A key benefit of EPRIVO private email service is that they do not store your e-mails – providers that store emails can be vulnerable by design by enabling more attack surfaces. In a way, EPRIVO’s email privacy is a solution entirely focusing on privacy and security rather than also hosting emails, which provides a healthy separation of roles on the long term especially. One can see EPRIVO as a privatized email solution vs ProtonMail a private email hosting solution.

Table 1 – Feature Comparison

ProtonMail – Overview

ProtonMail is ran from servers based in Switzerland. It is said that the data you send and receive is kept private and encrypted safe from even the developers/owners, meaning if regulators were to ask for an individual’s data, not even they can access – so if you lose your password or login details there is no way for you to access your ProtonMail account. However almost any server can be compromised making your information vulnerable, and because ProtonMail stores your emails it is perhaps easier to come up with attacks.  ProtonMail requires its users to create a ProtonMail email address. Users can choose between 2048-bit encryption and 4096-bit encryption, which is a technicality as key size does not determine its security really (rather other attack surfaces would).

A key benefit around ProtonMail is that you don’t need to sign up with a recovery email or phone number. Many email providers make it tricky to create a fresh email address from scratch. ProtonMail also has a paid VPN feature which adds an additional layer of security for those who use it. ProtonMail also allows users to have an anonymous identity which has practicality for some users. However, ProtonMail can’t be used by marketers for mass emailing, which may be in fact ok. ProtonMail has a feature that monitors access attempts to your account. Users’ inboxes are protected by zero-access encryption, this is a form of security that means that only the user has access to their data. Unencrypted emails like Gmail are readable once they reach the ProtonMail servers, but they are then encrypted so that only the account owner can read them. End-to-end encryption on the other hand maintains a high degree of privacy for messages that are both sent and received.

EPRIVO Private Email – Overview

EPRIVO, on the other hand, is made to be used with your existing email address from either Gmail, Yahoo, AOL, Hotmail, iCloud or Outlook.  So, you can use EPRIVO to secure your existing email accounts. Once you sign up and create an EPRIVO username, you can then login and access your email through the app. EPRIVO distinguishes itself by adding fine controls on each sent email. Within the app you have your conventional inbox that you are used to from your email provider, but you are now equipped with a “private inbox”, “non-private inbox”, “privatized non-EPRIVO”,”private sent”, “expired sent”, “my recalled” and “drafts” folders.

When creating a private email using EPRIVO, you are equipped with the following features/options:

The EPRIVO app cleverly locks if it has been inactive and requires a password or biometric authentication to get back in, thus protecting your messages if your device is compromised. The EPRIVO app maintains all emails encrypted all the time even in the recipients’ devices. The only time emails are decrypted, temporarily, is during access. Recipients can access EPRIVO emails based on access controls senders set, and not beyond. EPRIVO maintains sender-controlled privacy everywhere.

EPRIVO has a privatization feature for already received (past or old) emails, messages are moved to the “privatized non-EPRIVO” folder where it is securely stored and only made accessible via the app.  The EPRIVO app starts to learn how to arrange your emails as you start to privatize/un-privatize emails over time (and indicates their sensitivity as well).  It will then arrange them accordingly with respect to their sensitivity levels. 

EPRIVO wraps several privacy features together into one convenient, easy-to-use package. With EPRIVO, users can create an account using their own email address, sort of a private email address based on your own email, which means that they don’t need to create and remember a new ID that they’ll need to give to everyone else to use as privacy contact. The app actually acts as an email app, which means it can send and receive emails directly from an account.

More features are available at higher subscription tiers, such as the ability to privatize all metadata once private messages are read. With the basic subscription, and all other, users can choose to send their recipients an SMS once a message is sent to notify them of the message.

EPRIVO uses its own private servers to enable security and to provide these privacy features but it does not store emails. The email messages are stored in the users’ email accounts (carriers) fully encrypted, with security managed by EPRIVO. The privacy features that users select will define the conditions in which messages are stored, retrieved, or destroyed. Users can even choose to delete sent messages if they choose to do so before the recipient reads the message. The ability to delete sent messages is particularly important for volatile situations. One can divorce, be fired, have friendships that go bad in the future. EPRIVO allows you also to privatize old emails from any account and maintain controls over sent emails so that one can delete an email and it will disappear both in cloud and recipients’ devices.

Pricing

A subscription service is required to use EPRIVO. However, there is a 14-day free trial for new users and there are ways to maintain free use (e.g., veterans can use EPRIVO for free as of now). Four subscription tiers are available, as of Sep 2019 (all prices are in US dollars). The individual tier is $11.99 a year and the family tier for 5 users is $17.99/year. These tiers provide ample privacy features for users, including timed expiration and one-time view messages and managed security. The Celebrity Gold ($35.99/year) and Celebrity Platinum ($89.99/year) subscriptions enable much additional privacy features such as the ability to privatize metadata and so on. An interesting feature on the Celebrity plans is unlimited prepaid subscriptions. Any recipient of a celebrity user also gets automatically one-year prepaid subscription. Celebrities can also include people in their entourage for free. EPRIVO has no limitations in terms of how many emails it can send or receive.

ProtonMail has a free version where users can benefit from some of their features. The free version includes 500MB of storage, 150 messages per day along with limited support. The 500MB limit essentially means that one would need to pay beyond a few months of use or keep deleting past emails (inconvenient). ProtonMail Plus is $89.99 per year which gives it users a 5GB storage capacity, ability to create 5 new email addresses as well as labels for folders and the application of filters.

EPRIVO does not have access to emails as it relies on the users existing email carriers to store them, except emails are now stored encrypted. EPRIVO messages are kept secure between the sender and recipient, as well as in their devices. The encryption and decryption process, as well as the storage and distribution of appropriate keys are all handled seamlessly by EPRIVO so that the users don’t have to deal with the technicalities of using the technology at all. EPRIVO also supports physical separation, a technology to scatter content across multiple providers (outside EPRIVO). This is a patented technology to enable no full email storage at any provider, even in encrypted form. That increases your security tremendously as even multiple successful attacks, at multiple providers simultaneously, or leakage of your carrier password, can still mean your email privacy is not compromised.

EPRIVO is ahead of the curve for keeping your information safe in the situation where someone accesses your phone, either while its unlocked or broken into. It is not unheard of where someone has too much to drink and a malicious or excessively curious partner places their finger over the finger print sensor logging into their device. Also, many passcodes involve simple memorable combinations that a spouse for instance could become aware of over time. If this were to happen to you, EPRIVO maintains its security, it gives nothing away, if the app is opened even your username is censored, and you will need to login in again (secure timeout settings cannot be removed by users for a reason). Almost every other mainstream emailing/messaging app will give prying eyes access to all of your messages.

Platforms Supported

EPRIVO already has apps for macOS, Android and iOS mobile devices, and will soon be releasing a version for Windows 10 PCs in Fall 2019. ProtonMail’s version that works through the browser is more vulnerable by design as there is more potential for transparency when running JavaScript[1][2].  If you are going to use ProtonMail you are better off only running it through the app after ensuring there is no malware on your device. EPRIVO does not support web reading of secure emails where your keys can be compromised by malicious scripting.

EPRIVO also supports sending an encrypted email to non-EPRIVO recipients that is based on password access and limited to that particular email for 48 hours, based on information received. Recipients can choose to download the EPRIVO app to read it, or they can simply view it using EPRIVO Encrypted Email Viewer on the website using the password.

EPRIVO adds physical separation to digital security

Final Thoughts

EPRIVO and ProtonMail both have their own unique use cases and benefits. ProtonMail is a great offering for creating new accounts. EPRIVO has more necessity for everyday use as it works to improve our security/privacy when using our existing Gmail, Outlook, Yahoo, iCloud or AOL accounts. Custom domains will be made available as well, so EPRIVO can potentially secure all your emails transparently without having a dedicated email account for private emailing. That seems like a very beneficial aspect.  As well as this, EPRIVO doesn’t store your emails so by design has no access ever to it, providing peace of mind to users. This is healthy as no cryptography is 100% secure ever. Also, EPRIVO can enable you email security across all your email accounts. Since EPRIVO does not store your emails and has no need to maintain data centers, it is more likely to maintain its low-cost pricing model making it an affordable choice in the future.

EPRIVO is free for 14 days currently, all features enabled. At the moment there is a beta testing program which provides new users with a free one-year subscription if they send 10 private emails to non-EPRIVO users. All they need to do is share screenshots on number of sent emails (in Settings screen) through a private email to support@eprivo.com. US Veterans can get access for free as well.  You should try it out today to secure your past and future emails.

References

[1] https://vimeo.com/99599725

[2] https://www.bitchute.com/video/AhdJzjC7Leo/

Physical & Digital Security
Best Practices Series: Social Engineering & Phishing Attacks. How Is EPRIVO Emailing Made Resilient?
Sender-Controlled Private Email – Privacy Controls for Protection in the Cloud and Recipient’s Devices