Email Comparison Table
Comparison tables are often used to show the differences between services. We respect these services, we have reviewed this table with both services and even recommend to them our users when we are not able to meet demand. This is an analysis of the features we feel are important.
ProtonMail strengths not mentioned above: ProtonMail launched May 16, 2014 and CTemplar launched September 5th 2018. ProtonMail’s added experience in this industry has created a more polished service than CTemplar. Protonmail also maintains the OpenPGPjs library that we use. We are grateful for their contributions and wrote a post about it.
Tutanota’s strengths not mentioned above: Tutanota was the first secure email service to go open source for F-Droid.
- Brute force attacks are only successful when thousands of combinations can be rapidly attempted. CTemplar, Tutanota & ProtonMail all disable login attempts when multiple failed password attempts are detected.
- The “Zero-Knowledge Password Proof” involves hashing and salting users passwords. You can read a simplified version or the version published by Stanford’s cryptography department. When this technology is utilized no one is able to know the users password except the user. The webmail service only has the users hashed password and can not reverse the hash. Only the user can log into their account.
- Subresource Integrity (SRI) makes it impossible for an attacker to hack you (serving malicious code) during your website visit. CTemplar was the very first secure email service to enable this functionality. You can read more about it here, or here.
- CTemplar developed a combination of SRI & Checksums that has never been used before. This makes it impossible for CTemplar to hack you (serve you malicious code). You can read more about this on our blog post about it. This makes CTemplar the very first “Zero Access” end to end encrypted webmail service provider. We are the first webmail service that cant access users data even if we wanted to.
- The “14 Eyes” are a group of 14 countries that have agreements to share information with each other. Edward Snowden revealed that this agreement results in extensive privacy violations. The majority of privacy experts strongly recommend that you should avoid using a service within the 14 eyes.
- MLAT treaties require broad and all-encompassing cooperation. If the US asks for data from a country with an MLAT treaty then the country must do everything within its power to provide what is requested. The treaty can be utilized to turn your mobile device into a tracking device recording your location. An example of this is the Swiss MLAT treaty which can require a Swiss company to “make every effort to ascertain
the whereabouts and addresses” of their users. Countries with MLAT treaties include Belgium, Switzerland, and Canada.
- Users use 2 Factor Authentication (2FA) to provide greater security for their accounts. Some email services, like ProtonMail, have the ability to disable users’ 2FA. They provide this as a service so they can restore access to users’ accounts if a user loses 2FA.
- Users who log into their account will be shown an “Anti-Phishing Phrase”. If you log into your account and you do not see that phrase then you know that you have logged into a fake website that is trying to steal your account. When a user notices the absence of this phrase they should visit “www.ctemplar.com and change their account’s password immediately. CTemplar is the first to offer Phishing Protection.
- Swiss email services are legally required to obey the Swiss/US MLAT treaty. This treaty allows the US government to request “Documents, records & articles” of any users. Tutanota’s Terms of Service only allows account per person and may use IP monitoring to enforce it.
- ProtonMail and CTemplar both accept Bitcoin. Tutanota does not. Bitcoin is NOT anonymous. CTemplar is the only email service that accepts payment using the most anonymous currency, Monero(XMR). Currently, we are only accepting Monero (XMR) payment via email. After the user sends the Monero the user’s account will be credited & upgraded. Some service allows paying with cash through the mail. However, this can be problematic with recent developments in tracking physical mail.