Blog Posts

A Welcome Note from Founder

on October 10, 2018 - featured

Welcome to EPRIVO Private Email!

I am super excited to introduce EPRIVO, finally. EPRIVO is a BlueRISC brand and is the company’s first product in the consumer space that we worked on for several years. It brings user-friendly solutions to meet consumers’ privacy needs in the cloud. Email privacy is our top priority at this point but we have efforts ongoing that are complementary.

It is extremely difficult to make and keep emails private.  Conventional emails are stored by multiple providers in the cloud as part of the delivery protocol and are also controlled ultimately by the recipients. Monetization by vendors drives for data-mining in the cloud, etc. Cyber threats, insiders, consumers’ (senders and recipients) security habits, and hidden software vulnerabilities add further to this list.

The EPRIVO solution provides the following unique benefits: Read more

Free Ain’t Free

on March 2, 2019

On the Internet Free Ain’t Free. Many people got used to free during the last two decades. Internet’s business model from search, browsing, social media, messaging, to emailing is that you get a free service for yielding your information. Information is Internet’s main currency or indirect currency – its bitcoin (i.e., virtual money).

This exploitation is tacitly allowed by some people and misunderstood by most. Basically, information about a user’s behavior, feelings, interest, and relationships, or anything from one’s consciousness is worth something to someone on the internet. Mobile applications also have become free since people are addicted to free and stopped paying for it – this drove everyone, including small shops, to models with paid ads. Only 0.01% of mobile applications are making any money. Living on information, through ads, or failing.

Read more

Using EPRIVO Private Email to Meet HIPAA ePHI Compliance in Emails

on February 22, 2019

Healthcare organizations are required to protect electronic protected health information (ePHI), such as electronic health records, from various internal and external risks [1]. Safeguards must be in place even when emailing ePHI. One challenge is that conventional emails and services do not have what it takes to meet HIPAA compliance. Also, it is not as simple as encrypting email content. There is much more to it.

The Technical Safeguards in HIPAA addresses protection of ePHI. The Security Rule defines technical safeguards in § 164.304 as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” There are 5 standards. With EPRIVO you could meet HIPAA ePHI compliance even in emails you send containing ePHI.  EPRIVO has all necessary security and controls for HIPAA.  See below how each applies with EPRIVO.

1.    Access Control
2.    Audit Controls
3.    Integrity
4.    Authentication
5.    Transmission Security

Read more

Why shall most email information be thought of as sensitive?

on November 26, 2018

Many people believe that their digital content is not so sensitive and therefore their privacy is not a concern to them. Here is why that is wrong thinking.

It is simply hard to judge what is sensitive. You can lose your digital content anytime and your content may even become more sensitive over time. There are multiple points of vulnerabilities, most of which are outside your control. Your emails remain in the cloud and in the recipients’ devices, potentially forever, after being sent. Your content may be leaked anytime and anywhere along the paths an email takes, even in the future or even at your recipients.  That can happen because of weak passwords on email accounts or because of a break-in at one of the servers that store your content, or a compromise can occur at any of your recipients’ providers or their devices get hacked, to name a few reasons.

We would argue that one does not know what content deserves confidentiality, and content that is not sensitive today may become sensitive in the future. All your emails are better kept confidential and you shall retain control over them forever, just to be safe, ideally. Here is why in a bit more detail:

Read more

Best Practices Series: Social Engineering & Phishing Attacks. How Is EPRIVO Emailing Made Resilient?

on November 10, 2018

Social engineering is a commonly used attack vector against unassuming users that does not require any sophisticated technology. It is worth knowing how to recognize these attack attempts, and avoid falling victim to criminals aiming to gain access to one’s computer or device, and/or online accounts. Typical phishing attacks are malicious emails masquerading as something important/useful. Such emails can be in the form of a request from someone important at work, from your bank, school, doctor, lawyer, friend or relative, etc. In these emails attackers typically ask for passwords, for sensitive information to update accounts online, or ask you to pay some fees after accessing a fake website that looks similar to the actual one they imitate. In summary, these kinds of attackers may use one or more of the following tactics.

Read more

Best Practices Series: Sender-Controlled Privacy – Protection in the Cloud and Recipient’s Devices.

on November 2, 2018

How are the sender-controlled privacy features used? EPRIVO includes special privacy features that can be associated with each EPRIVO email we send. The availability of features depends on the type of subscription, but here we will discuss them in general. Importantly, these features are above the baseline privacy of email content that is always present in the cloud as well as in the sender/recipient devices.
Read more

Physical & Digital Security

on October 24, 2018

Emails are extremely vulnerable to privacy violations during their lifetime. Firstly, emails are often archived for many years as users accumulate a large number of emails that are spread in the cloud. Also, security breaches, service provider insiders, deliberate data mining, implementation vulnerabilities, and weak user passwords, are among the factors that lead to most people’s emails being compromised at some point in time. In addition to the vulnerabilities related to senders and related providers, the privacy of an email, as soon as it is sent, depends on the recipient’s providers in the cloud, and on the recipient’s devices and security habits. The recent vulnerability discovered on SSL, the digital security layer of web servers, called HeartBleed, further highlights the challenges faced.

Is it even possible to attain email privacy? The EPRIVO email privacy service combines government-grade digital security (e.g., AES-256 encryption) with the idea of physical security or separation implemented in the cloud. Read more

Threats to Email Privacy are Socio-Technological

on October 12, 2018

First what is Privacy and what factors affect Email Privacy? Wikipedia defines it as “Privacy (from Latin: privatus) is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively”. Privacy has a technical aspect as well as a socio-economic one, and threats to privacy can come from either of these factors. Email privacy is vulnerable to both kinds of threat.

Socio-economic factors are often driven by societal factors that include monetization needs, politics, power, culture, political systems or religions. Although these things are sometimes simply part of life, they can nonetheless be defined in terms of privacy or in terms and conditions agreements between parties. For example, free services often utilize the information of a user as part of a monetization scheme such as targeted advertisements, asking users to agree to their terms. In short, privacy in this socio-economical context may be vulnerable to:
Read more