karawitan/ProtonMail Vs. LavaBit Vs. Tutanota

## ProtonMail Vs. LavaBit Vs. Tutanota
Email Provider Criteria

Email is a notoriously insecure protocol which is generally recommended
against for critical communications, particularly if exposed meta-data
is part of your threat model.

In any of all mentioned provider cases, the provider offers end-to-end encrypted only between users of the same solution. Only PGP is a universal way of sending encrypted emails to anyone, but unfortunately not enough people know how to use this. Zero knowledge encryption means key must be stored on the user’s device otherwise it’s not protected against state-sponsored criminals. Of course, this doesn’t mean they couldn’t give the government plain text messages — just that it would require them to actively attack the user in order steal the required password, up to now they haven’t done it, and most probable will not do so in the foreseeable future. It also means the provider is unable to recover (decrypt) data if password is lost. Tutanota explains that if they were requested to hand over inboxes (keeping in mind that this happens only with a valid German court order for criminal prosecution), all the data will be encrypted, even the Inbox rules are encrypted.


ProtonMail
===========

* Schwitzerland
Supports Tor: https://protonmail.com/tor .. see: https://protonirockerxow.onion/
* Store mailbox password in memory only, not session storage. This means
the user will have to re-enter the mailbox password if the page is
refreshed, but will avoid the mailbox password ever touching the disk if
 the browser caches session storage.
* Two factor authentication.
* Public Key Pinning (HPKP)
* Full PGP Support
* Source: https://github.com/ProtonMail/
* CERN/MIT/Caltech/Stanford working on it together
* This service requires two different passwords to get in. The first one
opens the site up, but the second one decrypts all the user’s data.
* Some privacy hardcores don’t like Protonmail because it holds the key on
 its servers, sending it to users so they can use it to decrypt in the
browser. It’s a fair critique, but it still takes users much further
down the road of security than Gmail.
* AES-256 symmetrically encrypted 2048 (OpenPGP.js)
* DANE/DNSsec
* Perfect Forward Secrecy
* Penetration tested by https://blog.protonmail.ch/protonmail-security-contributors
* Fully encrypted inbox
* Anonymous registration/payment
* You can also set messages to self-destruct after a number of hours,
days, or weeks into the future. To do that, you'll also need to set a
decryption password for the message. Once the message expires, it
becomes digital dust never to be seen again.
* Apps for iOS and Android
* Won't work on e.g. Thunderbird (third-party wrapper is coming, beta already avbl.)
* Language support: French, German, Russian, Spanish, Polish, Turkish, Ukranian, Dutch.
Pro:
* Auto-destruct emails between Protonmail users. Possible for external users if you set up a password protected email.
* You get a notification on your recovery email when you have a new email.
* Can disable recovery email.
* Asks for a GSM phone number.
* PGP encryption available.
* Servers are located in Switzerland, therefore under Swiss privacy protection laws. Read our article : Data Privacy in the 21st century: Germany vs Switzerland.
* Contacts import-export.
* Auto Unsubscribe.
* PIN protection for mobile apps.
* Auto-responder.
* Custom filters with Sieve.
* Desktop client bridge.


LavaBit
===========
* Dark Internet Mail Environment (DIME) support (for e.g. Thunderbird).
* DANE/DNSsec
* Perfect Forward Secrecy
* Penetration tested by ?
* Fully encrypted inbox
* Anonymous registration/payment
* Open signup is still not being offered; the signup page now requires a
promo code which may have been received by former customers and those
who took advantage of the early signup offer.
* Lavabit claims to have solved their fatal SSL weakness using a hardware security module (HSM). However, this is disingenuous at best, deceptive at worst. Now instead of asking for the SSL key, the US govt will simply ask for the HSM. In other words, the original problem that killed Lavabit still exists. Ladar either doesn't know any better, or isn't being truthful. Neither bodes well.
* Lavabit is strongly touting metadata protection via Darkmail protocol. However, they fail to mention that Darkmail metadata protection only works if you are communicating with an outside email provider, AND critically, if that other email provider also supports Darkmail. Since nobody uses Darkmail at this time, it's rather deceptive also to claim that Lavabit has metadata protection.
* There is still the issue of Lavabit being based in the US. The key takeaway from the first Lavabit was that you can't do secure email in the US. The risk of shutdown or other types of mandatory tampering is just too great, and it is unlikely that the new US presidential administration will be any friendlier than the last one towards privacy.
* Lavabit's biggest failure originally was really that Ladar deceived users and ultimately put them all at risk when he eventually handed over the encryption keys to the FBI. The technical failings and lack of cryptography knowledge were quite severe. Moxie (creator of Signal) has a more detailed writeup about it here: https://moxie.org/blog/lavabit-critique/


Tutanota
===========
* Apps for iOS and Android (plugin for Outlook)
* This service is based in Germany.
* Germany (Hannover)
* AES-128 (2048 bit RSA key)
* Two factor authentication.
* DANE/DNSsec
* Perfect Forward Secrecy
* Penetration tested by Syss GmbH
* Fully encrypted inbox: NO!
* Anonymous registration/payment (planned)
* Source: https://github.com/tutao/tutanota/
* Tor problems
(Pro)
* No recovery (email or SMS). The admin can recover for a user from the admin panel though.
* Doesn’t ask for a GSM phone number.
* Auto-synchronization with several devices and browsers.
* Servers are located in Germany therefore under German privacy protection laws. Read our article : Data Privacy in the 21st century: Germany vs Switzerland.
* Dual encryption mechanism.
* Uses DANE on top of SSL and PFS.


Shared features between Tutanota Premium and Protonmail (Plus)
===========
* End-to-end, zero-knowledge encryption.
* Open source.
* Own business domain.
* Each user can set up multiple aliases.
* Multi-platform.
* Web-based on desktops.
* Password protected emails for external users.
* No IMAP/POP3 support.
* No logging of users’ data.
* Local encryption of data.
* Drag and drop messages.
* Bitcoin payments.
* Two-factor authentication.
* Professional plan with multi-user support.

Conclusion
===========

Sadly Tutanota has different ideas about password security than I do. I used a standard 18 lower case character password – without dressing – and it showed as “Password is not secure enough”. Well, as we all know, that’s bullshit. But, I pushed the password out to 27 lower case characters and was welcomed to the club. As an experiment when I added “dressing” [Capitals and #@+*] the “Password was not secure enough” unless it had 11 characters – with a minimum of 3 bullshit characters. I used 2 capitals and a $. If you feel like only using 2 specials the magic number is 17. This is a no-go.

As with ProtonMail, it is certainly not perfect, and should not be considered secure against the NSA – encryption using JavaScript within the browser is not very secure, and Germany is not the ideal location for a privacy service (but then where is?). It is, however, vastly more secure and private than most webmail services, and it has a nice mobile app.

Whether you prefer ProtonMail or Tutanota really depends on what features are important to you – ProtonMail has a much more fully featured interface (Tutanota’s complete lack of a draft function is a total bummer + the Android app is slow and not really well handable), but Tutanota allows even non-user recipients to reply securely to encrypted emails*, and encrypts the subject line and attachments, in addition to an email’s body.

Everyone has a different scale and perception to any external factors. If the comfort of using Gmail is far greater than you perceive the security risks, you might just want to stick with Gmail. What matters is that you are the one in control of your decisions, and that you decide with all cards in hands. Personally I like using daily mails without breaking much, so ProtonMail is perfect and good enough for me, the support is constantly working on it and there usually fast.


Research:
* https://arno0x0x.wordpress.com/2015/09/16/end2end-encryption-protonmail/
* https://www.wired.com/2015/10/mr-robot-uses-protonmail-still-isnt-fully-secure/
* https://protonmail.com/security-details
* https://protonmail.com/privacy-policy
* https://protonmail.com/blog/secure-email-roadmap/
* http://sigaintevyh2rzvw.onion/
* http://deepdot35wvmeyd5.onion/2015/02/16/interview-sigaint-darknet-email-admin/
* http://deepdot35wvmeyd5.onion/2015/04/26/70-malicious-tor-exit-nodes-exposed-by-siganit-org/
* https://tutanota.com/blog/posts/trump-family-encryption
* https://i2pbote.xyz/
* https://www.theregister.co.uk/2014/07/11/tutanota/
* https://tutanota.de/blog/posts/tutanota-and-tor (fixed Aug. 2017)
* https://moxie.org/blog/lavabit-critique/
* https://f-droid.org/forums/topic/tutanota/
* https://theintercept.com/2017/01/20/encrypted-email-service-once-used-by-edward-snowden-to-relaunch/
* http://www.linux-community.de/Internal/Artikel/Print-Artikel/LinuxUser/2015/03/Sichere-re-Mailanbieter
* https://tutanota.com/blog/old-blog/bA7ez.html
* https://tutanota.uservoice.com/forums/237921-general/suggestions/6858986-2-factor-authentication
* https://www.theregister.co.uk/2014/07/11/tutanota/
* https://www.heise.de/ct/ausgabe/2014-4-Die-Schwaechen-der-E-Mail-und-was-dagegen-hilft-2092851.html See:  https://tutanota.com/blog/old-blog/bA7ez.html
* https://tutanota.com/blog/posts/data-privacy-germany
* https://techcrunch.com/2017/01/20/security-researchers-call-for-guardian-to-retract-false-whatsapp-backdoor-story/
* https://proturk.com/blog/new-generation-secure-mail-providers-lavaboom-vs-protonmail-vs-tutanota/
* https://landing.google.com/advancedprotection/
* https://en.wikipedia.org/wiki/Threat_model
* https://www.usenix.org/system/files/1401_08-12_mickens.pdf
* http://w2spconf.com/2008/papers/s2p1.pdf
* https://www.nytimes.com/2017/06/23/technology/gmail-ads.html
* https://gsuite.google.com

Serious alternatives
* https://countermail.com/ - Countermail
* https://mynigma.org/en/ - Mynigma
* https://www.virtru.com/ - Virtru

Tests & Addons
* https://www.ssllabs.com/ssltest/index.html
* https://emailprivacytester.com/
* https://addons.mozilla.org/en-US/thunderbird/addon/paranoia/

Setup your own Server
* https://mailinabox.email/
* http://www.iredmail.org/

Credits
* [Your provider] By paying for your email service, consumers help support companies that make spam difficult.
	Email Provider Criteria

	Email is a notoriously insecure protocol which is generally recommended
	against for critical communications, particularly if exposed meta-data
	is part of your threat model.

	In any of all mentioned provider cases, the provider offers end-to-end encrypted only between users of the same solution. Only PGP is a universal way of sending encrypted emails to anyone, but unfortunately not enough people know how to use this. Zero knowledge encryption means key must be stored on the user’s device otherwise it’s not protected against state-sponsored criminals. Of course, this doesn’t mean they couldn’t give the government plain text messages — just that it would require them to actively attack the user in order steal the required password, up to now they haven’t done it, and most probable will not do so in the foreseeable future. It also means the provider is unable to recover (decrypt) data if password is lost. Tutanota explains that if they were requested to hand over inboxes (keeping in mind that this happens only with a valid German court order for criminal prosecution), all the data will be encrypted, even the Inbox rules are encrypted.


	ProtonMail
	===========

	* Schwitzerland
	Supports Tor: https://protonmail.com/tor .. see: https://protonirockerxow.onion/
	* Store mailbox password in memory only, not session storage. This means
	the user will have to re-enter the mailbox password if the page is
	refreshed, but will avoid the mailbox password ever touching the disk if
	the browser caches session storage.
	* Two factor authentication.
	* Public Key Pinning (HPKP)
	* Full PGP Support
	* Source: https://github.com/ProtonMail/
	* CERN/MIT/Caltech/Stanford working on it together
	* This service requires two different passwords to get in. The first one
	opens the site up, but the second one decrypts all the user’s data.
	* Some privacy hardcores don’t like Protonmail because it holds the key on
	its servers, sending it to users so they can use it to decrypt in the
	browser. It’s a fair critique, but it still takes users much further
	down the road of security than Gmail.
	* AES-256 symmetrically encrypted 2048 (OpenPGP.js)
	* DANE/DNSsec
	* Perfect Forward Secrecy
	* Penetration tested by https://blog.protonmail.ch/protonmail-security-contributors
	* Fully encrypted inbox
	* Anonymous registration/payment
	* You can also set messages to self-destruct after a number of hours,
	days, or weeks into the future. To do that, you'll also need to set a
	decryption password for the message. Once the message expires, it
	becomes digital dust never to be seen again.
	* Apps for iOS and Android
	* Won't work on e.g. Thunderbird (third-party wrapper is coming, beta already avbl.)
	* Language support: French, German, Russian, Spanish, Polish, Turkish, Ukranian, Dutch.
	Pro:
	* Auto-destruct emails between Protonmail users. Possible for external users if you set up a password protected email.
	* You get a notification on your recovery email when you have a new email.
	* Can disable recovery email.
	* Asks for a GSM phone number.
	* PGP encryption available.
	* Servers are located in Switzerland, therefore under Swiss privacy protection laws. Read our article : Data Privacy in the 21st century: Germany vs Switzerland.
	* Contacts import-export.
	* Auto Unsubscribe.
	* PIN protection for mobile apps.
	* Auto-responder.
	* Custom filters with Sieve.
	* Desktop client bridge.


	LavaBit
	===========
	* Dark Internet Mail Environment (DIME) support (for e.g. Thunderbird).
	* DANE/DNSsec
	* Perfect Forward Secrecy
	* Penetration tested by ?
	* Fully encrypted inbox
	* Anonymous registration/payment
	* Open signup is still not being offered; the signup page now requires a
	promo code which may have been received by former customers and those
	who took advantage of the early signup offer.
	* Lavabit claims to have solved their fatal SSL weakness using a hardware security module (HSM). However, this is disingenuous at best, deceptive at worst. Now instead of asking for the SSL key, the US govt will simply ask for the HSM. In other words, the original problem that killed Lavabit still exists. Ladar either doesn't know any better, or isn't being truthful. Neither bodes well.
	* Lavabit is strongly touting metadata protection via Darkmail protocol. However, they fail to mention that Darkmail metadata protection only works if you are communicating with an outside email provider, AND critically, if that other email provider also supports Darkmail. Since nobody uses Darkmail at this time, it's rather deceptive also to claim that Lavabit has metadata protection.
	* There is still the issue of Lavabit being based in the US. The key takeaway from the first Lavabit was that you can't do secure email in the US. The risk of shutdown or other types of mandatory tampering is just too great, and it is unlikely that the new US presidential administration will be any friendlier than the last one towards privacy.
	* Lavabit's biggest failure originally was really that Ladar deceived users and ultimately put them all at risk when he eventually handed over the encryption keys to the FBI. The technical failings and lack of cryptography knowledge were quite severe. Moxie (creator of Signal) has a more detailed writeup about it here: https://moxie.org/blog/lavabit-critique/



	Tutanota
	===========
	* Apps for iOS and Android (plugin for Outlook)
	* This service is based in Germany.
	* Germany (Hannover)
	* AES-128 (2048 bit RSA key)
	* Two factor authentication.
	* DANE/DNSsec
	* Perfect Forward Secrecy
	* Penetration tested by Syss GmbH
	* Fully encrypted inbox: NO!
	* Anonymous registration/payment (planned)
	* Source: https://github.com/tutao/tutanota/
	* Tor problems
	(Pro)
	* No recovery (email or SMS). The admin can recover for a user from the admin panel though.
	* Doesn’t ask for a GSM phone number.
	* Auto-synchronization with several devices and browsers.
	* Servers are located in Germany therefore under German privacy protection laws. Read our article : Data Privacy in the 21st century: Germany vs Switzerland.
	* Dual encryption mechanism.
	* Uses DANE on top of SSL and PFS.


	Shared features between Tutanota Premium and Protonmail (Plus)
	===========
	* End-to-end, zero-knowledge encryption.
	* Open source.
	* Own business domain.
	* Each user can set up multiple aliases.
	* Multi-platform.
	* Web-based on desktops.
	* Password protected emails for external users.
	* No IMAP/POP3 support.
	* No logging of users’ data.
	* Local encryption of data.
	* Drag and drop messages.
	* Bitcoin payments.
	* Two-factor authentication.
	* Professional plan with multi-user support.

	Conclusion
	===========

	Sadly Tutanota has different ideas about password security than I do. I used a standard 18 lower case character password – without dressing – and it showed as “Password is not secure enough”. Well, as we all know, that’s bullshit. But, I pushed the password out to 27 lower case characters and was welcomed to the club. As an experiment when I added “dressing” [Capitals and #@+*] the “Password was not secure enough” unless it had 11 characters – with a minimum of 3 bullshit characters. I used 2 capitals and a $. If you feel like only using 2 specials the magic number is 17. This is a no-go.

	As with ProtonMail, it is certainly not perfect, and should not be considered secure against the NSA – encryption using JavaScript within the browser is not very secure, and Germany is not the ideal location for a privacy service (but then where is?). It is, however, vastly more secure and private than most webmail services, and it has a nice mobile app.

	Whether you prefer ProtonMail or Tutanota really depends on what features are important to you – ProtonMail has a much more fully featured interface (Tutanota’s complete lack of a draft function is a total bummer + the Android app is slow and not really well handable), but Tutanota allows even non-user recipients to reply securely to encrypted emails*, and encrypts the subject line and attachments, in addition to an email’s body.

	Everyone has a different scale and perception to any external factors. If the comfort of using Gmail is far greater than you perceive the security risks, you might just want to stick with Gmail. What matters is that you are the one in control of your decisions, and that you decide with all cards in hands. Personally I like using daily mails without breaking much, so ProtonMail is perfect and good enough for me, the support is constantly working on it and there usually fast.


	Research:
	* https://arno0x0x.wordpress.com/2015/09/16/end2end-encryption-protonmail/
	* https://www.wired.com/2015/10/mr-robot-uses-protonmail-still-isnt-fully-secure/
	* https://protonmail.com/security-details
	* https://protonmail.com/privacy-policy
	* https://protonmail.com/blog/secure-email-roadmap/
	* http://sigaintevyh2rzvw.onion/
	* http://deepdot35wvmeyd5.onion/2015/02/16/interview-sigaint-darknet-email-admin/
	* http://deepdot35wvmeyd5.onion/2015/04/26/70-malicious-tor-exit-nodes-exposed-by-siganit-org/
	* https://tutanota.com/blog/posts/trump-family-encryption
	* https://i2pbote.xyz/
	* https://www.theregister.co.uk/2014/07/11/tutanota/
	* https://tutanota.de/blog/posts/tutanota-and-tor (fixed Aug. 2017)
	* https://moxie.org/blog/lavabit-critique/
	* https://f-droid.org/forums/topic/tutanota/
	* https://theintercept.com/2017/01/20/encrypted-email-service-once-used-by-edward-snowden-to-relaunch/
	* http://www.linux-community.de/Internal/Artikel/Print-Artikel/LinuxUser/2015/03/Sichere-re-Mailanbieter
	* https://tutanota.com/blog/old-blog/bA7ez.html
	* https://tutanota.uservoice.com/forums/237921-general/suggestions/6858986-2-factor-authentication
	* https://www.theregister.co.uk/2014/07/11/tutanota/
	* https://www.heise.de/ct/ausgabe/2014-4-Die-Schwaechen-der-E-Mail-und-was-dagegen-hilft-2092851.html See: https://tutanota.com/blog/old-blog/bA7ez.html
	* https://tutanota.com/blog/posts/data-privacy-germany
	* https://techcrunch.com/2017/01/20/security-researchers-call-for-guardian-to-retract-false-whatsapp-backdoor-story/
	* https://proturk.com/blog/new-generation-secure-mail-providers-lavaboom-vs-protonmail-vs-tutanota/
	* https://landing.google.com/advancedprotection/
	* https://en.wikipedia.org/wiki/Threat_model
	* https://www.usenix.org/system/files/1401_08-12_mickens.pdf
	* http://w2spconf.com/2008/papers/s2p1.pdf
	* https://www.nytimes.com/2017/06/23/technology/gmail-ads.html
	* https://gsuite.google.com

	Serious alternatives
	* https://countermail.com/ - Countermail
	* https://mynigma.org/en/ - Mynigma
	* https://www.virtru.com/ - Virtru

	Tests & Addons
	* https://www.ssllabs.com/ssltest/index.html
	* https://emailprivacytester.com/
	* https://addons.mozilla.org/en-US/thunderbird/addon/paranoia/

	Setup your own Server
	* https://mailinabox.email/
	* http://www.iredmail.org/

	Credits
	* [Your provider] By paying for your email service, consumers help support companies that make spam difficult.