Proton Mail versus Tuta (Tutanota) encryption

Proton’s encryption is open source and available for public inspection. Because we use open standards, the encryption that Proton utilizes is also publicly discussed and debated as part of the IETF(new window) standardization process. That’s why it is always surprising to see articles that openly misrepresent Proton’s encryption. This was the case with a recent blog post(new window) that was shared on Reddit. While most commenters(new window) correctly called it out for what it was, it’s still worth taking a closer look at Proton Mail vs Tuta encryption to break down the differences.

The blog post on Tuta claims that Proton address books are not encrypted. They are: all sensitive data about your contacts that you enter into your address book is end-to-end encrypted. Only the email address/display name itself is not encrypted, so that you can, for example, filter incoming emails that are not from your contacts.

Encrypting the email address also wouldn’t provide much additional security or privacy, because when you send an email, we need the email address to deliver the email. We could encrypt it anyway, and claim that we can’t see it, but this would be very misleading – and similarly, we find Tuta’s claim that they encrypt the entire address book misleading as well. 

There is also the false claim that Proton Calendar metadata is not encrypted. This is also inaccurate: all sensitive metadata is encrypted. One piece of insensitive metadata cannot be end-to-end encrypted — namely the date and time of events. This is so that we can send reminders (e.g. via email and push notifications) about events at the correct time. However, the contents of the notifications are end-to-end encrypted. If you want to learn more about the security model of Calendar, you can read our blog post about it.

The dangers of proprietary encryption

The recent blog post has also attacked Proton Mail for using open cryptography standards, namely OpenPGP, with the claim that this is somehow less secure. First of all, OpenPGP is an open standard, which means that email encryption at Proton is not a walled garden, you can send encrypted email to any PGP user. In contrast encrypted “emails” within Tuta, which cannot extend beyond their walled garden, are not really emails at all: they are encrypted messages using a proprietary format. And this may even be fine for some use cases, as long as one’s honest about it.

OpenPGP has also gotten a big update in recent years, It is also being standardized to support post-quantum cryptography, and there is now a draft specification(new window) for encrypting email headers (including subjects) in encrypted emails. 

Proton’s use of open standards means that we have worked together with security researchers and cryptographers from universities around the world, like ETH Zürich, to analyze the security of OpenPGP. By contrast, Tuta using proprietary encryption means that the security of their applications has received less scrutiny and academic analysis, leading to flaws. 

For example, while Tuta (like Proton) also uses AES, they do not always use (and require the use of) authenticated encryption. In theory, this means their server (or an attacker who compromises their server) could modify a message in the Tuta users’ mailbox, without the application (and thus potentially the user) noticing.

While this was(new window) reported(new window) before(new window), and Tuta has attempted to fix it (by adding a Message Authentication Code, or MAC), their clients still accept messages without a MAC, and so the server could simply remove it. So the vulnerability is still in place. Furthermore, Tuta’s server can conduct a man-in-the-middle attack by serving a malicious public key to a user (a weakness shared by many public/private key encryption systems).

By contrast, Proton has never used unauthenticated encryption, and rejects external unauthenticated messages (both on the server and in the clients). Furthermore, Proton Mail offers protection against public key tampering, originally via our address verification feature, which is a form of key pinning, and more recently in an automated way via Key Transparency, which prevents this type of attack. 

The above points demonstrate that even if a piece of data is/was to be encrypted, it is not always equally safe. We commend Tuta for trying to do what Proton does, the world certainly does need more people working on private by-default solutions, but integrity matters too.

Protect your privacy with Proton
Create a free account

Related articles

Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f