There are a number of possible mitigations for the vulnerabilities, and they vary in how much they might impact your use of encryption. As we have help pages about how to use encryption with email, we felt we should let you know about these particular vulnerabilities.
Norway, where Runbox is located, is part of the EEA and is implementing these regulations through its own legislation.
We welcome these new regulations as they greatly strengthen the rights of the individual to digital privacy and security, which we always have promoted and supported.
What is the GDPR?
The GDPR is a set of regulations declaring that the individual should have control over their personal data by specifying how such data may be collected, processed, and stored.
The regulations require that businesses and organizations integrate this right into their business practices through policies, procedures, and technologies that safeguard the users’ privacy.
Important principles are that personal data are processed lawfully, for legitimate purposes, and with explicit consent from the user. This means that your personal data can only be collected with your permission.
The regulation also sets forth a number of rights on the part of users of digital services:
The right to transparency about how data is processed.
The right to access and information about collected data.
The right to rectify stored data.
The right to erase data (“right to be forgotten”).
The right to restriction of processing.
The right to data portability.
GDPR also recognizes the term “privacy by design”, which means that privacy shall be considered in all circumstances when personal data is processed or stored. By also introducing “privacy by default”, GDPR states that appropriate measures must be implemented to ensure that personal data collected is only used for the specific purpose for which the consent is given.
How does Runbox implement the GDPR?
At Runbox we believe that the privacy and security of your data is essential, and that it’s important for you to be aware of your rights and your options when it comes to your personal data.
Runbox has therefore been working on the implementation of the GDPR throughout our organization and our services over the past three years.
The activities that implement the GDPR in Runbox can be divided into 3 main areas:
Internal policies and procedures
Partners and contractors
Protection of users’ rights
The first two areas include documentation of information security management and internal policies and procedures, as well as data processing and confidentiality agreements with our partners, contractors, and staff.
The third area relates directly to you as a Runbox user, and includes the terms and policies that govern your use of our services, how we aim to inform and educate our users about privacy, and how we are implementing tools and utilities that safeguard your privacy rights.
Runbox’ main areas of GDPR implementation
It also lays out how user data are processed and stored, how they are being protected, and what rights you have as a user of our services.
It’s important to us that you are informed about your rights and your options with regards to your privacy. We ask that you review the revised terms and policies by May 25, 2018 when they take effect, and invite you to contact us with any questions or concerns.
Runbox has been focusing on privacy and information security from day one, and have paid attention to the strict Norwegian legislation concerning the processing of personal data ever since.
Norway is a member of European Economic Area (EEA) and as such has to implement certain EU regulations, even if Norway is not a member of the European Union (EU). When the European Parliament and the Council decided new legislation for the protection of personal data, that legislation also applied in Norway and has to be implemented by May 25, 2018.
The legislation, titled General Data Protection Regulation (GDPR), contains rules for how personal data should be processed. Using the terms of GDPR, this includes how, when, and under which conditions, personal data
can be collected, processed and stored, which demands explicit consent, and explicit stated purpose;
shall be rectified;
shall be deleted (right to be forgotten);
shall be released to the person that owns the data (right to portability);
could be transferred to third parties for processing, where a Data Processing Agreement (DPA) is mandatory;
could be transferred to processors outside EEA.
At Runbox we have followed the development of this new EU legislation from the very beginning, and as early as 2014 we initiated a project in order to become GDPR compliant.
As a first step we started developing a planning document which includes detailed plans for making our information security management complete and consistent. The document laid out a number of activities which are now outlined in 15 sub-projects, of which some are completed, and others are in process of being completed.
However, information security is a continuous effort and the sub-projects will give rise to additional activities far beyond the GDPR framework.
We have carefully implemented these policies in order to protect our users’ privacy as outlined in our Privacy Commitment, and we are currently working hard to obtain compliancy with the forthcoming General Data Protection Regulation introduced by the EU.
This also means that we are conscious about how Runbox interacts with other Internet services such as social media networks. Therefore we have been disappointed by the recent revelations about the privacy intrusions and unethical practices by Facebook.
As a consequence we have decided to remove the Runbox page from the Facebook platform.
Due to necessary reorganization of our email server infrastructure, all Runbox email services will be inaccessible on Sunday 01.04.2018 between approximately 10:00 CEST (08:00 GMT, 4:00 AM EDT) to 14:00 CEST (12 GMT, 8 AM EDT).
The reorganization involves consolidating our servers to simplify management and maintenance, and modernizes and improves server power management.
We are excited to announce the closed beta test phase of Runbox 7 Webmail!
This release is not merely an upgrade to our existing services, it’s a bold step into a new world of Webmail apps that will provide unprecedented speed and usability.
Runbox 7 aims to be the fastest webmail on the planet with:
Instant folder views and search results.
Endless, smooth scrolling of folder contents.
Drag & drop message selection and moving to folders.
Incremental, instant search functionality.
The new webmail will be the cornerstone of Runbox 7, and is the first of several development stages that will culminate in a completely new user interface.
Please read on for details about Runbox 7 Webmail and how you can participate in the closed beta test.
Runbox 7 started with a crazy idea:
How can we create a webmail that’s not just faster, but responds instantly?
The solution we developed is a combination of database accelerated email storage, innovative message indexing, and cutting-edge web technology.
When you log into Runbox 7 Webmail, you enter a modern webmail environment built with Angular 5 and Material Design. Your email folders and messages will be shown instantly, giving you an immediate overview of your email.
The spacious layout, clean lines, and powerful engine lets you efficiently navigate the new features and get down to the business of effectively managing your email.
One of the core features of Runbox 7 Webmail is its search capabilities. We have built the search functionality in such a way that the browser doesn’t need to query the server at all.
Not only that, but this webmail will show you search results incrementally while you are typing in the Search field.
You have better things to do than waiting for search results, so we put a lot of effort into making the search function as fast as possible — and this is as fast as it’s possible to get.
Lots of cool functionality
Infinite listing: No more clicking back and forth to navigate your Inbox — just scroll down and the next messages will load automatically.
Threaded view: Want to see your messages in conversation view? Just tick the Threaded checkbox to the top right.
Unread messages: Only interested in the latest news? Tick the Unread checkbox.
Multi-select messages: Want to select many messages in a hurry? Just click the check box of a message, and drag up or down while holding the mouse button down to select several messages in a row.
Preview pane: Who has time to actually open a message? Just select one in the list and a preview will be shown in the bottom half of the message list pane. To see more, click the ^ arrow in the preview menu.
Hide folders: Want more space for your messages? Just click the icon to the left of the Search area to hide the folder pane.
Another key feature of Runbox 7 Webmail is the Draft Desk — a completely new way of managing drafts.
In our world of non-stop online communication, we often find ourselves multitasking and working on several threads in parallel. With our new Draft Desk you get a full overview of the messages you are currently working on, previewed side by side in an efficient interface.
Simply click on a draft preview to expand it, write down your thoughts, and send, save, or close the message to return to it later.
We believe that you shouldn’t have to switch between different apps or user interfaces just because you switch between a laptop, a tablet, or a smart phone.
Therefore we built Runbox 7 Webmail to be mobile-ready and responsive from the ground up. This means that it will automatically adapt to your device’s screen size and orientation while retaining the basic functionality you are used to from a regular browser.
Join the closed beta test
To join the closed beta test of Runbox 7 Webmail, contact email@example.com with the subject “Runbox 7 Webmail beta test”. If you are selected to participate, we will then be in touch with further details.
It’s been a few months now since we launched the new authentication service that made Runbox Two-Factor Authentication possible.
Watching over your account
Behind the scenes the authentication service has been working to protect your account from unauthorised access. One of the ways it does this is by analysing the pattern of successful and failed logins for your account.
Using a set of rules it determines if a particular IP address should be allowed to access the service or whether it should be blocked from further attempts. It also determines which IP addresses should be treated with less caution as they are your legitimate IP address.
Obviously we can’t say too much about the rules used as this could compromise the effectiveness of this system, and we are always improving the rule set to take in to account new scenarios that we encounter
Giving you more information
The design of the authentication service allows us to share with you the IPs that try to access your account, and whether that access was successful or not. This can help you in troubleshooting problems you may encounter when setting up devices with your Runbox account, but it can also alert you to attempts at unauthorised access.
You can find this information on the “Access Control” tab at Account > Account Security.
Blocked IP addresses
We have also implemented new features on the “Access Control” page that show you the IPs that are blocked for your account. You can then decide if they should be permanently blocked or removed from the blocked list.
Giving you more control
In addition you can now also block IPs yourself or add allowed IPs that should always have access to your account when the correct username, password (and 2FA where applicable) credentials are supplied. This is done via the “Manage IPs” section.
A list of IP addresses you have allowed and denied yourself is visible at the bottom of the page in the Access Control List, and from there you can mange this IP addresses.
It’s also possible for Main account holders to set up rules for the Sub-account accounts they have control of.
We hope you find these new features useful, and if you need any help with them please see our help page about Access Control.
We are pleased to announce that Runbox now supports Bitcoin payments via the payment processor BitPay.
In order to pay with Bitcoin, you will need a Bitcoin wallet. If you don’t have one already, you can set one up with BitPay.
Once you have a Bitcoin wallet with some funds, you may proceed to the Runbox Payment screen to subscribe using Bitcoin. After selecting the desired products, select “Pay with Bitcoin” as the payment method.
Note: It is essential that your smartphone has the correct date/time set as this is used by the TOTP app to generate the correct codes that allow you to log in.
One-Time Passwords (OTP)
When you enable this option, the system will generate random passwords that you can use only once. Used passwords are discarded automatically and cannot be used again.
You can download the the list of passwords to a computer or mobile device, or you can print them out if necessary. However, you must keep the list secure as these passwords can be used to access your account along with your usual username and account password.
This option allows the server to trust your current web browser so that you don’t have to use a 2FA code. The option places a small piece of code in your browser (a cookie) that tells the server not to require the 2FA details and you can just log in with username and password.
You should only use this method of bypassing 2FA on a computer or device that you are confident nobody else can log in to. You can temporarily turn on/off individual browsers from the trusted list, or you can delete the browser entry entirely which will force that browser to require the 2FA details.
If for some reason you are unable to log in with 2FA after it has been enabled, this code can be used to disable 2FA.
The code can be used in conjunction with a secure question/answer for additional security.