Blog Posts

A Welcome Note from Founder

on October 10, 2018 - featured

Welcome to EPRIVO Private Email!

I am super excited to introduce EPRIVO, finally. EPRIVO is a BlueRISC brand and is the company’s first product in the consumer space that we worked on for several years. It brings user-friendly solutions to meet consumers’ privacy needs in the cloud. Email privacy is our top priority at this point but we have efforts ongoing that are complementary.

It is extremely difficult to make and keep emails private.  Conventional emails are stored by multiple providers in the cloud as part of the delivery protocol and are also controlled ultimately by the recipients. Monetization by vendors drives for data-mining in the cloud, etc. Cyber threats, insiders, consumers’ (senders and recipients) security habits, and hidden software vulnerabilities add further to this list.

The EPRIVO solution provides the following unique benefits: Read more

Much Ado About Security Questions

on May 23, 2019

Hackers often target the email and social media accounts of the rich and famous. Why? Because they’re easy targets and a quick way to get a lot of fame. The public and private lives of celebrities and politicians are often open books. Even the most private ones share a lot of their personal lives with the world.

Most of us who watch this unfold are good-hearted, nice people who genuinely care about the people behind these larger-than-life personas. But, it just takes one bad apple in the orchard. And sometimes, there are many bad apples.  

Read more

Privacy is the glue that holds society together

on May 15, 2019

More than ever our emails are being monitored by messaging providers. You may have noticed that messaging services are getting incredibly good at suggesting responses to emails/messages. In the race for creating a human level artificial intelligence, or at least the world’s best chatbot, we often see that providers are constantly training their autofill messaging options by reading our conversations.

Some of the highest grossing IT companies are frequently needing professionals/contractors to fly in and educate staff on how to properly manage user data, often for simple processes like removing user IDs from datasets before interpreting the information. Just because companies say they are providing secure services for their users it doesn’t mean they are. Just because a messaging provider is worth billions of dollars, it doesn’t mean information is safe from hackers, employees and under the table business deals that go on between companies.

Read more

Do Women Worry about Their Digital Privacy as Much as Men?

on May 15, 2019

Women represent 14% of the workspace in cyber security in the US and under 10% in Europe. This low representation is a fairly well-known statistic. Some countries have this better like Australia that has around 25% cyber-security professionals being women. There is a lot of ongoing debate as to why that is, but this is not the question we are asking here.  We want to know what this ratio is for using digital security or privacy products. Is this low representation only in a cyber-security career choice, or would women similarly not be pursuing products in digital security and privacy even though they can make these decisions in anonymity?

Read more

Free Ain’t Free

on March 2, 2019

On the Internet Free Ain’t Free. Many people got used to free during the last two decades. Internet’s business model from search, browsing, social media, messaging, to emailing is that you get a free service for yielding your information. Information is Internet’s main currency or indirect currency – its bitcoin (i.e., virtual money).

This exploitation is tacitly allowed by some people and misunderstood by most. Basically, information about a user’s behavior, feelings, interest, and relationships, or anything from one’s consciousness is worth something to someone on the internet. Mobile applications also have become free since people are addicted to free and stopped paying for it – this drove everyone, including small shops, to models with paid ads. Only 0.01% of mobile applications are making any money. Living on information, through ads, or failing.

Read more

Using EPRIVO Private Email to Meet HIPAA ePHI Compliance in Emails

on February 22, 2019

Healthcare organizations are required to protect electronic protected health information (ePHI), such as electronic health records, from various internal and external risks [1]. Safeguards must be in place even when emailing ePHI. One challenge is that conventional emails and services do not have what it takes to meet HIPAA compliance. Also, it is not as simple as encrypting email content. There is much more to it.

The Technical Safeguards in HIPAA addresses protection of ePHI. The Security Rule defines technical safeguards in § 164.304 as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” There are 5 standards. With EPRIVO you could meet HIPAA ePHI compliance even in emails you send containing ePHI.  EPRIVO has all necessary security and controls for HIPAA.  See below how each applies with EPRIVO.

1.    Access Control
2.    Audit Controls
3.    Integrity
4.    Authentication
5.    Transmission Security

Read more

Why shall most email information be thought of as sensitive?

on November 26, 2018

Many people believe that their digital content is not so sensitive and therefore their privacy is not a concern to them. Here is why that is wrong thinking.

It is simply hard to judge what is sensitive. You can lose your digital content anytime and your content may even become more sensitive over time. There are multiple points of vulnerabilities, most of which are outside your control. Your emails remain in the cloud and in the recipients’ devices, potentially forever, after being sent. Your content may be leaked anytime and anywhere along the paths an email takes, even in the future or even at your recipients.  That can happen because of weak passwords on email accounts or because of a break-in at one of the servers that store your content, or a compromise can occur at any of your recipients’ providers or their devices get hacked, to name a few reasons.

We would argue that one does not know what content deserves confidentiality, and content that is not sensitive today may become sensitive in the future. All your emails are better kept confidential and you shall retain control over them forever, just to be safe, ideally. Here is why in a bit more detail:

Read more

Best Practices Series: Social Engineering & Phishing Attacks. How Is EPRIVO Emailing Made Resilient?

on November 10, 2018

Social engineering is a commonly used attack vector against unassuming users that does not require any sophisticated technology. It is worth knowing how to recognize these attack attempts, and avoid falling victim to criminals aiming to gain access to one’s computer or device, and/or online accounts. Typical phishing attacks are malicious emails masquerading as something important/useful. Such emails can be in the form of a request from someone important at work, from your bank, school, doctor, lawyer, friend or relative, etc. In these emails attackers typically ask for passwords, for sensitive information to update accounts online, or ask you to pay some fees after accessing a fake website that looks similar to the actual one they imitate. In summary, these kinds of attackers may use one or more of the following tactics.

Read more

Best Practices Series: Sender-Controlled Privacy – Protection in the Cloud and Recipient’s Devices.

on November 2, 2018

How are the sender-controlled privacy features used? EPRIVO includes special privacy features that can be associated with each EPRIVO email we send. The availability of features depends on the type of subscription, but here we will discuss them in general. Importantly, these features are above the baseline privacy of email content that is always present in the cloud as well as in the sender/recipient devices.
Read more

Physical & Digital Security

on October 24, 2018

Emails are extremely vulnerable to privacy violations during their lifetime. Firstly, emails are often archived for many years as users accumulate a large number of emails that are spread in the cloud. Also, security breaches, service provider insiders, deliberate data mining, implementation vulnerabilities, and weak user passwords, are among the factors that lead to most people’s emails being compromised at some point in time. In addition to the vulnerabilities related to senders and related providers, the privacy of an email, as soon as it is sent, depends on the recipient’s providers in the cloud, and on the recipient’s devices and security habits. The recent vulnerability discovered on SSL, the digital security layer of web servers, called HeartBleed, further highlights the challenges faced.

Is it even possible to attain email privacy? The EPRIVO email privacy service combines government-grade digital security (e.g., AES-256 encryption) with the idea of physical security or separation implemented in the cloud. Read more