WebLOQ Email Encryption

WebLOQ is an early-stages company offering end-to-end email encryption:

  • Allows users to send and receive encrypted emails.
  • Normally users have some special software installed on their machine. This works with almost all email clients including Outlook, Thunderbird, Mac Mail, etc.
  • An invitation system is being developed. If you send to a user who hasn’t got the client software installed, the recipient will get an email that asks him or her to sign up and download the client software, so the parties can communicate privately.
  • Focus is on selling to SMBs, and organizations subject to privacy regulations such as healthcare, financial services, insurance, accounting, legal, government, law enforcement, and defense.
  • A free version is available; a professional version gets you more functionality, including access to compliance reports on what emails have been sent, to whom, when, and so on.
  • The current offering uses a WebLOQ-hosted server. In the future, a customer-premises-based server version will also be available.

Company:

  • Founded 2004.
  • Privately held. Ferris Research estimates annual revenues at less than $1M.
  • Series A funding in 2006 of $1M.
  • Series B funding in 2007 of $4.5M.
  • Now contemplating additional funding of $5M to $10M.

Comments:

  • WebLOQ sees compliance as the driver for purchases. Probably right.
  • Over the last 10 years, many similar end-to-end email encryption solutions have been implemented. They have received little acceptance. Based on a short briefing, it’s hard to see why WebLOQ should fare better at this point.
  • Interestingly, the solution doesn’t have tight integration with specific email clients. Instead, you email to a special address. The email is then intercepted as it goes out or comes in, and is duly encrypted/decrypted.
  • More than email bodies and attachments are encrypted. All email headers, including recipient lists and subject lines, are encrypted. That’s unusual, and could be valuable for some.
  • Recipients who don’t have the plug-in software can’t view messages, even through a staging server. This seems a pity.

David Ferris

One Comment

  1. Posted August 15, 2009 at 6:15 PM | Permalink

    I thought it would helpful if I responded to your blog comments, by way of clarifying where we stand on the concerns you mentioned, and also provide better insights to the inner workings of WebLOQ.

    Ferris Concern #2

    • Over the last 10 years, many similar end-to-end email encryption solutions have been implemented. They have received little acceptance. Based on a short briefing, it’s hard to see why WebLOQ should fare better at this point.

    WebLOQ clarification

    A — Prior email solutions have been just that – only content encryption. They have been very challenging to use, requiring the end-user to manage the encryption cycle, key exchange, certificates and in most cases, authentication. This is why ease-of-use has become the holy grail of successful email privacy. We have heard estimates that fewer than 5% of the largest encryption vendor licenses actually get into production usage, because of the usability difficulties.

    B — Those thorny problems are all invisible within WebLOQ. As a true database application solution we bundled those issues into the application layer so the user never sees them. If you know how to use Outlook, you know how to use WebLOQ. Big adoption issue.

    C — No other encryption vendor provides a space free of malware. Since we are raising the bar to achieve true privacy, we could not allow malware to penetrate the WebLOQ privacy space. Our private domain names and email addresses prevent malware, ensuring complete end-to-end privacy, not just content encryption.

    D — None of the legacy encryption vendors directly address the compliance requirement – specifically, reporting on all email transactions. WebLOQ’s SQL services solve that problem, and we know of no other vendor in the security space that utilizes a true database for email, or can provided compliance reports on-demand.

    E — Over the past ten years the pressure for privacy has been mounting, and the legacy vendors are doing far better today than they were doing 2 or 3 years ago. We hope to ride this wave upwards under the enforcement of state and federal privacy laws, which, until very recently, were rather toothless.

    We believe these are significant differentiators and will, hopefully, allow us to fare much better than the legacy players.

    Ferris concern #3

    • Interestingly, the solution doesn’t have tight integration with specific email clients. Instead, you email to a special address. The email is then intercepted as it goes out or comes in, and is duly encrypted/decrypted.

    WebLOQ clarification

    WebLOQ client services reside immediately adjacent to standard email clients. Using private email addresses and double encryption we can assure all the features we built do effectively achieve privacy.

    Ferris concern #4

    • More than email bodies and attachments are encrypted. All email headers, including recipient lists and subject lines, are encrypted. That’s unusual, and could be valuable for some.

    WebLOQ clarification

    Excellent point. We encrypt the headers to prevent them from being hijacked by the malware community, and the resulting invasion of privacy with spam, phishing, online fraud, etc. The header is the life blood to a hacker – 99% of malware relies on easily hijacked headers; only spear phishers and the intelligence crowd try to get at content.

    Ferris concern #5

    • Recipients who don’t have the plug-in software can’t view messages, even through a staging server. This seems a pity.

    WebLOQ clarification

    WebLOQ is a gated community. In order to achieve privacy you must be a subscriber. We do have road mapped a browser-based solution that will allow users to pick up email, but they will still have to be a WebLOQ customer, because without their account status and details we could not authenticate them as a valid user and protect their privacy.

    The WebLOQ private community inverts the standard Internet model, where everyone is anonymous and no one is accountable. In our world no one is anonymous, all are accountable – but nobody, including WebLOQ, can see content in transit.

  2. dferris
    Posted August 18, 2009 at 12:20 PM | Permalink

    George,

    Regarding your response A to my concern 2. I’m still not convinced you are easier than many of the solutions that have appeared over the last 10 years. I agree, you’re easier than the traditional PKI-based solutions: key exchange and maintenance is a real hassle. However, ad hoc solutions have appeared, typically using staging servers, to ease those issues. I see you as in a similar situation. With you, there are still initial setup hassles when you send to people not inside your walled garden–these to my mind are comparable to the hassles other solutions present.

    david

  3. P.S. Dunne
    Posted August 20, 2009 at 5:30 PM | Permalink

    How is this “end-to-end encryption”?

    It barely covers email.

    In your words, even emails travel “in the clear” at some point (…”you email to a special address. The email is then intercepted as it goes out or comes in, and is duly encrypted/decrypted.”)

Post a comment

You must be logged in to post a comment. To comment, first join our community.