ProtonBlog(new window)

Proton Mail versus Tuta (Tutanota) encryption

Partagez cette page

Proton’s encryption is open source and available for public inspection. Because we use open standards, the encryption that Proton utilizes is also publicly discussed and debated as part of the IETF(new window) standardization process. That’s why it is always surprising to see articles that openly misrepresent Proton’s encryption. This was the case with a recent blog post(new window) that was shared on Reddit. While most commenters(new window) correctly called it out for what it was, it’s still worth taking a closer look at Proton Mail vs Tuta encryption to break down the differences.

The blog post on Tuta claims that Proton address books are not encrypted. They are: all sensitive data about your contacts that you enter into your address book is end-to-end encrypted. Only the email address/display name itself is not encrypted, so that you can, for example, filter incoming emails that are not from your contacts.

Encrypting the email address also wouldn’t provide much additional security or privacy, because when you send an email, we need the email address to deliver the email. We could encrypt it anyway, and claim that we can’t see it, but this would be very misleading – and similarly, we find Tuta’s claim that they encrypt the entire address book misleading as well. 

There is also the false claim that Proton Calendar metadata is not encrypted. This is also inaccurate: all sensitive metadata is encrypted. One piece of insensitive metadata cannot be end-to-end encrypted — namely the date and time of events. This is so that we can send reminders (e.g. via email and push notifications) about events at the correct time. However, the contents of the notifications are end-to-end encrypted. If you want to learn more about the security model of Calendar, you can read our blog post about it(new window).

The dangers of proprietary encryption

The recent blog post has also attacked Proton Mail for using open cryptography standards, namely OpenPGP, with the claim that this is somehow less secure. First of all, OpenPGP is an open standard, which means that email encryption at Proton is not a walled garden, you can send encrypted email to any PGP user. In contrast encrypted “emails” within Tuta, which cannot extend beyond their walled garden, are not really emails at all: they are encrypted messages using a proprietary format. And this may even be fine for some use cases, as long as one’s honest about it.

OpenPGP has also gotten a big update in recent years(new window), It is also being standardized to support post-quantum cryptography(new window), and there is now a draft specification(new window) for encrypting email headers (including subjects) in encrypted emails. 

Proton’s use of open standards means that we have worked together with security researchers and cryptographers from universities around the world, like ETH Zürich, to analyze the security of OpenPGP. By contrast, Tuta using proprietary encryption means that the security of their applications has received less scrutiny and academic analysis, leading to flaws. 

For example, while Tuta (like Proton) also uses AES, they do not always use (and require the use of) authenticated encryption. In theory, this means their server (or an attacker who compromises their server) could modify a message in the Tuta users’ mailbox, without the application (and thus potentially the user) noticing.

While this was(new window) reported(new window) before(new window), and Tuta has attempted to fix it (by adding a Message Authentication Code, or MAC), their clients still accept messages without a MAC, and so the server could simply remove it. So the vulnerability is still in place. Furthermore, Tuta’s server can conduct a man-in-the-middle attack by serving a malicious public key to a user (a weakness shared by many public/private key encryption systems).

By contrast, Proton has never used unauthenticated encryption, and rejects external unauthenticated messages (both on the server and in the clients). Furthermore, Proton Mail offers protection against public key tampering, originally via our address verification feature(new window), which is a form of key pinning, and more recently in an automated way via Key Transparency, which prevents this type of attack. 

The above points demonstrate that even if a piece of data is/was to be encrypted, it is not always equally safe. We commend Tuta for trying to do what Proton does, the world certainly does need more people working on private by-default solutions, but integrity matters too.

Protégez votre vie privée avec Proton
Créer un compte gratuit

Partagez cette page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Articles similaires

Looking into the Dropbox privacy policy
en
Dropbox was the first mainstream cloud storage provider, and still the biggest player on the market, with 700 million users in 2022. We took a dive into Dropbox’s privacy policy to see how well the company protects the personal data of those millions
en
  • Vie privée, approfondissements
There’s a saying that data is the new oil because of how valuable it is to the digital economy. But what’s the value of your data, personally? Depending where you live, information about you could be worth at least several hundred dollars a year to F
en
Your organization’s data is only as secure as your employees’ passwords. Hackers often target employees for this reason, and some of the biggest data breaches in history were the result of weak passwords. Having a secure password manager for your wor
en
If there were still doubts over whether Apple is an abusive monopolist, they were emphatically dismissed this week. Apple’s new app store policy that it claims will bring it into compliance with Europe’s Digital Markets Act is a textbook case of mali
How to export passwords from Chrome
en
If you want to leave Google, one of the first things you must do is stop using its proprietary browser, Chrome, and its built-in password manager. A vital first step towards leaving Google is downloading your passwords so you can transition more easi
what is ransomware
en
Ransomware is one of the more common and dangerous forms of cybercrime, but what is ransomware exactly? In this article we’ll explain how it works, and what you can do to prevent becoming the victim of a ransomware attack — and how to recover if you