Runbox and the use of googleadservices.com and google--analytics

[17pm]

Hey guys.

I just found out that runbox uses google analytics in their home page ( www.runbox.com ) and googleadservices.com in their registration page ( https://rmm6.runbox.com/signup?accou...ccountNumber=1 ).

Am I the only one weirded out by that?

EDIT:

I did some search and found that runbox is probably the only email providers (other than google) doing that:

gmail - YES. Gmail does. (Surprise!!!)
fastmail - Doesn't
hushmail - Doesn't
eumx - Doesn't
neomailbox - Doesn't
yandex - Doesn't
mail.ru - Doesn't
mykolab - Doesn't
GMX - Doesn't

[tomhab]

This has come up a couple of times before. Just to speed up Runbox's response:

http://www.emaildiscussions.com/showthread.php?p=437977

[17pm]

Quote:

Originally Posted by tomhab

This has come up a couple of times before. Just to speed up Runbox's response:

http://www.emaildiscussions.com/showthread.php?p=437977

I thank you for the reply, but honestly, that's a poor explanation. All the other email providers I mentioned want to sell their products. However, they don't use google analytics, for marketing purposes or not.

Good thing I found out about that before paying for a subscription!

[Geir]

We are currently evaluating our use of Google Analytics, which has been helpful in improving our sales pages and our search engine ranking, and we welcome your feedback.

As mentioned in the other thread, only the front page, signup pages, and payment page are tracked (by IP address) in order to help us understand how visitors use our website.

We would be interested in knowing whether it is any kind of tracking you oppose, or Google Analytics in particular.

Thank you!

- Geir

[17pm]

Quote:

Originally Posted by Geir

We are currently evaluating our use of Google Analytics, which has been helpful in improving our sales pages and our search engine ranking, and we welcome your feedback.

As mentioned in the other thread, only the front page, signup pages, and payment page are tracked (by IP address) in order to help us understand how visitors use our website.

We would be interested in knowing whether it is any kind of tracking you oppose, or Google Analytics in particular.

Thank you!

- Geir

Honestly, it is any kind of tracking and also Google Analytics in particular. The thing with google is:

Are you absolutely sure they've not given direct or indirect access to NSA or any other agency? I'm not sure how Google Analytics works, but I bet you can't tell us for 100% certainty that our info* is not being leaked?

And by "our info" I mean, IP's, time, duration, location, bla bla.

Also, I'd like you all to know about this data surveillance program. Most of you already know, probably. Some might, however, not be aware of it.

[Geir]

As you probably know, all web services log the activity on their servers by default for both security and maintenance reasons. These logs can be aggregated into statistics which is very helpful in order to improve the services that are provided. Without any such tracking, a server administrator would be working blindfolded, which wouldn't be in anyone's interest.

Your IP address is likely to be recorded by your ISP and any server between your ISP and Runbox (unless you're using some kind of anonymizing utility) as well as by Runbox itself, and doesn't in itself reveal anything about your person or the data you are transmitting.

As far as we understand it, surveillance by government agencies in the US is done at the ISP network/router level and not through any compliance on the part of the services themselves. So if you are concerned about surveillance, which is quite understandable considering the recent revelations in the US, it is probably more important to protect the actual data that is being transmitted (by using end-to-end encryption technologies such as PGP) than your IP address.

Regardless, we would rather not share any kind of information about our customers with anyone -- and we are working towards that goal.

- Geir

[17pm]

Quote:

Originally Posted by Geir

As you probably know, all web services log the activity on their servers by default for both security and maintenance reasons. These logs can be aggregated into statistics which is very helpful in order to improve the services that are provided. Without any such tracking, a server administrator would be working blindfolded, which wouldn't be in anyone's interest.

Your IP address is likely to be recorded by your ISP and any server between your ISP and Runbox (unless you're using some kind of anonymizing utility) as well as by Runbox itself, and doesn't in itself reveal anything about your person or the data you are transmitting.

As far as we understand it, surveillance by government agencies in the US is done at the ISP network/router level and not through any compliance on the part of the services themselves. So if you are concerned about surveillance, which is quite understandable considering the recent revelations in the US, it is probably more important to protect the actual data that is being transmitted (by using end-to-end encryption technologies such as PGP) than your IP address.

Regardless, we would rather not share any kind of information about our customers with anyone -- and we are working towards that goal.

- Geir

Hey,

Could you please tell me when this is getting fixed?

Please, do not say "near future", as one might define it differently.

[17pm]

First off, thank you for replying, Geir.

Quote:

Originally Posted by Geir

As you probably know, all web services log the activity on their servers by default for both security and maintenance reasons. These logs can be aggregated into statistics which is very helpful in order to improve the services that are provided. Without any such tracking, a server administrator would be working blindfolded, which wouldn't be in anyone's interest.

Every email provider I listed in the first post do it. I'm against the use of it, sorry.

Quote:

Originally Posted by Geir

Your IP address is likely to be recorded by your ISP and any server between your ISP and Runbox (unless you're using some kind of anonymizing utility) as well as by Runbox itself, and doesn't in itself reveal anything about your person or the data you are transmitting.

It reveals a lot about me. It reveals my IP, time of access, duration of access, location. That's pretty much like having a cellphone and being tracked 24/7.

Quote:

Originally Posted by Geir

As far as we understand it, surveillance by government agencies in the US is done at the ISP network/router level and not through any compliance on the part of the services themselves. So if you are concerned about surveillance, which is quite understandable considering the recent revelations in the US, it is probably more important to protect the actual data that is being transmitted (by using end-to-end encryption technologies such as PGP) than your IP address.

It is a fact that "NSA Prism program taps in to user data of Apple, Google and others". It is also a fact that "NSA paid millions to cover Prism compliance costs for tech companies".

I'm absolutely not comfortable about having google services on runbox.com. I'd bet a couple million dollars that the government agencies in the US have access to that data. I do agree that it's more important to protect the actual data.. However, I feel like an hypocrite to accept the usage of google-analytics. It's like saying "I know you spy, I know you sell it. I'm showing you my hatred against you by using your services so you can keep on spying and selling our info".

Quote:

Originally Posted by Geir

Regardless, we would rather not share any kind of information about our customers with anyone -- and we are working towards that goal.- Geir

Thank you. Also, right now, your site says that the connection is "secure" when it is all but secure. Shouldn't you place some kind of note there? Or remove the "secure" perhaps. Who knows, some people might be exchanging sensible information hoping that the connection is "secure", when, in fact...

[David]

Quote:

Originally Posted by 17pm

Thank you. Also, right now, your site says that the connection is "secure" when it is all but secure. Shouldn't you place some kind of note there? Or remove the "secure" perhaps. Who knows, some people might be exchanging sensible information hoping that the connection is "secure", when, in fact...

Perhaps you might want to send this same request to all the other email services (in the land of the brave and free) - I really doubt that any of them are more secure than runbox, assuming you look at the 'big picture' that is, instead of nit picking on Runbox, over every single item you are able to isolate.

[17pm]

Quote:

Originally Posted by David

Perhaps you might want to send this same request to all the other email services (in the land of the brave and free) - I really doubt that any of them are more secure than runbox, assuming you look at the 'big picture' that is, instead of nit picking on Runbox, over every single item you are able to isolate.

Someone is getting emotional..

Any email provider that's located in the USA get's automatically crossed out of my "candidates" list. So, I have no idea where the "in the land of the brave and free" comes from. Runbox has, right now, a security liability (the ssl login). They, themselves, know that. Why would they not share that information with their users? They are highly affected by it.

I'm "nit picking" on Runbox because it's one of my main candidates. When I buy something (especially a service, such as runbox), I'll try to make that purchase for life. that being said, I'm now "nit picking", as you say, so I can decide if runbox is the right provider for me (and if I find out it is, it'll probably remain such for a very very long time).

I don't see why calling-them-out/letting-them-know on/about something that goes against their directive (Secure and Reliable) is wrong. I'm sorry if "nit picking on Runbox, over every single item I'm able to isolate" makes you mad. I'll try to choose an email provider based on their website color. Runbox's is blue, what would you say? Its wavelenght is between 450-495nm.. I think it's good enough, "in general".

[orgs8]

Geir - thanks for your reply to 17PM above.

I have to completely agree with 17PM. As a paying customer I too feel very strongly about allowing an external third party access to analytics data. If you must use analytics then it should be hosted internally on your own network and solely for your own purposes but making these available outside the company is not good in my opinion. Would be much better if there were no analytics at all but I can understand why you might want this from a technical point of view. If you need this then it should be made clear to the users exactly what is being tracked and why and it should be kept to an absolute minimum like simply tracking page hits and not much else.

The users ip address as captured in analytics allows an adversary with access to other meta data about where that ip has been connecting, to construct a more detailed picture so i say 'NO' to Google analytics - i consider it a privacy invasion.

It would also be good to see the certificate displaying an ephemeral key negotiated for the connection when we are logged in.

[poma]

This is indeed disturbing. I'm shopping around, and this definitely encourages me to look elsewhere.

[ioneja]

I do hope Runbox takes care of this issue and completely removes Google Analytics, etc.. I want to support companies like Runbox, but this is indeed a stumbling block for me too. Hopefully they will correct this issue soon. They have a lot of very good things to offer.

[17pm]

Quote:

Originally Posted by ioneja

I do hope Runbox takes care of this issue and completely removes Google Analytics, etc.. I want to support companies like Runbox, but this is indeed a stumbling block for me too. Hopefully they will correct this issue soon. They have a lot of very good things to offer.

One of the sad things about Runbox is that their "soon" usually takes several years. I wonder when are they planning to fix their F rating SSL.

They also state that they'll offer PGP support (in their webmail) this year (that means, they have 3 months left).. Let's see if they do it as promised.

[FredOnline]

Quote:

Originally Posted by 17pm

Good thing I found out about that before paying for a subscription!

I wonder if Runbox will eventually fulfill all your requirements.