You could self host your email

Email is never private, even with encrypted email, headers give away metadata. HOWEVER, Tuta & Proton are not scanning your emails to market shit to you and train AI. That's the main advantage.

Mail transport these days is usually encrypted over the wire, but once it lands at the receiving server (i.e. gmail) it is stored in the clear, or at least in a way that the host can read it.

I have private email for two reasons: using my own domain, and to promote it in general. Sure, everyone else is on Google/MS right now, but as they continue to enshittify things, maybe more people will want to move away from that. And the more people do that now, the faster/easier it will be for others.

GPG and mailbox.org or anothet "just" email service

I wouldn't say you have gained nothing. The amount of data provided to google or microsoft when using their email is significantly more. For example, your app or client is checking email all of the time, giving them telemetry on your location and activity, all your devices, 24/7. Google logs and analyzes all of your interactions with Gmail's web pages, how long you have certain emails open for, what you don't bother to open, what you tag as important, etc.

Much of the one-way email you sign up for from companies and organizations come from smaller outfits like sendgrid or their own infrastructure, so you are cutting google out of information about your associations and interests.

Also, in regards to that 90%, you can either be part of the problem for all your contacts, or part of the solution. The network effect is huge.

Proton does offer what is essentially a self-contained PGP portal. You send anyone an email and they get a "hey, this is me, open the message below" thing and then a link to a message that's hosted on Proton servers. So your Granny doesn't need to set up a public/private key pair, you can just send the encrypted portal option.

No idea of Tuta or others do this.

Plus, no matter who you chose, you personally aren't feeding the Google algo. You can do what I do, which is you leave all the hyper data hungry services in the data eating world, just feeding on each other alone. Then you have real conversations over email or fediverse.

IMAP + GPG

Note that ProtonMail actually supports automatic encryption to email accounts that publish their public keys in a Web Key Directory, which I’ve set up for mine. When you type such an email address in the To field, it’ll turn into a special color with a lock symbol.

Likewise, ProtonMail also exposed a WKD so people can send encrypted emails to ProtonMail accounts. I don’t know of any mail clients that support this though (I used the command line to pull keys)

I use Tuta mail and protonmail.

There is no "unencrypted" transfer between sender and receiver if you both use tuta or proton.

If you send an email to me from a Gmail account, it is unencrypted until it reaches the Tuta servers and the Proton severs, once there it is encrypted and remains so until I login to my account to access the email.

TUTA MAIL:

The entire mailbox – emails, calendar and address book – are stored end-to-end encrypted in Tuta.

Data that Tuta encrypts end-to-end:

Emails, including subject lines and all attachments

Entire calendars, even metadata such as event notifications

Entire address book, not just parts of the contacts

Inbox rules / filters

And the entire search index.

Tuta uses symmetric (AES 256) and asymmetric encryption (RSA 2048 or ECC (x25519) and Kyber-1024 as quantum-safe algorithms) to encrypt emails end-to-end. When both parties use Tuta, all emails are automatically end-to-end encrypted (asymmetric encryption).

PROTONMAIL:

Emails from non-Proton Mail users to Proton Mail users

The email is encrypted in transit using TLS. It is then unencrypted and re-encrypted (by us) for storage on our servers using zero-access encryption. Once zero-access encryption has been applied, no-one except you can access emails stored on our servers (including us). It is not end-to-end encrypted, however, and might be accessible to the sender’s email service.

All messages in your Proton Mail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-Proton Mail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well. Password-protected Emails are also stored end-to-end encrypted.

Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.

Well, the way I see it is it's like taking candy from someone who says "I put razorblades in this candy" versus somebody who says "I did not put razors in this candy." Sure, maybe the latter is lying but are you going to pick the former? There's really no viable way to run your own email server with actual delivery anymore, and it's clearnet in transit anyway, so I don't really see the downside in "trusting" Proton or another provider enough to pick that over Google. To get any benefit, you would need to move things over though. If you're unwilling to do that work, the reality is you're just on Google and Microsoft and training their AIsand it is what it is. If you think about it, though, even if you move half of your logins to Proton or Tuta or whatever instead of Google, you are depriving them of half of what they know about you going forward.

I think Proton mail is worth it just to diversify off Google but I don't lend much faith in how effective privacy will be with email. The free service is enough for that. If I wanted more faith in encrypted communications, encrypted chat applications. I sub to proton for drive and VPN. ProtonPass has all the email aliases for throwaway websites

Tuta lets you encrypt a message for the sender only, with a passphrase.
They'll have to follow a link but still...

Makes me feel like I'm doing the best I reasonably can, even if it's of limited effect. Also, built-in aliasing service.

I pay the amount of maybe 10 $ a year for having my own domain hosted at a mail-hotel, and that means I control my own e-mail. I think it's worth it. There more who switch, the better.

There is an advantage of using a provider that suports MTA STS. This is Strict Transport Security and forces at least transport encryption.

There is an advantage to use a provider you pay for too and at least claims not to read your email.

It is also nice if they can host your domain and have good delivery.

Edit: I meant MTA STS not SMTP STS.

the thing with proton is you don't really know that they're private and they pretty much always collaborate with the police and their android vpn app collects some data that it doesn't need to. I would suggest you:

1. don't use email, that's the ideal solution
2. use a provider like cock.li and send messages encrypted with pgp. this isn't ideal, pgp leaks a lot of data and cock.li gets sinkholed by most email providers.
3. use proton and encrypt emails with pgp, you have not much privacy but it's less worse than microsoft and not much convenience loss, except that proton doesn't allow email clients(at least if you don't pay), I don't know about ms).

Assuming that you trust what Proton says, when they receive a (possibly unencrypted) message they re-encrypt it with your key as soon as possible and they don’t log the content. So, after that point, they (or anyone else) can’t read the email contents. If it was also encrypted in transit, then there’s only a small window inside their email processing system where the plaintext was passed from one encryption to the other. It’s only decrypted again in your browser or proton mail app with the key that only you have. It’s not bulletproof, but it’s better than most providers.