What Is the Best Email Provider for Privacy and Security?
Here you are going to find a private, secure and encrypted alternative to Gmail. For you we have evaluated popular email providers on privacy, security and transparency, guided by the three criteria for data-privacy.
Updated, 12/05/2020
Three Central Privacy Criteria
An online service is secure, if the transfer of data and its storage on a server or user device is encrypted. Here different methods are used which differ in its strength. The most secure method is end-to-end encryption. It guarantees that only sender and recipient have access to the digital keys for the data.
An online service is private, if the provider of the service collects no or only minimal data, which are not directly needed its service. This means that no personal data is collected, which could be sold to other companies or used by the provider itself.
An online service is transparent, if it can be guaranteed that it is secure and private. To prove this, the program’s source code can be made publicly available and accessible for everyone to inspect. This practice is called open source and is a central aspect of digital trustworthiness, as it makes the software’s operations transparent.
= Criteria meet
= Criteria partially meet
= Criteria not meet
| Secure | Private | Transparent | |
|---|---|---|---|
|
|
|
|
|
|
Hotmail/Live2)Privacy Policy: Microsoft |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
mailbox.org6)Privacy Policy: mailbox.org |
|
|
|
|
Posteo7)Privacy Policy: Posteo |
|
|
|
|
Riseup Mail8)Privacy Policy: Riseup |
|
|
|
|
|
|
|
|
|
|
|
|
Emails are only secure between the same provider
| Secure | Private | Transparent | |
|---|---|---|---|
|
|
|
|
|
|
Hotmail/Live14)Privacy Policy: Microsoft |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
mailbox.org18)Privacy Policy: mailbox.org |
|
|
|
|
|
|
|
|
|
Riseup Mail20)Privacy Policy: Riseup |
|
|
|
|
|
|
|
|
|
|
|
|
Emails are only secure between the same provider
An online service is secure, if the transfer of data and its storage on a server or user device is encrypted. Here different methods are used which differ in its strength. The most secure method is end-to-end encryption. It guarantees that only sender and recipient have access to the digital keys for the data.
An online service is private, if the provider of the service collects no or only minimal data, which are not directly needed its service. This means that no personal data is collected, which could be sold to other companies or used by the provider itself.
An online service is transparent, if it can be guaranteed that it is secure and private. To prove this, the program’s source code can be made publicly available and accessible for everyone to inspect. This practice is called open source and is a central aspect of digital trustworthiness, as it makes the software’s operations transparent.
= Criteria meet= Criteria partially meet= Criteria not meet
Our Favourite: Tutanota
Why Is Tutanota Our Favourite Secure and Encrypted Email Provider?
There are many email providers out there and there are also some which focus on privacy and security. Tutanota sets itself apart because of its user-friendly design and its strict security measures.
Tutanota offers apps for iPhone and Android as well as webmail, and a desktop app is in development. IMAP access through an email client is not available, because of security reasons.
With Tutanota you have a secure and private alternative to Gmail.
What Makes Tutanota Better Than Gmail?
Google’s business modle incentivises data collection
Because of Google’s business modle, Google is incentivised to collect ever more data about you. The more data Google has about you, the better it can predict what advertisements you would click on.26)What does Google know about me?
Tutanota does not have that interest, as it is financed through its premium version. Yet the free version offers you the same protection.
Google reads your email
Google doesn’t only collect metadata about you, as WhatsApp does, it also reads your email to find out more about you to better predict what ads you would interact with.
Metadata is data about other data, e.g. the time at which you have sent a message.
That means that Google knows the content of all your emails. Today we use email for everything we used to send by traditional mail. Therefore Google not only knows what your private and business emails contain, Google also knows what newsletters you read, for which websites you have an account and what you buy online, as all this is sent to your email inbox.27)New Gmail has automated scans — here’s what you can and can’t turn off
This is without question private – and sometimes confidential – information. All this data is collected by Google and used to better predict your behaviour. Although your emails are not used for personalising ads anymore, Google has can find out very much about you with this data.28)Google Will No Longer Scan Gmail for Ad Targeting
Your emails are well-protected against hackers with Gmail but Google itself has total access to all your data and scans your emails automatically.29)Google Confirms New AI Tool Scans 300 Billion Gmail Attachments Every Week These are all emails you write and receive. Metadata is also aggregated by Google and can reveal a lot about you and your behaviour. Just like with WhatsApp.
Tutanota encrypts every email which you receive with end-to-end encryption (E2E). Not only is scanning your emails impossible for financial interest but also for espionage purposes because of its encryption.30)How Does End-to-End Encryption Work? This means that only you and the person you are communicating with can read your email. And emails which you send or receive are always protected with E2E encryption before they are stored.
Since Tutanota is open source, everyone can inspect the software’s code and confirm that it does what it is supposed to.31)Tutanota on GitHub So you don’t have to have to take their word for it, that Tutanota really uses E2E encryption as they say. Because the content of an email is encrypted on your device, it is never accessible from the server or by Tutanota.
Please note: Emails which you send to other email services are probably not stored there as securely as they are with Tutanota.
You can also send an E2E encrypted email to someone who doesn’t use Tutanota. For this you only have to agree on a password for your email exchange. Then your recipient receives a link to a temporary Tutanota account, protected by the agreed password, from which they can read and answer your email.32)Tutanota: Encrypted email to external recipient
Tutanota protects your emails from being automatically scanned and accessed which makes it a private alternative to Gmail.
Why Is Tutanota better Than Posteo and Mailbox?
Posteo and Mailbox are two email services with a focus on privacy and security, and they operate using only renewable energy. Mailbox is only partially open source.33)Is everything at mailbox.org open source? Therefore it cannot be transparently determined wether your email are secure on their servers. Posteo is open source.34)Posteo auf GitHub
Posteo as well as Mailbox use end-to-end encryption (E2E) based on PGP (Pretty Good Privacy). A considerable advantage of PGP is, that you can also encrypt emails to recipients who don’t use the same email service as you are. Unfortunately PGP is a rather complicated encryption technique to use, for which you need an additional software, but this is intecrated in Posteo’s and Mailbox’ web client. Furthermore the PGP functionality is limited as it can’t encrypt the subject of an email and not every PGP software encrypts attachments automatically.35)Public Key Encryption: A Tale of Two Keys
Tutanota encrypts subjects and attachments just as it encrypts the rest of your email.36)Tutanota: Secure email made for you And their servers are also only run on renewable energy.37)Green email is the future: Tutanota uses 100% renewable energy.
In addition Posteo and Mailbox do not automatically encrypt emails you receive with E2E encryption.38)Posteo: How do I activate Posteo crypto mail storage?39)Posteo: How do I activate inbound encryption with my public PGP key?40)Mailbox: The Encrypted Mailbox Both offer this option but it has to be manually activated. This is important in the case of a data breach – i.e. an attack or an error in the software – so that your emails can’t be read.
Tutanota automatically encrypts all emails you receive with E2E encryption. For Posteo and Mailbox you have to enable this in the settings. Without activating this feature your emails are not necessarily going to be stored more securely than by an email service without a security focus.
This makes Tutanota an easy to use and secure alternative to less secure services.
Can Tutanota Keep up With the Functionalities Gmail Offers?
Tutanota offers all important email features such as a dedicated inbox, sent draft and archive folders and a Spam protection. You can also manage your contact’s email addresses in Tutanota.
Folders are available to sort emails and you have the option to add rules so that certain emails are automatically places into a folder of your choice.
With the search function you can search for senders, subject, content and attachments.
An integrated calendar is in development and is currently being tested.
Custom domains can also be used with the same security offered by Tutanota.
The only shortcoming is that there is no out-of-office reply available.
| Functions | Tutanota | Gmail |
|---|---|---|
|
Drafts |
|
|
|
Folders |
|
|
|
Lables |
|
|
|
Spam protection |
|
|
|
Inbox rules |
|
|
|
Search capability (content, subject, sender...) |
|
|
|
Integrated calendar |
|
|
|
Out-of-office reply |
|
|
|
Custom domain option |
|
|
| Functions | Tutanota | Gmail |
|---|---|---|
|
Drafts |
|
|
|
Folders |
|
|
|
Lables |
|
|
|
Spam protection |
|
|
|
Inbox rules |
|
|
|
Search capability (content, subject, sender...) |
|
|
|
Integrated calendar |
|
|
|
Out-of-office reply |
|
|
|
Custom domain option |
|
|
This is our change log for the page Email. Here are all the changes and updates recorded for this page.
This page’s content is not timeless. This is why its content hast to be updated regularly. To make this process transparent, we have set up this change log.
- May 2020: Page created