That all makes sense. You described yourself as a non-techie, so I misunderstood and thought you had assumed that all emails had to go through their portal.

You’re correct that Tuta doesn’t support PGP or S/MIME, which I didn’t realize. I assumed that any email service that has the word “privacy” on their website would support both. I don’t use personal email for sensitive communications, so I’m not in the habit of using PGP or S/MIME, but still… come on.

Their reasoning seems a bit silly. They say they don’t support PGP because it doesn’t encrypt the subject line, and it doesn’t support post-quantum algorithms or forward secrecy. That’s, at most, a warning line in the GUI, not something you just don’t implement.

They say they don’t implement S/MIME because of EFail, a seven year old vulnerability. They can’t confirm that all external services have a mitigation in place for it. But again, just put a warning on the UI. Could even build a list of external providers that mitigate it and only show the warning if the user is sending to a system not on the list.

There are a lot of places on Tuta’s website where they say they’re working on features but don’t specify a timeline, and a quick scan through their github issues finds some conversations where they indicate developer resources are low and they’re focused on post quantum encryption first, but they said that for years. Seems they didn’t implement basic features because they wanted the one big QC feature. They stated in 2020 that they intend to support PGP and Autocrypt, but they removed those from their roadmap. They’re not a current priority.

“Once our PQ-encryption is in place we can consider how to best interop with others keeping benefits of perfect secrecy and post-quantum encryption.” So it looks like they’re letting Perfect be the enemy of Good.

Yep, I can totally see the walled garden aspect. If you want PGP, Autocrypt, or S/MIME, find another provider until Tuta gets around to implementing them. A lot of their communications read as though they don’t have enough development staff to chew what they’re biting off.

ETA: I don’t see any scaling option in their desktop app, but you can launch it with GDK_DPI_SCALE=1.25 (or some other number) to embiggen it.

From your description it sounds like the feature you might be thinking of as walled-garden-ing is end-to-end encrypted (e2ee) emails, which they call “confidential”. The idea is that you can encrypt a message and send it to someone. The message they receive is actually just a link to a publicly-accessible page that Tuta hosts. You give the other person a password that they can enter on that page to read the email you sent and respond to it. If your recipient is also using Tuta, though, when you send an encrypted email it just shows up in their inbox like a regular email.

This is the standard way to handle secure emails, and it’s actually a limitation of the email protocol. The way you would send an encrypted message to someone on another email server is to encrypt the email with your recipient’s public key. Then the message goes to their email inbox like a regular email and they can use their private key to decrypt it (which is what Tuta does if you’re sending an encrypted email to another Tuta user–they already have the recipient’s public key). Email servers don’t have a standard way to send each other public keys for accounts, so if you want to encrypt an email you either have to get the recipient’s public key yourself and tell your email software to encrypt the message with it, or have your provider send a password protected link.

I actually just switched to Tuta. You can still get and receive normal unencrypted emails. The encryption is optional and not enabled by default. I don’t have strong feelings one way or the other yet on the service as a whole. They just added the ability to import emails exported from another service, which is usually something email providers do pretty early on. Currently it’s only available at the $8/month tier, but it’s speculated that they’ll roll it out to the $3/month tier once it’s stable. That’ll be a non-starter for a lot of people. The client UI is simple but functional. It was easy to set up my domain so I don’t have to go into each account and update my email address. Yeah, no complaints so far, but also nothing that blows me away. There’s a free tier if you wanted to just poke around.

He said unnecessarily political things in a tweet which don’t match the experiences of many people, at the exact worst moment possible. Then he doubled down on his statement with an official company account, which he later edited after there was backlash. The original comment. He’s promised to post from a personal account in the future. In that same post he stated that “while the X post was not intended to be a political statement, I can understand how it can be interpreted as such, and therefore should not have been made”.

In further discussions he described his political leanings as “probably closest to European center-left parties. But again, that’s a massive generalization/simplification. Where that puts me on the American spectrum, I have no idea”. That’s not really part of the drama, but can be taken to imply that despite working with US legislators in the past and touting this work in his responses, he may not have fully understood the current political climate or party dynamics if he doesn’t know which US party he more closely identifies with. Another interpretation could be that he knows full well and doesn’t want to say either way because making a statement of partisan support is what put him in the hot water in the first place.

I linked original sources so you can do your own reading and come to your own conclusions. Personally I bounce between believing that he stepped in something he didn’t mean to and he genuinely doesn’t support either party, and thinking that he’s too clever a man to not understand, especially since he has directly worked with US legislators on privacy issues and he doubled down in the comments after the general response was critical of his original tweet.

Yes, I canceled my Ultimate account. Andy can believe whatever he wants in private, but publicly stepping outside of non-partisan policy advocacy at this exact moment in time was a red flag, doubly so because he espoused his personal politics through an official business account in his response to the Reddit thread.

Email/calendar went to Tuta, AirVPN for VPN, BitWarden for passwords. Everything is encouragingly smooth so far.

Fair warning: Tuta’s email import is very new and only available on the more expensive tier at the moment (not sure if that’s permanent). I didn’t have any problems, but there were some issues a few weeks ago.

I do think people are over-reacting to Andy’s words and assigning him political views he didn’t express. He didn’t endorse Trump or the Republican party at large, and definitely didn’t “go full MAGA” or express Nazi sympathies. His statements about Democrats I partially agree with and partially disagree. His remarks about the priorities and actions of Republicans, though, were pure tailpipe-huffing fantasy. Being able to say these absurd things in public–under an official business account no less–shows poor judgement and implies he might believe other absurd things he isn’t willing to say publicly.

Another factor in my decision: Proton’s privacy policy specifies they can modify the policy at any time with no notification to users, and deems continued use of the services as agreement to the updated terms. The updated terms they didn’t notify you about.

That being said, no service provider is perfect. I don’t think Proton stores enough data to really be a concern if they turned over everything they have. But this whole thing is based on trust. Even with their clients being open-source software, you’re trusting that they always serve the same browser scripts that they published. You trust that the password you provide at key generation or login isn’t ever passed back to their servers. You trust that they don’t keep unencrypted copies of your emails, files, or VPN activity. You trust that they aren’t going to modify their privacy policy and quietly undo protections you thought you had.

The way Andy responded was enough to question my trust in the company with him at the helm. I didn’t leave as a heavy rebuke, just as a “do better”. There are plenty of other companies which provide equivalent services. That’s the risk companies take when a major part of their market is ideological people: if you chafe their ideology they’re more likely to put the effort into leaving.