Runbox mentioned in The New York Times

In an article in The New York Times discussing the challenges E.U. leaders face in protecting individuals’ data, Runbox is mentioned along with Deutsche Telekom as examples of companies providing services that increasingly protect their customers’ privacy.

Being firmly located in Norway, the Runbox email service is governed by strict privacy regulations and is a safe alternative to American email services as well as cloud-based services that move data across borders and jurisdictions.

Read the full article here: E.U. Leaders Seek Way to Protect Individuals’ Data

Continue Reading →

Privacy is Priceless

To highlight the importance of online privacy, we have created two privacy-themed Runbox T-shirts now available from our Cafepress store.

Organic Women's T-Shirt: Privacy Is Priceless
Organic Women’s T-Shirt: Privacy Is Priceless
Organic Men's T-Shirt: Privacy Is Priceless
Organic Men’s T-Shirt: Privacy Is Priceless

In line with our values they are of course organic, which also means they’re a little pricier than your regular T-shirt.

But as a Runbox member, you will receive a free year added to your subscription when purchasing one or more of these T-shirts.

They are currently available in two colors, one for men and one for women.

Just forward your receipt to and we will happily extend your subscription by one year!


Continue Reading →

Runbox now supports Forward Secrecy

In recent weeks there has been some discussion in news outlets about SSL/TLS, which is used by many websites to encrypt the data being transferred between web servers and web browsers.

Since it’s theoretically possible for outsiders to break such encryption, an increasing number of people are requesting improved encryption methods.

What is SSL/TLS?

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic methods used to secure communication on the Internet. By using pairs of private and public keys, the web server and the client can securely encrypt and decrypt the data being transferred between two parties.

Gold-padlock.svgWhen a web browser connects to a website protected with SSL or TLS (indicated by a padlock icon in the browser) it receives the public key from the server, which is then used to encrypt the subsequent communication. The data can only be decrypted using the private key, which resides on the server.

The problem with keys

However, if someone was able to break in and copy the private key from a server, they would theoretically be able to decrypt any communication to/from that server — provided that they were also able to eavesdrop on the communication.

The solution: Unique keys

To counter this it’s recently become possible to configure web servers to issue a unique key pair for every single connection, and immediately destroy the keys once the session is complete.

This method is called Forward Secrecy because it prevents anyone from retroactively breaking the encryption.

Forward Secrecy on Runbox

Runbox has now implemented Forward Secrecy in order to further improve the security and privacy of our services. It’s now virtually impossible to eavesdrop on the data being transmitted between your web browser and Runbox’ web servers — and you don’t have to do anything in order to enjoy this new level of security.

For those who are interested in the technical details, here is an analysis of the security provided by, which is now our main address:

Continue Reading →

Runbox, email privacy, and the recent news

In the last few days we have seen an increase in inquiries about privacy and security, and particularly whether Runbox could be involved in programs similar to those outlined in the recent allegations about interception of communications data by law enforcement agencies.

As a Norwegian company and service, Runbox is protected by Norwegian law and privacy regulations because all our email servers are located in a secure facility in Oslo, Norway. No entity, domestic or foreign, can access email or files stored in our data center without a Norwegian court order.

You can read more about US, European, and Norwegian privacy regulations here: Email Privacy and Offshore Email

Email encryption

To protect data being transferred to and from the Runbox servers in Norway, it’s important to use encryption such as SSL (Secure Sockets Layer) which is available both in the Runbox Webmail and in email clients.

When using Webmail, make sure that the SSL padlock icon is visible in the browser’s address bar and that the domain’s identity is verified as

In email clients such as Outlook and Thunderbird, set up your Runbox account with SSL according to the instructions found on our IMAP help page.

Runbox plans to extend our encryption support in the near future to allow complete encryption of messages all the way from sender to recipient.


Continue Reading →

Regarding concerns over US surveillance legislation

There are some who are concerned about US authorities’ ability to monitor their citizens’ data. According to the EU report “Fighting cyber crime and protecting privacy in the cloud” (PDF, 1.3 MB), a little known piece of legislation could give US authorities the right to access foreign users’ data stored in the US as well.

Data stored outside the US, for instance in Norway where all the Runbox email servers are located, is not affected by this legislation.

If you have any concerns about the privacy of your Runbox email, please see our Privacy Policy and our article Email Privacy and Offshore Email.

Continue Reading →

Regarding usage of Google Analytics

Recently the Norwegian Data Protection Authority concluded that usage of Google Analytics might be illegal in Norway.

As Runbox is based in and operates from Norway, a number of our users has expressed concerns regarding whether Runbox does use Google Analytics and how.

Runbox users do not need to worry. We have stopped using any type of Analytics and you can read about it here.

Runbox does indeed use Google Analytics on public pages, such as to gain statistical information about where visitors come from, how much time they spend reading various public pages, e.g. about our pricing plans etc. However, Runbox does not use Google Analytics on logged-in pages.

Norway gives strong protection to personal data and Runbox has a strict privacy policy. Runbox does not allow third parties to access your information. Therefore, once a user reached the pages which require authentication, neither Google Analytics nor any other third party service is allowed to monitor their activity, as theoretically such third party could obtain information about user’s private information, such as their contacts and email contents. At Runbox we guard users’ privacy and such leak of information would be non-acceptable.

Continue Reading →

Google chief fears for Generation Facebook

In an article, Google chief Eric Schmidt expresses concerns over the amount of personal data people publish online without considering the possible privacy implications.

Personal data will increasingly become a monetizing commodity among the social network and search engine services, while privacy and protection from data exploitation will diminish until its true value is appreciated.

While social network services bring functionality that allow people to connect in new and unexpected ways, email is inherently private and personal to the sender and recipient, as long as that privacy is enforced with a balanced policy.

Continue Reading →