ProtonBlog(new window)

Proton Mail versus Tuta (Tutanota) encryption

Share this page

Proton’s encryption is open source and available for public inspection. Because we use open standards, the encryption that Proton utilizes is also publicly discussed and debated as part of the IETF(new window) standardization process. That’s why it is always surprising to see articles that openly misrepresent Proton’s encryption. This was the case with a recent blog post(new window) that was shared on Reddit. While most commenters(new window) correctly called it out for what it was, it’s still worth taking a closer look at Proton Mail vs Tuta encryption to break down the differences.

The blog post on Tuta claims that Proton address books are not encrypted. They are: all sensitive data about your contacts that you enter into your address book is end-to-end encrypted. Only the email address/display name itself is not encrypted, so that you can, for example, filter incoming emails that are not from your contacts.

Encrypting the email address also wouldn’t provide much additional security or privacy, because when you send an email, we need the email address to deliver the email. We could encrypt it anyway, and claim that we can’t see it, but this would be very misleading – and similarly, we find Tuta’s claim that they encrypt the entire address book misleading as well. 

There is also the false claim that Proton Calendar metadata is not encrypted. This is also inaccurate: all sensitive metadata is encrypted. One piece of insensitive metadata cannot be end-to-end encrypted — namely the date and time of events. This is so that we can send reminders (e.g. via email and push notifications) about events at the correct time. However, the contents of the notifications are end-to-end encrypted. If you want to learn more about the security model of Calendar, you can read our blog post about it(new window).

The dangers of proprietary encryption

The recent blog post has also attacked Proton Mail for using open cryptography standards, namely OpenPGP, with the claim that this is somehow less secure. First of all, OpenPGP is an open standard, which means that email encryption at Proton is not a walled garden, you can send encrypted email to any PGP user. In contrast encrypted “emails” within Tuta, which cannot extend beyond their walled garden, are not really emails at all: they are encrypted messages using a proprietary format. And this may even be fine for some use cases, as long as one’s honest about it.

OpenPGP has also gotten a big update in recent years(new window), It is also being standardized to support post-quantum cryptography(new window), and there is now a draft specification(new window) for encrypting email headers (including subjects) in encrypted emails. 

Proton’s use of open standards means that we have worked together with security researchers and cryptographers from universities around the world, like ETH Zürich, to analyze the security of OpenPGP. By contrast, Tuta using proprietary encryption means that the security of their applications has received less scrutiny and academic analysis, leading to flaws. 

For example, while Tuta (like Proton) also uses AES, they do not always use (and require the use of) authenticated encryption. In theory, this means their server (or an attacker who compromises their server) could modify a message in the Tuta users’ mailbox, without the application (and thus potentially the user) noticing.

While this was(new window) reported(new window) before(new window), and Tuta has attempted to fix it (by adding a Message Authentication Code, or MAC), their clients still accept messages without a MAC, and so the server could simply remove it. So the vulnerability is still in place. Furthermore, Tuta’s server can conduct a man-in-the-middle attack by serving a malicious public key to a user (a weakness shared by many public/private key encryption systems).

By contrast, Proton has never used unauthenticated encryption, and rejects external unauthenticated messages (both on the server and in the clients). Furthermore, Proton Mail offers protection against public key tampering, originally via our address verification feature(new window), which is a form of key pinning, and more recently in an automated way via Key Transparency, which prevents this type of attack. 

The above points demonstrate that even if a piece of data is/was to be encrypted, it is not always equally safe. We commend Tuta for trying to do what Proton does, the world certainly does need more people working on private by-default solutions, but integrity matters too.

Protect your privacy with Proton
Create a free account

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

What is 3-2-1 backup
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m
In the early days when Proton started, we often received a question along the lines of “I love the product and what Proton stands for, but how do I know you will still be around to protect my data 10 years from now?”  Ten years and 100 million accou
Credential stuffing is a popular type of cyberattack where attackers take login credentials and use them on thousands of websites, hoping to fraudulently gain access to people’s accounts. It’s an effective attack, but fortunately, one that’s easy to
With Skiff abruptly shutting down operations, many people are on the lookout for alternatives that don’t compromise on privacy — and won’t suddenly disappear. People were attracted to Skiff because it promised privacy, no ads, end-to-end encryption,
Skiff is dead. On Feb. 9, the email company Skiff announced it was being bought by Notion. Many Skiff customers have been shocked by this news, as their inboxes have been sold out from under them. Skiff gave people six months to export their data be