|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
8 Jul 2013, 10:07 PM | #1 |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Email Privacy, Security and Runbox
|
9 Jul 2013, 04:35 AM | #2 |
Cornerstone of the Community
Join Date: Nov 2008
Location: UK
Posts: 549
Representative of:
Runbox.com |
I have just updated a link that was broken at the end of the post (sorry about that).
We've been moving a few things around while we write the new Runbox documentation (to be launched soon) and a few things got broken. |
10 Jul 2013, 12:45 PM | #3 |
Essential Contributor
Join Date: Dec 2012
Posts: 343
|
Has Runbox ever shared the number of court orders they receive over the course of a typical year?
|
10 Jul 2013, 11:25 PM | #4 |
The "e" in e-mail
Join Date: Jul 2001
Location: Los Angeles,CA
Posts: 4,652
Representative of:
Runbox.com |
No, we haven't. Does any company do that? It is a very small number at any rate. The majority of them have concerned trial accounts and fraudulently paid accounts, and the number of requests has only gone down over the years.
|
10 Jul 2013, 11:38 PM | #5 |
Master of the @
Join Date: Jan 2002
Location: Denmark
Posts: 1,302
|
Cotse has done it recently: http://www.cotse.net/legal-process.html
|
11 Jul 2013, 03:05 AM | #6 | |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Quote:
Meaningless. |
|
9 Aug 2013, 05:49 AM | #7 | |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
Quote:
https://rmm6.runbox.com/why-runbox/e...ffshore-email/ And another point to mention is that Runbox are currently offering a "2 years for the price of 1" on certain account plans. Note: I'm not an employee of Runbox, I just have an account with them. |
|
10 Aug 2013, 05:45 AM | #8 | |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
Quote:
What happens normally is that some government contacts us and we tell them to get a court order i Norway. As you might imagine, that almost never happen. Kim |
|
4 Sep 2013, 06:03 AM | #9 |
Senior Member
Join Date: May 2013
Posts: 162
|
Future Upgrades - Security Enhancement Suggestion
I know RunBox has a number of "security" upgrades planned for the near future and I thought I would toss in an additional suggestion. As you know, every email message sent contains the metadata in the header that includes the sending hosts ip address. How about replacing the sending hosts' ip address in the header with a RunBox ip address? From my perspective, if you cannot encrypt the meta data then make it harder for "them" to make use of what "they" do get.
Michael |
4 Sep 2013, 06:51 AM | #10 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
I am not 100% sure but I believe Runbox have changed this already. I could not spot the sender's (=my) IP address lately when using the web interface for sending mails.
BR, gecko |
4 Sep 2013, 07:24 AM | #11 |
Senior Member
Join Date: May 2013
Posts: 162
|
Suggestion Already Implemented
This is what happens when you don't do your homework and why I am only a junior member. RunBox does strip the x-originating-ip: [#.#.#.#]. I sent an email from RunBox to my "other" email service and there was no originating ip address meta data! I replied and checked on RunBox and the x-originating-ip: [#.#.#.#] was in the message. This is just one of the reasons I love RunBox!
|
7 Sep 2013, 07:20 AM | #12 |
Master of the @
Join Date: May 2003
Posts: 1,319
|
|
7 Sep 2013, 01:47 PM | #13 |
Essential Contributor
Join Date: Oct 2008
Posts: 274
|
I don't have a Runbox account but I was looking at their website and noticed that they are only using rc4_128 bit encryption. They are not using AES.
This is on their main website. Does this carry through to their webmail and payment options also? I would have thought they would be using 256 bit encryption with AES. Is this anything to be concerned about? EDIT: http://www.emaildiscussions.com/show...31&postcount=3 Last edited by malcontent : 8 Sep 2013 at 02:38 AM. |
7 Sep 2013, 05:37 PM | #14 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
Malcontent, I see your point and I sort of share your concerns...
RC4 is still considered secure as yet but fresh developments (see e.g. http://www.theregister.co.uk/2013/09...lrun_analysis/) put this into question. Re the ciphers used by Runbox: I used to login on https://beta.runbox.com which used AES-256 by default but forwarded to RMM5. Now I am using https://rmm6.runbox.com which uses RC4 by default. I disabled RC4 in my browser settings and -- voila -- AES-256 was used. I then tried https://runbox.com with RC4 disabled and TripleDES was used instead (which I find even more alarming). Next I disabled TripleDES which resulted in not being able to establish a secure connection at all. In other words, https://runbox.com does *not* support any modern cipher. The gist of this little experiment is IMO that runbox should urgently check the SSL configurations of their various servers, disable deprecated cipher suites, and by default enable AES. Disclaimer: This was just a quick experiment, No guarantee it can be reproduced. BR, gecko Last edited by gecko : 7 Sep 2013 at 05:38 PM. Reason: corrected URL |
9 Sep 2013, 02:59 PM | #15 |
Essential Contributor
Join Date: Dec 2012
Posts: 343
|
What would be a reasonable timeframe to get these issues resolved? Several months?
|
Thread Tools | |
|
|