| Tutanota team here, we saw this post and need to share our view as well: We apologized on Reddit that this post was perceived as an attack on ProtonMail. This was not our intention, but we do see now that the original blog post could be read as such and we are sorry about this. The real aim of the post was to stress the fact that Swiss Privacy is as good as German Privacy, but the way it was written did not make this clear. That's why we have updated our blog post as follows: 1. We have removed the mention of ProtonMail in the original post. 2. We have included a conclusion that Swiss Privacy laws are good, and very similar to German privacy laws. We hope that this settles the issue; in the end Proton and us are in the same fight against Big Tech as well as state surveillance and must work together to achieve more privacy for everyone! --- *Why this post on Swiss Privacy?* We'd also like to explain why we published the post on Swiss Privacy in the first place. Some Swiss companies like to stress that their level of privacy is better than the competition because they are *based in Switzerland*. However, ProtonMail even claims that Tuta Mail is less private stating "Tutanota is based in Germany, which is one of the Fourteen Eyes intelligence-sharing countries" (quoted from the Proton website) or even suggesting that Tuta email could be accessible to the NSA (which is wrong): "Tutanota emails are protected by the German Federal Data Protection Act, which prohibits the use of personal data without permission absent a court order. However, Tutanota is based in Germany, which is a member of the SIGINT Seniors of Europe (SSEUR) intelligence-sharing alliance which intelligence agencies such as the NSA." (quoted from the Proton website) Proton continues this story after the publication of our blog post on their [subreddit](https://www.reddit.com/r/ProtonMail/comments/18ninzh/is_this...) and on their blog: Proton makes it look like we are spreading fake news and blaming us of unfair competition. What is more Proton wrongly [claims that there is a vulnerability in our encryption](https://www.reddit.com/r/tutanota/comments/18nob4c/i_sincere...). *But our original post is about Swiss Privacy, so let's look at these facts.* > On their blog Proton says "Claims such as 'Switzerland also has warrantless surveillance'" making it look like we've made this claim. Please read the Tuta blog post carefully: *We never made that claim.* All we said was that Swiss Privacy is no better - or as good as - for instance German Privacy because Switzerland - just like any country shares data with other countries. *Yes, a Swiss warrant is needed for Proton to hand out any data to foreign authorities, but the same is true for Germany where a German warrant is required.* > Proton also says that "Tuta makes the completely unsubstantiated claim that “if you are connecting to a Swiss-based service like Proton from outside of Switzerland your data is being actively collected and shared with other intelligence agencies around the world”. Not only is this completely speculative, but there is also no basis to claim that this is an issue specific to Switzerland." *Correct, this is not specific to Switzerland and that was exactly the point that we were making. In addition, we do back up the claim with evidence and cite our sources:* 1. In reference to the assertion that Switzerland regularly works with the US and UK intelligence agencies we cite [Reuters](https://www.reuters.com/article/us-usa-switzerland-datatheft...). 2. In our mention of cross-border traffic collection, we cite an article published in [Die Weltwoche](https://weltwoche.ch/story/was-sagen-sie-jetzt/).
We are directly referring to the following paragraph: > "According to the specifications, the sole purpose of the Onyx system is to intercept conncections abroad, from abroad to Switzerland or from Switzerland to abroad, to identify only telecommunications subscribers abroad and to intercept and process only data originating from abroad. However, residents of Switzerland are usually also involved in these calls. If this "mass surveillance of communications" (GPDel) generates information about Swiss citizens as a "by-product", the military electronic warfare unit (EKF) may also "process" such data and forward it in this form to the "relevant clients", i.e. primarily the former ficheurs and "state protectors", the federal police officers in the Service for Analysis and Prevention (DAP)." (This is a translation by DeepL of the archived version of the article available [here](https://web.archive.org/web/20070929083222/http://www.weltwo...)) *The origin of this is not Tuta, but comes from a Swiss-based news agency writing in relation to a Swiss surveillance program (Onyx).* ### Fair competition While at the beginning of the post Proton speaks about fair competition and honesty, they end their blog post with > "In the final analysis, it seems the only reason non-Swiss companies are attacking Swiss privacy is because Swiss privacy is actually better."
repeating the untrue statement that Swiss Privacy would be better. *A true and fair conclusion would have been: Swiss privacy laws are good and are very similar to the GDPR laws in place in Germany. However, these laws do not
protect you from national surveillance programs. Instead, end-to-end encryption is the best tool to protect your data.* We hope that these clarifications put an end to this discussion. We will also review future communication more thoroughly and make sure that we can continue the fair competition that we've had with Proton in the past. Having multiple encrypted email providers is a win for the entire privacy community. |
That doesn't mean that they're (plural, because Threema is also milking its Switzerland-based operation for all it's worth) worse than non-Swiss providers but if that's your main selling point, it's not really a selling point at all.