Commentary

How To Use Email Securely

November 1st, 2016  |  Published in Commentary, Security

Much has been said and written in the media recently regarding email, and here at Runbox we’d like to take the opportunity to help make it all a bit more understandable.

What is email, anyway?

Email, or electronic mail, is the most common method of exchanging digital messages.

It is easily the most flexible online messaging service available, because it lets users send and receive unlimited text, multimedia, and other files to anyone with an email address anywhere in the world.

Email was invented in the 1960s and is still one of the most popular services currently available via the Internet, with over 90% of US Internet users actively using email.

How does email work?

Email systems consist of computers and devices that are connected via the Internet. These computers and devices can be servers that process and store electronic mail, or clients such as laptops and smartphones that are used to send and receive email.

Email clients and server Email clients connected to a server

When someone sends an email, the message is transferred from his or her device to a server that processes the message.

Based on the recipient email address, the server finds out where to send the message next.

This is usually to another server associated with the recipient’s address, and often via a number of other servers that act as dispatchers.

There are many different types of email software that can send, receive, and store email. If you use a computer or a smartphone, you might be familiar with software such as Outlook, Apple Mail, or Thunderbird.

Where is my email actually stored?

Because the volume of email is so large, email clients typically let servers store all the email that is received and sent and only download messages when they are opened.

This is very convenient because the server can then do resource intensive things like filtering out spam and viruses, and other kinds of sorting and processing.

Another important reason for keeping emails stored on a server is that it lets more than one client access the same messages.

For instance, you can set up your laptop, your tablet, and your smartphone to access all the email that is stored in your account on the server. You can also use a webmail in your web browser, which essentially works as an email client.

This means that your email will be synchronized across all your devices, without you having to do anything manually.

You can read more about how this works in our Help article Using an Email Client with IMAP.

How can I be sure that no one else can access my email?

When you sign up for an email account, you select a username and a password that only you know. This ensures that only you can access the email that is stored in your account on the server.

As you can imagine, it is important that you choose a strong password to make sure that no one else can guess it. It’s also important to be aware of scams that may try to trick you into revealing information that could let someone gain access to your account.

End-To-End Encryption

End-To-End Encryption

However, to be certain no one can read your email even if they were to gain access to it, you can use encryption.

Email encryption can protect your messages all the way from your device to the recipient’s, by encoding them in such a way that it’s virtually impossible for someone unauthorized to unscramble them.

You can read more about this in our Blog post Email Encryption with Runbox and our Help article Encrypting Your Runbox Email.

We hope this article helped clarify what email is, how it works, and how to use it securely. For a more in-depth article, please see How Email Works.

Tags: , ,

Email Privacy, Security and Runbox

July 8th, 2013  |  Published in Commentary

In recent weeks (for some reason) we have seen an increase in demand for information about whether Runbox collaborates with any government law enforcement agencies when it comes to the email sent and received by our members.  We have also had numerous enquiries asking what we do to ensure the privacy of email sent and received by Runbox members.

It seems like a good time to review what Runbox does and doesn’t do.

Monitoring by Law Enforcement & Security Agencies

Runbox is not involved in any routine exchange of members’ data with anyone.

All email data is stored in a secure facility in Norway and access to the data center is very strictly controlled.

Casual requests for information about Runbox members and their email are categorically rejected.  More formal requests are always directed to the Norwegian court system.  Only if a valid Norwegian court order is received, and the proper procedures have been followed, will the request be considered. At that point it will be referred to our legal representatives.

We adhere to our own strict Terms of Service as well as Norwegian laws and regulations, and if we become aware of activity that is contrary to those we will take appropriate action.

Details of laws and regulations as they apply to Runbox can be found on our Email Privacy and Offshore Email page.

Email Privacy and Security

In recent weeks certain claims have been made that email can be intercepted by government agencies as it crosses international borders. Regardless of any truth or otherwise in these claims, the security of email transfer is essential.

It is important to distinguish between three points of security.

  1. Security of the connection between you and the Runbox email service.
  2. Security of the connection used between the Runbox email service and other email services.
  3. Securing the content of your email in addition to 1 and 2 above.

In the case of the first point Runbox provides the facility for email to be encrypted during transmission to and from our members. All that the member needs to do is use our server secure.runbox.com with the appropriate settings.

On the second point, we employ encryption techniques when sending to and receiving from other email services. However, this is only available if the other service also offers this facility.  If it doesn’t then we have to use an unsecured connection.

The third point is entirely under user control.  If a message’s content is encrypted before sending or receiving through Runbox, then whether it is transmitted securely or not is much less important because only the sender and recipient will be able to decrypt the message and read it.

Runbox is planning to provide a method of allowing members to encrypt and decrypt messages using PGP (Pretty Good Privacy) within the Runbox Webmail.

The best way to encrypt messages with your Runbox account today is to use the Thunderbird email client with the Enigmail Open PGP add-on.

For more information about email security see our page on Secure Transfer of Email.

Tags: ,

Regarding concerns over US surveillance legislation

February 11th, 2013  |  Published in Commentary

There are some who are concerned about US authorities’ ability to monitor their citizens’ data. According to the EU report “Fighting cyber crime and protecting privacy in the cloud” (PDF, 1.3 MB), a little known piece of legislation could give US authorities the right to access foreign users’ data stored in the US as well.

Data stored outside the US, for instance in Norway where all the Runbox email servers are located, is not affected by this legislation.

If you have any concerns about the privacy of your Runbox email, please see our Privacy Policy and our article Email Privacy and Offshore Email.

Tags:

Regarding usage of Google Analytics

August 31st, 2012  |  Published in Commentary

Recently the Norwegian Data Protection Authority concluded that usage of Google Analytics might be illegal in Norway.

As Runbox is based in and operates from Norway, a number of our users has expressed concerns regarding whether Runbox does use Google Analytics and how.

Runbox users do not need to worry. We have stopped using any type of Analytics and you can read about it here.

Runbox does indeed use Google Analytics on public pages, such as www.runbox.com to gain statistical information about where visitors come from, how much time they spend reading various public pages, e.g. about our pricing plans etc. However, Runbox does not use Google Analytics on logged-in pages.

Norway gives strong protection to personal data and Runbox has a strict privacy policy. Runbox does not allow third parties to access your information. Therefore, once a user reached the pages which require authentication, neither Google Analytics nor any other third party service is allowed to monitor their activity, as theoretically such third party could obtain information about user’s private information, such as their contacts and email contents. At Runbox we guard users’ privacy and such leak of information would be non-acceptable.

Tags:

Runbox supports Wikipedia

November 16th, 2011  |  Published in Commentary

Support WikipediaWe just donated to Wikipedia and encourage other companies to do the same.

Wikipedia is ad-free and relies on donations for their servers and staff, and it’s a fantastic resource for anyone interested in independent and objective information about virtually any topic imaginable.

Google chief fears for Generation Facebook

August 18th, 2010  |  Published in Commentary

In an independent.co.uk article, Google chief Eric Schmidt expresses concerns over the amount of personal data people publish online without considering the possible privacy implications.

Personal data will increasingly become a monetizing commodity among the social network and search engine services, while privacy and protection from data exploitation will diminish until its true value is appreciated.

While social network services bring functionality that allow people to connect in new and unexpected ways, email is inherently private and personal to the sender and recipient, as long as that privacy is enforced with a balanced policy.

Tags: