Special Holiday Offer from Runbox

Starting December 24 and until the end of December, we will add one free Medium Sub-Account for one year to all purchases.

You may then set up an additional account for a coworker, associate, or family member very affordably.

Just go to Your Subscriptions and renew any existing product, and the free account will be added to your shopping cart.

You may then proceed to complete your payment, and the sub-account will be available to use in Account > Sub-Accounts for free for a full year.

Happy Holidays from all of us at Runbox!

Continue Reading →

Runbox is under attack by extortionists

On Friday evening Norwegian time, Runbox started experiencing Distributed Denial of Service (DDoS) attacks by extortionists demanding that we pay them an amount of Bitcoin to stop the attacks.

The attacks consist of a massive volume of data traffic, in excess of 50 Gbps, to our service that overwhelm our servers and intermittently block our customers from accessing our services.

Runbox has persevered against similar DDoS attacks in the past and never in our history paid criminals who attack our services. And we are not going to start now.

Paying extortionists would provide no guarantee that further attacks would be prevented, and could instead make the victim more attractive for similar attacks. Furthermore, funding such criminal activities would only increase the likelihood of further attacks by the same criminals or other malefactors.

Since these DDoS attacks started we have worked with our system administrators and Internet Service Provider to mitigate the attacks. We are considering further mitigation options and appreciate the offers we have received from DDoS mitigation specialists who wish to help.

We have also learned that Runbox is not alone in being attacked, as The Record reports that Fastmail and Posteo are also under attack by the same extortionists.

Anyone who is experiencing DDoS attacks is encouraged to never capitulate. Let us instead coordinate our fight against these criminals and fully cooperate with relevant law enforcement in our respective countries.

We also encourage our respective customers to continue supporting independent email services such as the three of us now under attack. We thank you for your patience and understanding while we fight to regain your access to our services.

We will keep you updated on our Service Status page and assure you that we are doing everything in our power to restore services for you.

The full extortion letter is pasted below.

From: Cursed Patriarch
Posted on: 22 Oct 2021 – 15:56
Email: ravid.grossman@nullprotonmail.com

Subject: EXTORTION: DDoS attack

Hi,

I will start 1-2 hours attack on your site. It will not be hard as I don’t want to impact your business now. Just check your logs to see that I’m for real.

Pay me 0.06 BTC to 3GBAUXHmfxideRQWqRagtQRznB2GdUuMkfand I will never attack you again.

If you don’t pay within until Monday, total shut down is coming, cheap protection will not help my fee will increase and if you refuse you will lose much more then that.

Pay 0.06 now to prevent suffering.

Best regards,
Cursed Patriarch

P.S. This is disposable email. Do not reply.

Continue Reading →

Annual Message 2021 from the Board of Directors

Dear customers, business partners, and shareholders,

Upon the completion of the Annual General Meeting in Runbox Solutions for the fiscal year 2020 we take the opportunity to review our company’s status in accordance with our commitment to transparency.

Although 2020 was in general a difficult and challenging year due to the corona pandemic and the worsening climate change, we celebrated the 20th anniversary of the Runbox email service in October with special subscription offers to our loyal customers. This, together with continued growth in our customer base and favorable currency exchange rates, resulted in a record year for Runbox financially.

Through the year we made significant progress on Runbox 7 development, and reinforced our commitment to privacy, security, and the environment.

Runbox 7 Developments

During 2020 we continued to improve and expand the groundbreaking Runbox 7 webmail application, which features search capabilities in the browser that provides immediate searching and listing of email. Runbox 7 combines the unique database-accelerated Runbox architecture with cutting-edge technologies such as WebAssembly, HTML 5 Canvas, and Progressive Web Apps to create an immediate email experience.

Developments have focused on expanding Runbox 7 toward a complete web application, and numerous enhancements have been made to Mail, Contacts, and Calendar. Additionally we have added innovative new features such as the Mail Overview and Popular Recipients, which provide a new level of message overviews based on sender and recipient data.

Runbox 7 development can be followed on our Runbox 7 Roadmap in the Runbox Forum and aims to solve the growing challenges of email interfaces and bringing forth the future of email.

The project is partially funded by the Research Council of Norway as a research and development (R&D) project in support of the innovative aspects of the solution.

Environmental Engagement

The operation of all business continues to depend on the foundation of our natural environment, which is under increasing pressure from human activity. In 2020 the world has seen a continued growth in greenhouse gas emissions with subsequent increases in extreme weather, wildfires, and droughts around the globe.

As inhabitants of Earth we all share the responsibility to decrease our negative impact on our environment. Runbox is built with a strong ethical foundation and we are dedicated to decreasing our ecological footprint and other environmental impacts that result from our operations.

The environment is a primary consideration when developing our services, and in 2020 we continued strengthening our commitment to having a positive ecological impact.

The data center where our email servers are located is 100% hydro-powered, and the electricity powering our email architecture is utilized exclusively by the Runbox email service.

In 2020 we achieved CO2 double negative operations by implementing our Environmental Policy and supporting the organization World Land Trust. In 2021 we have extended our commitment by partnering with the Norwegian tree-planting organization Trefadder, which creates and nurtures climate forests in Norway.

Renewed Commitment to Privacy and Security

Through the year we renewed our commitment to privacy and security, and the GDPR in particular. Our GDPR implementation has continued with reinforced policies, procedures, and technologies, and as a company located in Norway our service can rely on the strong Norwegian privacy protections.

All user data processed through the Runbox email service is stored on our own physical servers in Norway, and last year we completed the transition to encrypted SSD storage for all email account data.

We have continued our blog post series outlining our road towards GDPR compliance, and made further progress with privacy and security improvements to our services.

Growing our operations

We are working closely with our system management partner Copyleft Solutions to scale our email service infrastructure with a distributed system architecture to support the continued growth of our customer base.

Together with our development partners Shadowcat Systems and Peregrine Computer Consultants Corporation, our diverse team includes members from Norway, the UK, Poland, Brazil, and the US. The background, geographical location, and diversity of our team combined with a steadfast commitment to the ethics and policies of our company forms the core of our organization.

The contributions from our open source community on Github increase the security and speed of Runbox 7 development further, and we are excited to continue the race to revolutionize email in 2021.

Continue Reading →

Happy New Year from Runbox

2020 was a very challenging year for many people around the world, and especially as a consequence of the ongoing global health situation. As we begin a new year we think about all those who have been impacted by the COVID-19 pandemic.

At the same time it is important that we don’t forget about other global challenges, and as Runbox celebrated 20 years in 2020 we naturally considered the current state of the environment compared to the year 2000.

Since the year Runbox was founded, global energy-related carbon dioxide emissions have increased over 40% from approximately 23 to 33 gigatons as illustrated by the figure below.

Source: IEEE Earthzine (https://earthzine.org/climate-indicators-in-the-covid-19-season/)

There was a significant increase in emissions over the past year, and despite the pandemic-related drop during 2020 world liquid fuels production and consumption is forecast to continue nearly unabated in 2021 and beyond.

Source: US EIA (https://www.eia.gov/outlooks/steo/)

It is clear that the global environmental crises in all likelihood remain the most essential and existential challenges facing mankind, and that 2020 only represents a temporary interruption.

Still, Runbox remains optimistic, and will in 2021 renew and reinforce our commitment to our Environmental Policy, our offer to provide free email services to environmental non-profit organizations, and a double negative carbon footprint through our support for World Land Trust.

Continue Reading →

Runbox doubles the storage capacity on all account plans

It’s our 20th birthday, and we’re giving YOU a present!

Our goal has always been to provide professional email services with massive storage space that is also affordable and flexible.

When Runbox was officially launched on October 12, 2000, Hotmail was the market leader with 2 MB storage space.

Runbox then decided to launch an email service with a whopping (at the time) 100 MB free storage — and received more attention (and signups) than we could have anticipated.

It’s now 2020 and we are doing it again, by multiplying the storage space on all our subscription plans by 2!

Our plans will now include storage space as follows:

Email StorageFile Storage
Runbox Micro2 GB200 MB
Runbox Mini10 GB1 GB
Runbox Medium25 GB2 GB
Runbox Max50 GB5 GB

These quotas will take effect for your account upon your next Runbox subscription purchase or renewal. So don’t forget to take advantage of the double subscription time on all product purchases through October!

Proceed to our Product page right away to automatically upgrade your account.

And we hope you will enjoy Runbox at least twice as much going forward. 😀

Continue Reading →

Runbox Celebrates 20 Years with 2 Years for the price of 1 through October 2020

On October 12, 2000 the Runbox email service was officially launched, on an Internet that was quite different from what we are used to today.

Initially, Runbox was a basic email forwarding service with a permanent @runbox.com email address. The original idea was to eliminate the need for email users to inform their contacts about a new email address when they changed schools or work places.

We soon expanded the Runbox service with a custom made Webmail interface, and offered a whopping 100 MB storage space. This was substantial compared to the 2 MB offered by Hotmail, who was the market leader at the time.

At that time Runbox was a free service, and the offering brought international attention and a large number of users. We then expanded with POP, SMTP, and IMAP access, email retrieval and filtering management, file storage, and support for email domains and domain hosting.

In 2012 we were once again at the forefront by strengthening the security and privacy aspects of our services following the surveillance revelations especially in the US.

Since those early years we have founded a new employee-owned company, continued hardening the security and privacy of our services, and built new partnerships and new server infrastructures, while broadening the foundation of our operations to embrace strong environmental and ethical principles, a diverse and dedicated team, a global customer base, and an inclusive virtual organization.

Now we are hard at work making Runbox 7 the fastest webmail app on the planet. In a world that is experiencing several global crises simultaneously we are increasingly focusing on features that facilitate global interconnectedness, telecommuting, and remote work by making our service more people and activity centric.

In an uncertain future one thing is for sure: Runbox will reinforce our mission to help people communicate better, more efficiently, and in a more organized way.

To demonstrate this we celebrate our 20th anniversary by doubling the subscription time on all Runbox products and renewals free of charge through October.

This means that when you purchase a subscription or add-on you get 2 years for the price of 1 year!

Proceed to our Product page right away to take advantage of this offer.

Thank you to all the customers who have supported us through the years — here’s to the next 20!

Note:

  • The additional subscription time will be applied automatically upon subscribing.
  • All initial subscriptions come with a full 60-day money back guarantee.
  • Hosted domains and other third party purchases are exempt.

Continue Reading →

Runbox Email is officially an ethical buy

We are delighted that Ethical Consumer has rated the Runbox email service one of their ethical best buys.

Following a thorough assessment of our business that included areas relating to our privacy policy and whether we were acting in an environmentally friendly way our email service gained one of the highest scores and was given the prestigious title of being an Ethical Consumer Best Buy product (you will need to be a subscriber to see the list of Best Buys and individual email service scores).

We’re obviously very pleased with the outcome of this assessment and it further confirms that our efforts to run a privacy and environmentally conscious service are valued in the wider market of ethical products that consumers seek out.

If you would like to know more about the work that Ethical Consumer do there is information on their website. For more information about the services that Runbox provides please visit runbox.com

Continue Reading →

Message from Runbox regarding the global health situation

In situations such as the one we are currently experiencing with COVID-19, uncertainty spreads easily and one may wonder whether services we rely upon will continue to function as usual. We are aware that our email service is of great importance to our customers, and that many rely upon Runbox in their professional and personal lives.

We can assure you that our operations will continue to function normally.

Runbox is located in Norway, a country with robust and reliable Internet services, and the Norwegian government and telecommunication operators are on the alert to ensure that Internet services are running as normal.

In our organization telecommuting is the modus operandi, and we are used to working from home offices or remote locations. For the immediate future the use of our headquarters is suspended in accordance with the advisory from our health authorities, but this will not have any impact on our day-to-day operations.

These are also the regulations our partners in Norway adhere to, and our affiliates abroad will naturally follow the advice in their respective countries. The data center where our servers are located will be enforcing stricter access procedures, but will otherwise operate normally.

This means that maintenance, support, development, and other internal functions will continue to work as usual. Our services are running on our own infrastructure, and there are no indications that our service will be exposed to any consequences of the current situation.

Our mission is to provide electronic communication between people, which is more important than ever in these times. We will continue fulfilling this obligation with dedication and determination.

Continue Reading →

Runbox is double carbon negative

As explained in a previous blog post, Runbox works continuously to decrease CO2 emissions from our operations and act in an environmentally responsible manner.

We recently implemented an environmental policy to this end, which lays out our commitments to reducing, reusing, and recycling our resources.

In our policy we also pledge to doubly offset any CO2 emissions that do result from our operations despite our email service being entirely hydropowered.

We are proud to announce that we are now supporting World Land Trust in order to plant trees sufficient to compensate doubly for the emissions that result from our business.

The World Land Trust certificate for carbon dioxide emissions 2019

World Land Trust is an environmental non-profit organization working to ensure conservation of plants, animals and local communities in areas at environmental risk.

We chose World Land Trust after having researched a number of organizations offering similar services, and found World Land Trust to be the most professional and reputable candidate.

We encourage other companies to offset their own emissions in order to help achieve the goal of carbon neutrality.

Continue Reading →

GDPR implementation part 8: “Personal data” in the EU and the US is not the same

We usually think of “personal data” as a term that contains for instance a person’s full name, home address, email address, telephone number, and date of birth.

These are ordinary data that can obviously identify a specific person. But in the personal data category of linked personal information are also data such as social security number, passport number, and credit card numbers – data that can identify us, and data we usually feel more restrictive about.

Linkable and non-linkable information

But there is another category of data that on its own may not be able to identify a person, but combined with other information could identify, trace, or locate a person. Such data are gender, race, sexual orientation, workplace, employment etc. These are examples of linkable personal information.

Then we have the category non-personally identifiable information. That is data that cannot be used on its own to identify or trace a person, for example IP addresses, cookies, device IDs, and software IDs (non-linkable personal information).

Privacy regulations differ in the EU and the US

Now, we know that there are industries that exist almost under the radar while taking advantage of personal data. For instance, companies in the AdTech and MarTech industry base their business on collecting and trading personal data for targeted advertising and marketing.

Many of these actors try to take protection of personal data seriously, and refer to the rules and regulations for processing personal data. In Europe this is the GDPR (General Data Protection Regulation) within the EU/EEA-area1, and in the US it is the responsibility of the FTC (Federal Trade Commission).

However, what the EU/GDPR and US government agencies mean by “personal data” is different. Specifically, the definition by EU/GDPR is more comprehensive than the definition often referenced by US agencies, such as that of NIST (National Institute of Technology).

For example, the EU concept of personal data includes information such as cookies and IP addresses, which are not considered as personal data in a US setting.2

This means that if US websites in their privacy policy state that they are GDPR compliant, but combine their data with other data sets, they may breach the GDPR. For example, they must have the user’s consent to collect their IP address under the GDPR.

Definitions of “personal data”

National Institute of Technology’s definition

NIST’s definition of personal data is contained in the definition of Personal Identifiable Information (PII):

PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.

US Office of Privacy and Open Government’s definition

Another PII-definition is from the US Office of Privacy and Open Government (OPOG) as follows:

The term personally identifiable information refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

EU’s GDPR definition

Compare these PII-definitions with the GDPR Article 4(1)’s definition of personal data:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

It is obvious that GDPR defines personal data much broader than both NIST’s and OPOG’s PII, and this is underlined by this statement found in GDPR’s Recital 30:

Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

The US is lacking comprehensive regulation

That said, US authorities are moving towards stronger protection of privacy and personal data, but as late as March 2019, the US Congressional Research Service says:

Despite the increased interest in data protection, the legal paradigms governing the security and privacy of personal data are complex and technical, and lack uniformity at the federal level. The Supreme Court has recognized that the Constitution provides various rights protecting individual privacy, but these rights generally guard only against government intrusions and do little to prevent private actors from abusing personal data online. At the federal statutory level, while there are a number of data protection statutes, they primarily regulate certain industries and subcategories of data. The Federal Trade Commission (FTC) fills in some of the statutory gaps by enforcing the federal prohibition against unfair and deceptive data protection practices. But no single federal law comprehensively regulates the collection and use of personal data (our emphasis).

Conclusion

When US websites claim to follow the rules for processing personal data it is dubious at best, compared to the regulations in the EU/EEA – which the Norwegian legislation is based on and is what Runbox adheres to.

However, it should be mentioned that some US states, for instance California, do classify some anonymous data (i.e. IP-addresses, aliases and account data) as PII.

In addition, as stated in our Privacy Policy, the personal data we ask customers to register in order to use our service is very limited. We are conscious about the trust our customers place in us when they register personal data in our systems, and in return we can demonstrate that we are compliant with the regulations.

Addendum

Above we referred to the AdTech and MarTech industries and their usage of personal data to identify, trace, or locate a person for advertising and marketing purposes. That topic is outside the scope of this blog post, but is absolutely worth writing about in a later post.

1 EEA = European Economic Area, that is the EU and three countries: Iceland, Lichtenstein, and Norway.

2 https://www.forbrukerradet.no/out-of-control/ footnote on page 102.

Continue Reading →