Focus on privacy & security
Why we are building the anti-DDoS measures ourselves
Tutanota focuses on privacy and security. During the recent weeks of continuous DDoS attacks against Tutanota, many users have suggested that we use a different service to mitigate the DDoS attacks.
We are already collaborating with the German DDoS mitigation service, Link11, which is protecting Tutanota from low-level volume attacks by re-routing encrypted traffic through them.
For the DDoS mitigation service Link11 is providing, they do not need access to our SSL certificates. So far, we have succeeded in mitigating DDoS attacks without sharing our SSL certificates, and we plan to continue to do so in order to protect your privacy. This involves building protection measures against high-level attacks on the application ourselves.
That's one of the main challenges for a privacy-respecting service when fighting DDoS attacks.
Progress of our anti-DDoS measures
So far we have made huge improvements to the Tutanota infrastructure. We are now able to mitigate DDoS attacks much faster.
This weekend, however, we have made a mistake when improving the DDoS mitigation system. This mistake led to an overreaction of the anti-DDoS system, which then led to IP blocks of multiple normal users. As a consequence, hundreds of users were not able to access Tutanota last Sunday, even though Tutanota was online and accessible to most.
We deeply apologize to the affected users. We have now fixed the issue.
Status of anti-DDoS measures
In general, despite the setback on Sunday, our DDoS mitigation has improved a lot. We are now able to mitigate most attacks within short times.
While the DDoS attacks are a nuisance to us, we see that they only affect a very small portion of our millions of users. Nevertheless, we deeply apologize to the users affected, and we will keep fighting the attacks.
We are confident to be successful continuing on this path, and thank you for your continuous support.
We will also stay true to our credo to never give in to any attacker. And we will never pay any ransom.
Instead, we will invest all support in growing our team to make Tutanota even stronger in the future.
We are very glad to see that most users support our values and principles, and stick with us despite the attacks. We thank you so much as only your support enables us to follow the path we have chosen: Fight for your right to privacy - no matter what!
We would also like to share some development updates with you:
While implementing DDoS mitigation measures, we have also improved speed. Please log in to your mailbox now, and enjoy how blazingly fast we've made Tutanota!
Currently, we are still working on improving our DDoS mitigation system. In parallel, two developers are continuing to work on future-proofing Tutanota by implementing quantum-secure algorithms in Tutanota. With this project, we are close to finishing a first prototype, which we will present soon.
For this week, we have also planned to kick-off our development project for offline support. This is a complex project and will take some time to implement. However, you will be glad to know that offline support now has highest priority.
If you have further questions about the recent DDoS attacks and how this might affect you, please check this post.