This might come out as a bit of a rant, but I just wanted to post it here anyway since it’s the only social media I use.
Recently, I’ve been making some steps to improve my privacy. GrapheneOS, Linux on my PC, open source software, moving away from Google stuff. So, next logical step was for me to switch away from Gmail. I went with Tutanota, since they’re based in EU, their mobile app is on F-Droid and doesn’t require Google Play Services. So I made an account, switched a bunch of my private account e-mails from Gmail to Tuta, and was basically done. Two days later, I wake up to a “invalid credentials” message. I checked the option to remember my password on my PC, so I thought it was weird. I checked my phone, and it turns out I was logged out of the app too. I tried changing my password with recovery code, thinking something went wrong (though unlikely since I used a password manager), but I got an error on that one too. So I contacted Tutanota, almost a week ago. No response.
I tried looking on various sites to check if people had a similar issue. I found a few reports on Reddit. The moderator of Tuta says to contact the e-mail address that I sent a message to already, but people complained that they haven’t gotten a response either. I found out that similar reports were happening for a while now, accounts being flagged for seemingly no reason. I found one post from October, 2024, from a frustrated user. He said he was in the same situation, and when he finally got the reply, Tutanota said they can’t do anything. When I found that post, I was really disheartened. I’ve already went back on a bunch of accounts to @gmail.com account, for safety, but there is still a few that I’m not even able to access because they use e-mail 2fa. Some of them being accounts for various government public services.
So this one gave me a pause on my privacy journey. I never encountered problems like this one before. A service blocking my account without any message or warning. No contact from support. Being locked out of my accounts. I’ve lost a lot of enthusiasm to replace a few proprietary services that I have left.
I think it’s safe to say you went too fast (id always start with email forwarding and slowly moving services over in ascending order of importance, and make sure you avoid email 2fa if at all possible), but that does suck.
Tuta is definitely the least reputable of the privacy email services, I still don’t know why they get recommended. I’ve made and lost several accounts with them and treat them like a burner.
Protons a bit risky to me because they’re very aggressive about immediately locking you out if you don’t pay right away (in this case a trial expired, they charged me with no credit card on the account and threatened to block me from accessing my account if I didn’t pay up even though I immediately contacted them and tried to cancel as soon as I saw the trial expired). To me that level of inflexibility is, while maybe acceptable in Europe, not for me. I keep a few email addresses and as soon as the above happened immediately moved everything out of proton.
But really what I’d recommend is the more traditional services that you pay a small amount for. Posteo has been good for me for several years. I’ve read similar things about similar services which aren’t marketed as “privacy” services but instead they just aren’t Google.