The first one-time-pad encrypted email service that’s as easy to use as Gmail, and lets you keep your existing email address. Read more
This project's funding goal was not reached on May 9, 2014.
About this project
A big "Thank You" to all who supported our Kickstarter campaign. We will continue to send updates on the progress towards the launch of Privus and invite you to follow us at www.privus.com. If you have any questions, please feel free to email me at email@example.com
Summary of benefits
- It’s secure against any individual, corporate or government intrusion.
- It’s as easy to use as Gmail, Yahoo, Outlook or any other email service.
- You can keep using any email address you want.
- You can use it from any location on just about any device you want.
- You can send and receive to and from any email address you want.
- Integrated SPAM and junk mail filters.
- We don’t scan your open messages, or sell your meta data when you show it - and we give you a way to hide it.
Over the years, encrypted communications have primarily been the concern of the military, government agencies and businesses like online retailers, banks, insurers and healthcare facilities.
But things have changed, and now 7 out of 10 Americans believe the privacy of their online communications is being violated by hackers, corporations and government agencies.
Until now, there has been nothing available that’s simple to use, genuinely secure and transparent to the point that a non-technical user can actually understand how their messages are being protected.
As a result, most of us have either avoided the subject of security or settled for the easiest thing we could find and hoped it would work.
But the simple solutions currently being offered aren’t truly secure and those that are secure are more complicated than what most of us want to deal with. (For details, see the section titled “What problems do we solve?”)
We’ve been guided by two objectives:
- First - Make it so simple that our users don’t do anything differently than what they’d do if they were using Gmail, Yahoo, Outlook or any other email service.
- Second - Use an encryption method that is both uncrackable to an attacker and transparent to the user. (Meaning you can easily understand how your communications are being protected.)
Imagine you go to Gmail, Yahoo or Outlook on your computer, tablet or smartphone to compose a message.
You select one or more recipients from a list of contacts that pop up as you start typing. You attach any files you want to send and you put a short description in the subject field.
You write your message and format it however you like, with bolded, underlined or italicized fonts, colors, highlights, indents, bullets, numbers, whatever.
So far nothing is different, right? All that’s left is to click the “Send” button.
With Privus, the only difference is you have two buttons to choose from – one that sends your message in the open and one that sends it encrypted. That’s it!
Simple to use doesn’t mean simplistic. Our interface is rich with additional features. You can assign priorities, save drafts, review and edit encrypted messages, and much more. But sending a 100% secure message from any desktop, laptop or mobile device through Privus really is that simple.
Receiving an email is just as simple. In fact, you don’t do anything different. Just select a message from your inbox and it opens.
All your private messages are transmitted and stored fully encrypted. When you click to open one, our software decrypts it on your local device and displays it for you exactly as it was originally formatted.
When you’re done with it, you can disposition it however you like – reply, reply all, forward, label, package, move, trash, print, etc. And you can do it all with the added option of applying bulletproof encryption.
With Privus, you can send to and receive from any email address – and you can use any email address you want, from any location or device.
It is not an exaggeration when we say that the One-Time Pad (OTP) protocol has never been cracked.
While no encryption method can withstand having its “secret code” (Cryptographers call this the “key”) exposed to the public, we can honestly say that with the OTP protocol, as long as you keep your key secured, no individual or organization will be able to decrypt your messages regardless of the resources they have available to them.
With Privus, you can either use OTP to encrypt directly or you can use it to augment and enhance other encryption protocols, such as the AES (Advanced Encryption Standard) and RSA (Rivest Shamir Adleman) algorithms.
We realize that it might be difficult to understand how a cipher that was first invented in 1917 can stand up against the resources of huge, high-tech government agencies. So if you’d like to learn more about what makes OTP encryption so unique, go the FAQ: “What makes OTP uncrackable?”.
So what’s the catch?
There really isn’t one. The only thing you’ll need to do is download a small application. It can be stored on any USB drive, your computer’s hard drive, your smartphone, an SD card or any other storage device you choose.
Once the application is loaded, you can send and receive emails like you always have – but now, with absolute security.
Regardless where you store it, our application provides a cipher-key (or C-Key) management system that makes everything easy.
We’ve created pledge options for every budget. You can use your own storage device or you can get one of our USB drives with the application pre-loaded.
We’ve even created an option that provides bulletproof hardware that matches the power of our software. Privus is now fully compatible with IronKey™ USB drives. (For more details, see the section titled “The Privus C-Key”.)
What problems do we solve?
There are significant technical differences between the solution we offer and what’s currently available in the “consumer” market. Other encrypted messaging services that offer simplicity, often provide it at the expense of security.
The encrypted messaging services currently being offered have three problems: Weak Transfer Encryption, Decryption Key Storage and Key Abstraction.
Problem #1: Weak Transfer Encryption
There are services out there that boast about double and triple encryption. They publicize their use of AES, RSA and SHA (Secure Hash Algorithm) protocols, but if you look at their implementation, they’ve left weak links in their chain of security.
For example, some of the more popular services only use higher-level encryption protocols after your email, instant message or text is on their server. They rely on nothing more than standard SSL (Secure Socket Layer) or TLS (Transport Layer Security) encryption to transfer your messages to and from their servers. While SSL and TLS do offer a level of security, in the world of encryption, this would be considered a minimalist approach.
This type of implementation is understandable. It requires little or no programming and delegates the responsibility of key management to your web browser – a web browser that was likely written by one of the same companies that have been handing over your information to third parties.
With Privus, your message is encrypted with either OTP, AES, RSA or a combination of all three before it’s wrapped in an additional SSL or TLS layer. And all this encryption is done on your local device without exposing any part of your message to the internet and without requiring any processing from you.
Problem #2: Decryption Key Storage
To make matters worse, in the name of convenience, other messaging services store your decryption key (that’s the key no one should have access to except you) on their servers. So they’ve essentially left a Post-It note on the vault door with the combination written on it.
Now granted, they tell you their vault is in a room that’s locked up, but once again, this translates into a heavy chain with a weak link. It doesn’t matter how strong the vault is, if it and its combination is in a room with nothing but a $10 padlock on the door.
With Privus, your decryption key is never transmitted, and it's never stored anywhere except on a device you keep in your possession. This means your digital security can be translated into physical security.
In the digital world, “walls” are absolute. You can’t drill through a digital wall. You have to find a gateway though the wall that exists and unlock it – and that means you need a key.
If you keep that key (and any copies of it) secure, the gateway is secure.
Privus provides a decentralized solution to secured communications that's simple to use but doesn't compromise on the security it provides.
Decentralization is important because it means you don’t need to trust your security to someone else – not internet service providers, not wireless networks, not email services, not SSL certificate issuers, not websites, not even us. You alone control your security.
The problem has been that the decentralized solutions that are currently available, not only transfer control to you, they also transfer the technical complexity to you as well.
This is where Privus shines.
We’ve transferred the control of your security to you, but all the technical complexity is managed by an application that resides on your system and works through a user interface you’re already comfortable with.
You can store this application and your decryption keys wherever they best support the way you like work. Consider some of the following examples:
- You primarily send and receive encrypted messages on your work machine. You don’t want to leave your keys on an unattended machine over nights or weekends, so you store the Privus app on a USB device and keep it with you at all times. This also allows you to access your encrypted messages from any device that has internet access and a USB port.
- You do everything on a laptop, which already holds other secured information. You keep your laptop secure, so you choose to store the Privus app on your laptop’s hard drive.
- You like to access your emails from several devices, but you don’t want to carry around an extra USB drive. Your smartphone is always with you, so you choose to store the Privus app on your smartphone and use it as a storage device that connects to all your other devices.
- You need both bulletproof security and complete flexibility to communicate from anywhere, so you choose to store the Privus app on an IronKey USB drive. Not only does this allow you to communicate from any smartphone, tablet, laptop or desktop computer, it also provides the highest level of physical security available on a portable storage device. (IronKey is used by military and intelligence agencies around the world and is considered the gold standard in secure storage. For more details, see the section titled “The Privus C-Key”.)
Problem #3: Key Abstraction
Beside secrecy, there are two things, that make a key secure: randomness and size.
Randomness means there is no meaning, logic or pattern to the key. This prevents an attacker from being able to guess what your key is.
You may think the name of the guy or gal you secretly had a crush on in high school is safe, because you never told anyone. But even a rookie hacker knows that people often use names for passwords. Running a trial-and-error attack on a few hundred thousand names can be done in a few minutes to several hours, depending on the equipment used.
Random keys force an attacker to go from a trial-and-error type attack to a “Brute Force attack”. A brute force attack is when an attacker attempts every possible combination of characters. This increases the number of potential keys by orders of magnitude.
For example, there are about a million English names in common use, but with all the keys on a standard QWERTY keyboard, there are 6.2 million to the power of 79 possible combinations that are 8 characters or less.
This helps illustrate the importance of key length.
While 86 digits is an extremely large number, it’s still within the capabilities of what some computers can analyze within a reasonable length of time.
For that reason, modern keys are much longer than just 8 characters. In fact, most are between 256 and 2,048 characters long. This makes the number of possible combinations so large that even if all the computers on the planet were working on it, it would take over a million years to calculate only a minute fraction of all the possible combinations.
In short – large, random keys make brute force attacks useless.
Many encrypted messaging applications use large, random keys. But until now, managing large random keys has been problematic.
You can’t remember them. So that means you need to store them somewhere and then retrieve them when you need them.
As we explained earlier, most of the existing services save your keys on their servers, but you only use a simple password to retrieve them. This makes the randomness and length of your key completely meaningless, because the key can be accessed with a short, simple password.
This is called “Key Abstraction”. In computer science, abstraction is taking the details of complex data or functions and reducing them to a simpler representation or process.
We understand why other companies use abstraction – it’s easy. They can advertise that they use “big keys”. And they can advertise how they have convenient passwords. They just don’t advertise how one negates the other.
With Privus there is no abstraction. Your login is completely separate from your encryption. Even if a hacker gets past your login, with Privus all they'll see is encrypted messages like the one shown below.
The Privus C-Key
The Privus C-Key is why we say you can now have a key to secure your communications the same way you have a key to secure your house or your car.
As we mentioned, you can use your hard drive or on-board SD-card as your C-Key, and simply safeguard your device, or you can use any USB, SD or other storage device you choose.
But if you really want the maximum security and the ultimate convenience, nothing beats the “Privus/IronKey” solution.
We’ve partnered with IronKey to provide a solution that’s as sound as anything you’ll find in the largest corporations or government agencies.
Not only does our use of a C-Key provide you with both security and convenience, but with Privus, you’re able to translate your digital security into physical security – and nothing does that better than Privus with IronKey.
With the Privus/IronKey Solution you’re able to:
- Use One-Time Pad (OTP) encryption to directly encrypt the most sensitive communications to and from anywhere
- Transfer keys and other sensitive information anywhere in the world with the absolute guarantee that it will not be compromised
- Use OTP/AES/RSA encryption to conveniently communicate securely with contacts who were previously unknown to you
- Protect your data and identity from thieves, malware and other threats
- Automatically have your C-Key create new encryption and decryption keys as often as every 30 seconds, so no key is ever used more than once
- Store virtual desktops so you can work from anywhere, and leave no trace of your presence
- Be able to archive secured messages without compromising their security
- Manage all your passwords easily and securely
- Never worry about lost or stolen keys, because your IronKey will self-destruct after 10 failed password attempts
Privus provides a way to keep all your communications totally secure without having to jump through a bunch of tedious or technical hoops – no mouse mapping, no data dumps, no cutting and pasting keys or content, no multiple applications to install, no VPN networks, etc.
And while we’re able to provide you with absolute security, our interface is actually simpler to use than many of the existing solutions that provide little if any real security.
Welcome to Privus!
Meet the team
- Rick Molina is the Founder and President of CypherCom, Inc. He fills the role of the Chief Operations Officer for Privus. Rick has a B.S. in Computer Science and has worked in software development for over 20 years. The majority of that time was spent as a business analyst and project manager creating functionality for web-based and desktop applications. His experience ranges from consulting startups to working for a Fortune-100 company as a program manager on a $38M government project developing software for the Department of Defense.
- Ryan Healey fills the role of the Chief Technical Officer. Ryan has a B.A. in Information Systems and Technology and has worked as a software engineer, database architect and development manager for over 12 years. Ryan has managed international software development teams ranging in size from 3 to 12 members on over 200 different product builds and has handled every aspect of software development, quality assurance and product deployment.
- Todd Cronin wears the hat of our cyber-security and encryption subject matter expert. In May of this year, Todd will be graduating with his Bachelors of Science degree in Computer Engineering. His academic focus has been on systems security. Upon his graduation, Todd will be commissioned as a Lieutenant in the U.S. Air Force, and will be on the front line of protecting our country’s digital infrastructure as a cyber-security analyst. All the best Todd!
- Kurtis Constantine handles marketing and community management. Kurtis served 10 years in the US Air Force Office of Special Investigations where he was recognized for his work in cyber-security and counterintelligence.
In addition to these individuals, we have a 3-man development team and a finance guy who apparently would rather be in New York than be in our video. (inside joke)
Comparison of pledge options
As a way of saying “Thank You” to all of our Kickstarter supporters, we’ve discounted our normal subscription prices from $3.75 to $2.92 per month. Early-Birds can save even more. ($2.08 per month)
The chart below gives you a convenient summary of what’s included in each pledge option.
First, we’d like to sincerely thank you for taking the time to look at our project!
And while we’d certainly like to invite you to help us bootstrap the final few steps to our launch, we’d also like to ask you to help us get the word out to all your friends, family members and associates.
The more people there are using tools like Privus, the fewer intrusive resources there are available that can be brought to bear on any particular individual or group.
In this game, when we help ourselves, we’re also helping each other collectively.
Rick Molina, COO, Privus
Absolute Privacy. Amazingly Simple.
Risks and challenges
The underlying technology is well proven with a track record that spans over 35 years. The only new variable is how our interface displays on all the different browsers currently being used on desktop, laptop and mobile devices.
We’re planning to support the two most recent versions of the following browsers:
• Internet Explorer
• Windows Mobile
All the major functionality has been unit and regression tested and appears to be ready for beta. But as new features are introduced there’s always the possibility of finding new problems.
All newly released, web-based software applications face compatibility challenges. Even Fortune-100 companies don’t have big enough budgets to completely eliminate any post-release bugs.
The main risk to you, as one of our supporters, is that for the first few weeks, you might have to deal with the kinds of minor bugs that are sometimes found on less mature software applications.
We’re inviting all of our Kickstarter supporters that have opted to sign-up for at least a one-year subscription to be in our beta user’s group. When it comes to testing software, the more people you have pounding on it, the better.
With your help, we’re confident that we’ll not only be able to quickly find and fix any lingering bugs, but we’ll also be able to implement any enhancements you request.Learn about accountability on Kickstarter
One-Time Pad (OTP) encryption is a symmetrical encryption method that was first attributed to Frank Miller in 1882. It was then redesigned and patented around 1917 – and since that time the protocol has never been cracked.
OTP is uncrackable because of four characteristics.
• An Ultra-Simple Encryption Algorithm
• Ephemeral Keys
• Extremely Long Key Lengths
• Random Key Segments
An Ultra-Simple Encryption Algorithm – The most commonly used encryption methods have complex mathematical algorithms based on discrete logarithmic functions. The problem is that these algorithms are so complex and require such precise inputs that “backdoors” be hidden within them.
The complexity of these algorithms does not make them stronger. In fact, the power of any encryption method has never been based on the algorithm. The strength of every reliable encryption method used in the last 4,000 years has always been in the cipher-key. (A cipher-key is essentially a long password that’s used as a mathematical value, which is applied to the algorithm.)
The math used in OTP encryption is a simple 2-digit addition problem followed by an even simpler division problem. In fact, it’s so simple, it can be done by hand – as it was for over 70 years, throughout the Cold War. That simplicity means it’s impossible for an attacker to hide anything inside the algorithm.
This means the only way any would-be attackers can penetrate an OTP-encrypted message is to reconstruct the original cipher-key.
Ephemeral (short life) Keys – The term “One-Time” comes from the fact that each cipher-key is only used once. One of the obvious benefits to this is that should a cipher-key that was used in one message be compromised, it cannot be used to decrypt any other messages.
But there’s another benefit as well.
One approach to crypto-analysis (code-breaking) is to look for repeating patterns that might reveal sentence structure, word types or even specific phrases.
By changing the cipher-key each time you encrypt a message, there are no patterns to analyze. This means a code-breaker is forced to start from scratch with each message, because he has nothing to build upon from any previous messages.
Random Key Segments – By closing any potential “backdoor” access through the algorithm and by eliminating any chance of identifying repeating patterns from persistent cipher-keys, an attacker’s only remaining option is to try to “guess” a cipher-key through a trial and error search.
Statistically, the number one way code-breakers get past encryption is through weak cipher-keys.
Using any kind of “logic” to create a cipher-key makes it exponentially easier for an attacker to figure it out.
Using patterns or words in a key not only mathematically reduces the number of possible combinations, but those patterns or words are often related to you in some way such as birthdays, anniversaries, names, jobs, hobbies, etc.
This makes it much easier for an attacker to analyze all the possibilities within the time period that you want the message to remain secret.
The only reason we turn to patterns, words or other logic-based cipher-keys is so we can remember them. But with our “Privus C-Key” functionality, you don’t need to remember anything.
We strictly adhere to the OTP protocol by always allowing you to easily (automatically) create and use crypto-level random cipher-keys.
This further reduces an attacker’s options by forcing him to resort to a “brute-force” attack. (A brute force attack is simply trying every possible combination of characters.) This increases the number of possible combinations for any given key length by orders of magnitude.
Extremely Long Key Lengths – It’s a mathematical reality that the longer the cipher-key is, the longer it will take to try all the possible combinations through a brute-force attack.
There are 95 characters on the standard QWERTY keyboard. So…
If your key is 1 character long there are 95 possible combinations
If your key is 2 characters long there are 9,025 possible combinations
If your key is 3 characters long there are 857,375 possible combinations
If your key is 4 characters long there are 81,450,625 possible combinations
As you can see, the numbers get really big, really fast.
A cipher-key that’s 2,000 characters long has 2.8003e+3955 possible combinations. (That’s a 2 followed by 3,955 digits.)
If you had seven quadrillion computers (that's over one million computers for every man, woman and child on the planet) that could generate a quadrillion keys each second, it would take over a quadrillion centuries to generate less than 1% of all the possible combinations.
Results of the Protocol – OTP encryption has been proven to be mathematically uncrackable. It earns this distinction because even if an attacker were to find some way to penetrate all four of the barriers outlined above, the outcome would be meaningless.
That’s because as we force an attacker into trying every possible cipher-key, our algorithm produces every possible output for a given message length.
For example, the following eight messages are all 24 characters long. Given a brute-force attack, an attacker would generate all eight (and hundreds more) potential messages and not know which one was correct.
1. Meet me at the same place
2. Don’t go there ever again
3. I’m still leaving at dawn
4. I am not going until 9:00
5. George will pay with cash
6. He’ll use my credit cards
7. Enter my SSN: 222-33-4444
8. Use Al’s SSN: 666-77-8888
Finally, with Privus, all your cipher-keys are hidden from the internet. So there is no technological way for an attacker to get to them as long as your personal device (i.e., computer, tablet, phone, etc.) is not compromised.
- (60 days)