Doing this via the web app is more complicated, that’s why we are offering the desktop clients for free - so everyone can get them to import or export their data. It’s then auto-synced to web as well.
Just wanted to say thank you Tuta for posting this. I’ve been looking for a more privacy email service lately but haven’t found exactly what would fit me until you posted this. I have FastMail now which is an incredibly great service but lacks the encrypted at rest option. Proton mail is overkill for me and expensive. Mailbox.org seems to come close but lacks just a few features and ease of using their service. I’m currently using Thunderbird as my desktop client and always look for an IMAP option when selecting a service. I saw that you didn’t have that option but I didn’t notice that you had a desktop client. I’ll be setting up an account with you soon to try it out and want to thank you again for posting this.
Tuta doesn’t have an IMAP/SMTP option too, just saying.
But proton does it so why not?
(Not here to promote competitors just trying to tailor the needs)
Well as stated before, Proton does offer a lot but it’s overkill for me, meaning that some of the features I wouldn’t use and that doesn’t justify the price I would have to pay. The lower plan isn’t enough and the next tier up is too much stuff I wouldn’t use.
As for IMAP, yes that’s what I’ve always needed to continue using Thunderbird. But Tuta offers their desktop client which does what I need it to do across several platforms (Linux, Mac, Windows). I’ve also read the benefits of using their desktop client on Tuta’s web site and it makes perfect sense to me. Similar to Thunderbird but I would lose the ability to use my PGP keys and S/MIME certificate but it’s extremely rare for me to use those anyway since the vast majority of who I communicate with doesn’t really know or even care about end-to-end encryption. Tuta does offer a reasonable replacement which is basically a beefed up PGP that does more for privacy. I almost feel like a saleman for Tuta. Anyway, I still have to setup an account and test it further but so far it does seem to offer the right balance of features and privacy that I’m looking for at the right price.
We plan to build a small, self-hostable, open source serve in the future. Right now, the server is too large and too complex for self-hosting. Publishing it as open source for security also does not make sense because you would not be able to verify whether we use the open source server or something else, this is not possible with the serve-side, only with the client-side. That’s why all the encryption runs on the client (locally on your device), the entire client code is open source, and you can verify with the desktop client that the open source code is actually used on your machine. This is the safest it can get.