Privacy Guides
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
view the rest of the comments
Tutanota doesn't share their security audits, which Proton does.
Also, IIRC Tutanota uses their own custom encryption implementation, while Proton contributes to open source OpenPGP projects.
And when in the past the the Swiss gov ordered Proton to do some limited tracking for a specific user, after that they went to the court and succeeded in changing the law so it's no longer possible to order this tracking.
Proton might not be ideal, but they seem to actually care about making the Internet a safer place.
I am sure that Tutanota does not use any custom encryption algorithm. It is clearly stated in the FAQ that they use RSA (with PFS) and AES to encrypt emails exchanged between Tutanota users. https://tutanota.com/encryption There's even a section which discusses why they do not use PGP. So it's not like they can't add it, they just don't because it lacks "important requirements". Plus they even are slowly developing a protocol that is post-quantum secure to encrypt their emails with.
I'm not really saying that what Tutanota does is insecure, but historically doing security on your own instead of using established standards has not been a winning move.
Plus their unwillingness to open source it and not sharing the audits just doesn't inspire my confidence.
Overall they're probably fine, but these are some of the main reasons I ultimately chose Proton instead.
BTW, they're not "slowly developing" post-quantum encryption, they're just saying they may do that at some point in the future - which everyone will have to do anyway when we get to this point.
These are only primitive algorithms, the actual implementation is custom and specific to Tutanota, which mean it will only work with Tutanota as nothing else will implement it.
There is no way to do key distribution outside of Tutanota's service.