Email, Encryption and Data Surveillance

July 16, 2014 Leave a comment

As each day goes by there seem to be new revelations about which countries are spying on each other, or have secret agreements to monitor traffic by putting “taps” on strategically important cables entering or leaving countries. It is hard to keep track of all this information, and even harder to verify what is fact and what is speculation.

Questions, questions!

If you care about your data or email and whether it is private or not, then all of this should bother you; in fact it should bother you quite a lot. But how do you make sense of it all, and what action can you take, assuming you can take action that is? Which countries will look after your data best? And who can actually read your email as it is delivered to and from your email provider?

At Runbox we get asked a lot of questions like the ones above, and we have come to the conclusion that often we are worrying about the wrong things.

Who are the players in this real-life James Bond story?

five-eyesThe United States National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ) have featured heavily in the media, and along with three other countries (Canada, Australia and New Zealand) they make up the so called “Five Eyes” countries that are known to be monitoring communications.

These countries have an agreement to share data that they collect through their extensive networks. This is not speculation, this is hard fact in the public domain, and together they form the single biggest data sharing network ever conceived. The allegations that they spy on each others citizens and then share data with each other to get around domestic regulations relating to spying on your own citizens is one of the most controversial claims that have been made in the last few years.

There are other revelations that suggest many countries also have agreements with the NSA and GCHQ in return for various kind of technological assistance that might benefit the collaborating nation.

More recently, and closer to home for Runbox, we have seen allegations that Denmark is monitoring data entering and leaving Norway, and that Sweden is pretty much in league with the NSA about as much as the other “five eyes” countries. At a glance this can seem worrying given that Runbox is based in Norway.

But does it really matter?

Data everywhere, and no place to hide

surveillanceOn a political front it probably does matter, but on a practical level if you email someone who is outside of Norway the chances are the data passes through a number of countries and worrying about the ones geographically adjacent to Norway seems a little pointless. For example, if you email anyone on Gmail, Yahoo, Outlook, iCloud or any of the other major providers, the chance is your data is going to end up in the one country that is at the centre of the recent revelations – the USA.

The reason we get asked questions about security is because people want to take positive action to protect their data, so what can you actually do?

Stored email and data

The question about which email provider will protect your data best when it is on their servers is a separate issue to the one surrounding your data when it is being transferred from one place to another. In respect of your email provider, you are better to keep your email data in a country that has strong privacy laws, and with a provider that tries to encrypt the transfer of that data to and from your account. Runbox is based in a country that does have strong privacy laws, and we always try to encrypt your data when transferring it to and from your account.

So choosing an email provider isn’t too difficult once you know what to look for.

So what about data transfer?

Given that we know agencies are monitoring Internet communications (it doesn’t matter how much or little of this is going on) it is best to assume that anything that you do on the Internet, or anything you email can be monitored by someone. You can think of this as being like sending a private message on a postcard through the usual mail where everyone including the post office and your family can read the postcard.

Fundamentally the data that makes up your email can be read by any server it passes through on its way to its destination. Mail servers also write information to their hard drives and then use that data when sending your email on to the next destination. This means that temporary copies of your email are also made!

There is very little you can do about this, it’s how email works.

Email-EncryptionAn obvious solution to prevent prying eyes from reading your email is to use some sort of code that only the sender and recipient can decode, and that is exactly what encryption is. If you encrypt a message with a strong enough key then it is currently not possible for anyone to read it without having the private key and passphrase. For now we will ignore allegations that encryption has been subverted by governments as it is clear that strong encryption does still work adequately.

Regardless of whether you encrypt messages yourself, Runbox attempts to encrypt your email when it sends to and receives email from other providers on your behalf. This is an important security feature, but it isn’t universally used and even some major email providers do not offer this kind of encryption. Where it is not offered your email is delivered unencrypted and it is just as vulnerable to interception then as a postcard is.

End-to-end encryption

Email is about 40 years old, and it hasn’t changed much in all that time. For decades computer security experts have been aware of the insecure nature of email, which is why email encryption has been around for about half the time email has existed. Encrypting your enigmail_gnupg_thunderbirdemail is not a new idea at all, but as a proportion of email sent very little is encrypted by the sender.

The best overall solution is to encrypt the message before it leaves your computer and not rely on anyone else to protect the data for you. The data can then only be decrypted at the recipients end if the correct key is available and the passphrase for that key is known. This is called end-to-end encryption.

There are various ways in which you can encrypt your email, some involve email client (app/program) like Thunderbird, Outlook or Apple Mail and others are integrated in to the webmail service of email providers.

You don’t need to be an expert to encrypt your email

Encrypting your email is not as difficult as you might think, but you might need to make some changes to how you use email.

We are used to having a very wide variety of email providers at our fingertips, and encryption isn’t necessarily going to be compatible with all of those various interfaces. Elsewhere on this blog and on the Runbox help website we explain some of the easier ways to implement strong email encryption that can be used with most email providers.

Yes, you are going to have to give your friends, family and colleagues keys so they can decrypt email and also send encrypted email to you, but is that really much more difficult than having to give them a key to get in to your home (assuming you want them in your home that is)?

If you encrypt your email it won’t matter what revelations are in the news next week, only you and your recipients will be able to read your email. Unless of course the revelations are about encryption having been compromised…

For more information

Continue Reading →

[Completed] Email Alias Quota Increased to 100

July 1, 2014 2 Comments

In order to further simplify our price plans and improve our offering we have decided to increase the email alias quota of all account subscriptions to 100 (except the Max plan which already has it).

This change has already taken effect, which you can tell from the Alias Administration screen.

If you are wondering what an email alias is and what it can be used for, it’s basically an alternative email address pointing to your Runbox account. This is very useful in order to manage identities/profiles, especially if you host a domain with Runbox.

For more information and tips, head over to our help page on Aliases!

Continue Reading →

[Completed] Adjustments to Bandwidth and Outgoing Message Quotas

May 9, 2014 1 Comment

In order to simplify our Price Plans and improve the reliability of messages sent from Runbox, we are introducing standard quotas on email bandwidth usage per week and on the daily outgoing message limit across all subscription plans (with a few important exceptions).

Please continue reading to find out what is being changed and how this may affect your account. We will also notify all our customers by email within the next few days.

What is being done

As of June 1, 2014 we will make the following changes to the Runbox subscription plans (with a few exceptions):

  • The bandwidth quota will be upgraded corresponding to the Max subscription plan’s 10 GB per week.
  • The outgoing message quota for all subscription plans will be set to 500 messages per day*.

*) Those who have purchased extra quotas will of course keep them, and we will accommodate those who do need to send a larger number of messages — please see below for details.

If you are unsure about which subscription plan you currently have, please see Account > Subscription Information.

Why we are making these changes

The recent revelations in the media of mass surveillance of online communication especially in the US has brought many new customers to Runbox over the past months. This has lead Runbox to garner international attention by publications such as Der Spiegel and The New York Times, and Runbox has gained a position as a leading provider of secure and private email services.

In accordance with our growth strategy we have invested heavily in new hardware to replace and modernize our server park, which will increase our capacity and further improve the reliability and security of our services.

While we continue to roll out these upgrades we have reviewed our subscription plans and decided to simplify and adapt the bandwidth and outgoing message quotas.

Bandwidth quota change

Our growing number of customers access their email on an increasing number of laptops, tablets, and smartphones. Additionally, people increasingly use email to share multimedia files such as images and videos.

The new hardware we have installed greatly improves our ability to support this “email-on-the-go” trend and we have therefore decided to upgrade the bandwidth quota to a level corresponding to the Max subscription plan for all existing and future accounts.

With many more people sending digital photographs and videos to friends, family, and colleagues, this new higher quota will allow you to make even better usage of our market leading 100MB attachment size.

Outgoing message quota change

There are two different reasons for the change of outgoing message quotas:

1) A few of our customers send a large amount of legitimate email. While our systems cope well with this, there is an ever increasing volume and therefore cost to processing this kind of email. There is also an increase in staff time dealing with any issues that arise as a result of recipients sometimes reporting such email as spam.

We see that those who send large amounts of bulk email don’t necessarily need large storage quotas, so we have decided to decouple the outgoing message quota from the subscription plans. You can then freely purchase outgoing message quota upgrades independently of your subscription plan.

Please note that this change need not affect your account as you can keep your current quota upon request.

2) Runbox enforces a strict policy on email sent from our service. Unfortunately, some of our customers still have poor password or computer hygiene, which in some cases can cause their Runbox account to be used by spammers to max out the currently very high outgoing message quotas.

This not only causes problems for the account owner, but sending large amounts of unsolicited email via our outgoing mail servers can potentially affect all our customers. If a receiving server detects that unsolicited email has been sent from one of our servers, Runbox may be blacklisted and in turn be prevented from reliably delivering email sent by our customers.

By lowering the outgoing message quota we protect all accounts from jeopardizing the reputation of Runbox’ mail servers. You as a Runbox customer will benefit directly because email sent from reputable mail servers are delivered promptly and reliably to their recipients’ Inboxes.

As part of our aforementioned server upgrades we will have the ability to implement new security features that will also help protect customers’ accounts.

How these changes may affect your account

The bandwidth quota change will only affect your subscription positively if at all, since all subscription plans will now have the maximum 10 GB bandwidth limit per week. With many more people sending digital photographs and videos to friends, family, and colleagues, this new higher quota will allow you to make better use of our market leading 100 MB attachment size.

The outgoing message quota adjustment will only affect customers who send more than 500 messages per day. Please note that the number of messages equals the total number of recipients, because e.g. 1 message with 20 recipients is 20 messages when delivered from our servers.

If you need a higher outgoing message volume we will restore the old quota upon request.

Customers who have paid specifically for increased outgoing message quotas will keep their full quotas as long as they are renewed.

If you are unsure about your current outgoing message quota, please refer to our subscription plans.

We hope you will understand that these changes are not only necessary but beneficial to Runbox and you as a Runbox customer.

And please let us know by contacting Support if you have any questions or concerns about these changes.

Continue Reading →

New Privacy Products Available

May 7, 2014 10 Comments

Runbox prioritizes security, reliability, and privacy above all else. As you probably know, Runbox’ email servers are hosted in Norway, and Runbox Solutions operates under Norwegian legislation which protects our customers’ data.

Our services are protected by Extended Validation SSL with Perfect Forward Secrecy, ensuring encrypted communications between client and server. We enforce a strong Privacy Policy and we do not share any account details or user data with any third party.

To complement our security and privacy features we are now launching the following products:

No Backup

Store your email and files on a separate, dedicated disk volume without backup. This means that when you delete an email it is immediately and permanently removed from our servers.

Read more about No Backup

Domain Registration in Norway

You can register any top-level domain (TLD) name with a Norwegian registrar via Runbox and operating under Norwegian jurisdiction.

By registering a domain name ending with for instance .no, .cc, or .co, your domain’s records are kept in Norway and in the country corresponding with the TLD of your choice.

Read more about Domain Registration in Norway

Domain Management

Runbox can register a domain name for your exclusive use. Runbox Solution’s company name, address, and contact information will be used and we will be the legal registrant. Your personal or business details will not be associated with the domain name, but you will be reserved the right to use it exclusively.

Read more about Domain Management

Continue Reading →

Warning About Insecure Email Apps

May 2, 2014 2 Comments

We have become aware of at least one email app (application software) available for smartphones and tablets that undermines the security of email sent using your Runbox account.

The email app is very easy to set up with only your email address and password, and you can get it working within a few minutes at most. It was due to this ease of set-up that we became suspicious. There is always a push towards making things easier for users of technology, but we believe that this is one step too far.

We discovered that the email app was not sending email through the Runbox mail servers. There was no SSL encryption between the email client and the servers, and no onwards encryption to a destination that we know normally uses encryption when sent via our servers. Instead of using our servers in Norway, the app used a mail server in another European country!

If this wasn’t bad enough, there was no user notification that the app hadn’t used the correct servers and was instead using an alternative server.

We won’t mention this particular app by name here as that wouldn’t be fair, especially when there may be others that do the same. We do not recommend this type of email app for phones, tablets or computers in general, and we cannot be held responsible for the delivery of email not sent through our servers, but apparently coming from your Runbox email address.

We would urge all Runbox customers to consider the following:

If you are not asked to enter the secure server settings as detailed on our settings page, then you are not in control of how your email is received or sent.

If you have any further questions about this, or would like further advice, please contact Runbox Support.

Continue Reading →

U.S. judge rules search warrants extend to U.S. companies’ overseas email accounts

April 29, 2014 14 Comments

A U.S. federal judge has ruled that U.S. Internet Service Providers must hand over customer emails and other content sought by U.S. government search warrants, even when the data is stored overseas.

The ruling addressed a search warrant against Microsoft Inc. for one of its customers whose email is stored on a server in Ireland.

As a Norwegian company and email service operating under Norwegian jurisdiction, Runbox is not affected by this ruling.

Runbox will not disclose account information or email data to authorities unless presented with a Norwegian court order.

Find out more about Runbox’ privacy policies and Norwegian privacy regulations.

Read the full story at Reuters.

Continue Reading →

[Resolved] Server problems; service inaccessible

April 18, 2014 2 Comments

We’re having problems with an unresponsive central server which is affecting much of the Runbox email system and causing the email service to be inaccessible. We’re working to resolve it and expect to be operating normally within 30-45 minutes.

Update 01:15 CET: We are back online and investigating what happened. In any event this was a server that is soon to be replaced.

Continue Reading →

New IMAP servers deployed with Perfect Forward Secrecy

April 11, 2014 5 Comments

Our new IMAP servers were successfully deployed today after upgrading the new ZFS based storage, which resolved an error that had previously caused problems. The technical details of this error can be found in the official bug report from the operating system distributor.

The combination of new, powerful IMAP servers and a modern, ZFS based SAN (Storage Area Network) should significantly improve IMAP performance in the coming days and weeks as we move email accounts to the new storage unit.

Perfect Forward Secrecy support for IMAP

Additionally, the new IMAP servers support Perfect Forward Secrecy on SSL (encrypted) connections, which prevents an unlikely eavesdropper to decrypt the communication between client and server.

You do not have to change anything in your email client to enjoy these new technologies, but do let us know if you experience any problems.

Continue Reading →

[Resolved] “Heartbleed” SSL vulnerability

April 10, 2014 4 Comments

On April 8, it was revealed in the media that a vulnerability in the internet encryption standard OpenSSL had been discovered. This vulnerability could potentially allow someone to access additional parts of the memory of servers protected by the OpenSSL software.

As stated in the OpenSSL Security Advisory:

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.

This could potentially compromise sensitive data such as the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of users, and actual content.

Runbox’ servers are secured

Runbox immediately upgraded our installations of OpenSSL on April 8 upon learning about this vulnerability. We have also reissued and reinstalled all our SSL certificates for both Web, POP, IMAP, and SMTP services.

Additionally Runbox web services already supports Perfect Forward Secrecy, which issues unique SSL key pairs for each connection. This prevents an unlikely eavesdropper from retroactively decrypting communications between server and client even if they managed to get the private key.

What you can do

We have no indications that any information has leaked from our systems, and our assessment is that the risk of such leaks is very small. Client computers and software are not affected by this vulnerability.

However, we recommend that you change your Runbox password to be entirely certain that no one else can access your account. It’s a good idea to change your password regularly, and use different passwords for different services. Please see Tips for choosing and protecting passwords for some useful rules about password generation and usage.

More information about Heartbleed from the security company Codenomicon is available at http://heartbleed.com/.

Continue Reading →

[Resolved] Transition to new servers and storage

March 27, 2014 7 Comments

Runbox has seen a tremendous growth in our user base over the past months following the NSA revelations in the press. As a consequence of this we started executing our plans in January to acquire and install new and powerful virtualization servers and storage units.

Moving to the new servers

After substantial preparation of our server infrastructure we started moving data to the new ZFS based storage servers this week. The new storage servers are substantially faster, more reliable, and adds a lot more capacity than the current ones, and this process is moving forward steadily.

We are also deploying new, IMAP servers as an intermediate step towards completely replacing our  application server infrastructure. The IMAP servers we are currently deploying will improve IMAP performance while we complete the process of installing new, physical application servers that will replace both our current IMAP, POP, and web servers.

Some bumps in the road…

Some of our POP users started experiencing connection problems after being moved to the new storage servers. These users have now been moved back to the old storage servers until we resolve these problems. Update 13:00 CET 27.03.2014: This has probably been solved and we are waiting for feedback from everyone that was affected previously.

Additionally, the interaction between new storage, old storage and the new IMAP servers did not work exactly as predicted, so we rolled back the changes on Wednesday. We had done extensive testing over a long period of time before we deployed this solution, but with some differences (NIC, OS versions) We have now done further testing and will attempt deployment again shortly .

What we’re doing to resolve the problems

We have reviewed the process thus far in detail and uncovered the likely cause of the problems between the new and old servers. We are making the required system changes to ensure a smooth transition next time.

We would like to apologize to those of you who have experienced connection problems with Runbox recently with IMAP and POP, and assure you that we, along with our team of system administrators, will work to resolve these problems over the next few days so that we can provide fast and reliable services to everyone who cares about online privacy, security and sustainable services.

Update 01.04.2014:

We have gathered and analyzed data from the previous attempt at deploying the new servers and will make another attempt Wednesday (02.04.2014) morning CET, this time using a new set of virtualized servers. We will test new combinations of hardware and software between 8-10 AM CET until we have found the configuration that performs best. Meanwhile we have adjusted the configurations of the current IMAP servers to allow more concurrent connections and stop the connection errors some of our customers have seen throughout the day.

Update 03.04.2014: 

Generally IMAP should now operate normally. Between 9 and 11 AM CET when we carry out configuration work with the new IMAP servers some users may experience intermittent connection problems. This work will ensure that the new servers perform at their optimum reliability when we complete their configuration.

The new IMAP servers have performed perfectly during our test phase while emulating a large number of users, but something causes them to slow down when communicating with the new ZFS based storage units. We are working systematically to eliminate the causes and are excited about offering this superior storage technology to all our customers.

Update 08.04.2014:

After several days of testing we have narrowed down the problem to the new ZFS based storage units; not the IMAP servers as was indicated earlier. There are two main issues we are looking at and we expect to have a permanently deployed solution after a couple more days of work.

We plan to do the work outside of European and US business hours to avoid service disruptions for as many customers as possible. We are also looking at contingency plans in case this does not turn out as expected.

If you experience connection errors with Runbox IMAP, please contact Support as the symptoms can vary from account to account. We can then take steps to improve the situation for your account specifically.

Update 11.04.2014:

We have confirmed that the problem with the new ZFS storage was related to deadlocks in certain NFS threads in its operating system. A patch for this error was recently released, and after applying this upgrade the server has been operating perfectly for a full working day.

We therefore believe the problem to be resolved. We will continue to monitor its performance closely over the next few days.

The plan is then to continue moving user accounts to the new ZFS storage and our new IMAP servers, which is likely to improve IMAP performance for all our customers.

Continue Reading →