michaelwalsh

Tech 4 min read

Email & Encryption

Computer screen with encrypted info

Encryption is a hot tech buzzword in 2025. But what is it, why is it important for your email, and what do the top players offer over those email companies that serve "everyone"?

Table of Contents

Whaaaaaaaat ....Is Encryption?

Imagine you want to send a secret note to your friend. With Gmail or Outlook, you usually hand the note to Google or Microsoft first. They put it in an envelope, deliver it, but they keep a copy of the key so they can still peek inside if they want. They say they’re just “helping” — for spam detection or smart features — but the point is, they control the lock.

(or, if you prefer, imagine you have nowhere to undress, and the other person in the room promises to not peek.... but then peeks, just to make sure you are healthy under the clothes you're wearing)

Proton Mail and Tuta Mail work differently. Here’s the metaphor:

  • Locking the Safe on Your Side:
    When you write a message, your phone or computer puts it into a safe right on the device you are using. Before it ever leaves your hands, the safe is locked shut.

  • Sending the Safe, Not the Note:
    Proton or Tuta’s servers only store or deliver that locked safe. They never see the note inside. To them, it just looks like a jumble of random letters and numbers — total nonsense.

  • Only Your Friend Has the Key:
    The person you’re writing to has the matching key. When they open their Proton or Tuta account, their device unlocks the safe and shows the real message.

Which End Is End-To-End?

Ok, so now that is clear, right? But there's different types of encryption. Maybe you've even overheard people talking about end-to-end encryption at the local coffee shop or supermarket, right? :)

This is what people mean by end-to-end encryption (E2EE):

  • The lock (encryption) happens on your device.

  • The safe travels locked through the internet.

  • Only the right recipient’s device can unlock it.

Proton calls this a zero-access design:

“All messages in Proton Mail are encrypted on the client side using open source cryptographic libraries before they reach our servers. We do not have access to your messages.” (Proton Docs)

Tuta says more or less the same:

“All data is encrypted directly on your device before being transferred to our servers. We have no access to your private keys.” (Tuta Blog)

What About Gmail?

For most people, Gmail works differently:

  • Default Gmail: Google controls the keys. While they say they stopped scanning email content for ads in 2017, Gmail still scans messages automatically for “smart features” like spam filtering, reminders, and autocomplete - "Trust me, my eyes are closed"

  • To Be Fair News (September 2025): Some Google Workspace users now have access to client-side encryption. This means those accounts can send and receive messages that are encrypted on the device before reaching Google’s servers (Google Workspace Updates)
  • Limits: Client-side encryption in Gmail is not available to free Gmail users. Most people on Gmail still rely on Google holding the keys.

Why Proton / Tuta Then?

It's all really confusing and technical (even to someone who is immersed in tech). Many on the internet will argue their last breath away to convince you why their favorite company is the best, or why this is not important at all (if you are reading Reddit, you've been warned).

Bottom line to understand is this:

  • Proton and Tuta: End-to-end encryption is standard for everyone — even free users. The companies literally do not have your keys, so they cannot read your messages. Free as in beer. You can sign up for one (or both) and kick the tires around.

  • Gmail: Encryption is mostly server-side. Only a limited group of Workspace accounts can use client-side encryption, while billions of free Gmail users still depend on Google’s systems having access.

So if we go back to the metaphor:

  • Gmail: Like giving your diary to a friend (or stranger) who promises not to peek… but still holds the master key.

  • Proton and Tuta: Like writing in an unbreakable diary where only you and your friend have the key. Even the company storing the diary can’t open it.

This is how Proton and Tuta are different: they made privacy the default, not a premium extra. And fair disclosure: I use Proton. I would recommend either of them to be honest. And if you can't decide, consider this:

Are you coming from Google's ecosystem and like all the different services they offer? Go Proton

Are you a Linux user looking mainly for email? Go Tuta

Just looking for email? Either works

You should also read: