Runbox 7 updates January-March 2022: Improvements to message handling

Better HTML message and attachment handling, and many other improvements.

  1. Bug fix (mailviewer): Properly show reply and forward headers for HTML messages (fafe361)
  2. Update README.md (0edd870)
  3. Bug fix (credit-cards): Improve the look of payment forms on mobile (375dfb2)
  4. New feature (payment): Add Holiday Offer 2021. (9852e27)
  5. New feature (payment): Holiday Offer 2021. (ce36678)
  6. New feature (payment): Improve formatting and logic of Holiday Offer. (3faa49d)
  7. Bug fix (payment): Fix linting. (b1132fa)
  8. Payment special offer sub account (#1159) (8a2e99b)
  9. Bug fix (login): Reinstate authentication error messages. (53ee96d)
  10. Auto stash before checking out “origin/master” (c93b426)
  11. Trailing whitespace removed (d75677c)
  12. Internal changes (deps): bump follow-redirects from 1.13.3 to 1.14.7 (5c3a796)
  13. Internal changes (deps): bump engine.io from 4.1.1 to 4.1.2 (233047a)
  14. Bug fix (mailviewer): Ensure we reload Sent contents after using Compose (500c3a7)
  15. Bug fix (payment-history): Remove whitespace in payment rows (655d7e2)
  16. Bug fix (payment-cards): Change URL for Payment Cards (08e6aeb)
  17. Bug fix (singlemailviewer): Use TemplateRef instead of Span for ngIfElse (338ee02)
  18. Bug fix (mailviewer): Redirect to Contacts only when clicking the add icon (6152bf5)
  19. Visual changes (contacts): Improve formatting and wording. (16fe367)
  20. Visual changes (compose): Fix width and decrease vertical space. (6d09a4d)
  21. Visual changes (compose): Make header field padding more consistent. (128e0de)
  22. Visual changes (search): Format multiple search fields better and move to top of screen. (6869c0e)
  23. Visual changes (mail): Replace “mark unread” icon. (e933989)
  24. Bug fix (mailview): Remove deleted/moved messages before mesg list redraw (8104463)
  25. Bug fix (contacts): Use anchor instead of button for VCF export. (a159344)
  26. Bug fix (foldercounts): Ensure all folderpath names used are consistant (4ea9688)
  27. Bug fix (searchindex): Keep fetching recent updates (0009a4c)
  28. Bug fix (tests): Mock test message times are in seconds (not millis) (2f74697)
  29. Bug fix (loading): Complete index load before displaying list from index (f5b0ed7)
  30. Bug fix (mailview): Display dates for future-email, not just times (b5f549a)
  31. Internal changes (deps): bump log4js from 6.3.0 to 6.4.0 (#1179) (0613c23)
  32. Bug fix (welcome): Add link to help from welcome message. (#1204) (e86f347)
  33. Internal changes (deps): bump follow-redirects from 1.14.7 to 1.14.8 (#1205) (df7af23)
  34. Internal changes (deps): bump nanoid from 3.1.22 to 3.2.0 (#1180) (46306f7)
  35. Bug fix (loading): Only refresh message list after index loaded (#1208) (cb25029)
  36. Internal changes (deps): bump ssri from 6.0.1 to 6.0.2 (#1207) (75d2d2a)
  37. Bug fix (mailviewer): Correct alignment of full/half height preview pane button. (#1209) (f311df1)
  38. Bug fix (loading): Only refresh message list after index loaded (#1211) (35064ac)
  39. Internal changes (all): Rename searchResultsSubject to something more obvious (755fcc2)
  40. Bug fix (mailview): Do not jump to top of list after updating index (9679db0)
  41. Internal changes (deps): bump url-parse from 1.5.3 to 1.5.7 (#1214) (12d4056)
  42. Bug fix (domreg): Remove domain registration temporarily. (#1218) (eb9e445)
  43. Bug fix(index): index verification back on (#1215) (bb9efda)
  44. Fix Size and Folder columns issues (#1216) (da3d7ff)
  45. Bug fix (canvastable): Don’t show column resizing cursor while in wrap mode (#1217) (24ecf96)
  46. Internal changes (deps): bump url-parse from 1.5.7 to 1.5.10 (#1219) (d0929ee)

Continue Reading →

Special Holiday Offer from Runbox

Starting December 24 and until the end of December, we will add one free Medium Sub-Account for one year to all purchases.

You may then set up an additional account for a coworker, associate, or family member very affordably.

Just go to Your Subscriptions and renew any existing product, and the free account will be added to your shopping cart.

You may then proceed to complete your payment, and the sub-account will be available to use in Account > Sub-Accounts for free for a full year.

Happy Holidays from all of us at Runbox!

Continue Reading →

Runbox 7 updates July-December 2021: Improvements to Mail

More compact view with more efficient use of space, and a ton of other improvements and bug fixes!

  1. New feature (account-details): Add API calls for account details (3a2a960)
  2. Visual changes (app): Remove styles for mat-select and mat-icon that are not needed (d00f3bb)
  3. New feature (account-details): Add Account Details content to Runbox7 (0e0150f)
  4. New feature (account-details): Add form controls (86b7048)
  5. Internal changes (components): Redo runbox-container so that it fits our needs (3c39649)
  6. Internal changes (account): port account-app to the new runbox-container (4a8b4f4)
  7. Visual changes (app): make the toolbar always visible for a more consistent look (eb7d2fe)
  8. Visual changes (help): Add a toolbar to the help component (92f8a8b)
  9. Internal changes (domainregister): bring domreg under the /account/ namespace (d2138d5)
  10. Bug fix (menu): Link logo to Welcome screen. (7afbece)
  11. Bug fix (menu): Fix Settings URL (729a514)
  12. Internal changes (account-details): Fix naming for address and phone variables (15533c4)
  13. Internal changes (account-details): Wire up storage details page with API (52f5097)
  14. Visual changes (contacts-app): Fix capitalization in menu and contant information panel (ded0ef7)
  15. Visual changes (calendar-app): Fix capitalization (d174e8d)
  16. Visual changes (profiles): Fix capitalization (b05d7c9)
  17. Visual changes (account-security): Fix capitalization (03802d0)
  18. Visual changes (account-app): Fix capitalization and wording (6273af2)
  19. Internal changes (app): Fix tests after rewording items across the app (7500bbb)
  20. Bug fix (contacts): Contacts with company-name only now create correctly (5959023)
  21. Bug fix (mailview): Ensure we invalidate the message cache for HTML update (bddf99d)
  22. Visual changes (payment): Improve text and icons. (#996) (933d2f1)
  23. Visual changes (welcome): Improve layout and make it more consistent. (307cc50)
  24. Visual changes (welcome): Make formatting more consistent. (dd935ec)
  25. Bug fix (welcome): Ensure Runbox 6 links open in new tab. (1634198)
  26. Visual changes (welcom): Make formatting more consistent. (0447e96)
  27. Visual changes (account): Re-apply changes lost in merge. (b47e6d0)
  28. Bug fix (contacts): make sure we’re not accidentally silencing errors when saving contacts (d8985da)
  29. Bug fix (contacts): fix unnamed contacts being accidentally filtered out (81d4a25)
  30. Bug fix (contacts): allow saving unnamed contacts (0e26978)
  31. Bug fix (webmail): temporarily revert #1003 and #1011 to fix HTML email rendering (0409615)
  32. Bug fix (lint): Fix linting error. (1cd4e41)
  33. Bug fix (welcome): Add missing file. (f379486)
  34. Bug fix (welcome): Add missing file. (081a36a)
  35. Internal changes (account-details): Add ability to change timezones and country (5664f03)
  36. Internal changes (account-details): Remove password change from the form (00718fe)
  37. Bug fix (welcome): Set target on link to documentation. (4f319ee)
  38. Internal changes (account-details): Fix units in Data Usage table (9a7ec64)
  39. Visual changes (welcome): Improve layout and make it more consistent. (#1021) (8704ef5)
  40. (bug-report): Add note about the use of submitted reports. (#1027) (8920637)
  41. Visual changes (menu): Re-apply main menu transition adjustment. (eeb9a61)
  42. Visual changes (account): Adjust formatting. (e8896af)
  43. New feature (account-security): Split Security into separate items, make dedicated Security menu (b5cc93c)
  44. Internal changes (account-security): Fix tests (e37f14b)
  45. Visual changes (account-security): Add icons to Security menu items (45a98ff)
  46. Internal changes (settings): Fix formatting of account-welcome file (9d20c34)
  47. Internal changes (settings): Split Security into separate items (2a7635e)
  48. Internal changes (account-security): Comment out Last Logins (6c137b6)
  49. Visual changes (settings): Center icons in the left-hand menu (90b6579)
  50. Bug fix (folders): Display top-level folders in user-sorted order (feb8070)
  51. Bug fix (settings): Fix position of Settings Menu title for mobile (406c503)
  52. Castaway/html caching again (#1038) (c330999)
  53. Internal changes (build): make sure build job fails if the app did not compile correctly (cb56491)
  54. Bug fix (account-security): fix a compilation error (35093f1)
  55. Bug fix (mailviewer): make attachments show up again (0426b3c)
  56. Visual changes (settings): Fix Settings Menu title styles (574c72a)
  57. Internal changes (contacts): simplify formarray editors (b9e40dc)
  58. New feature (contacts): allow inviting people to videocalls (45590d5)
  59. Bug fix (contacts): only allow videocalls for @runbox addresses (7292fe8)
  60. Bug fix (onscreen): make the URL reflect the meeting state (11387b9)
  61. New feature (onscreen): replace placeholder buttons with a (locally) persistent meeting list (1deacea)
  62. Bug fix (compose): Switch to download prompt for files, to mitigate XSS (99950a4)
  63. Bug fix (mailviewer): Prevent HTML view having multiple scroll layers (bd509bc)
  64. New feature (account-security): Add possibility to change Password (89752d8)
  65. Bug fix (maillist): Ensure actions involving 2 folders update counts on both (fa4fcc6)
  66. Internal changes (account-details): Wire account-settings table to the API (4e623b1)
  67. Internal changes (account-app): Fix document formatting (a96596a)
  68. Bug fix (indexer): Allow user-actions to interrupt current index syncing (4444e50)
  69. Bug fix (indexer): Continue indexing if a missing-body fetch fails (7f10dac)
  70. Internal changes (rmmapi): Update tests to reflect checking of error status (617b303)
  71. Internal changes (system): Upgrade Cypress to 7.7.0 (2846265)
  72. New feature (app-passwords): use monospaced fonts for app passwords listing (0b1dd11)
  73. Internal changes (deps): bump tinymce from 5.6.2 to 5.7.1 (a10852a)
  74. Internal changes (account-details): Fix account settings updating (7214129)
  75. Bug fix (settings): Add missing Domain Registration tile (14eb724)
  76. Bug fix (mailviewer): Update maillist after delete/move (226ee3c)
  77. Bug fix (mailviewer): Show attachments (including internal) in plain text mode (79f257b)
  78. Bug fix (mailviewer): Msg llist can scroll to bottom when pane is open (a3d536a)
  79. Bug fix (mailviewer): Ensure mail pane menu always visible (5304bc5)
  80. Bug fix (mailviewer): Allow message scrolling while pane is open (oops) (abedd29)
  81. Bug fix (mailviewer): Speed up regular update by recounting only changes (426d75c)
  82. Bug fix (mailviewer): Speed up regular update by only redrawing changes (ad5ab1c)
  83. Bug fix (mailviewer): Display image attachments in HTML unless inline (424bc80)
  84. New feature ure(mailviewer): Store/display any error messages on msg load (20f35a0)
  85. Bug fix (mailviewer): Refreshing a msg id url should jump to item in list (313d6bf)
  86. Bug fix (mailviewer): Remove big icons from print view (f1fcf3c)
  87. Bug fix (mailviewer): Mention contact support when showing message snackbar (cc90467)
  88. Icon fix for headers align with show all headers (2f3539a)
  89. rescale contact icon & remove dotted underline (b29207d)
  90. Added left padding to message header area (7270bc6)
  91. Bug fix (login) Allow normal text in OTP input (7702aaf)
  92. Bug fix (app): Fit message list option menu on small mobile screens (c8dfefa)
  93. New feature ure(mailviewer): Enable display of msg preview without index (f1e1c2a)
  94. New feature ure(mailviewer): Enable “unread only” list mode without the index (3d7bfa3)
  95. Bug fix (mailviewer): Show conditional tooltips on view options menu (7128d94)
  96. Update issue templates (60b2d84)
  97. Bug fix (mailviewer): Remove big icons from print view (dee596d)
  98. Made padding in line with subject and added to extended (4d9e166)
  99. Bug fix (identities): Ensure identities can be told apart (9964446)
  100. Bug fix (foldercounts): Update counts on index refresh, only when changed (e4bacb7)
  101. made everyhing align with padding (081864b)
  102. Bug fix (identities): Only display “origin” field for RMM6 folders (b02298c)
  103. Internal changes (account-details): Improve selection of Countries and Timezones (41f93e6)
  104. Internal changes (account-details): Add a password prompt for Account Details changes (786f6f2)
  105. Bug fix (index): Cope with emails with no plain text part (a88378d)
  106. Internal changes (npm): Add package to list countries with their ISO codes (954cb3c)
  107. Internal changes (account-details): Replace moment.js timezones with custom timezones endpoint (4ab8fc9)
  108. Internal changes (account-details): Change path and naming of account preferences (dd78c93)
  109. New feature (account-app): Add Account Details tiles to the main Account Settings page (3670a52)
  110. Bug fix (account-app): Change description for Account Password tile (622809f)
  111. Internal changes (account-details): Fix typos (dc3f0da)
  112. Bug fix (canvas): Ensure scaling (for HiDPI displays) is consistent (5ec1dd3)
  113. Bug fix (bug_report): Fixes issue While in Drafts folder, can’t compose a bug report · Issue #1077 · runbox/runbox7 · GitHub (d67d398)
  114. Bug fix (bug_report): Fixes issue While in Drafts folder, can’t compose a bug report · Issue #1077 · runbox/runbox7 · GitHub (92ac956)
  115. Internal changes (deps): bump tinymce from 5.7.1 to 5.9.0 (badee30)
  116. Bug fix (mailviewer): Add horizontal scroll to message view (8d92267)
  117. Bug fix (search): Allow resizing of folder column (583d893)
  118. Bug fix (messagelist): Store col resizing per view/set of columns (66be481)
  119. Internal changes (deps): bump tinymce from 5.9.0 to 5.10.0 (e001f24)
  120. New feature (account-app): Remove renewal options from storage space products (f43bf22)
  121. Bug fix (mailviewer): Improve header formatting for forwarded HTML messages (0391ed3)
  122. Bug fix (mailviewer): Change reply header for HTML messages (ecc4cb3)
  123. (fix): remove unlock code “security question” from login because these have been deprecated (cc19ded)
  124. Visual changes (condensed-layout): Decrease font sizes for more efficient use of space. (5a3f3eb)
  125. Bug fix (mailviewer): Access messageHeaderHTML only when loaded (8dec702)
  126. Visual changes (settings): Improve text and formatting. (#1124) (f241161)
  127. Bug fix (mailviewer): Fix horizontal scroll for iframe in message view (d962c84)
  128. Internal changes (deps): bump path-parse from 1.0.6 to 1.0.7 (19df238)
  129. Internal changes (deps): bump jszip from 3.4.0 to 3.7.1 (62d7605)
  130. Internal changes (deps): bump tar from 6.0.5 to 6.1.11 (3512b8b)
  131. Internal changes (deps): bump @npmcli/arborist from 2.0.2 to 2.10.0 (88c9175)
  132. Visual changes (condensed-layout): Improve alignment of left pane elements. (b97cac3)
  133. Visual changes (condensed-layout): Improve alignment of Mail left pane elements. (5a9ebfe)
  134. Internal changes (deps): bump url-parse from 1.5.1 to 1.5.3 (cd05662)
  135. Internal changes (deps): bump color-string from 1.5.4 to 1.6.0 (9efd3be)
  136. Internal changes (deps): bump dns-packet from 1.3.1 to 1.3.4 (0d75918)
  137. Internal changes (deps): bump browserslist from 4.16.3 to 4.18.1 (244ecba)
  138. Internal changes (deps): bump hosted-git-info from 3.0.7 to 3.0.8 (43b46ec)
  139. Internal changes (deps): bump @npmcli/git from 2.0.6 to 2.1.0 (4e72df0)
  140. Visual changes (condensed-layout): Condense top welcome and search bar vertically. (690d6e1)
  141. Visual changes (condensed-layout): Decrease height of search bar and message action menu. (2995ef3)
  142. Visual changes (condensed-layout): Decrease font size and horizontal size of draft previews. (1cb3770)
  143. Internal changes (account-app): Fix code formatting (192778a)
  144. Visual changes (login): Update payment link and description. (062fa3d)
  145. Bug fix (login): Show payment text and link depending on trial status. (93a377e)
  146. Bug fix (lint): Fix lint errors. (0b8399b)
  147. Bug fix (your-subscriptions): Make subscriptions table usable on small screens (e0b7766)
  148. Bug fix (login): Fix typo. (1071e55)
  149. Bug fix (login): Fix e2e test error. Needs logic to distinguish trial users. (7395676)
  150. Bug fix (login): Improve login error messages and logic. (29bd2d2)
  151. Visual changes (condensed-layout): Improve formatting of message list options menu. (59c5dab)
  152. Visual changes (condensed-layout): Decrease size of various elements. (46b979d)
  153. Bug fix (login): Complete rest of status error messages. (4b8338f)
  154. Bug fix (lint): Fix lint errors. (f6c6e28)
  155. Internal changes (deps): bump lodash from 4.17.20 to 4.17.21 (5a16ff7)
  156. Internal changes (deps): bump ws from 6.2.1 to 6.2.2 (d869285)
  157. Visual changes (condensed-layout): Improve formatting of Contacts search field. (864bf48)
  158. Bug fix (login); Improve description of canceled subscriptions. (5b5f541)
  159. Visual changes (condensed-layout): Make vertical spacing more consistent across all screens. (774192d)
  160. Internal changes (mailviewer): Update test to correspond with new canvastable row heights. (2949393)
  161. Update README.md (0edd870)
  162. Visual changes (condensed-layout): Improve layout of drafts. (9a5e7d6)
  163. Visual changes (condensed-layout): Improve formatting of sidenav for small screens. (a776ee4)
  164. Bug fix (credit-cards): Improve the look of payment forms on mobile (375dfb2)
  165. Visual changes (condensed-layout): Fix size of Compose text area and message header. (7748918)

Continue Reading →

Runbox is under attack by extortionists

On Friday evening Norwegian time, Runbox started experiencing Distributed Denial of Service (DDoS) attacks by extortionists demanding that we pay them an amount of Bitcoin to stop the attacks.

The attacks consist of a massive volume of data traffic, in excess of 50 Gbps, to our service that overwhelm our servers and intermittently block our customers from accessing our services.

Runbox has persevered against similar DDoS attacks in the past and never in our history paid criminals who attack our services. And we are not going to start now.

Paying extortionists would provide no guarantee that further attacks would be prevented, and could instead make the victim more attractive for similar attacks. Furthermore, funding such criminal activities would only increase the likelihood of further attacks by the same criminals or other malefactors.

Since these DDoS attacks started we have worked with our system administrators and Internet Service Provider to mitigate the attacks. We are considering further mitigation options and appreciate the offers we have received from DDoS mitigation specialists who wish to help.

We have also learned that Runbox is not alone in being attacked, as The Record reports that Fastmail and Posteo are also under attack by the same extortionists.

Anyone who is experiencing DDoS attacks is encouraged to never capitulate. Let us instead coordinate our fight against these criminals and fully cooperate with relevant law enforcement in our respective countries.

We also encourage our respective customers to continue supporting independent email services such as the three of us now under attack. We thank you for your patience and understanding while we fight to regain your access to our services.

We will keep you updated on our Service Status page and assure you that we are doing everything in our power to restore services for you.

The full extortion letter is pasted below.

From: Cursed Patriarch
Posted on: 22 Oct 2021 – 15:56
Email: ravid.grossman@nullprotonmail.com

Subject: EXTORTION: DDoS attack

Hi,

I will start 1-2 hours attack on your site. It will not be hard as I don’t want to impact your business now. Just check your logs to see that I’m for real.

Pay me 0.06 BTC to 3GBAUXHmfxideRQWqRagtQRznB2GdUuMkfand I will never attack you again.

If you don’t pay within until Monday, total shut down is coming, cheap protection will not help my fee will increase and if you refuse you will lose much more then that.

Pay 0.06 now to prevent suffering.

Best regards,
Cursed Patriarch

P.S. This is disposable email. Do not reply.

Continue Reading →

The Norwegian Consumer Council’s voice is heard worldwide

The Norwegian Consumer Council (NCC) has taken a strong position against commercial surveillance online, and has made it very visible how the Ad-Tech industry is exploiting personal data for business purposes.

“Big data” has since the entry of social platforms on the Internet, been accumulated and used unscrupulously by some companies for profit. Some of the players in the field are sharing information they collect on users with third party advertisers without their users’ knowledge or consent. The driver is all the money connected to targeted advertising. However, sharing of personal data in this way is prohibited according to the EU’s General Data Protection Regulation (GDPR).

The NCC has no authority to enforce personal data legislation, but the Norwegian Data Protection Authority (NDPA) does. And so, the NCC can freely report findings of breaches of the GDPR and Norwegian data protection regulations to the NDPA.

NCC and NDPA at the forefront

A good illustration of this interaction is the case against Grindr. Earlier this year the NCC, based on the report “Out of Control” (2020), raised the case against Grindr and five Ad-Tech companies that were receiving personal data through the app: Twitter`s MoPub, AT&T’s AppNexus, OpenX, AdColony and Smaato.

All the complaints were filed (in cooperation with the European Center for Digital Rights, noyb.eu), at the NDPA because of violations of the GDPR. The complaints concern Grindr transmitting sensitive personal data as for example group affiliation, sexual orientation, and geographic location, with several other parties without encrypting the traffic.

Even if data is anonymised, such as when third parties operate with their own proprietary identification numbers, it is possible to combine data from various sources with openly available information to produce a picture that can identify an individual.

In January, the NDPA announced a fine of 100 mill NOK (€ 9.63 M or $ 11.69 M) on Grindr. The NCC has also in May this year acted against 8 companies and asked for details of their surveillance through the services Perfect365 and MyDays.

The Norwegian urge to protect personal data was also illustrated in May 2021. Then the NDPA submitted an advance notification of an administrative fine of NOK 25 mio to Disqus Inc. The company does widget tracking, analysing and profiling, and disclosing personal data to third party advertisers, and in doing so violates multiple articles (i.e. Article 6 and Article 7) of the GDPR.

The privacy movement grows stronger

All of these cases illustrate the NCC mission, but the NCC is working from a broader perspective: To establish a broad, international movement towards surveillance-based advertising.

This movement got a push with NCC’s seminal report Out of Control (2020), which has received media coverage in more than 70 countries, included the US and Japan (see our previous blog post).

Recently (June 2021), the NCC released another report: Time to ban surveillance-based advertising, with the subtitle The case against commercial surveillance online.

On page 4 there is quite a good summary of what the driving force is:

…today’s dominant model of online advertising is a threat to consumers, democratic societies, the media, and even to advertisers themselves. These issues are significant and serious enough that we believe that it is time to ban these detrimental practices.

In a coalition with more than 60 organizations from Europe and the US, including some 10 consumer organisations and the umbrella organisation BEUC – the European Consumer Organisation – the NCC on June 23 2021 sent an open letter to EU and US policymakers. The letter urges the policymakers to “…take a stand and consider a ban of surveillance-based advertising as part of the Digital Services Act in the EU, and for the U.S. to enact a long overdue federal privacy law.” The coalition is backing up its call with the reports by NCC.

On behalf of NCC, the consumer research company YouGov conducted a survey among a representative selection (internet population) 18 years+ about their attitude to surveillance-based advertising. The result was unambiguous: Only 10% responded positively to the idea of commercial actors collecting information about them online, and only one in five think that ads based on personal information is OK

Runbox has a clear standing against the collection of consumer data and surveillance-based advertising: Our service is ad-free, and we never expose our customers’ data for commercial purposes. We are very strict when law enforcement authorities in Norway or foreign countries request that we disclose data about our customers.

At Runbox we are proud to reside in a country that puts privacy first, and we wholeheartedly support the appeal to ban surveillance-based advertising. Therefore Runbox will annually donate to support noyb.eu, and we have joined the list of individuals supporting the appeal.

Continue Reading →

Annual Message 2021 from the Board of Directors

Dear customers, business partners, and shareholders,

Upon the completion of the Annual General Meeting in Runbox Solutions for the fiscal year 2020 we take the opportunity to review our company’s status in accordance with our commitment to transparency.

Although 2020 was in general a difficult and challenging year due to the corona pandemic and the worsening climate change, we celebrated the 20th anniversary of the Runbox email service in October with special subscription offers to our loyal customers. This, together with continued growth in our customer base and favorable currency exchange rates, resulted in a record year for Runbox financially.

Through the year we made significant progress on Runbox 7 development, and reinforced our commitment to privacy, security, and the environment.

Runbox 7 Developments

During 2020 we continued to improve and expand the groundbreaking Runbox 7 webmail application, which features search capabilities in the browser that provides immediate searching and listing of email. Runbox 7 combines the unique database-accelerated Runbox architecture with cutting-edge technologies such as WebAssembly, HTML 5 Canvas, and Progressive Web Apps to create an immediate email experience.

Developments have focused on expanding Runbox 7 toward a complete web application, and numerous enhancements have been made to Mail, Contacts, and Calendar. Additionally we have added innovative new features such as the Mail Overview and Popular Recipients, which provide a new level of message overviews based on sender and recipient data.

Runbox 7 development can be followed on our Runbox 7 Roadmap in the Runbox Forum and aims to solve the growing challenges of email interfaces and bringing forth the future of email.

The project is partially funded by the Research Council of Norway as a research and development (R&D) project in support of the innovative aspects of the solution.

Environmental Engagement

The operation of all business continues to depend on the foundation of our natural environment, which is under increasing pressure from human activity. In 2020 the world has seen a continued growth in greenhouse gas emissions with subsequent increases in extreme weather, wildfires, and droughts around the globe.

As inhabitants of Earth we all share the responsibility to decrease our negative impact on our environment. Runbox is built with a strong ethical foundation and we are dedicated to decreasing our ecological footprint and other environmental impacts that result from our operations.

The environment is a primary consideration when developing our services, and in 2020 we continued strengthening our commitment to having a positive ecological impact.

The data center where our email servers are located is 100% hydro-powered, and the electricity powering our email architecture is utilized exclusively by the Runbox email service.

In 2020 we achieved CO2 double negative operations by implementing our Environmental Policy and supporting the organization World Land Trust. In 2021 we have extended our commitment by partnering with the Norwegian tree-planting organization Trefadder, which creates and nurtures climate forests in Norway.

Renewed Commitment to Privacy and Security

Through the year we renewed our commitment to privacy and security, and the GDPR in particular. Our GDPR implementation has continued with reinforced policies, procedures, and technologies, and as a company located in Norway our service can rely on the strong Norwegian privacy protections.

All user data processed through the Runbox email service is stored on our own physical servers in Norway, and last year we completed the transition to encrypted SSD storage for all email account data.

We have continued our blog post series outlining our road towards GDPR compliance, and made further progress with privacy and security improvements to our services.

Growing our operations

We are working closely with our system management partner Copyleft Solutions to scale our email service infrastructure with a distributed system architecture to support the continued growth of our customer base.

Together with our development partners Shadowcat Systems and Peregrine Computer Consultants Corporation, our diverse team includes members from Norway, the UK, Poland, Brazil, and the US. The background, geographical location, and diversity of our team combined with a steadfast commitment to the ethics and policies of our company forms the core of our organization.

The contributions from our open source community on Github increase the security and speed of Runbox 7 development further, and we are excited to continue the race to revolutionize email in 2021.

Continue Reading →

Runbox 7 updates May-June 2021: Improvements to Overview, Contacts, and more

Improvements to Overview, Contacts, HTML messages, Calendar, Identities, and more.

  1. Visual changes (overview): Condensed Overview layout with new selector for sorting. (#937) (08451fe)
  2. Bug fix (bug-report): Bug report fixes (#995) (e3a6b2c)
  3. Internal changes (start): Remove unnecessary import (9b2a297)
  4. Bug fix (calendar): Display ical events with non-user timezones correctly (f8af652)
  5. Bug fix (changelog): Make the changelog builder look inside possible squash commits (aa4ec50)
  6. Internal changes (calendar): Debugging runbox-calendar-event tests (2ad6ad7)
  7. Bug fix (payments): Fix Coinbase’s external payment link (8d0256a)
  8. Visual changes (overview): Change default sorting and unread selectors, and improve their formatting. (84b964c)
  9. Bug fix (mailviewer): Load HTML view faster by pre-caching it (6f7d944)
  10. Bug fix (bug-report): Improve content and formatting of template. (a8ba57d)
  11. Internal changes (settings): Add missing menu items and adjust items order (a8d8836)
  12. Bug fix (contacts): Contacts with company-name only now create correctly (5959023)
  13. Bug fix (mailview): Ensure we invalidate the message cache for HTML update (bddf99d)
  14. Bug fix (identities): Show the “delete” button for identities except for “main” & “aliases” (0376a57)

Continue Reading →

Runbox 7 updates May 2021: New Settings interface and other improvements

A new main menu, Settings center, and Help center, as well as improvements to Payments and many other fixes.

  1. Visual changes (header): Condensed header using less vertical space. (8391ef5)
  2. Visual changes (account-security): Remove header styles and make toggle switches darker. (5333f7e)
  3. Visual changes (header): Add descriptions on hover. (c3df28a)
  4. Visual changes (security): Enlarge toggles and improve formatting. (bf79d72)
  5. Visual changes (security): Enlarge only section header toggles. (e45ff49)
  6. Visual changes (header): Show menu titles on hover. (4fd2eed)
  7. Bug fix (settings): Add hints for password input, and dialog modal (6b31621)
  8. Bug fix (account_security): account security unlock code modal is missing material css (cda4e05)
  9. Bug fix (mailviewer): Calculate threaded count properly (was missing) (e97a974)
  10. Bug fix (mailviewer): Sent folder now ignores “unread only” setting (7958c82)
  11. Visual changes (header): Adjust menu item placement. (4f4d6f2)
  12. New feature (support): Added bug report button with a compose template (#951) (67f6288)
  13. Bug fix (compose): Ensure draftdesk froms are updated when edited (05cf223)
  14. Visual changes (header): Add effects for logo and Subscribe link. (d8e1203)
  15. New feature (help): New Help Center with common help destinations. (39137b5)
  16. Visual changes (settings): Replace missing icons. (#968) (54c4efe)
  17. Visual changes (settings): Rename Card Details to Payment Cards (6fe5f70)
  18. Visual changes (settings): Rename Transactions to Payment History (b68ae69)
  19. Visual changes (settings): Rename “Active Products and Renewals” to “Your Subscriptions” (e9bf5b6)
  20. New feature (settings): Merge “Main Account Plans” and “Add-ons & Sub-Accounts” into “Plans & Upgrades” (9bae710)
  21. Visual changes (settings): Change order of the Subscriptions menu (ca9ed54)
  22. Visual changes (settings): Rename “Subscriptions” to “Subscriptions & Payments” (c353720)
  23. Internal changes (settings): Remove Addons component (c12a5fe)
  24. Internal changes (settings): Fix integration tests (25df41c)
  25. refator(settings): Fix HTML formatting (2dfe4b5)
  26. Visual changes (settings): Make the cards wider for the titles to fit (0d43870)
  27. Internal changes (app): clear unused imports (950cd7b)
  28. Visual changes (header): Adjust transitions and clean up code. (4604abd)
  29. Bug fix (account): make account URLs work under prefix again (9111b9b)
  30. Visual changes (header): Improve gradient and positioning. (34c96aa)
  31. Visual changes (header): Replace Account icon and add Subscribe/Renew icon. (4b22a93)
  32. Bug fix (mailview): Ensure we update everything when deleting messages (d119bf8)
  33. Internal changes (mailactions): Ensure we update UI first then backend (4221fc5)
  34. Bug fix (mailviewer): Remove “ExpressionChanged” issue with fragment handling (046c0af)
  35. Bug fix (mailviewer): Delete messages from messagelist too (before backend) (980409c)
  36. Internal changes (mailviewer): Update actions to update local view then backend (c94cf63)
  37. Internal changes (searchservice): Ensure all tests catch the deletedmessages call (4ff7972)
  38. Internal changes (calendar): Ensure cal test works at beginning of month too (9a3dfae)
  39. Bug fix (settings): Fix URLs pointing to Plans & Upgrades (950c6e0)
  40. Bug fix (settings): Fix URLs pointing to Payment History (e7486f7)
  41. Bug fix (settings): Fix URLs pointing to Your Subscriptions (fd07b3d)
  42. Internal changes (settings): Fix URLs for tests (0cf90ee)
  43. Bug fix (welcome): Fix ‘mat-icon’ is not a known element error. (2a838c8)
  44. Bug fix (help): Fix ‘mat-icon’ is not a known element error. (4c4c643)
  45. Bug fix (help): Remove unnecessary code. (f21bae0)
  46. Bug fix (menu): Fix Settings URL (62f0ed9)
  47. Bug fix (changelog): Make changelog more resilient against our tech debt (410c597)
  48. Internal changes (e2e): TODO e2e tests that fail in headless mode (1d37a79)
  49. Internal changes (app): remove unused imports, fixing the scrict build (2906cca)
  50. Bug fix (bug-report): Improve content and formatting of template. (c28f15f)
  51. Bug fix (bug-report): Add name to recipient address and remove line breaks in template. (5e295b3)

Continue Reading →

Runbox 7 updates April 2021: Improvements to mail viewer, Profiles, and more

  1. Bug fix (mailviewer): Maintain selected messages when new mail appears
  2. Bug fix (mailviewer): Sent folder now ignores “unread only” setting
  3. Bug fix (mailviewer): Calculate threaded count properly (was missing)
  4. Bug fix (profiles): Add warning if user reached maximum number of aliases
  5. Bug fix (profiles): Remove alias count from identities page
  6. Bug fix (profiles): Add links to alias management
  7. Bug fix (profiles): Remove the ability to delete aliases in identities page
  8. Bug fix (account): Add a redirect for the old /components path
  9. Bug fix (canvastable): Make inline message previews work again
  10. Bug fix (credit-cards): Make error popups messages more informative
  11. New feature (dev): Add a demo for activity indicator
  12. New feature (dev): Add a demo for the loading indicator
  13. New feature (account): Add a way to add a new credit card to account
  14. New feature (account_security): Create and show an unlock code when enabling 2FA in Runbox 7
  15. Bug fix (calendar): Remove some excessive logging from calendar-app

Continue Reading →

Out of Control: Apps that share personal data revealed by the Norwegian Consumer Council

If you are not paying for the product, then you are the product”.

This is a common saying when referring to online services that are offered for no financial payment (“free”).

The reason is that they often collect some personal data about you or your use of the service that the provider then can sell to the online advertising and marketing industry for payment. The payment they get for this covers the cost of providing the service to you and also allows for a profit to be made.

And so, they earn their money, and the app users are their product.

Apps as a source for big personal data

At Runbox we collect only the data that is required in order for us to provide our services to you, and that data is never shared with anyone for marketing or financial purposes.

However, it is common knowledge that companies like Google and Facebook use our personal data for targeted advertising. The personal data collected is anonymized and often aggregated to produce larger data sets, which enable them to target individuals or groups based on common preferences — for instance that they live in a certain location or like to drink coffee.

The idea that your data is anonymized might provide some comfort. But because of smartphones and the smartphone software applications (“apps”) many people use, companies can collect a large range of types of data and so trace individuals without asking for personal details such as your name. An example of this type of data is your smartphone unique identifier (IMEI-number1), and IP-address (when connected via WiFi).

Combined with your email address, GPS data, app usage etc., it is possible to identify specific individuals -– namely you!

Exposing the AdTech industry

To investigate this issue, The Norwegian Consumer Council (NCC), a government funded organization representing consumer interests in Norway, published a groundbreaking report last year about how the online marketing and AdTech (Advertising Technology) industry operates.

The report’s title immediately raised the flag: “Out of Control” (OuC)2. And the subtitle outlines the findings: “How consumers are exploited by the online advertising industry”.

The report tested and analyzed 10 popular “apps” under the umbrella “social networking apps”, and the findings were concerning. Most users of such apps know that registering your personal data is optional, and after the introduction of the GDPR every app is careful to ask for your consent and encourages you to click OK to accept their Privacy Policy.

What many users will not know is how much and how far the personal data is distributed. Only a few users will be aware that clicking OK implies that your data is fed into the huge AdTech and MarTech industry, which is predicted to grow to USD 8.3 billion in annual revenues by 20213.

The players in this industry are giants such as Amazon, Facebook, Google and Twitter. If that was not enough, both iOS (Apple) and Android (Google) have their ways to track consumers across different services.

Apple being more privacy minded than some others have recently developed options to allow the user to reset the “unique” advertising identifier in devices and also stop tracking across WiFi networks to break the identification chain and make it harder to target a specific user.

But the industry also has a large number of third-party data and marketing companies, operating quietly behind the scenes.

The far-reaching consequences of AdTech

This is what the NCC’s report is about, and the findings are concerning:

The ten apps that were tested transmit “user data to at least 135 different third parties involved in advertising and/or behavioral profiling” (OuC, page 5).

A summary of the findings is presented on OuC page 7, and here we find social networking apps, dating apps and apps that are adapted to other very personal issues (for instance makeup and period tracking). The data that is gathered can include IP address, GPS data, WiFi access points, gender, age, sexual orientation, religious beliefs, political view, and data about various activities the users are involved in.

This means that companies are building very detailed profiles of users, even if they don’t know their names, and these data are sent to for instance Google’s advertising service DoubleClick and Facebook. Data may also be sold in bidding processes to advertising companies for targeting advertising.

It is one thing to see ads when you perform a Google search, but it’s quite another to be alerted on your phone with an ad while you are looking at a shop’s window display, or passing a shop selling goods the advertiser knows you are interested in. Scenarios like these are quite possible, if you have clicked “OK” to a privacy policy in an app.

Personalized directed ads are annoying, but even worse is that the collection and trade of personal data could result in data falling into the hands of those who may then target users with insults, discrimination, widespread fraud, or even blackmail. And there is clear evidence that personal data have recently been used to affect democratic elections4.

What happened after The Norwegian Consumer Council published “Out of Control”, will be covered in our next blog post, but we can reveal that one of the companies studied had a legal complaint filed against them for violating the GDPR and is issued an administrative fine of € 9.6 million.

So stay tuned!

References:

  1. IMEI stands for International Mobile Equipment Identity.
  2. The report Out of Control was referred to in our previous blog post GDPR in the Wake of COVID-19: Privacy Under Pressure.
  3. Source: https://privacyinternational.org/learn/data-and-elections
  4. Source: https://bidbalance.com/top-10-trends-in-adtech-martech/

Continue Reading →