Runbox Blog

On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) takes effect in all countries in the European Economic Area (EEA).

Norway, where Runbox is located, is part of the EEA and is implementing these regulations through its own legislation.

We welcome these new regulations as they greatly strengthen the rights of the individual to digital privacy and security, which we always have promoted and supported.

What is the GDPR?

The GDPR is a set of regulations declaring that the individual should have control over their personal data by specifying how such data may be collected, processed, and stored.

The regulations require that businesses and organizations integrate this right into their business practices through policies, procedures, and technologies that safeguard the users’ privacy.

Important principles are that personal data are processed lawfully, for legitimate purposes, and with explicit consent from the user. This means that your personal data can only be collected with your permission.

The regulation also sets forth a number of rights on the part of users of digital services:

• The right to transparency about how data is processed.
• The right to access and information about collected data.
• The right to rectify stored data.
• The right to erase data (“right to be forgotten”).
• The right to restriction of processing.
• The right to data portability.

GDPR also recognizes the term “privacy by design”, which means that privacy shall be considered in all circumstances when personal data is processed or stored. By also introducing “privacy by default”, GDPR states that appropriate measures must be implemented to ensure that personal data collected is only used for the specific purpose for which the consent is given.

How does Runbox implement the GDPR?

At Runbox we believe that the privacy and security of your data is essential, and that it’s important for you to be aware of your rights and your options when it comes to your personal data.

Runbox has therefore been working on the implementation of the GDPR throughout our organization and our services over the past three years.

The activities that implement the GDPR in Runbox can be divided into 3 main areas:

• Internal policies and procedures
• Partners and contractors
• Protection of users’ rights

The first two areas include documentation of information security management and internal policies and procedures, as well as data processing and confidentiality agreements with our partners, contractors, and staff.

The third area relates directly to you as a Runbox user, and includes the terms and policies that govern your use of our services, how we aim to inform and educate our users about privacy, and how we are implementing tools and utilities that safeguard your privacy rights.

Runbox’ main areas of GDPR implementation

Revised Terms of Service and Privacy Policy

As part of our GDPR implementation the Runbox Terms of Service and Privacy Policy have been revised:

• New Terms of Service effective 25.05.2018
• New Privacy Policy effective 25.05.2018

While the Terms of Service has only been updated with minor changes, the Privacy Policy has been restructured and amended. It provides a comprehensive overview of the policies that govern your privacy as a Runbox user, and describes in an accessible way the types of data Runbox collects in order to responsibly and reliably operate an email service.

It also lays out how user data are processed and stored, how they are being protected, and what rights you have as a user of our services.

It’s important to us that you are informed about your rights and your options with regards to your privacy. We ask that you review the revised terms and policies by May 25, 2018 when they take effect, and invite you to contact us with any questions or concerns.

Runbox has been focusing on privacy and information security from day one, and have paid attention to the strict Norwegian legislation concerning the processing of personal data ever since.

Norway is a member of European Economic Area (EEA) and as such has to implement certain EU regulations, even if Norway is not a member of the European Union (EU). When the European Parliament and the Council decided new legislation for the protection of personal data, that legislation also applied in Norway and has to be implemented by May 25, 2018.

The legislation, titled General Data Protection Regulation (GDPR), contains rules for how personal data should be processed. Using the terms of GDPR, this includes how, when, and under which conditions, personal data

• can be collected, processed and stored, which demands explicit consent, and explicit stated purpose;
• shall be rectified;
• shall be deleted (right to be forgotten);
• shall be released to the person that owns the data (right to portability);
• could be transferred to third parties for processing, where a Data Processing Agreement (DPA) is mandatory;
• could be transferred to processors outside EEA.

At Runbox we have followed the development of this new EU legislation from the very beginning, and as early as 2014 we initiated a project in order to become GDPR compliant.

As a first step we started developing a planning document which includes detailed plans for making our information security management complete and consistent. The document laid out a number of activities which are now outlined in 15 sub-projects, of which some are completed, and others are in process of being completed.

However, information security is a continuous effort and the sub-projects will give rise to additional activities far beyond the GDPR framework.

We will keep you updated.

#DeleteFacebook

We have carefully implemented these policies in order to protect our users’ privacy as outlined in our Privacy Commitment, and we are currently working hard to obtain compliancy with the forthcoming General Data Protection Regulation introduced by the EU.

This also means that we are conscious about how Runbox interacts with other Internet services such as social media networks. Therefore we have been disappointed by the recent revelations about the privacy intrusions and unethical practices by Facebook.

As a consequence we have decided to remove the Runbox page from the Facebook platform.

Due to necessary reorganization of our email server infrastructure, all Runbox email services will be inaccessible on Sunday 01.04.2018 between approximately 10:00 CEST (08:00 GMT, 4:00 AM EDT) to 14:00 CEST (12 GMT, 8 AM EDT).

The reorganization involves consolidating our servers to simplify management and maintenance, and modernizes and improves server power management.

Any updates during the downtime will be posted on https://status.runbox.com.

We apologize for any inconvenience caused.

The response to the Runbox 7 Webmail closed beta test has been overwhelming, and to ensure sufficient capacity and performance we are giving access to beta testers gradually over the next few weeks.

We still have some open spots, so if you would like to participate send an email as soon as possible to support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”.

We are excited to announce the closed beta test phase of Runbox 7 Webmail!

This release is not merely an upgrade to our existing services, it’s a bold step into a new world of Webmail apps that will provide unprecedented speed and usability.

Runbox 7 aims to be the fastest webmail on the planet with:

Screenshot sample of Runbox 7 Webmail

• Instant folder views and search results.
• Endless, smooth scrolling of folder contents.
• Drag & drop message selection and moving to folders.
• Incremental, instant search functionality.

The new webmail will be the cornerstone of Runbox 7, and is the first of several development stages that will culminate in a completely new user interface.

Please read on for details about Runbox 7 Webmail and how you can participate in the closed beta test.

Superior speed

Runbox 7 started with a crazy idea:

How can we create a webmail that’s not just faster, but responds instantly?

The solution we developed is a combination of database accelerated email storage, innovative message indexing, and cutting-edge web technology.

When you log into Runbox 7 Webmail, you enter a modern webmail environment built with Angular 5 and Material Design. Your email folders and messages will be shown instantly, giving you an immediate overview of your email.

The spacious layout, clean lines, and powerful engine lets you efficiently navigate the new features and get down to the business of effectively managing your email.

Incremental search

Incremental search

One of the core features of Runbox 7 Webmail is its search capabilities. We have built the search functionality in such a way that the browser doesn’t need to query the server at all.

Not only that, but this webmail will show you search results incrementally while you are typing in the Search field.

You have better things to do than waiting for search results, so we put a lot of effort into making the search function as fast as possible — and this is as fast as it’s possible to get.

Lots of cool functionality

Infinite listing: No more clicking back and forth to navigate your Inbox — just scroll down and the next messages will load automatically.

Threaded view: Want to see your messages in conversation view? Just tick the Threaded checkbox to the top right.

Unread messages: Only interested in the latest news? Tick the Unread checkbox.

Multi-select messages: Want to select many messages in a hurry? Just click the check box  of a message, and drag up or down while holding the mouse button down to select several messages in a row.

Runbox 7 preview pane

Preview pane: Who has time to actually open a message? Just select one in the list and a preview will be shown in the bottom half of the message list pane. To see more, click the ^ arrow in the preview menu.

Hide folders: Want more space for your messages? Just click the icon to the left of the Search area to hide the folder pane.

Draft Desk

Runbox 7 Draft Desk

Another key feature of Runbox 7 Webmail is the Draft Desk — a completely new way of  managing drafts.

In our world of non-stop online communication, we often find ourselves multitasking and working on several threads in parallel. With our new Draft Desk you get a full overview of the messages you are currently working on, previewed side by side in an efficient interface.

Simply click on a draft preview to expand it, write down your thoughts, and send, save, or close the message to return to it later.

Mobile ready

We believe that you shouldn’t have to switch between different apps or user interfaces just because you switch between a laptop, a tablet, or a smart phone.

Therefore we built Runbox 7 Webmail to be mobile-ready and responsive from the ground up. This means that it will automatically adapt to your device’s screen size and orientation while retaining the basic functionality you are used to from a regular browser.

Join the closed beta test

To join the closed beta test of Runbox 7 Webmail, contact support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”. If you are selected to participate, we will then be in touch with further details.

It’s been a few months now since we launched the new authentication service that made Runbox Two-Factor Authentication possible.

Watching over your account

Behind the scenes the authentication service has been working to protect your account from unauthorised access. One of the ways it does this is by analysing the pattern of successful and failed logins for your account.

Using a set of rules it determines if a particular IP address should be allowed to access the service or whether it should be blocked from further attempts. It also determines which IP addresses should be treated with less caution as they are your legitimate IP address.

Obviously we can’t say too much about the rules used as this could compromise the effectiveness of this system, and we are always improving the rule set to take in to account new scenarios that we encounter

Giving you more information

The design of the authentication service allows us to share with you the IPs that try to access your account, and whether that access was successful or not. This can help you in troubleshooting problems you may encounter when setting up devices with your Runbox account, but it can also alert you to attempts at unauthorised access.

You can find this information on the “Access Control” tab at Account > Account Security.

Blocked IP addresses

We have also implemented new features on the “Access Control” page that show you the IPs that are blocked for your account. You can then decide if they should be permanently blocked or removed from the blocked list.

Giving you more control

In addition you can now also block IPs yourself or add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied. This is done via the “Manage IPs” section.

A list of IP addresses you have allowed and denied yourself is visible at the bottom of the page in the Access Control List, and from there you can mange this IP addresses.

It’s also possible for Main account holders to set up rules for the Sub-account accounts they have control of.

We hope you find these new features useful, and if you need any help with them please see our help page about Access Control.

Runbox recently launched Two-Factor Authentication (2FA). 2FA is a log in procedure where an additional piece of information is required in addition to your username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Runbox Two-Factor Authentication

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.
 

Runbox is the only 2FA-enabled email provider in Norway

Runbox is located in Norway, which has some of the strongest privacy regulations in the world.

By choosing Runbox as your email provider, your data will be protected by these regulations while ensuring your email is secure from unauthorized access.

Read on to find out how Runbox 2FA works and which options are available.

Timed One-Time Passwords (TOTP)

2FA Timed One-Time Passwords

To use this option you will need a smartphone and some free software.

Timed one-time passwords works by giving you a login code which changes over time, in addition to your password.

To get started, download a TOTP app such as Authy, FreeOTP or Google Authenticator onto your mobile phone and follow their instructions.

Note: It is essential that your smartphone has the correct date/time set as this is used by the TOTP app to generate the correct codes that allow you to log in.

One-Time Passwords (OTP)

2FA One-Time Passwords

When you enable this option, the system will generate random passwords that you can use only once. Used passwords are discarded automatically and cannot be used again.

You can download the the list of passwords to a computer or mobile device, or you can print them out if necessary. However, you must keep the list secure as these passwords can be used to access your account along with your usual username and account password.

Trusted browsers

2FA Trusted Browsers

This option allows the server to trust your current web browser so that you don’t have to use a 2FA code. The option places a small piece of code in your browser (a cookie) that tells the server not to require the 2FA details and you can just log in with username and password.

You should only use this method of bypassing 2FA on a computer or device that you are confident nobody else can log in to. You can temporarily turn on/off individual browsers from the trusted list, or you can delete the browser entry entirely which will force that browser to require the 2FA details.

Unlock code

2FA Unlock Code

If for some reason you are unable to log in with 2FA after it has been enabled, this code can be used to disable 2FA.

The code can be used in conjunction with a secure question/answer for additional security.

You can now train your Runbox spam filter using IMAP. Simply use your email program/app to move messages to your Spam folder to report them as spam, and move them from Spam to any other folder to report them as not spam.

IMAP training works for both the Dspam and the Cloudmark filters, the latter of which is in an open beta test. To join the beta test, just go to Manager > Filter and turn it on.