-Droid.
- Premium accounts with a range of additional benefits, including a Whitelabel (brandable) Business account.
- The ability to send encrypted emails to non-Tuta users.
- Whitelabel and Secure Connect are supported in paid plans for an additional fee.
- Dark and Light themes.
Tuta launched in 2011 (not long before Edward Snowden began leaking information), and is based in Hanover, Germany.
According to their website:
With its unique open source technology Tuta fights for privacy and freedom of speech online, allowing everybody including NGOs, journalists and activists to send encrypted emails on desktop and mobile. In addition, Tuta’s affordable business version enables companies and organisations of all sizes to easily secure their email communication.
Germany has strong privacy laws, including the Bundesdatenschutzgesetz and GDPR. That said, as elsewhere in the West, there is political pressure to reduce personal privacy rights to “counter terrorism”.
In addition, Germany is a member of the 14 Eyes intelligence alliance. This isn’t ideal, but Tuta provides a detailed explanation of the laws that apply to them and the data they may be forced by law to disclose. In recent years, two court cases affirmed that Tuta was not subject to nasty data retention laws that Germany applies to Internet Service Providers (ISPs).
Unfortunately, what the government giveth, the government taketh away. At the end of 2020, a regional court in Germany ignored the previous cases and decided to impose the ISP regulations on Tuta. The court ordered the company to develop a way to monitor an individual’s account. At the time of this review, Tuta is appealing the ruling. And as you will soon see, thanks to this secure email service’s end-to-end encryption, there really is very little point to the court’s ruling.
Tuta technical specifications
Tuta uses a couple of different encryption algorithms to ensure that your messages cannot be read or tampered with:
Tuta uses symmetric (AES 256) and asymmetric encryption (AES 256 / RSA 2048) to encrypt emails end-to-end (E2E). When both parties use Tuta, all emails are automatically end-to-end encrypted (asymmetric encryption). For an encrypted email to an external recipient, a password for encrypting & decrypting the email (symmetric encryption) must be exchanged once. The company suggests doing so using Signal messenger.
On top of its automatic end-to-end encryption, Tuta uses STARTTLS with an extended validation certificate, Perfect Forward Secrecy, DNSSEC, DANE, DMARC, and DKIM to secure your connection to Tuta to the maximum.
Check here for more info on Tuta’s TLS encryption.
Tuta ensures users that even they cannot access your inbox, due to the open source encryption standards they use.
AES-128 is more than secure enough for protecting your messages. Reportedly even the fastest computers in the world would need many billions of years to crack AES-128.
Tuta is currently working together with Leibniz University Hanover to make their encryption standards future-proof against quantum computer attacks.
Tuta hands-on testing
We’ve based this Tuta review on the browser-based client. If you decide to stick with Tuta, you can easily upgrade to a paid plan, with similar functionality and more storage, email aliases, and other options.
Signing up for Tuta
Signing up for Tuta goes about the way you would expect. Click the Sign Up button on website here to begin the process.
The first step will be to choose your service plan.
On the Subscription screen, click the red Select button under the plan you want to use. Although I have been using Tuta since 2017, for purposes of this review, I have created a new, Free private account. This is the ideal way to test out the service.
Next you will need to enter your account information. You’ll select an email address using one of the domain names Tuta makes available for free users. You’ll also need to enter a Password, and check all the relevant boxes on the screen, including the one that confirms you are at least 16 years old.
Note that you are not required to give Tuta a phone number or other personally identifiable information. This means you can have a truly anonymous free account. As we’ll see in a moment, Tuta has a process in place to prevent spammers from taking advantage of the service. Unfortunately, that process can be a real headache for regular people.
The last step in this process is to record your 64-character Recovery Code. Tuta doesn’t know your password (or the optional second factor you can set later) so the only way to recover your account if you lose either of these is by using the Recovery Code.
You can copy the code by hand, or click the round Copy or Print buttons. Once you’ve recorded your code, hit Ok and you’ll be ready to log in. Enter your Password and hit the Log in button.
An annoying automated delay
You are probably anxious to get into Tuta and start exploring, but at this point, you may run into that anti-spammer process we mentioned earlier. Your account may be automatically “marked for approval.” This puts a 48-hour hold on your ability to send or receive messages, as you can see below.
As Tuta states in this blog post,
Sometimes accounts are automatically marked for [manual] approval to prevent spammers from signing up. This is often the case when you sign up via Tor or a VPN, for example, because unfortunately spammers like to abuse Tor. In case your account gets marked for approval, you will be able to start using it within 48 hours after registration once it has been approved.
They claim that your account will automatically be approved within 48 hours after registration. However, if your account has not been approved after 48 hours, Tuta recommends you contact Support and give them the email address you are trying to register.
I ran into a problem with this system while working on the first edition of this review. After waiting four days, I contacted Support about the problem, and someone got back to me within minutes. However, the account was not approved until the 5th day. Not ideal.
On a positive note, this manual account approval takes the place of more invasive verification procedures, such as phone verification, which many other email providers use. While the delay was somewhat annoying, I’d still take this over phone verification.
The look and feel of Tuta
Once you click Ok, you will see Tuta’s standard 3-pane layout like most other email programs. Here is a screenshot from our tests:
One feature you may like is the built-in support for a Dark mode, which looks like this:
If you happen to work a lot at night, or just get tired of the glare from the screen, this mode could be for you.
The folder list appears on the left, with messages in the center, and the content of the selected message on the right. A basic set of folders comes pre-defined in the left-most pane, and you can create more at will.
Note: Tuta will automatically switch to a 2-pane view on smaller displays, such as tablets.
Tuta has two factor authentication
Before you go any further, this would be a great time to enable 2FA. In the leftmost pane, click Settings, then Login. You will see several login-related settings in the middle pane. Scroll down to Second factor authentication and click the plus sign (circled in the following image).
You’ll see the dialog box you need to connect 2FA.
For more details on how to configure the various types of 2FA Tuta supports, visit this help page.
Okay, let’s get back to exploring the Tuta user interface (UI).
Composing, sending, and receiving messages
Composing messages works as you would expect. Click the New email button at the top of the leftmost to create a new message. While an early complaint about Tuta was the lack of message formatting commands, today there is a full range of formatting options.
To see the menu of formatting options, click the T icon on the Subject line of the new message (circled in red below).
Click Send (in the top right corner of the message window) to transmit the message.
When you receive messages you open them normally, whether received from a Tuta user or someone else. If a message is from another Tuta user, all the encrypting and decrypting is done automatically in the background.
Like most secure email programs, Tuta blocks images from appearing by default. If a message contains images, you can display them by clicking the icon circled in red at the top right of the message, as you can see here:
So far, so good. But what if you want to send a message to a person who doesn’t use Tuta? This is where things get a bit more complicated.
Sending messages to non-Tuta users
When you are composing a message, Tuta checks to see if the recipient is a Tuta user or not. If not, you have to specify whether you want the message to be sent encrypted or not. If you have this option, Tuta will display a lock icon on the Subject line (circled in red) with a status message.
Clicking the lock icon will cause Tuta to send the message either in the clear (unencrypted), or E2E encrypted.
When sending an encrypted message to a non-Tuta user, you must enter a pre-agreed password that is used for symmetrically encrypting and decrypting the message. Instead of receiving the message in its encrypted form, the recipient will receive a link to view the message.
Note: Sending the password to someone using the same medium of communication (Tuta) that you will use to send encrypted messages to that person is a bad idea. A better way to go would be to use a secure messaging app like Signal Messenger to share the password. Check out our Signal Messenger review to see why this is such a good idea for your situation.
Searching for messages
Tuta has implemented a full text search feature for messages. This is actually a challenging endeavor since the contents of your inbox are stored fully encrypted.
When you enter a term to search for, Tuta will create an encrypted search index. This might take a minute or two depending on the size of your inbox. Like messages and everything else in Tuta, the search index is encrypted at rest. This prevents someone from hacking into your system and spying on you by analyzing the search index.
After the search index is populated, the matching hits (emails) will display below. Tuta’s search feature also gives you the ability to search specific periods of time as well as custom fields (subject, email body, from/to, and attachment name). This is a pretty good system in my opinion.
Comparison: As we noted in the recently updated ProtonMail review, you can now search the body of messages. You can have ProtonMail created an encrypted index of the bodies of emails which it then searches. This seems very similar to the Tuta approach.
Rules and Filters
Tuta offers both rules and filters for email, but they are pretty basic. Under the Spam rules you can designate individual email addresses as spam (put in the Spam folder), not spam (leave in the Inbox), or discard (send to the Trash folder).
Mailbox rules are more flexible, but are only available as part of paid plans.
Contacts and calendars
Tuta supports both Contacts and Calendars.
These function as you would expect, but it is important to note that all Contacts and Calendars are encrypted when at rest. As we noted earlier, one of the main goals for the Tuta team is for all your data to be encrypted, protecting you from snooping third parties.
The encrypted Tuta calendar looks like this:
You can see the calendar features here.
Tuta mobile apps (Android and iOS)
Tuta has apps for both iOS and Android. I’ve been working with the Android app.
Whereas I had some issues with this app when it first came out, it now functions well. At the time of this Tuta review, the Android app had over 6,600 reviews with a rating of 4.0 out of 5 stars. (Available on F-Droid too) The Tuta iOS app had 343 reviews with a rating of 3.8 out of 5 stars.
Tuta desktop app
Tuta has a desktop client for Windows, Mac OS, and Linux. I’ve been using it for a long time now and it continues to work well, basically giving you all the features of the webmail app, including the encrypted contacts and calendar.
As you can see, the desktop app looks very much like the web app.
Tuta business features
Tuta also offers secure business email accounts designed to let you,
Save time and money by hosting all your business emails end-to-end encrypted on Tuta’s secure servers based in Germany.
Here’s a partial list of the Business Email features currently available:
- Custom email domains with optional catch-all
- The Secure Connect encrypted contact form
- Multi-user support so you can manage all your users yourself
- Scalable shared storage for all your business accounts
- Zero-knowledge full text search of messages and contacts
- A large set of Whitelabel customizations
- Two Factor Authentication (2FA) available
Secure Connect encrypted contact form
One cool feature for website owners is Tuta’s Secure Connect form. This gives you the ability to incorporate an encrypted contact form that facilitates completely anonymous two-way communication. In May 2019, Tuta launched Secure Connect and made it, “free for news sites so that whistleblowers can get in touch with journalists securely.” Very cool.
Unfortunately, if you don’t meet the criteria to get it free (not a news site) then this feature will cost you €240 per year – certainly not cheap. You can read more about Secure Connect here.
Tuta support
When reviewing email services, we create fresh accounts and go through the setup process as average users.
We’ve contacted Tuta Support numerous times during our years of using the service. In almost all cases, the customer support team has responded to our queries in about one business day – so overall very good.
Tuta plans and pricing
Tuta pricing has grown more complicated over time. Today, they now offer six plans (three Private plans and three Business plans) along with a range of custom options and add-ons. This allows you to create exactly the service you need for your personal or business needs.
At the time of this Tuta review, here is a breakdown of the plans and prices
- Free Private plan, €0
- Revolutionary plan, €36 yearly, €3.00 monthly
- Legend plan, €96 yearly, €8.00 monthly
- Essential plan, €72 yearly, €6 monthly
- Advanced plan, €96 yearly, €8 monthly
- Unlimited plan, €144 yearly, €12 monthly
Beyond the standard plans you can add more storage (10 GB, 100 GB, 1 TB), and more email aliases (20, 40, 100). As if this wasn’t complicated enough, the company keeps adding useful new features like Whitelabel, Sharing (of calendars), Business (specific features), and Secure Connect to their product. As a result, your best option is to scroll down the Pricing page to the Pricing Calculator and let it give you an exact price for the particular configuration you want.
Note: If you are an NPO (non-profit organization), you may be entitled to a reduced price on Tuta. See here for details.
No cryptocurrency payment options
Unfortunately, Tuta has still not integrated support for cryptocurrency payment options. This has been on their Roadmap for years now. You can donate to them with cryptocurrency, but standard crypto payments are still not an option.
If you want more privacy with payments, you could check out the services listed in our new Ultimate Guide to Private and Anonymous Payment Methods.
Tuta alternatives
If Tuta doesn’t look like the best email service for you, you may want to check out our ProtonMail review. The services are similar, although we like Tuta’s approach to message encryption better since it encrypts the Subject line as well as the body of the message.
That said, either one of these services should be more than sufficient for normal users who want to protect their privacy while using email. Neither service can guarantee you protection against state actors like the NSA or the various domestic intelligence agencies. Nonetheless, they are both secure alternatives to Gmail that respect your privacy.
You can also see our secure email roundup for a list of other providers.
Tuta FAQ
Here are some common questions (and answers) people raise about Tuta.
Is Tuta really secure?
Tuta is certainly more secure than the vast majority of email services. Is it bulletproof? No. No system is, so you have to think about your threat model and decide if any given service is secure enough for your purposes. So let’s take a look at potential weaknesses in Tuta’s security.
The browser and desktop Tuta apps rely on JavaScript for encryption and decryption. Using JavaScript for these functions is generally considered to be less secure than other approaches. Using a secure browser when using the web app version of Tuta will help here. You can also use the mobile apps which should be a bit more secure than the others.
There are some cases where Tuta is bound by law to disclose information about you. According to their Transparency Report, between July 1, 2021 and December 31, 2021, Tuta released data to the authorities more than 50 times. Understanding exactly what this means is complicated. If you want the details, you will need to examine the latest Transparency Report and related documents. It is important to note that in some cases, Tuta may be forced to record IP Addresses by a valid court order, as well as the contents of messages that arrive unencrypted at a user’s mailbox.
Note: All email services must abide by the laws in the jurisdiction in which they are based. To have more anonymity when you use Tuta (or any email service), consider using a good VPN service to hide your IP address and encrypt your traffic. We have reviewed many popular options, including NordVPN and Surfshark, ExpressVPN, IPVanish, CyberGhost, and more.
Is Tuta the best secure email service for you?
Is Tuta the best secure email for you? Here is a summary of the factors to consider when switching to a secure email provider, and how they apply to Tuta:
- Jurisdiction – Tuta is based in Germany and your data is stored there.
- PGP support – Does not support PGP (read about PGP problems).
- Import feature – While it has been discussed for more than a year, Tuta still cannot import email messages. It can import calendar data and contacts.
- Email apps – A web-based client as well as desktop apps for Windows, macOS, and Linux, along with iOS and Android apps.
- Encryption – Emails and attachments can be sent end-to-end encrypted and everything is stored encrypted at rest.
- Features – Includes a built-in calendar and contacts along with full text search of messages.
Can Tuta be traced?
I assume by this question you want to know if your use of Tuta can be traced. They don’t track you in any way. They don’t post targeted ads in your mailbox. They also don’t log your IP address (unless forced to), or even require you to enter any personal information (no phone number, no email address). So Tuta isn’t tracking or tracing what you do.
Your email, contacts, and calendar are all encrypted, so no one, not even Tuta, can read them. Right now, Tuta is battling German court demands to spy on one specific email account. Even if the company loses this battle, all they can do is monitor future unencrypted mail coming to the account. They literally have no way to decrypt encrypted messages, regardless of how hard some judge pushes them.
In other words, there is little anyone can do to trace you in Tuta.
Tuta review conclusion
Tuta is a strong choice for anyone who wants a secure email service for general use. While the service itself provides strong security, for maximum security, you can use the mobile apps, or access the browser-based app through a secure web browser. Additionally, you can add another layer of protection by using one of the best VPN services.
While Tuta may not get as much attention as some other email providers, we believe it is a market leader in the secure email space, if not the best option available for serious users. Check it out here, or see some of our other secure email reviews to investigate other options:
- ProtonMail Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Posteo Review
- Fastmail Review
- Runbox Review
- CTemplar Review
This Tuta review was last updated March 11, 2024.
Bjorn Helliman reported we need to share personal details to use a gift card. Gift cards are Tuta’s way of letting us use cryptocurrency or cash by mail. Does anyone have any further experience to share? Maybe you have found a way to use a gift card without giving personal details? Maybe you start to sign up for a paid account but switch to a free account before completing the signup process? Doing so informs you to contact sales before you can use the account and you actually do not have a free account and instead have an unpaid paid account which you cannot use until you pay. But maybe this process is the way? Maybe with your account being in a locked status until you pay, you can use a gift card?
Since Tuta understandably does not support POP3 and IMAP due to these technologies not being compatible with Tuta’s encryption, has anyone tried exporting your messages? What is your experience with exporting messages? Tuta FAQ maybe says how to do it.
https://tuta.com/support#generalMail
Searching is off by default. A safe approach could be avoid using this feature. Many messages get sent to your client when you log in. The claim of being searching only on the client side might be true.
For hardened Firefox, an about:config change is required. If you use user.js, you will also need to edit that file.
javascript.options.wasm = true
Regarding the “some parts of the email failed to load due to a lost connection” message, make sure your firewall opens up the full range of Tuta ip addresses. As part of load balancing, Tuta distributes the load of opening messages to multiple server connections.
From what Tuta has said, an expired free account will have its messages purged. Only the account email address will be recovered if you use another paid account to link the accounts. Given how email messages may lose legal protection status when stored on a server for more than 6 months, it seems a very good approach to delete your messages.
Honeypots? Maybe. Still much better than AI being allowed to read through your inbox.
https://tuta.com/blog/google-gemini-ai-email
If you are on this blog, you should try using uBlock Origin.
https://ublockorigin.com/
uBlock Origin shows the following connections when visiting Proton.me:
cloudflare.com
cloudinary.com (Cloudflare)
fastly.net
prismic.io (Amazon)
Alternatives exist. If you are a Proton user, maybe let Proton know about alternatives.
https://www.eucloud.tech
you can buy the gift card from here and still maintain your anonymity
[https://digitalgoods.proxysto.re/en]
If Mr. Lekander received replies to multiple emails to tech support within a day–he was very lucky. Having a free account I have very low expectations in this area, but I would expect that if any user is suddenly unable to log in as they always have that tech support would be reasonably responsive–I’m not asking for a tutorial. After multiple attempts over several days, with nothing on Reddit, I emailed tech support (thank goodness I also have an account at Proton).
When I didn’t hear after 5 days I sent another email. After another 5 days with no reply I emailed again. 4 or 5 days later I emailed again. In each case I explained that I was getting a blank screen when I loaded the login page, stated when the problem began, and included the requisite info re browser and operating system. Then I received a reply apologizing for the delay and telling me to contact them again if the problem persists–this, after 2 weeks! Checking back with Reddit I found some posts had appeared from other people having trouble logging in. They encountered various problems and error messages. At least one was also getting a blank screen; there was a reply post from Tuta with a link to a new address for the login page which I tried–with the same result (a blank screen). I reported this to tech support and (eventually) received a reply saying that they no longer supported the desktop app for my operating system. They stopped supporting this more than a year ago–I have been accessing it through my browser, and this problem began May 14 or 15. I sent an email pointing this out–so this is not the problem. Today I received the exact same reply; obviously, this person did not bother to read what I had written. Another poster on Reddit complained of similar unintelligent responses from this individual. All of the posters were people with much more technical knowledge than have I and they could not solve the problem. Some were able to get around it with a VPN. The poster with a blank screen finally got around it by using another browser instead of the hardened Firefox which he preferred (and which I use). If anyone has any suggestions I would really appreciate the help. Tuta was my primary email, the address is out there and people will be contacting me at it, so this is a serious problem.
As far as my opinion of Tuta: it seems to be a good program, clear interface, easy to use–when it works. I don’t need and don’t use extra features or a cell phone so I cannot comment on them. I note that some of the problems reported by others I, too, have experienced (i.e., getting offline messages when I’m in my inbox or sending and there is nothing wrong with my internet connection). I also note that there are complaints on Reddit from people with paid accounts complaining about very slow and incompetent responses from tech support. My advice is: avoid Tuta until they improve their tech support. I have found Proton to be more dependable.
Wanted to use a free Tuta account on an Android 11 burner phone with no Google account. Downloaded app from F-Droid. App only showed the sender and subject and the message “some parts of the email failed to load due to a lost connection.” The part that failed to load was the text. When trying to send email it said “Could not reach server, looks like you are offline.” I was online! I downloaded the app as an APK from two other sources with the same result. I could log into the account thru the Tuta website and everything worked fine. I went thru the phone’s settings repeatedly but couldn’t find anything that was causing the problem. I did not deny that app any permissions.
I opened a free Proton account using the Tuta account for verification and downloaded the Proton app as an APK and it works great.
So that’s why I use Proton instead of Tuta.
Tuta is no longer a reliable email provider, and I am ditching it for ProtonMail.
We’ve been very impressed with Proton lately, plus they are now offering a password manager – Proton Pass.
Hi Sven, do you know what’s happening at Tuta? I really didn’t want to leave them behind, but they had so many reliability isues so many times, that I finally had to throw in the towel. I’m not happy about this (although I do like ProtonMail so far), but I feel like they really left me no choice.
Hey Glix, sorry, I don’t know of anything going on with the company, other than what everyone else can see on their site and social channels.
Hey glix, can you add some more words to your statement? I’m interested to know why it is not reliable.
TRUE!
Encryption is nice and will keep some of the trash out. Everything else is a charade.
All privacies are moot. Especially when it comes to Boeing.
Do not ask John Barnett (ofc you can’t anymore).
Ask Steven Greer. Or simply look at his information.
Logic + privacy + security / iOS lockdown mode = FAIL.
Tuta has required iOS Lockdown mode OFF for a while, using web interface, website settings. Since iOS 17.4, Tuta is inaccessible via web unless the entire device is Lockdown OFF.
This is the error message:
Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1
Error: Unsupported
execute@https://app.tuta.com/app.js:1:75753
i@https://app.tuta.com/polyfill.js:1:4218
The choice is either:
1) use Tuta app, which claims to not collect any data, in Lockdown mode, and lose the ability to PRINT an email to PDF, or
2) Open the entire device Lockdown OFF to use the web version and be able to export important emails via print to pdf.
Proton does not suffer from this, although may suffer in other ways, and is usable on the web without downloading their app.
Why is this important?
Ask John Barnett, Boeing whistleblower. Oh wait, you can’t.
Not sure if this is fixed as of 3rd of April?
Logged in just fine from Safari.
I was accused of using an “5 eyes honeypot” email provider in that of Tuta. I got these two references:
https://gizmodo.com/tuta-email-denies-connection-to-intelligence-services-1851022465
https://www.cbc.ca/news/politics/ortis-testimony-transcripts-1.7026011
This seems like a reverse psyop to me, trying to poison a good alternative, unless there’s a negative evaluation of the client-side open code source? your thoughts/analysis on this?
AnnieMouse you forget to say that Google eat meat…
Tutanota do not support Librewolf. In Ungoogled Chromium you need to enable motion sensors to avoid the infamous approval. Also, they are paying people to speak very well of them on Reddit and censor comments.
Do you really think this a trusful service? For some reasons, the ‘bad’ ones seem less bad the good ones…
Why Tutanota is not recommended service anymore? On the other hand, ExpressVPN still is… No consistency here.
Tuta is definitely still recommended.
Hello There Friend, please explain me the hourly and daily sending limits, for all 3 business plans? Thank you! Best Regards, Selmir
Here’s a “Con” to using Tutanota that you completely missed.
https://www.ctvnews.ca/politics/accused-rcmp-leaker-tells-of-clandestine-operation-moles-inside-law-enforcement-1.6639394
Tutanota is an encrypted service used by intelligence services to monitor and apprehend criminal elements as disclosed during a secret trial currently underway in Ottawa, Canada, which in effect means it’s been compromised.
The fact that you either missed this completely, or knew this and excluded this calls into serious question your credibility and knowledge don’t you think?
I’ve never heard of this before.
Michael Clark’s above point re RCMP & other intelligence services was an eye-opener. I used both Proton and Tuta, but after learning about this I will not be renewing my subscription with Tuta, given this important piece of information is this seemingly self censored by western media outlets. I want to thank Michael Clark for bringing this piece of hard to find piece of information to light 👏
It’s just Tuta now. 🙂
Hello Sven,
With regard to comparing Tutanota to other email providers like Proton, I recommend to compare the legal information below regarding gag orders and legal orders. The difference is surprising which is important for whistleblowers.
According to the Proton privacy policy, Proton does not provide notice to the Proton account holder if Proton receives a legal order to perform live monitoring of email traffic of the account. Proton “requires” law enforcement to provide notice. Which means, if law enforcement if from another country, then Swiss law does not apply to notifying the Proton account holder. The account holder may never been informed.
If you look at the Proton transparency report, you can see there is an exponential growing number of legal orders to Proton in recent years. If you look at the Way Back Machine to see how Proton previously provided the transparency report, you will notice most of the legal orders are from foreign law enforcement.
After comparing the privacy policy and transparency reports of Proton and Tutanota, it becomes very clear that the “Swiss Law claim of privacy” is hype and not as good at German privacy laws. Tutanota points out that German law does not allow for gag orders, so Tutanota will inform the account holder if a legal order is received. Also, according to Tutanota, German law requires only severe legal offences before allowing access to German email (Tutanota).
I think whistle blowers will find this to be important information that would helpful to include in your review.
Here is a thorough document by Tutanota that explains what I described above.
https://tutanota.com/blog/posts/data-protection-germany
Here is the Tutantota and Proton transparency report. Notice how few legal orders go to Tutanota compared to Proton. This would suggest Tutanota is correct that German law is more protective of privacy than Swiss law.
https://tutanota.com/blog/posts/transparency-report/
https://proton.me/legal/transparency
Here is the Way Back Machine that shows most of the legal orders to Proton are from foreign countries.
https://web.archive.org/web/diff/20190425155330/20190622144331/https://protonmail.com/blog/transparency-report/https://web.archive.org/web/diff/20190425155330/20190622144331/https://protonmail.com/blog/transparency-report/
Here is the Proton notification policy. Notice that Proton will NOT notify the Proton account owner if a legal order is executed for a Proton account. Proton has law enforcement provide notice per Swiss law. If law enforcement is from another country then law enforcement does not have to follow Swiss law an may not ever tell the account owner. This is a loop hole that is not obvious.
https://proton.me/legal/law-enforcement
I believe whistle blowers will find this as important information. Maybe you could include this in your review of Proton and Tutanota to better help whistle blowers.
Interesting, we did cover this a bit earlier in the year, and I share some of your concerns, thank you for sharing.
One thing you are forgetting here…
Tuta’s userbase is way smaller than Proton’s. As a result it’s normal Proton has higher numbers in their reports.
I’m a Tuta user myself but if I’m being honest, Proton looks WAY more attractive. That’s also why I think their userbase is much bigger than Tuta’s.
Hopeless service my account was hacked then they changed the recovery code and Iwas locked out. Tuta wouldn’t close the account, look elsewhere!
Hello Sven,
I have a paid account with Tutanota and on logging-in today a box came up saying that because my browser – Mulvad – does not work with WebAssembly any forthcoming upgrades to Tutanota will not work.
There seems to be some security concerns with WebAssembly, and I am wondering whether to maintain my account with Tuta nota
Comments?
Based on Sven’s comment, I am posting these negatives as well.
be aware, Tutanota is not without its own areas of concern:
1) Part of the 14 eyes.
2) Gets funding from German government
3) Cheap intro price until more things are needed. Then gets as expensive as PM.
4) Technical work of apps and web mail can be hit or miss.
5) Tech support can be hit or miss.
6) Rolls their own encryption, which could be good but there must be trust they are doing it right
7) Part of the E.U. so affected by their laws toward encryption.
8) Will log IP’s and turn over any data they have if demanded by a German or international law under the 14 eye survellience.
These are in addition to the negatives also on this review.
Curious how the indexed search works. If all of the data is encrypted and they never have access to the unencypted form, how can they index a word? If the same word always encrypts to the same encrypted form on all emails, it would seem easier to crack the encryption. I thought that strong encryption takes blocks of characters or data and encrypts, regardless of word boundaries, so that this is not possible.
Re the comment: “You cannot retrieve your data… to create a personal backup”
POP3 clients still allow you to download your messages to local storage (optionally leaving them on the server), so I don’t understand this comment.
“Curious how the indexed search works. If all of the data is encrypted and they never have access to the unencypted form, how can they index a word”. This is exactly what am wondering too. If you ask these “Privacy” service providers, they will say “Everything happens on the client side and nothing gets sent to the server”.
Atleast Tutanota is FOSS and they are going through the auditing regularly.
Almost signed up for Tutanota after reading all your email provider reviews. Turns out, they don’t provide IMAP feature. That means all your data is locked in to their service forever. You cannot retrieve your data… to create a personal backup, to migrate to another service or for any other reason. That is a deal breaker right from the beginning.
In general I am fairly happy with Tutanota after two years of paid for service. The Android app is a bit 1990s clunky and you cannot cut and paste text in it. Which is a nuisance if you get a tracking or reference number.
Very occasionally I have had the server go down and be unavailable. But only twice and for a couple of hours.
On the plus side it is secure enough for me and I seldom get spam. It is cheap for my purposes.
Would it be reasonable
to try to open
a Tutanota account,
if one were using
a very plain cellphone,
and simply needed
an email account
for light general use?
Is advanced equipment
required?
Yes that is reasonable.
I’ve been a big fan of “secure” and “private” services for years. Finally decided to try Tutanota partly because of the reviews and comments here. I was sceptical because Germany doesn’t sound like a privacy destination to me. Even privacy, forget about the anonymity. But there are sadly not so many options around so i figured to give it a try.
Well, when i started searching through their website, i found that they actually *kinda* support cryptocurrency, but in a way of buying gift cards from a third party, their partner. That was okay with me so i signed up. What turned out to be the reality is that you can’t just buy a gift card from a basic (free) account. The option to add a gift card to your account is only available to paid members *clown emoji*
So first of all, you give them all your KYC data and THEN hohoho sure, we’ll let you update your account for another period with BTC. Nice. Very dissappointing but looks like i won’t become a Tutanota customer after all and will delete my account. And to think i’ve planned to migrate to a Tutanota business account for one of my businesses. Hahaha.
Another terrible part is the customer service. The google-esque no-email-support-for-peasants must go. I’ve used Protonmail email accounts for years now, BOTH plus and free, and even for my free account issues, the support was always amazing and you could always email them and get a rather prompt reply. With Tutanota it’s like screaming into the void. No emails, just badly organized FAQ’s. Welp thanks.
Good article Sven, what do you think of labavit, the email that Snowden used, will you do a Review soon?
Lavabit is still based in the USA, and therefore still vulnerable to the problems that forced it to close down in the first place in 2013. I think there are better options to consider, no plans for a review at this time.
I’m sorry this happened to you. As the recipient of the kind of abuse you are talking about, I know it can become all-consuming.
You’re doing the right thing to protect yourself and to stand in your reality and not let the distortions in. There are others who have gone through what you have and will understand. Those who haven’t been through it won’t get it, and there’s no point trying to convince them, as people have psychological defence mechanisms to protect themselves from knowing that such malevolence exists. I think most of us would rather have bruises or broken bones that we could point to instead of convoluted gaslighting campaigns and subtle attacks by the other parent against their own children as a way of breaking us down.
Chin up. Keep going forward. He’s a broken human being, and you are learning his tricks, and after a while the tricks will be predictable and you will be bully-proof and not care what he does one way or another.
I’ve decided to delete my “Tutanota” account and to open one at Proton (Mail).
Two major reasons:
#1 “Tutanota” looks totally wacky on a job application. I’ve actually seen firsthand someone frown thinking “what the shit?” when handing them a paper. In a different place, I was asked “what’s a Tutanota?” I don’t care if it is supposedly a Latin combination meaning “secure message”, it was always an incredibly ugly choice of brand name. Tutamail is stupid too.
#2 If you don’t pay them money, your account will get deleted after 6 months of not logging in.
Interesting! Since I am considering switching form ProtonMail to Tutanota. Sorry to hear about your account being deleted. They usually do that to free accounts that remain unused up to 6 months. If you or anyone else is curious as to why, it is largely due to the statement in this article comparing the two:
“ProtonMail focuses on highly secure email services (though arguably not as secure as Tutanota) that are still easy to use and convenient for all users.”
https://www.makeuseof.com/which-email-more-secure-tutanota-protonmail/
Don’t get me wrong, ProtonMail is an excellent email service. However, it looks like they tend to put their time and effort into features with their product that is of little significance to the user. For example, they just changed the look of their dashboard, but their calendar and cloud services are still in Beta and they just recently implemented Wireguard into their VPN despite other VPN’s already having it.
ProtonMail’s cosmetic changes are nice, but I would rather be able to use ProtonCalendar and Drive before being able to change my dashboard’s color scheme.
Whoops! I left out a part of the paragraph I quoted to make my point:
“On the one hand, Tutanota is more concerned with maintaining your privacy. ProtonMail focuses on highly secure email services (though arguably not as secure as Tutanota) that are still easy to use and convenient for all users.”
After having used ProtonMail for sometime, I tend to agree that Tutanota is more privacy-focused than ProtonMail.
As a customer, i will forever choose Protonmail (no matter how many questions and concerns we have for them) over Tutanota for letting me pay 1) with cryptocurrency 2) with a cash sent in an envelope. Tutanota have promised to add non-KYC payment options for years and here we are in 2022. Makes you think.
Differences in encrypt: 128 bit (Tutanota) 256 bit (protonmail) right?
But proton not encrypts subject and protons bodysearch is 1/2 fake. 256 is timesucker for Msoft&Friends advant. Only is everrywhere a pity hoe big data hinders imap. Offline options are agressively and stealthy crushed for normal users
I have the free protonmail service and it is just ok. Cannot attach a word document ARG!!! and sent to another. Has to be pdf or jpeg and one other. NOT helpful when you need to have the ability to send a document. When trying to look thru a 14 email series of emails it is confusing when trying to view them in order and not user friendly; one reason I am looking for alternatives. They do have good customer service and response time, but confuse the matter by having multiple people respond to the same issue. Need to fix that. With the free service, you only get a couple of extra folders to store emails, should be at least 5.
All in all not a bad service, just that the issues are what is driving me away.
Deleting the account after 6 months not logging in sounds discouraging…
To be fair, it’s just as discouraging when a more well-known provider like Yahoo deletes all your messages after a few months of inactivity (or was that a year)
They deactivate your account, they do not delete it. But as long as you retain your Recovery Code, you can reactivate your account.
I just tried that, and it says that I need to import the
deactivateddeleted account’s data into a different, *paid* account.“You may take over the email address of your deleted account into another paied account and reuse it there. In order to do so please specify the target paid account admin email address.”
No, Tuta themselves refers to the account as “deleted”, not “deactivated”.
Strange that you don’t mention on any of these reviews whether the service supports IMAP, so I can access it with my existing email client. I know ProtonMail has an ‘IMAP Bridge’ which supposedly does. But what about the others?
(1) Receiving an E-mail to your inbox often takes so long that verification codes (for account login/creation) sent from other websites (such as your online banking website) arrive after they’ve already expired.
(2) Tutanota now blocks your access to your own free account if you haven’t logged into it for 6 months.
They then hold the account ransom.
The only way to regain access to the account is to give them money.
(3) Tutanota’s unwillingness to accept crypto payments is a pretty strong indicator that they aren’t actually the strong privacy proponents they claim to be.
(4) Tutanota has begun taking stances on political theatre issues and broadcasting those stances to their users via E-mails. Their stances demonstrate blind faith in the claims of corrupt intelligence agencies, corrupt television ‘news’ networks and corrupt politicians.
For now I’ll keep my email account as long as they don’t tamper with it. It’s really annoying having to switch emails and change every site account associated with that email address.
As of about 20Jan22, Tutanota only supports Chromium based browsers. Legacy browsers such as Pale Moon, WaterFox, etc. are kaput! On Reddit, there is a discussion of this, with comments by one of their very arrogant ‘developers’.
Time to dump these people.
Chromium, which is, basically, Google, which is, basically, NSA/In-Q-Tel-financed. Arrogance from US .gov traitorous criminals? Nawwww, you MUST be mistaken …
Firefox is supported so have no clue what you talking about