Hi guys!
I’m looking for a Proton alternative. So far I’ve seen these two recommended. I was wondering what are the pros/cons of each? Seems Tutanota offers more bang for the buck in mailbox size etc, but I’m not sure. I’d also like to have a better integration with Android, because Proton’s email/calendar apps suck big time.
Thanks!
As far as I’m aware, there is a huge difference between these three in that Mailbox.org is not end-to-end encrypted. So if that is an important feature for your use case, that may disqualify them from your options.
Email is never “end to end encrypted” outside of layering something else on like PGP- which you could use with any email service.
It is under certain circumstances. Specific to ProtonMail, it is E2E encrypted if you send a message to another ProtonMail user. They also have a feature where you can send an encrypted email to an outside address. I think in that case the recipient gets a link where they can then input the decryption password to read the message.
But you’re right about any email you receive (from a non-ProtonMail address). Those can not be E2E encrypted and are only stored encrypted at rest.
Protonmail uses pgp under the hood. Their encryption was only ever within proton accounts because they had an automatic key lookup system. You can of course add your own keys, but most didn’t. Still pgp.
However, mailbox can still be encrypted with pgp, and has some built in supports which make this easier.
One problem I had with proton/tuta is that you cannot use a third party app due to the encryption, which you can with mailbox. A problem I have with mailbox is that it does not support fido2 for login or 2fa, which could be a security concern.
Thanks, these are the kind of valid points I’m looking for. I noticed the lack of 2fa when I was registering for the demo, they only asked for a backup email or a phone number…neither too privacy-friendly there. But I guess I can live with that.
Yep, good point.
Huge beginner here, but privacytools.io says Mailbox is encrypted? Is it the “end to end” part? How did you find out they’re not? https://www.privacytools.io/privacy-email
Mailbox encrypts the email at rest on their servers but with the encryption keys they own. Protonmail, in contrast, uses zero access encryption where they encrypt your data with your public key and they do not know or have access to your private key to be able to decrypt the data even if they wanted to.
Mailbox has a zero access encryption service called (I think) Guard that basically encrypts the email with PGP where they would no longer be able to decrypt your email. But it’s not enabled by default.
That’s true once it’s received, but it’s still processed by proton and now we know they are pro-nazi so who knows what they would do.
You can avoid this with pgp as stated (default for proton to proton messages), but I don’t think it’s worth considering the at rest encryption at proton anymore.