Update on the continuous DDoS attack on Tutanota.

Tutanota keeps being attacked - together we must fight for our right to privacy.

2020-09-14
This weekend continuous DDoS attacks and an infrastructure issue led to downtimes for hundreds of users. While we were able to mitigate most of the DDoS, an overreacting IP-block to fight the attacks led to hundreds of users not being able to access Tutanota for multiple hours this Sunday. We deeply apologize for this mistake; it has now been fixed. Here we want to quickly explain why we have to build the DDoS mitigation ourselves, how the progress is so far, and what you can expect as next steps. Thank you very much for supporting our fight against the attackers and for our right to privacy!
SIGN UP

Focus on privacy & security

Why we are building the anti-DDoS measures ourselves

Tutanota focuses on privacy and security. During the recent weeks of continuous DDoS attacks against Tutanota, many users have suggested that we use a different service to mitigate the DDoS attacks.

We are already collaborating with the German DDoS mitigation service, Link11, which is protecting Tutanota from low-level volume attacks by re-routing encrypted traffic through them.

For the DDoS mitigation service Link11 is providing, they do not need access to our SSL certificates. So far, we have succeeded in mitigating DDoS attacks without sharing our SSL certificates, and we plan to continue to do so in order to protect your privacy. This involves building protection measures against high-level attacks on the application ourselves.

That's one of the main challenges for a privacy-respecting service when fighting DDoS attacks.

Progress of our anti-DDoS measures

So far we have made huge improvements to the Tutanota infrastructure. We are now able to mitigate DDoS attacks much faster.

This weekend, however, we have made a mistake when improving the DDoS mitigation system. This mistake led to an overreaction of the anti-DDoS system, which then led to IP blocks of multiple normal users. As a consequence, hundreds of users were not able to access Tutanota last Sunday, even though Tutanota was online and accessible to most.

We deeply apologize to the affected users. We have now fixed the issue.

Status of anti-DDoS measures

In general, despite the setback on Sunday, our DDoS mitigation has improved a lot. We are now able to mitigate most attacks within short times.

While the DDoS attacks are a nuisance to us, we see that they only affect a very small portion of our millions of users. Nevertheless, we deeply apologize to the users affected, and we will keep fighting the attacks.

We are confident to be successful continuing on this path, and thank you for your continuous support.

We will also stay true to our credo to never give in to any attacker. And we will never pay any ransom.

Instead, we will invest all support in growing our team to make Tutanota even stronger in the future.

We are very glad to see that most users support our values and principles, and stick with us despite the attacks. We thank you so much as only your support enables us to follow the path we have chosen: Fight for your right to privacy - no matter what!

Development plans

We would also like to share some development updates with you:

While implementing DDoS mitigation measures, we have also improved speed. Please log in to your mailbox now, and enjoy how blazingly fast we've made Tutanota!

Currently, we are still working on improving our DDoS mitigation system. In parallel, two developers are continuing to work on future-proofing Tutanota by implementing quantum-secure algorithms in Tutanota. With this project, we are close to finishing a first prototype, which we will present soon.

For this week, we have also planned to kick-off our development project for offline support. This is a complex project and will take some time to implement. However, you will be glad to know that offline support now has highest priority.

If you have further questions about the recent DDoS attacks and how this might affect you, please check this post.

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The Russian Hacker Group Sandworm is Back: New Kapeka Malware Secretly Infecting Systems Since 2022
Google Search Is A Problem: How Google Is Crushing Tuta.
20 years ago Gmail revolutionized email. It’s time for a new revolution!
If You Want Privacy, the US Congress Is Saying You Are A Criminal
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate