Runbox Blog

Runbox is hailed in a major Norwegian news outlet for providing superior privacy protection.

The article is based on a study by Vienna University of Business and Economics, which compares Runbox to 4 other major email services.

Gmail is slammed in the same article for its poor default privacy settings and a pattern of privacy violations.

In the study, Runbox scores high in all categories:

• Informational Control: 7/7
• Decisional Control: 7/7
• Behavioral Control: 6/7
• Privacy Friendly Defaults: 7/7
• Technology Paternalism: 5/7
• Privacy By Design: 6/7
• Service Appeal: 5/7

At Runbox we are very happy with this increasing focus on privacy, which supports our long-held privacy commitment and our work on compliancy with EU’s General Data Protection Regulation.

The full digi.no article (in Norwegian) can be seen below in PDF format.

As announced one month ago, our new Terms of Service and Privacy Policy implementing the European Union’s General Data Protection Regulation (GDPR) take effect today.

The GDPR is a set of regulations declaring that the individual should have control over their personal data by specifying how such data may be collected, processed, and stored.

Important principles include that personal data must be processed lawfully, for legitimate purposes, and with explicit consent from the user.

Runbox’ privacy commitment

Runbox has always been committed to the privacy of our users, and the GDPR principles are now fully integrated into our Privacy Policy. It provides a comprehensive overview of the policies that govern your privacy as a Runbox user, and describes in an accessible way the types of data Runbox collects in order to responsibly and reliably operate an email service.

It also lays out how user data are processed and stored, how they are being protected, and what rights you have as a user of our services.

To find out more about our GDPR implementation, please see our previous blog post GDPR and Updates to our Terms and Policies.

Review the new terms and policies

If you haven’t already done so we ask that you review the revised terms and policies now, and invite you to contact us with any questions or concerns.

If you are already a Runbox user or customer you have already actively consented to our Terms of Service when registering a Runbox account, and you do not need to consent again now to the new version.

As a new Runbox user you will have the opportunity to consent to the terms and policies when registering your account.

We have been following a story that appeared recently about vulnerabilities in PGP and S/MIME that can cause a leak of the plaintext content of encrypted emails.

A technical description of the vulnerabilities can be found at https://efail.de/

There are a number of possible mitigations for the vulnerabilities, and they vary in how much they might impact your use of encryption. As we have help pages about how to use encryption with email, we felt we should let you know about these particular vulnerabilities.

On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) takes effect in all countries in the European Economic Area (EEA).

Norway, where Runbox is located, is part of the EEA and is implementing these regulations through its own legislation.

We welcome these new regulations as they greatly strengthen the rights of the individual to digital privacy and security, which we always have promoted and supported.

What is the GDPR?

The GDPR is a set of regulations declaring that the individual should have control over their personal data by specifying how such data may be collected, processed, and stored.

The regulations require that businesses and organizations integrate this right into their business practices through policies, procedures, and technologies that safeguard the users’ privacy.

Important principles are that personal data are processed lawfully, for legitimate purposes, and with explicit consent from the user. This means that your personal data can only be collected with your permission.

The regulation also sets forth a number of rights on the part of users of digital services:

• The right to transparency about how data is processed.
• The right to access and information about collected data.
• The right to rectify stored data.
• The right to erase data (“right to be forgotten”).
• The right to restriction of processing.
• The right to data portability.

GDPR also recognizes the term “privacy by design”, which means that privacy shall be considered in all circumstances when personal data is processed or stored. By also introducing “privacy by default”, GDPR states that appropriate measures must be implemented to ensure that personal data collected is only used for the specific purpose for which the consent is given.

How does Runbox implement the GDPR?

At Runbox we believe that the privacy and security of your data is essential, and that it’s important for you to be aware of your rights and your options when it comes to your personal data.

Runbox has therefore been working on the implementation of the GDPR throughout our organization and our services over the past three years.

The activities that implement the GDPR in Runbox can be divided into 3 main areas:

• Internal policies and procedures
• Partners and contractors
• Protection of users’ rights

The first two areas include documentation of information security management and internal policies and procedures, as well as data processing and confidentiality agreements with our partners, contractors, and staff.

The third area relates directly to you as a Runbox user, and includes the terms and policies that govern your use of our services, how we aim to inform and educate our users about privacy, and how we are implementing tools and utilities that safeguard your privacy rights.

Runbox’ main areas of GDPR implementation

Revised Terms of Service and Privacy Policy

As part of our GDPR implementation the Runbox Terms of Service and Privacy Policy have been revised:

• New Terms of Service effective 25.05.2018
• New Privacy Policy effective 25.05.2018

While the Terms of Service has only been updated with minor changes, the Privacy Policy has been restructured and amended. It provides a comprehensive overview of the policies that govern your privacy as a Runbox user, and describes in an accessible way the types of data Runbox collects in order to responsibly and reliably operate an email service.

It also lays out how user data are processed and stored, how they are being protected, and what rights you have as a user of our services.

It’s important to us that you are informed about your rights and your options with regards to your privacy. We ask that you review the revised terms and policies by May 25, 2018 when they take effect, and invite you to contact us with any questions or concerns.

Runbox has been focusing on privacy and information security from day one, and have paid attention to the strict Norwegian legislation concerning the processing of personal data ever since.

Norway is a member of European Economic Area (EEA) and as such has to implement certain EU regulations, even if Norway is not a member of the European Union (EU). When the European Parliament and the Council decided new legislation for the protection of personal data, that legislation also applied in Norway and has to be implemented by May 25, 2018.

The legislation, titled General Data Protection Regulation (GDPR), contains rules for how personal data should be processed. Using the terms of GDPR, this includes how, when, and under which conditions, personal data

• can be collected, processed and stored, which demands explicit consent, and explicit stated purpose;
• shall be rectified;
• shall be deleted (right to be forgotten);
• shall be released to the person that owns the data (right to portability);
• could be transferred to third parties for processing, where a Data Processing Agreement (DPA) is mandatory;
• could be transferred to processors outside EEA.

At Runbox we have followed the development of this new EU legislation from the very beginning, and as early as 2014 we initiated a project in order to become GDPR compliant.

As a first step we started developing a planning document which includes detailed plans for making our information security management complete and consistent. The document laid out a number of activities which are now outlined in 15 sub-projects, of which some are completed, and others are in process of being completed.

However, information security is a continuous effort and the sub-projects will give rise to additional activities far beyond the GDPR framework.

We will keep you updated.

#DeleteFacebook

We have carefully implemented these policies in order to protect our users’ privacy as outlined in our Privacy Commitment, and we are currently working hard to obtain compliancy with the forthcoming General Data Protection Regulation introduced by the EU.

This also means that we are conscious about how Runbox interacts with other Internet services such as social media networks. Therefore we have been disappointed by the recent revelations about the privacy intrusions and unethical practices by Facebook.

As a consequence we have decided to remove the Runbox page from the Facebook platform.

Due to necessary reorganization of our email server infrastructure, all Runbox email services will be inaccessible on Sunday 01.04.2018 between approximately 10:00 CEST (08:00 GMT, 4:00 AM EDT) to 14:00 CEST (12 GMT, 8 AM EDT).

The reorganization involves consolidating our servers to simplify management and maintenance, and modernizes and improves server power management.

Any updates during the downtime will be posted on https://status.runbox.com.

We apologize for any inconvenience caused.

The response to the Runbox 7 Webmail closed beta test has been overwhelming, and to ensure sufficient capacity and performance we are giving access to beta testers gradually over the next few weeks.

We still have some open spots, so if you would like to participate send an email as soon as possible to support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”.

We are excited to announce the closed beta test phase of Runbox 7 Webmail!

This release is not merely an upgrade to our existing services, it’s a bold step into a new world of Webmail apps that will provide unprecedented speed and usability.

Runbox 7 aims to be the fastest webmail on the planet with:

Screenshot sample of Runbox 7 Webmail

• Instant folder views and search results.
• Endless, smooth scrolling of folder contents.
• Drag & drop message selection and moving to folders.
• Incremental, instant search functionality.

The new webmail will be the cornerstone of Runbox 7, and is the first of several development stages that will culminate in a completely new user interface.

Please read on for details about Runbox 7 Webmail and how you can participate in the closed beta test.

Superior speed

Runbox 7 started with a crazy idea:

How can we create a webmail that’s not just faster, but responds instantly?

The solution we developed is a combination of database accelerated email storage, innovative message indexing, and cutting-edge web technology.

When you log into Runbox 7 Webmail, you enter a modern webmail environment built with Angular 5 and Material Design. Your email folders and messages will be shown instantly, giving you an immediate overview of your email.

The spacious layout, clean lines, and powerful engine lets you efficiently navigate the new features and get down to the business of effectively managing your email.

Incremental search

Incremental search

One of the core features of Runbox 7 Webmail is its search capabilities. We have built the search functionality in such a way that the browser doesn’t need to query the server at all.

Not only that, but this webmail will show you search results incrementally while you are typing in the Search field.

You have better things to do than waiting for search results, so we put a lot of effort into making the search function as fast as possible — and this is as fast as it’s possible to get.

Lots of cool functionality

Infinite listing: No more clicking back and forth to navigate your Inbox — just scroll down and the next messages will load automatically.

Threaded view: Want to see your messages in conversation view? Just tick the Threaded checkbox to the top right.

Unread messages: Only interested in the latest news? Tick the Unread checkbox.

Multi-select messages: Want to select many messages in a hurry? Just click the check box  of a message, and drag up or down while holding the mouse button down to select several messages in a row.

Runbox 7 preview pane

Preview pane: Who has time to actually open a message? Just select one in the list and a preview will be shown in the bottom half of the message list pane. To see more, click the ^ arrow in the preview menu.

Hide folders: Want more space for your messages? Just click the icon to the left of the Search area to hide the folder pane.

Draft Desk

Runbox 7 Draft Desk

Another key feature of Runbox 7 Webmail is the Draft Desk — a completely new way of  managing drafts.

In our world of non-stop online communication, we often find ourselves multitasking and working on several threads in parallel. With our new Draft Desk you get a full overview of the messages you are currently working on, previewed side by side in an efficient interface.

Simply click on a draft preview to expand it, write down your thoughts, and send, save, or close the message to return to it later.

Mobile ready

We believe that you shouldn’t have to switch between different apps or user interfaces just because you switch between a laptop, a tablet, or a smart phone.

Therefore we built Runbox 7 Webmail to be mobile-ready and responsive from the ground up. This means that it will automatically adapt to your device’s screen size and orientation while retaining the basic functionality you are used to from a regular browser.

Join the closed beta test

To join the closed beta test of Runbox 7 Webmail, contact support@nullrunbox.com with the subject “Runbox 7 Webmail beta test”. If you are selected to participate, we will then be in touch with further details.

It’s been a few months now since we launched the new authentication service that made Runbox Two-Factor Authentication possible.

Watching over your account

Behind the scenes the authentication service has been working to protect your account from unauthorised access. One of the ways it does this is by analysing the pattern of successful and failed logins for your account.

Using a set of rules it determines if a particular IP address should be allowed to access the service or whether it should be blocked from further attempts. It also determines which IP addresses should be treated with less caution as they are your legitimate IP address.

Obviously we can’t say too much about the rules used as this could compromise the effectiveness of this system, and we are always improving the rule set to take in to account new scenarios that we encounter

Giving you more information

The design of the authentication service allows us to share with you the IPs that try to access your account, and whether that access was successful or not. This can help you in troubleshooting problems you may encounter when setting up devices with your Runbox account, but it can also alert you to attempts at unauthorised access.

You can find this information on the “Access Control” tab at Account > Account Security.

Blocked IP addresses

We have also implemented new features on the “Access Control” page that show you the IPs that are blocked for your account. You can then decide if they should be permanently blocked or removed from the blocked list.

Giving you more control

In addition you can now also block IPs yourself or add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied. This is done via the “Manage IPs” section.

A list of IP addresses you have allowed and denied yourself is visible at the bottom of the page in the Access Control List, and from there you can mange this IP addresses.

It’s also possible for Main account holders to set up rules for the Sub-account accounts they have control of.

We hope you find these new features useful, and if you need any help with them please see our help page about Access Control.