This is just a query really. I wondered why Runbox does not encrypt messages at rest in our inbox as I understand some other privacy providers do. Just out of curiosity really. And are there any plans to do this? Thanks!
Encryption at rest is very problematic:
- Server has to create key per user, which probably has to be derived from password. It’s creation is not easy.
- IMAP/POP protocols were not designed to decrypt, so client has to detect encryption and do it on it’s own.
- It breaks searching for messages on server side, as it’s impossible to keep everything decrypted just for session/operation. It would take minutes to decrypt whole inbox to be able to search. This is why the top zero-knowledge email provider does not provide searching for emails content (only metadata like sender and subject). They can’t physically keep index of all words in emails because this technically breach the zero-knowledge. This also mean they keep subjects/senders not encrypted.
I couldn’t find information that Google keeps emails encrypted at rest, do you have such information ?
Thanks Dawid, that’s really helpful to know! I don’t think Gmail encrypt at rest. I assume providers like Protonmail, Tutanota and Posteo etc do and I haven’t seen any complaints about how that works, but I am not sure and could be wrong!
The contents of the server are encrypted with whole disk encryption which offers some protection but it isn’t done on a per mailbox basis which would be much better if that’s the sort of thing you are interested in.
As @DawidGoslawski has already pointed out, there would be trade-offs in some ways but the fact our new Runbox 7 web app runs in the browser makes for some interesting possiblities.
For example, it might be possible to download the encrypted data from the server and decrypt it in the browser locally. As our search index can also run in the browser there may be a solution for search too.
There is already a (not well advertised) feature in Runbox 7 to decrypt PGP encrypted messages locally in the browser. We hope to add the ability to encrypt message too. The feature isn’t mentioned too much as it’s still really us testing some ideas out for the future.
I hope that helps.
Thanks Dave, that’s all very interesting and useful to know and makes sense even to my amateur tech mind! I’m not highly concerned about lack of encryption at rest, it is obviously common apart from for the most private providers like Protonmail. I personally would be Ok about searching content of mails being restricted but can see that would bother others and can also see the ways round that you mention. Thanks for the very informative and useful feedback!
I migrated from Protonmail to Runbox cause the top security has its issues and I wouldn’t recommend it until you have access to data that can do severe dmg to you and/or others. Simple sticking to “Inbox 0” rule and deleting Trash regularly will keep your email free of data that should be secured like documents and photos.
With Protonmail, I had to use Protonmail Bridge https://protonmail.com/bridge/ to have local access to emails unencrypted like with a normal provider. Bridge was Windows only, very buggy and slow. It was losing connection very often or in the middle of the index update process.
That’s really helpful and makes a lot of sense. Thanks!
Runbox can do the following:
Users can upload their PGP public key to Runbox. Runbox would encrypt all incoming and outgoing emails and store it encrypted. Users are able to decrypt email in their email software (Thunderbird, Outlook and etc) and in their browsers, using Mailvelope extension (https://en.wikipedia.org/wiki/Mailvelope)
Thanks David, much appreciated!