I personally suggest Tuta (and I use it daily) over Proton. Several reasons:
Proton:
- it is leaky in terms of social graph encryption. Sun Knudsen has a great video about it (https://youtu.be/GdDFUycXR_M&t=0)
- had this case about the climate activist (https://www.theverge.com/2021/9/6/22659861/protonmail-swiss-court-order-french-climate-activist-arrest-identification). And since they position themselves as a privacy company, this looks disturbing.
- I’d prefer a such a privacy oriented company to be more open to anonymous payment methods.
Overall, Proton seems like a little more privacy-conscious Gmail alternative.
Tuta
- doesn’t use Google/Apple notification servers
- encrypts more stuff than Proton
PS In both cases, emails are not end-to-end encrypted. Even though both are marketed with E2E encryption by default. Again, Sun Knudsen has a great video about the topic (https://youtu.be/G2Jh8bQ2wM8&t=501).
Also, as far as I remember, Proton is more expensive while having less features (the cheapest option) than Tuta.
I agree with what others have already said about Proton being “good enough” for some threat models. And I second the argument about other options – such as Tuta for email, Mullvad for VPN, etc.
I’d just add one more thing. Once a company offers me to “handle” my digital privacy toolkit, I loose trust. Because a) it’s less resilient b) less secure c) less private. I would think twice before trusting emails, calendars, contacts, passwords and network security — to a single company.