• Microsoft Purview encryption

    From Andy Burns@usenet@andyburns.uk to alt.comp.os.windows-11 on Fri Jun 12 18:34:55 2026
    From Newsgroup: alt.comp.os.windows-11

    I had never heard of MSIP viewer before today ...

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    "How's that supposed to work?" I wondered.

    I found the viewer client but there is no association between my home
    email (pure SMTP/IMAP) address and either the MSA I use when needed on
    this PC, or my work M365 account, and as suspected even signing in with
    MFA didn't allow viewing the attachment.

    In the end I phoned the optician back, and they re-sent it in .pdf and
    all was well, it sounds like they were used to the encryption option
    failing, so why would they try to use it without at least asking
    something along the lines of "Do you use outlook/hotmail?"

    Anyone come across it?

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Bob Henson@q59qr3wnw@mozmail.com to alt.comp.os.windows-11 on Fri Jun 12 19:49:27 2026
    From Newsgroup: alt.comp.os.windows-11

    On 12/6/26 6:34 pm, Andy Burns wrote:
    I had never heard of MSIP viewer before today ...

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    "How's that supposed to work?" I wondered.

    I found the viewer client but there is no association between my home
    email (pure SMTP/IMAP) address and either the MSA I use when needed on
    this PC, or my work M365 account, and as suspected even signing in with
    MFA didn't allow viewing the attachment.

    In the end I phoned the optician back, and they re-sent it in .pdf and
    all was well, it sounds like they were used to the encryption option
    failing, so why would they try to use it without at least asking
    something along the lines of "Do you use outlook/hotmail?"

    Anyone come across it?


    I've never seen it, but I found this page

    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/

    that explains it and how to deal with it. It can apparently only be
    used by Outlook users or those with a Microsoft account who are prepared
    to go through the hoops explained on the page above - not me, and I
    expect no-one else either. If a business wishes to encrypt its mail it
    should make sure that the recipient can read it first - or they will
    have very few customers left. Usually, firms use a scrambled file with a
    key known by, or previously securely sent to, the recipient.
    --
    Tetbury, Gloucestershire, UK
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Paul@nospam@needed.invalid to alt.comp.os.windows-11 on Fri Jun 12 15:01:48 2026
    From Newsgroup: alt.comp.os.windows-11

    On Fri, 6/12/2026 1:34 PM, Andy Burns wrote:
    I had never heard of MSIP viewer before today ...

    Phoned up my opticians to ask for a copy of my prescription, they offered to email it (without asking any details about my email setup) and what arrived was an encrypted attachment in .rpmsg format.

    "How's that supposed to work?" I wondered.

    I found the viewer client but there is no association between my home email (pure SMTP/IMAP) address and either the MSA I use when needed on this PC, or my work M365 account, and as suspected even signing in with MFA didn't allow viewing the attachment.

    In the end I phoned the optician back, and they re-sent it in .pdf and all was well, it sounds like they were used to the encryption option failing, so why would they try to use it without at least asking something along the lines of "Do you use outlook/hotmail?"

    Anyone come across it?


    There's more to it than that.

    A recipient must be a defined part of the domain where these things work.

    https://learn.microsoft.com/en-us/answers/questions/1164345/how-do-you-open-an-rpmsg-file

    In the Microsoft BUILD 2015, there was a presentation on a subsystem
    which would allow the military version of Windows 10 to have
    "Secret" and "Top Secret" items. And this could only work, if an IT
    person added the metadata, to define how to identify documents,
    which disk(s) were to be handled securely and so on. It was not
    the kind of thing that "just worked by itself, out of the box".

    Message Encryption

    Deploy Double Key Encryption

    Under all circumstances, only your organization can ever decrypt protected content or for
    regulatory requirements, you must hold encryption keys within a geographical boundary.
    Encrypts email messages and attached documents that are sent to any user on any device,
    so only authorized recipients can read emailed information.

    The .rpmsg format "might" work in the opticians office, when optician sends prescription to helper-bee-number-three, but sending the same thing to
    a customer isn't going to work, as they're not authorized. So in fact,
    it is "working as intended" and the intent is to be a "giant wall of failure". Which it has done in your case.

    It is up to the sender of such attachments, to "have a clue" :-)

    This is probably just some HIPAA package they bought :-)
    Which didn't come with training.

    The New Outlook doesn't support it, but some legacy Outlook
    might have at least "handled" it.

    It's like when the city digs a hole in the street, doesn't
    put up barriers, and a few pedestrians fall in. Working
    as intended. I ran into a situation like this, within the
    last two weeks on my "main road". Out of the blue, they
    had dug up the street. It did not have the look of a
    water main break (where you get piles of gravel, and
    heavy machines are left around the hole). Two police cars
    with flashing lights, were turning cars around and
    sending them away, and if it were not for the police cars,
    there would have been "stuff, in the hole". Like, they didn't
    even use the portable wooden barriers, as a "visual hint" of the
    danger. No fucking cones. Just seeing police cars around here, does not immediately imply "stop!". We quite often plonk police cars
    with flashing lights, with nobody in them, so no one suspects
    there is a reason to "stop!".

    Well, this is similar. You have received a message attachment,
    which could not possibly work, so now "please fall into the hole
    as intended, thank you" :-)

    Paul
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Daniel70@daniel47@nomail.afraid.org to alt.comp.os.windows-11 on Sat Jun 13 19:51:02 2026
    From Newsgroup: alt.comp.os.windows-11

    On 13/06/2026 4:49 am, Bob Henson wrote:
    On 12/6/26 6:34 pm, Andy Burns wrote:
    I had never heard of MSIP viewer before today ...

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    "How's that supposed to work?" I wondered.

    I found the viewer client but there is no association between my home
    email (pure SMTP/IMAP) address and either the MSA I use when needed on
    this PC, or my work M365 account, and as suspected even signing in with
    MFA didn't allow viewing the attachment.

    In the end I phoned the optician back, and they re-sent it in .pdf and
    all was well, it sounds like they were used to the encryption option
    failing, so why would they try to use it without at least asking
    something along the lines of "Do you use outlook/hotmail?"

    Anyone come across it?

    I've never seen it, but I found this page

    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/

    -athat explains it and how to deal with it. It can apparently only be
    used by Outlook users or those with a Microsoft account who are prepared
    to go through the hoops explained on the page above-a - not me, and I
    expect no-one else either. If a business wishes to encrypt its mail it should make sure that the recipient can read it first - or they will
    have very few customers left. Usually, firms use a scrambled file with a
    key known by, or previously securely sent to, the recipient.

    Could it be a program used between one optician and another optician to transfer Customer Data??
    --
    Daniel70
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Andy Burns@usenet@andyburns.uk to alt.comp.os.windows-11 on Sat Jun 13 11:01:44 2026
    From Newsgroup: alt.comp.os.windows-11

    Daniel70 wrote:

    Bob Henson wrote:
    Andy Burns wrote:

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    I found this page
    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/

    that explains it and how to deal with it. It can apparently only be
    used by Outlook users or those with a Microsoft account

    Could it be a program used between one optician and another optician to transfer Customer Data??

    Oh no, the optician is the dominant UK high-street chain, and they were
    well aware I was a customer, rather than some other optician.

    Even though there's nothing amazingly sensitive in the .pdf, I can sort
    of understand it'd be good to encrypt it, except there's zero hope of it working without anyone actively setting up the encryption keys.

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Paul@nospam@needed.invalid to alt.comp.os.windows-11 on Sat Jun 13 13:13:20 2026
    From Newsgroup: alt.comp.os.windows-11

    On Sat, 6/13/2026 6:01 AM, Andy Burns wrote:
    Daniel70 wrote:

    Bob Henson wrote:
    Andy Burns wrote:

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    I found this page
    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/

    that explains it and how to deal with it. It can apparently only be used by Outlook users or those with a Microsoft account

    Could it be a program used between one optician and another optician to transfer Customer Data??

    Oh no, the optician is the dominant UK high-street chain, and they were well aware I was a customer, rather than some other optician.

    Even though there's nothing amazingly sensitive in the .pdf, I can sort of understand it'd be good to encrypt it,
    except there's zero hope of it working without anyone actively setting up the encryption keys.

    It would be a HIPPA requirement or a HIPPA-like requirement.

    It's not a surprise the information is protected. The
    surprise is the individual doing it, not knowing where
    the information is going. Maybe the attachment could be
    read by a registered practitioner ? But then that packaging
    scheme is likely to only work for a single ("addressed") practitioner.

    Paul


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Andy Burns@usenet@andyburns.uk to alt.comp.os.windows-11 on Sat Jun 13 18:32:27 2026
    From Newsgroup: alt.comp.os.windows-11

    Paul wrote:

    Andy Burns wrote:

    Even though there's nothing amazingly sensitive in the .pdf, I can sort of understand it'd be good to encrypt it,
    except there's zero hope of it working without anyone actively setting up the encryption keys.

    It would be a HIPPA requirement or a HIPPA-like requirement.

    It's not a surprise the information is protected. The
    surprise is the individual doing it, not knowing where
    the information is going. Maybe the attachment could be
    read by a registered practitioner ? But then that packaging
    scheme is likely to only work for a single ("addressed") practitioner.
    The file wrapped in the encryption is just a pdf, containing "standard" prescription info which I've always had on paper before, it's a legal requirement they give it to you.

    <https://www.onlineopticiansuk.com/downloads/63977a8737a78359Specsavers_Glasses_Prescription_Example.jpg>


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Gordon@Gordon@leaf.net.nz to alt.comp.os.windows-11 on Sun Jun 14 04:16:24 2026
    From Newsgroup: alt.comp.os.windows-11

    On 2026-06-12, Bob Henson <q59qr3wnw@mozmail.com> wrote:
    On 12/6/26 6:34 pm, Andy Burns wrote:
    I had never heard of MSIP viewer before today ...

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    "How's that supposed to work?" I wondered.

    I found the viewer client but there is no association between my home
    email (pure SMTP/IMAP) address and either the MSA I use when needed on
    this PC, or my work M365 account, and as suspected even signing in with
    MFA didn't allow viewing the attachment.

    In the end I phoned the optician back, and they re-sent it in .pdf and
    all was well, it sounds like they were used to the encryption option
    failing, so why would they try to use it without at least asking
    something along the lines of "Do you use outlook/hotmail?"

    Anyone come across it?


    I've never seen it, but I found this page

    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/

    that explains it and how to deal with it. It can apparently only be
    used by Outlook users or those with a Microsoft account who are prepared
    to go through the hoops explained on the page above - not me, and I
    expect no-one else either. If a business wishes to encrypt its mail it should make sure that the recipient can read it first - or they will
    have very few customers left. Usually, firms use a scrambled file with a
    key known by, or previously securely sent to, the recipient.


    If something is sent encrypted it needs to be decrpted by the receiver to be
    of any use. It is a good idea for the company to check that the customer can unencrypt the message.

    I would have excepted that the encrypted file would be sent as an attachment which the customers could decrpyt.

    There is some inconvience in getting things set up, which causes uptake to
    be almost nil.

    The issue is how to send the decryption key is s secure way.

    Anhow good on the company using encryption, even though it was likely not
    able to be used practically.


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Gordon@Gordon@leaf.net.nz to alt.comp.os.windows-11 on Sun Jun 14 04:28:59 2026
    From Newsgroup: alt.comp.os.windows-11

    On 2026-06-13, Andy Burns <usenet@andyburns.uk> wrote:
    Daniel70 wrote:

    Bob Henson wrote:
    Andy Burns wrote:

    Phoned up my opticians to ask for a copy of my prescription, they
    offered to email it (without asking any details about my email setup)
    and what arrived was an encrypted attachment in .rpmsg format.

    I found this page
    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/

    that explains it and how to deal with it. It can apparently only be
    used by Outlook users or those with a Microsoft account

    Could it be a program used between one optician and another optician to
    transfer Customer Data??

    Oh no, the optician is the dominant UK high-street chain, and they were
    well aware I was a customer, rather than some other optician.

    You have not responed to the question. Could encrypting be done for the transfer of files between opticans?


    Even though there's nothing amazingly sensitive in the .pdf, I can sort
    of understand it'd be good to encrypt it, except there's zero hope of it working without anyone actively setting up the encryption keys.

    There are many encryption methods, which is part of the issue.

    There is also the public/private keys system. You give you public key to the optican and they encode your file with the public key and on return to you
    you can unencrypt the file with you private key.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Gordon@Gordon@leaf.net.nz to alt.comp.os.windows-11 on Sun Jun 14 04:35:00 2026
    From Newsgroup: alt.comp.os.windows-11

    On 2026-06-13, Andy Burns <usenet@andyburns.uk> wrote:
    Paul wrote:

    Andy Burns wrote:

    Even though there's nothing amazingly sensitive in the .pdf, I can sort of understand it'd be good to encrypt it,
    except there's zero hope of it working without anyone actively setting up the encryption keys.

    It would be a HIPPA requirement or a HIPPA-like requirement.

    It's not a surprise the information is protected. The
    surprise is the individual doing it, not knowing where
    the information is going. Maybe the attachment could be
    read by a registered practitioner ? But then that packaging
    scheme is likely to only work for a single ("addressed") practitioner.
    The file wrapped in the encryption is just a pdf, containing "standard" prescription info which I've always had on paper before, it's a legal requirement they give it to you.

    <https://www.onlineopticiansuk.com/downloads/63977a8737a78359Specsavers_Glasses_Prescription_Example.jpg>

    Yes, it has been paid for.

    The info on that subscription is of no great value on its own, it is when it
    is connected to a person that it comes more valuable.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Andy Burns@usenet@andyburns.uk to alt.comp.os.windows-11 on Sun Jun 14 09:02:49 2026
    From Newsgroup: alt.comp.os.windows-11

    Gordon wrote:

    You have not responed to the question. Could encrypting be done for the transfer of files between opticans?

    No, the file was not a transfer between opticians (or their systems) it
    was as a result of me speaking to my optician and requesting a copy of
    my prescription be sent to me.

    Even though there's nothing amazingly sensitive in the .pdf, I can sort
    of understand it'd be good to encrypt it, except there's zero hope of it
    working without anyone actively setting up the encryption keys.

    There are many encryption methods, which is part of the issue.

    Not many companies use encryption when dealing with Joe Public, I can
    think of insurance companies, who typically send a password protected
    .zip file using my date of birth allow viewing the policy, or pension companies who have used my national insurance number in a similar way (thankfully I know it by heart).

    There is also the public/private keys system. You give you public key to the optican and they encode your file with the public key and on return to you you can unencrypt the file with you private key.

    I know the hassle of acquiring and exchanging keys securely, no company
    has ever offered to me to use a public/private scheme. I did setup PGP
    back in the last century, but never used it in anger with anyone, I
    think I'd get odd-looks from my friends if I tried.

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Andy Burns@usenet@andyburns.uk to alt.comp.os.windows-11 on Sun Jun 14 09:07:20 2026
    From Newsgroup: alt.comp.os.windows-11

    Gordon wrote:

    If something is sent encrypted it needs to be decrpted by the receiver to be of any use. It is a good idea for the company to check that the customer can unencrypt the message.

    No such check was made.

    I would have excepted that the encrypted file would be sent as an attachment which the customers could decrpyt.

    I played along as far as I was willing, maybe there was some automagic mechanism that allows an MSA to setup encryption keys, but if there was
    it would make a mockery of Diffie-Hellman ...

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Daniel70@daniel47@nomail.afraid.org to alt.comp.os.windows-11 on Sun Jun 14 19:15:51 2026
    From Newsgroup: alt.comp.os.windows-11

    On 14/06/2026 3:13 am, Paul wrote:
    On Sat, 6/13/2026 6:01 AM, Andy Burns wrote:
    Daniel70 wrote:
    Bob Henson wrote:
    Andy Burns wrote:

    Phoned up my opticians to ask for a copy of my prescription,
    they offered to email it (without asking any details about
    my email setup) and what arrived was an encrypted attachment
    in .rpmsg format.

    I found this page
    https://www.shoviv.com/blog/what-is-an-rpmsg-file-and-how-do-i-open-it/ >>>>
    that explains it and how to deal with it. It can apparently only be
    used by Outlook users or those with a Microsoft account

    Could it be a program used between one optician and another
    optician to transfer Customer Data??

    Oh no, the optician is the dominant UK high-street chain, and they
    were well aware I was a customer, rather than some other optician.

    Even though there's nothing amazingly sensitive in the .pdf, I can
    sort of understand it'd be good to encrypt it, except there's zero
    hope of it working without anyone actively setting up the
    encryption keys.

    It would be a HIPPA requirement or a HIPPA-like requirement.

    It's not a surprise the information is protected. The surprise is
    the individual doing it, not knowing where the information is going.
    Maybe the attachment could be read by a registered practitioner ?
    But then that packaging scheme is likely to only work for a single ("addressed") practitioner.

    Paul

    That was, sort of, what I was trying to suggest, i.e. you have
    your eyes tested at Optician A but then you take your percription to
    Optician B to have the glasses produced.
    In my case, I had my eyes tested at a local'ish Optician .... but they
    ONLY offered glasses with a full lens, but as I'm looking to look OVER
    the glasses to view my T.V., I only wanted half-lenses which they don't do.

    Next year, I'll get my eyes tested ... and then take my prescription to
    a shop/firm that DOES do half glasses!! ... or that's my plan. ;-P
    --
    Daniel70
    --- Synchronet 3.22a-Linux NewsLink 1.2