Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.
Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.
Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.
Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.
Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.
Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.
SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.
I haven't left, but now it's something that's on the cards, which wasn't the case beforehand.
I only recently linked my domain to my ProtonMail account, so if I do switch it should be relatively painless given I'll transfer the domain too, and the original PM address has become more of a lost cause anyway due to spam.
I see a few people who don't want to switch due to the hassle it would take with changing email addresses, presumably because they use one of the @proton.me email domains. Get your own email domain! It's super cheap (if you choose one of the new TLDs, it can be as low as few dollars a year), the setup isn't really hard - you just change a few DNS values, and that's basically it - you can use whatever email you want that ends with your domain. It might take a while to slowly replace all your @proton.me emails with your domain one, but if you're not in a hurry and change any old mail you see during your day-to-day activities, you'll eventually be done with it, and you can set up mail forwarding to your domain for mail that arrives to your old @proton.me address.
And if you ever need to move to a different provider, you just change the DNS records again to a new provider, and your email will start coming to the new one immediately.
I highly-valued the cohesion and simplicity of having a suite of tools provided by a single vendor and all on a single bill, despite how often this turns into a vendor-lock-in strategy
Proton was part of my attempt to de-Google, precisely because it offered email (with custom CNAMEs), calendar, and storage, and because they open-sourced their clients and tools
Despite the UX and feature set being quite bare, I was okay with justifying this with the added privacy (which was a nice-to-have but not a deal-breaker for me)
It seems like all the alternatives are either less open-source, have even fewer features, are even less cohesive (indeed, I'd have to select entirely separate solutions and give up all integrations) or seem to have even fewer resources for development and project sustainability
I was looking at Proton for mail and calendar right around the time the Andy thing kicked off. I hadn’t yet pulled the trigger on Proton due to their fairly high pricing. I ultimately decided on Tuta for mail and calendar, and I have no issues using their native/desktop apps. I am still forwarding everything from my Gmail account as I slowly work through changing my email on key services. So far so good.
The one issue I had with Tuta is no ability to import mail unless you are at the highest priced tier. I’m on the middle one so no import. What I did instead was just download a copy of my Gmail to an MBOX file, and I have that on my desktop and access it with Thunderbird (read only) as needed. This was fine for me as I don’t have much mail of significance.
Switching was a small action, but one that made me feel immediately better, like I did something concrete in opposition to the rapidly enshittifying tech universe.
I bought a year of unlimited in November but I have canceled and will be migrating when my year is up
What's the deal with Lavabit these days? Are they good? I don't keep up with things that well. Am old man.
Unfortunately stuck with them for VPN (don't use any other service from them) . Lꝏking for alternatives with port forwarding . Welcome to hear suggestions
I use Azire for vpn since they own their servers and let you use a plain old wireguard client. Before that I used Mullvad but I need port forwarding and a few sites I frequent blocked it for some reason. Only use Proton’s VPN for less sensitive stuff and being able to exit in lots of countries. The inconsistency in all the apps’ UIs sort of irks me, and the lack of a drive client for Linux is a negative.
I only recently finished migrating all my email to Proton so I’m probably leaving it for now. But I’m eyeballing replacements. His comments on X seemingly sucking up to Trump weirds me out… especially after the shock and awe shit show happening this week
Me +wife were seriously considering switching to proton, but we had been "considering" for like half a year. So while the transfer now has been officially put on hold indefinitely, that's in practice no different from how it was before :)
Have considered tuta but there are several reasons I'm not sold on that service - primarily that they manage to give me (who isn't a techie!) the impression (I might be wrong...) of a walled garden where all the benefits /convenience of the service evaporate (??) as soon as you need to talk to a non-tuta user.(??)
From your description it sounds like the feature you might be thinking of as walled-garden-ing is end-to-end encrypted (e2ee) emails, which they call "confidential". The idea is that you can encrypt a message and send it to someone. The message they receive is actually just a link to a publicly-accessible page that Tuta hosts. You give the other person a password that they can enter on that page to read the email you sent and respond to it. If your recipient is also using Tuta, though, when you send an encrypted email it just shows up in their inbox like a regular email.
This is the standard way to handle secure emails, and it's actually a limitation of the email protocol. The way you would send an encrypted message to someone on another email server is to encrypt the email with your recipient's public key. Then the message goes to their email inbox like a regular email and they can use their private key to decrypt it (which is what Tuta does if you're sending an encrypted email to another Tuta user--they already have the recipient's public key). Email servers don't have a standard way to send each other public keys for accounts, so if you want to encrypt an email you either have to get the recipient's public key yourself and tell your email software to encrypt the message with it, or have your provider send a password protected link.
I actually just switched to Tuta. You can still get and receive normal unencrypted emails. The encryption is optional and not enabled by default. I don't have strong feelings one way or the other yet on the service as a whole. They just added the ability to import emails exported from another service, which is usually something email providers do pretty early on. Currently it's only available at the $8/month tier, but it's speculated that they'll roll it out to the $3/month tier once it's stable. That'll be a non-starter for a lot of people. The client UI is simple but functional. It was easy to set up my domain so I don't have to go into each account and update my email address. Yeah, no complaints so far, but also nothing that blows me away. There's a free tier if you wanted to just poke around.
Of course, bolting security on top of email is going to be a challenge, and require trade-offs between convenience and security.
It's likely that there are aspects of how Tuta works that I have misunderstood, but based on my understandings, this is my take:
For my use case, I believe tuta's choice of increased security isn't worth the added inconvenience for the people I'm communicating with who have to access our communications through a separate webpage instead of within their normal email inbox. (Perhaps they can export the emails from that site, but if so, they'd be unencrypted on their machine unless the user took manual steps to reenceypt, no?)
Secondly, I do not, IRL, know anybody else who uses Tuta, but I know a handful of people who do use PGP (for example through Proton). That would mean that communications with them would need to be unencrypted, or go through Tuta's portal, just as if they were regular gmail users. In contrast, if I were to choose a PGP based encryption, communicating with them - encrypted - would be more convenient. Less secure? Yes, but as I said above, that's a trade-off that I'm willing to make. Not to mention, if I no longer liked the service next year I ought be able to move on without ruining access to old emails, or really, even seeing an interruption in ongoing email conversations. Yes, that does require a custom domain to work in practice - I've set that as a precondition for whatever service I'm going to sign up for.
Thirdly, I mentioned a walled garden. Assume I were to use Tuta for a couple of years. People I regularly exchange encrypted mail with have gotten frustrated by having to use the portal and signed up for Tuta as well. One day, I decide that I would like to move elsewhere for whatever reason. Now I'm the one who have to use Tuta's portal whenever I want to communicate with my friends, because there's no other service that I can go to, that's compatible with Tuta's encryption. That's why I consider Tuta to be a walled garden.
I am glad that they finally did add import/export. When I took the service for a spin maybe a year and a half ago, import and export wasn't yet possible and a another reason too why I didn't join them already in mid 2023.
(BTW, have they fixed the Linux desktop app so that it can be used on a hi-dpi (4k) screen without a magnifying glass? Back then, that app refused to listen to any display scaling commands. I had to reconfigure the display resolution from 4k to 2k to be able to interact with the app.)
That all makes sense. You described yourself as a non-techie, so I misunderstood and thought you had assumed that all emails had to go through their portal.
You're correct that Tuta doesn't support PGP or S/MIME, which I didn't realize. I assumed that any email service that has the word "privacy" on their website would support both. I don't use personal email for sensitive communications, so I'm not in the habit of using PGP or S/MIME, but still... come on.
Their reasoning seems a bit silly. They say they don't support PGP because it doesn't encrypt the subject line, and it doesn't support post-quantum algorithms or forward secrecy. That's, at most, a warning line in the GUI, not something you just don't implement.
They say they don't implement S/MIME because of EFail, a seven year old vulnerability. They can't confirm that all external services have a mitigation in place for it. But again, just put a warning on the UI. Could even build a list of external providers that mitigate it and only show the warning if the user is sending to a system not on the list.
There are a lot of places on Tuta's website where they say they're working on features but don't specify a timeline, and a quick scan through their github issues finds some conversations where they indicate developer resources are low and they're focused on post quantum encryption first, but they said that for years. Seems they didn't implement basic features because they wanted the one big QC feature. They stated in 2020 that they intend to support PGP and Autocrypt, but they removed those from their roadmap. They're not a current priority.
"Once our PQ-encryption is in place we can consider how to best interop with others keeping benefits of perfect secrecy and post-quantum encryption." So it looks like they're letting Perfect be the enemy of Good.
Yep, I can totally see the walled garden aspect. If you want PGP, Autocrypt, or S/MIME, find another provider until Tuta gets around to implementing them. A lot of their communications read as though they don't have enough development staff to chew what they're biting off.
ETA: I don't see any scaling option in their desktop app, but you can launch it with GDK_DPI_SCALE=1.25 (or some other number) to embiggen it.
No. Because changing email providers is a royal pain in the ass. Changed from Google to Ctemplar and from that to proton a year later after ctemplar went down.
I am not going to use smaller email providers because of that experience, and proton still seems to be the best of both worlds.
I absolutely hate that i am supporting a CEO like that with my money but I'm not in the mood to migrate anytime soon. Took me more than a whole weekend last time.
No, I've not switched. While I disagree with his comments, that does not make me switch.
I am fine with using services provided by companies whose employees or leaders I don't 100% agree with all the time.
I don't like his comments, but honestly... I haven't had the energy or time.
When I have one, I lack the other.
Do I want to? Yes, in a sense. I have an enterprise grade server I could self-host a lot of services on, and it sounds like a fun project... but getting that all done? A task. Getting cooling, noise reduction (fucker is LOUD), and such installed? A bigger task that takes more money than I have available right now. All that jazz.
I'd moved from Bitwarden to Proton Pass only 6 months ago, so moving back wasn't too much of a difficult choice (both services have great import/export and Bitwarden even offers self-hosting)
I'd just go Keepass. Password managers don't need cloud to work. And Bitwarden could go rogue too.
A sociopath libertarian idiot.
The L part is the kind of person I want in charge of my encrypted data. Telling the government to fuck off because he legitimately can’t comprehend how government is a good thing.
I don't even know what he has said.
He said unnecessarily political things in a tweet which don't match the experiences of many people, at the exact worst moment possible. Then he doubled down on his statement with an official company account, which he later edited after there was backlash. The original comment. He's promised to post from a personal account in the future. In that same post he stated that "while the X post was not intended to be a political statement, I can understand how it can be interpreted as such, and therefore should not have been made".
In further discussions he described his political leanings as "probably closest to European center-left parties. But again, that's a massive generalization/simplification. Where that puts me on the American spectrum, I have no idea". That's not really part of the drama, but can be taken to imply that despite working with US legislators in the past and touting this work in his responses, he may not have fully understood the current political climate or party dynamics if he doesn't know which US party he more closely identifies with. Another interpretation could be that he knows full well and doesn't want to say either way because making a statement of partisan support is what put him in the hot water in the first place.
I linked original sources so you can do your own reading and come to your own conclusions. Personally I bounce between believing that he stepped in something he didn't mean to and he genuinely doesn't support either party, and thinking that he's too clever a man to not understand, especially since he has directly worked with US legislators on privacy issues and he doubled down in the comments after the general response was critical of his original tweet.
I was never on Proton. Back when I decided to degoogle my digital life I landed on a short list between proton and tutamail. So I deep dive into both. When I researched Proton it stank of corporate technobro culture. The crypto wallet, trying to be an everything platform/brand, style over functionality programming, the communications. It all reeked of corpo bs.
Their only pro was operating from Swiss legal protections. So I landed on Tuta. Not because they were any particularly better, but because they were focused on doing one thing and one thing only at a time. They were also more focused on features over marketing buzzwords which I liked.
I've got Keepass for password manager and Mullvad for VPN, and both have worked out really well for me so far. What I haven't been able to find is a good alternative to Proton Drive. For aliases I use Firefox Relay.
Tresorit is a bit pricey but very privacy focused and based in Switzerland.
I was hard considering it but if I do it then it would cost me way more.
Tuta ($3)+Simplelogin ($4)+Mullvad ($5) = $12
A proton unlimited plan costs $10. Also, when I was on a vpn plus plan, they upgraded me to unlimited so I'm only paying like $6.50 or something.
That’s how they get ya
i have free proton accounts as am not loggin in to close them because lazy. but i havent really used it anymore...maybe for trashmail stuff. mullvad is cooler and 1$ rootboxes anywhere also. disroot,riseup and so many other mailproviders are cool too. i dont get why proton is so relevant to some. did you guys buy a lifetime package or why?
I still use protonmail since it's hard to move mail instances after giving so many people my address but I've reconsidered my plans to switch to their vpn or paid plans.
Set your emails up with your own domain name. Never have this problem again.
This. I left proton and took my 300+ aliases with me. Took less than 30 min to switch from Simple Login to Addy
I have an account there that I use as a junk email account and their android calendar app. Nothing else. I used to use davx5 and caldav via my primary email provider but I had issues with it losing notification settings on recurring events. I may go look for a different calendar solution. I'll probably still use it for junk mail.
I use the following services, and have for a couple years now I think.
Mailfence for email Mullvad for VPN
Just uninstalled the app.
If I’m honest I did use it much because my friends mostly don’t encrypt emails.
I did manage to get them all on to Signal, so mostly use that for comms now.
Still use Gmail for email because I’m a corpo bootlicker like my friends.
I've been using Fastmail for over 10 years now and I love it. I haven't seen it mentioned a single time as an alternative.
There are a few alternatives in mind for me. Mailbox, posteo, disroot. Disroot is the only one among these with a free email. But posteo and mailbox do have cheap tiers. Posteo doesn't have support for custom domains last I checked.
That's just email. I've already not been using proton for almost everything else. KeepassXC for passwords, Addy.io for aliases, Syncthing and offline storage across my 3 devices instead of any Drive. VPN I rarely use so free proton is enough for that. Mullvad exists on the off chance I need it for a while (it's a constant price per month how many ever months you choose, and you can just "top up" with some amount and it will last you the appropriate number of days).