Report on April Availability Issues for Android/Desktop Users

We blocked IP addresses of some of our users by accident and would like to apologize for this.

2024-04-11
A side-by-side comparison of Tuta Mail on a smartphone, laptop, and tablet.
In April, Tuta Mail was not available for some users for multiple hours. We are deeply sorry about this issue and would like to explain the technical details behind this issue. All paying customers who were unable to access Tuta Mail between 1st and 6th of April will receive compensation.
SIGN UP

Library update cause of connection issues

After careful investigation we have now mitigated the issue and can report the root cause.

At Tuta Mail we are dedicated to develop the most secure mail system of all times. One important part of our mission is to keep our implementations and used libraries up to date. Between end of March and beginning of April, we updated core libraries of our webserver. In this process a bug was included that led to downtimes for some users due to the fact that their IP addresses got blocked by our system.

We have a large automated set of unit and integration tests to make sure that no regression occurs. We also invest a substantial amount of time into manual testing before we deploy new software to our production systems. However, in this case these measures were not enough to prevent the issue.

So during the first days of April, a couple hundred users of our Android app and desktop client were blocked from accessing the Tuta servers accidentally. To the user, this looked like Tuta Mail was offline for hours. While most affected users were still able to login to their encrypted mailboxes via a different connection like mobile data or a VPN, not all users were aware of this work-around.

What happens next

At Tuta we are committed to fighting for the right to privacy and our core principles guide this mission. We work hard to bring privacy to the masses, and when faced with technical issues, such as those experienced in the last weeks, our emergency response team instantly tackle them head-on.

Commitment to security and availability

When choosing any platform for secure communication it is crucial that the service is available at all times. We have now put into place additional measures that enable us to detect and prevent similar issues in the future. We are fully committed to keeping Tuta's encrypted email service online and available to all users around the world. The threats to privacy don't sleep, so neither do we.

Full transparency

At Tuta, we are committed to full transparency and open source software. By releasing our code publicly, we are making Tuta and its entire encryption protocol visible to the eyes of our users as well as to security experts. You can inspect our client code entirely to make sure that we are protecting your data the way we claim to. The transparency of our open source code is strengthened by our company's choice to communicate as transparently as possible with our users. Every six months we release a detailed transparency report. We also maintain a warrant canary so that you can trust that your data is safe with Tuta.

What is most important is that we are transparent even when making mistakes. We are committed to taking responsibility for our actions and for the performance of our encrypted email platform. The last weeks have been turbulent, but we are working harder than ever to ensure availability for all of our users. We take this responsibility seriously, and for that reason we will be compensating all affected users who are on a paid plan.

Compensating affected users

We are deeply sorry for the inconvenience experienced by affected users. It is not acceptable that Tuta Mail appeared to be offline to hundreds of users.

Unfortunately this bug was not noticeable immediately. We were only able to understand what was causing the availability issue for affected users after a user had created multiple connections to the server. The bug was also hard to trace down because we couldn't reproduce it initially.

The bug has been fixed since April 6th. To prevent a similar issue in the future, we added additional tests and monitoring to our system.

All affected users who are on a paid subscription will get a compensation as well as an email informing them about the compensation. The compensation to affected users will be granted automatically. Every affected customer will receive a separate notice about this within the next couple of hours.

Thank you for supporting our fight for privacy!

SIGN UP
Author
Black and white picture of Matthias thinking and looking to the right side.
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Threat Modeling In 2024: Your Guide For Better Security
10 Best Private Email Services in 2024
Google Pays 1150 Times More for Its Search Monopoly Than for Lobbying in the EU & US
Why Use A Password Manager - And Our Top 3!
Anonymous email: Create an email address without a phone number.
The Illusion Of "Swiss Privacy" Being The Best
10 best free email accounts in 2024
Latest posts
The American Privacy Rights Act stands to be America's GDPR
Google Search Is A Problem: How Google Is Crushing Tuta.
The XZ Backdoor on Linux and the importance of Open Source Software
Apple is finally giving you the choice: Take it and install a private browser right now!
Terminate subscription
Company
Community
Team
Jobs
Terms
Privacy
Legal notice
Development
Changelog
Roadmap
Security
Encryption
Open Source
GitHub
Features
Secure Email
Encrypted Calendar
Business
Support
Forum
Press
Support
Language
English
Translate