I’m not really saying that what Tutanota does is insecure, but historically doing security on your own instead of using established standards has not been a winning move.
Plus their unwillingness to open source it and not sharing the audits just doesn’t inspire my confidence.
Overall they’re probably fine, but these are some of the main reasons I ultimately chose Proton instead.
BTW, they’re not “slowly developing” post-quantum encryption, they’re just saying they may do that at some point in the future - which everyone will have to do anyway when we get to this point.
Tutanota doesn’t share their security audits, which Proton does.
Also, IIRC Tutanota uses their own custom encryption implementation, while Proton contributes to open source OpenPGP projects.
And when in the past the the Swiss gov ordered Proton to do some limited tracking for a specific user, after that they went to the court and succeeded in changing the law so it’s no longer possible to order this tracking.
Proton might not be ideal, but they seem to actually care about making the Internet a safer place.
I didn’t watch the video, because I don’t have 15 minutes to listen to what sounds like a conspiracy theory, but the source link for his info he put in description is dead, so that doesn’t inspire confidence…
Anyway, how would a Swiss company be a honey pot for the feds?