Proton vs Tutanota vs Microsoft 365


I am searching for options for my emails (along with my wife). Currently I have M365 Business Premium and Proton Unlimited. On Proton I have privacy related accounts connected with aliases coming from SimpleLogin, and on my M365 I have my financial, shopping and government related accounts connected.

My question will be, considering M365 Business Premium is not as same as the personal counterpart, do I still need Proton mail for privacy and security?

I am already using Onedrive and MS Office apps and I don’t need Proton Pass, VPN (using Windscribe instead), Calendar and Drive. Also, cost is very high with Proton Unlimited, and just getting Mail Plus… dunno if it is worth it.

There is also Tutanota but never used them before.

I am also open to suggestions about other tools. I will be using mails on Windows and iOS devices.

I use, its only 12€/yr and PG recommends

I don’t know enough to say how privacy respecting M365 Business Premium (I would guess its not great) but it sounds like, at least in the short term, just downgrading to the free proton or mail+ while keeping simplelogin would save you some money.

It is hard to say what’s worth it to you, without knowing what kind of budget you have or if what mail+ offers is even needed for your use case.

M365 is different from personal Outlook. I have DLP, compliance and security policies in place. Datacenter is in Germany and according to them they are respecting GDPR and other privacy laws. page is in German but easy to translate

My budget is around 20-25 Euro / month for me and wife.

I am also thinking about Google Workspace but last time I tried it was like 3-4 years ago.

1 Like

While I think you’d be fine with 365, I’d personally still recommend you switch to company that cares more about your privacy, and have less anti-consumer practices.

Do remember that “Follows GDPR” just means legally following the EU law, just enough to not trigger a lawsuit, the absolute bare minimum.

Uh yeah and they will also “follow” US law even in EU datacenters.
It’s surely better than personal licences but it’s not in any way comparable to what proton offers. Proton cannot read your email, Microsoft in fact can.


If Im going to choose between Google and Microsoft, I’d go with Google because of MS’ historic shenanigans.

Not to discount the current Evil of Google, of course, you can choose better.

I’d say owing a domain for email purposes would be more important rather than the actual provider. That way, you can look and try around for a better email provider among the list that PG site recommends.

I am actually not agreeing with this. Microsoft at least for businesses is much more willing to make agreements on data protection and usage. Google has more the take it or leave it mentality.


It could be, I’m basing my sentiment from the Windows side of Microsoft thats seems to make questionable decisions as reflected in their printnightmare vulnerability some few years back. I cant seem to find the source but I’ve heard the term “insecure by design” at that time.

They had vulnerabilities which were not fixed quickly on Exchange side, but they are fixing cloud services very fast.

One positive thing about MS service, conditional access. I can set conditions, like IPs allowed, conditions of the device and OS, even OS version and installed apps. That provides a lot of security to my accounts. For example, even if my wife uses a very simple password, and her 2FA is only a standard TOTP app, no one can connect to her account unless they install Intune app, use specific IP and country, uses specific set of serial numbered devices and get compliance ok sign.

I know it is a business feature but it is making accounts very secure.

I really don’t know if Microsoft itself is reading the messages on business accounts but if they are doing such thing, then it would mean they will get a lot of lawsuits.

On personal accounts, yes, they are using mails and photos for ads.

Really I think this question can come down to a few things. Unless you’re using the business related features of M365, there probably isn’t a whole lot of need, and you could just go with Proton to save cost.

Proton however lacks in things like shared inboxes, ACLs, or collab features like shared distribution lists and would be inappropriate for a business where auditing and compliance is necessary., which was previously mentioned has some of the features. The OpenExchange doc editing though is nowhere near as good as MS office though and I wouldn’t rely on it for document compliance. They do have some team features though ie shared calendars etc. Less data is encrypted though (ie calendars and contacts are not at rest).

As far as privacy goes, any of the options are fine. Proton does have the benefit of making PGP easier to use, so that might mean you might get some use of the E2EE features between yourself and other Proton users (or PGP users if you add their keys). also has PGP support from webmail as well. MS365 doesn’t really support PGP so you’d need a program like Thunderbird or Outlook on your desktop.


I am not a fan web apps, and using Outlook desktop app most of the time

That’s not really a privacy related choice I guess. But you can perfectly use proton or mailbox or any other provider with Outlook as desktop app. Just note that Microsoft still will collect data in that case.

It all sounds like you have made up your mind already so I am not sure why you are asking. If it is to confirm whether your choice is valid, I can only say that’s a personal choice. Personally I wouldn’t settle for that but this is entirely up to you.



If you want desktop app, at least go thunderbird


@Bhaelros I was personally facing same dilemma 1,5 year ago. Went with Proton Plus plan for 12 months and am perfectly happy with it.

As of desktop mail client: am using web access and mobile app.

1 Like

I am using Proton for totally anonym use. I used BTC and giftcard to pay for it, used totally random account name. I am not sure if I should move my own domains to Proton. I am not sure if it is possible to create a link between my anonym accounts and my own mail domains if I put everything into a single account, or just a small possibility but if Proton support agrees, I can create a secondary account as Proton Family, downgrade my original Proton Unlimited account to Mail Plus and ask them to transfer extra credits from my account to the new family one. Maybe as a gift card to make it more private and to not create a link between two accounts.

I don’t have very high security threat, but just want normal privacy and security higher than personal accounts. For example, I don’t want to government officials to track me if I write something against their supreme ego.

I am not torrenting anything but using debrid sites to download stuff. VPNs are covering on that part.

There is also Skiff, but didn’t test it more than few mins.

1 Like

If those domains are registered to you, then yes, it is clear that those accounts are yours, as you’ll have to add various DNS records to your domains.

Then I can’t really see the need for anonymous purchasing of Proton. If you’re wanting to protect yourself from recipients/senders a aliasing service like SimpleLogin would be sufficient.

I honestly wouldn’t bother, that is just going to cost more and not really yield better privacy.

Unlikely, they don’t do this anyway unless you know/have something of particular interest and are on their radar because of that.