13th December 2018

IMAP/POP3 Cock.li down

All web, mail, and XMPP services are down due to an ongoing legal search order. Services will remain offline until the activities have finished. Thanks to full disk encryption on every server, no user data is at risk.

All Cockbox host servers are operational.


UPDATE 23:41 Cock.li is back online temporarily, but will likely be taken back offline in the morning so the mirroring efforts can continue. The authorities have been informed that all of the data is encrypted, but this information can take time to travel up the chain and translate into a decision to stop the mirroring, so whether it will continue is at this point unknown.


UPDATE 2018-12-14 16:36 The server is back offline so the mirroring can complete. This time it should not be down nearly as long, I think.


UPDATE 2018-12-15 00:00 The server is offline, I think the people at the datacenter went to sleep. Be back soon :(


UPDATE 15:54 Cock.li is back online. Thanks for playing!


UPDATE 2018-12-20

Some time during the week of 9 December, Cock.li's datacenter received an EIO from the Romanian government, at the behest of the German government. The order demanded a mirror image of Cock.li's disks, which was executed by the datacenter.

Datacenter staff performed this by unplugging one disk at a time to do the mirror, with the intention of preventing downtime. However, due to Cock.li's security setup, this cannot be done without operator intervention to restart the build process. When the array was broken, the server crashed, which at first appeared as if a disk had just failed in an irrecoverable way. After trying to diagnose the missing disk, a replacement disk was arranged to be installed so the rebuild could complete.

Once Cock.li learned that the disk was not broken but was removed due to a search order, all relevant systems were powered off so the activities could continue without data integrity or security concerns. When datacenter staff went home for the night, the server was powered back online and services restored. During this time the datacenter was instructed that due to the security setup, it would be necessary to power down the server before removing any disks.

The server was shut down to complete the mirroring, but was left offline overnight which caused the second downtime of almost 24 hours.

Due to cock.li's security setup which includes full-disk encryption on every server, no user data was at risk at any time. Only encrypted data was recovered.

Cock.li has not seen the order in question, nor have we been able to identify the agency who issued the order. It seems unlikely at these point that we will ever see the order, or get in contact with the agency responsible. Cock.li's warrant canary has been updated off-schedule to affirm that no communication with any law enforcement agency has taken place regarding this issue. If that changes, this page will be updated with that information.