Tutanota down - Page 2

ioneja · 16 Aug 2020, 10:09 AM

Working okay for me, at least at this exact moment, not seeing the issue you're describing. I guess they're still having problems though.

In my case, I also don't think I lost any incoming email while the site was down, which is good news. None of my test messages bounced, they're all in the inbox. For whatever that's worth.

ioneja · 16 Aug 2020, 10:15 AM

And they just tweeted again, "Sorry for this inconvenience and thanks for your patience! Tutanota is available now."

Sure hoping they'll post something more comprehensive than that fairly soon... I think three tweets won't be enough.

evfrson · 16 Aug 2020, 03:20 PM

Agreed. This length of downtime is totally unacceptable. Unless they take drastic measures to ensure it can't happen again I am leaving at the end of the current subscription period.

I also expect a detailed account as to what happened not to be fobbed off with meaningless bs.

TenFour · 16 Aug 2020, 08:26 PM

Let us know what the explanation is. ProtonMail has also been hit by DDoS attacks, as have many other email providers. https://protonmail.com/blog/a-brief-...dos-incidents/. As was Fastmail: https://fastmail.blog/2015/11/11/ddo...ion-this-week/

evfrson · 16 Aug 2020, 08:48 PM

Quote:

Originally Posted by TenFour

Let us know what the explanation is. ProtonMail has also been hit by DDoS attacks, as have many other email providers. https://protonmail.com/blog/a-brief-...dos-incidents/. As was Fastmail: https://fastmail.blog/2015/11/11/ddo...ion-this-week/

Yes of course I will pass on what they say but so far nothing.
Looking at their tweet timings the whole DDOS episode lasted 10 hours so I guess they are busy atm gathering their thoughts.

Yes Runbox has had a few DDOS attacks too but I don't think any provider has endured a 10 hour attack.

ioneja · 17 Aug 2020, 12:16 AM

For me it boils down to the quality of their explanation and how they intend to mitigate future attacks. 10 hours was way too much, especially with poor communication, but as TenFour pointed out, pretty much all the services have been hit by these kinds of attacks. The difference is how they managed the post mortem and adjusted. In FastMail's case, for example, they handled it with tremendous transparency and detail, which I really appreciated. Long-time FastMail subscribers may remember Bron Gondwana's (now the CEO) really detailed accounts, which went a long way to building trust when there were problems. Tutanota needs to take a page out of FastMail's book for this situation and give their customers transparency and a good plan going forward. If this is brushed under the carpet, I'd agree completely with evfrson that it's not worth renewing a subscription.

As it is, I had been planning on pointing a few domains over to Tutanota since I had grown to like them during my testing phase with a little paid account, but for now that's on hold until I see what happens next. Crossing fingers they post a good update about the incident soon.

evfrson · 17 Aug 2020, 12:33 AM

I've been rethinking how I am going to do things messaging wise after this incident.
I've decided to use a combination of Fastmail, Signal and secure file sharing using Internxt.
I am going to ditch Tutanota.

TenFour · 17 Aug 2020, 12:56 AM

Having worked for awhile for a fairly large email service provider I can tell you that it is not always easy or quick to determine exactly what has happened in an outage. For example, the DDoS attack might take out a piece of Internet backbone that is not under your control and the company that manages that might not be very forthcoming about what is happening. Sometimes things just get messed up in such a way you never know exactly what was going on. I remember one time when emails were taking a really long time to be delivered, and we eventually learned that a large chunk of the Internet was being routed through some regional ISP in Russia, which was unable to handle the load. That seemed rather suspicious, and it fairly quickly went back to normal, but we never learned what made that happen. Here's an article on that type of incident: https://www.zdnet.com/article/russia...re-and-others/

ioneja · 17 Aug 2020, 12:57 AM

Quote:

Originally Posted by evfrson

I've been rethinking how I am going to do things messaging wise after this incident.
I've decided to use a combination of Fastmail, Signal and secure file sharing using Internxt.
I am going to ditch Tutanota.

Seems like a decent combination, and makes sense ditching Tutanota. I'm going to wait a little longer to see their official statement on this, but their latest tweet just now is not very encouraging... seems like business as usual marketing (nothing against that on a normal day), when they need to mop up and rebuild trust. Here's their latest tweet:

"We're committed to make a sad 2020 for the open web less sad: While Mozilla reduces its workforce by one third, we plan to increase ours by one third. If you are on the #MozillaLifeboat, contact us! With our passion for #privacy & #opensource we build a better & Google-free web💪"

Perfectly fine sentiment, but wrong message at this moment IMO.

evfrson · 17 Aug 2020, 01:01 AM

Quote:

Originally Posted by ioneja

Seems like a decent combination, and makes sense ditching Tutanota. I'm going to wait a little longer to see their official statement on this, but their latest tweet just now is not very encouraging... seems like business as usual marketing (nothing against that on a normal day), when they need to mop up and rebuild trust. Here's their latest tweet:

"We're committed to make a sad 2020 for the open web less sad: While Mozilla reduces its workforce by one third, we plan to increase ours by one third. If you are on the #MozillaLifeboat, contact us! With our passion for #privacy & #opensource we build a better & Google-free web💪"

Perfectly fine sentiment, but wrong message at this moment IMO.

When I saw that tweet that is when I made my decision.

evfrson · 17 Aug 2020, 01:08 AM

Quote:

Originally Posted by TenFour

Having worked for awhile for a fairly large email service provider I can tell you that it is not always easy or quick to determine exactly what has happened in an outage. For example, the DDoS attack might take out a piece of Internet backbone that is not under your control and the company that manages that might not be very forthcoming about what is happening. Sometimes things just get messed up in such a way you never know exactly what was going on. I remember one time when emails were taking a really long time to be delivered, and we eventually learned that a large chunk of the Internet was being routed through some regional ISP in Russia, which was unable to handle the load. That seemed rather suspicious, and it fairly quickly went back to normal, but we never learned what made that happen. Here's an article on that type of incident: https://www.zdnet.com/article/russia...re-and-others/

Yes thanks I will read that article.

The problem here with Tutanota is that they appear to be carrying on as if nothing really has happened.

They haven't said we will tell our customers what happened and what steps we will take to mitigate this type of incident in the future.

They haven't responded to some of the customers tweets who are naturally very concerned about what happened.

They haven't said they will be setting up a separated status page (which several users have been asking for) to inform customers what is happening with the service.

Not everyone is on Twitter and were totally unaware what was going on.

This is just not acceptable.

ioneja · 17 Aug 2020, 01:58 AM

Agreed. The problem is not that a DDoS attack happened (since that can and has happened to just about every serious provider at some point as has been rightly pointed out by TenFour), and it's also not whether or not Tutanota (or their providers or their network defense partner, which is BTW https://www.link11.com/en/ ), have really understood or determined the specific details of the attack yet, or even if they're ready to make an announcement. It's their lousy response so far. Three lousy tweets for 10 hours and then business as usual is not going to work for me either. There has been little to no engagement so far. If they had made a statement as simple as something like the following, my opinion would be different:

"Dear Tutanota customers, now that the dust has cleared on this major attack, we are still determining with our partner Link11 all the details of the attack, and we will be posting an update soon, including how we plan to more quickly mitigate such attacks in the future."

That would have helped a lot... but nothing like that has been posted.

And they should also say something like, "We apologize for the poor communication during the outage -- as a first step to better customer service, we plan to set up an external status page so that you can follow the developing situation. Stay tuned for more updates on this crucial matter, and thank you for your continued support and understanding!"

And then all that needs to be followed up with some strong actions.

Instead we have received, "Sorry for this inconvenience and thanks for your patience! Tutanota is available now" -- which is just not nearly enough by any standard... and then a rather uninspiring most recent tweet, "We're committed to make a sad 2020 for the open web less sad: While Mozilla reduces its workforce by one third, we plan to increase ours by one third. If you are on the #MozillaLifeboat, contact us! With our passion for #privacy & #opensource we build a better & Google-free webFlexed biceps"

So I get evfrson's position, which is very similar to my own, except I'm waiting another day or two to see an official after-action statement -- or at least a decent update and acknowledgement that they are working on it. If nothing is forthcoming soon, including no meaningful response to the many requests as evfrson has pointed out for a status page, etc., then I think that demonstrates that Tutanota is not nearly mature enough IMO, and at least for now, can't be trusted with extremely important secure email.

evfrson · 17 Aug 2020, 02:19 AM

Yes you are right on all points.
I also find it annoying when companies say 'Thank you for your patience' when it is obvious from Twitter that people were not patient they were very impatient.

TenFour · 17 Aug 2020, 06:31 AM

Some people have been reporting on Twitter that email is down again. Not sure if it is them or Tutanota.

evfrson · 17 Aug 2020, 06:40 AM

Quote:

Originally Posted by TenFour

Some people have been reporting on Twitter that email is down again. Not sure if it is them or Tutanota.

Yes I saw that some people haven't had access to their email for over 24 hours which is totally unacceptable and no meaningful response at all from Tutanota.

So glad I have left if that's the way they run their business.

16 Aug 2020, 10:09 AM	#16
ioneja Cornerstone of the Community Join Date: Jul 2011 Posts: 713	Working okay for me, at least at this exact moment, not seeing the issue you're describing. I guess they're still having problems though. In my case, I also don't think I lost any incoming email while the site was down, which is good news. None of my test messages bounced, they're all in the inbox. For whatever that's worth.

16 Aug 2020, 10:15 AM	#17
ioneja Cornerstone of the Community Join Date: Jul 2011 Posts: 713	And they just tweeted again, "Sorry for this inconvenience and thanks for your patience! Tutanota is available now." Sure hoping they'll post something more comprehensive than that fairly soon... I think three tweets won't be enough.

16 Aug 2020, 03:20 PM	#18
evfrson Senior Member Join Date: Oct 2015 Posts: 159	Agreed. This length of downtime is totally unacceptable. Unless they take drastic measures to ensure it can't happen again I am leaving at the end of the current subscription period. I also expect a detailed account as to what happened not to be fobbed off with meaningless bs.

16 Aug 2020, 08:26 PM	#19
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	Let us know what the explanation is. ProtonMail has also been hit by DDoS attacks, as have many other email providers. https://protonmail.com/blog/a-brief-...dos-incidents/. As was Fastmail: https://fastmail.blog/2015/11/11/ddo...ion-this-week/

17 Aug 2020, 12:16 AM	#21
ioneja Cornerstone of the Community Join Date: Jul 2011 Posts: 713	For me it boils down to the quality of their explanation and how they intend to mitigate future attacks. 10 hours was way too much, especially with poor communication, but as TenFour pointed out, pretty much all the services have been hit by these kinds of attacks. The difference is how they managed the post mortem and adjusted. In FastMail's case, for example, they handled it with tremendous transparency and detail, which I really appreciated. Long-time FastMail subscribers may remember Bron Gondwana's (now the CEO) really detailed accounts, which went a long way to building trust when there were problems. Tutanota needs to take a page out of FastMail's book for this situation and give their customers transparency and a good plan going forward. If this is brushed under the carpet, I'd agree completely with evfrson that it's not worth renewing a subscription. As it is, I had been planning on pointing a few domains over to Tutanota since I had grown to like them during my testing phase with a little paid account, but for now that's on hold until I see what happens next. Crossing fingers they post a good update about the incident soon.

17 Aug 2020, 12:33 AM	#22
evfrson Senior Member Join Date: Oct 2015 Posts: 159	I've been rethinking how I am going to do things messaging wise after this incident. I've decided to use a combination of Fastmail, Signal and secure file sharing using Internxt. I am going to ditch Tutanota.

17 Aug 2020, 12:56 AM	#23
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	Having worked for awhile for a fairly large email service provider I can tell you that it is not always easy or quick to determine exactly what has happened in an outage. For example, the DDoS attack might take out a piece of Internet backbone that is not under your control and the company that manages that might not be very forthcoming about what is happening. Sometimes things just get messed up in such a way you never know exactly what was going on. I remember one time when emails were taking a really long time to be delivered, and we eventually learned that a large chunk of the Internet was being routed through some regional ISP in Russia, which was unable to handle the load. That seemed rather suspicious, and it fairly quickly went back to normal, but we never learned what made that happen. Here's an article on that type of incident: https://www.zdnet.com/article/russia...re-and-others/

17 Aug 2020, 01:58 AM	#27
ioneja Cornerstone of the Community Join Date: Jul 2011 Posts: 713	Agreed. The problem is not that a DDoS attack happened (since that can and has happened to just about every serious provider at some point as has been rightly pointed out by TenFour), and it's also not whether or not Tutanota (or their providers or their network defense partner, which is BTW https://www.link11.com/en/ ), have really understood or determined the specific details of the attack yet, or even if they're ready to make an announcement. It's their lousy response so far. Three lousy tweets for 10 hours and then business as usual is not going to work for me either. There has been little to no engagement so far. If they had made a statement as simple as something like the following, my opinion would be different: "Dear Tutanota customers, now that the dust has cleared on this major attack, we are still determining with our partner Link11 all the details of the attack, and we will be posting an update soon, including how we plan to more quickly mitigate such attacks in the future." That would have helped a lot... but nothing like that has been posted. And they should also say something like, "We apologize for the poor communication during the outage -- as a first step to better customer service, we plan to set up an external status page so that you can follow the developing situation. Stay tuned for more updates on this crucial matter, and thank you for your continued support and understanding!" And then all that needs to be followed up with some strong actions. Instead we have received, "Sorry for this inconvenience and thanks for your patience! Tutanota is available now" -- which is just not nearly enough by any standard... and then a rather uninspiring most recent tweet, "We're committed to make a sad 2020 for the open web less sad: While Mozilla reduces its workforce by one third, we plan to increase ours by one third. If you are on the #MozillaLifeboat, contact us! With our passion for #privacy & #opensource we build a better & Google-free webFlexed biceps" So I get evfrson's position, which is very similar to my own, except I'm waiting another day or two to see an official after-action statement -- or at least a decent update and acknowledgement that they are working on it. If nothing is forthcoming soon, including no meaningful response to the many requests as evfrson has pointed out for a status page, etc., then I think that demonstrates that Tutanota is not nearly mature enough IMO, and at least for now, can't be trusted with extremely important secure email.

17 Aug 2020, 02:19 AM	#28
evfrson Senior Member Join Date: Oct 2015 Posts: 159	Yes you are right on all points. I also find it annoying when companies say 'Thank you for your patience' when it is obvious from Twitter that people were not patient they were very impatient.

17 Aug 2020, 06:31 AM	#29
TenFour Master of the @ Join Date: Feb 2017 Location: USA Posts: 1,722	Some people have been reporting on Twitter that email is down again. Not sure if it is them or Tutanota.