Egress Email - Yay or Nay?

Hey there! So I’m using email a lot with my colleagues, for everything sensitive, and it pains me because email is inherently insecure. What do you think of services such as Egress Secure Email?

I like that it’s really wide spread, as it basically doesn’t matter who you’re with, everyone has an email address, especially in the professional world. What I don’t like is that it’s probably closed source, I don’t fully understand their business model, I haven’t read their terms and conditions (who does?) and there’s no 2FA option besides “We’ll send you an email to verify who you are with a link” which in my eyes kind of defeats the purpose of a “secure” email add-on service?

Interested to hear your thoughts as I’m not sure whether to encourage more people to use it or whether to just stick to email because at least that way I can search through correspondence history - with this service (as you’ll see if you test it out), that kind of goes away.

I did. From reading their Privacy Policy, and their legal page. I’m not a lawyer, but from what I could gather:

  1. They do collect… pretty much EVERYTHING they can get ahold of.
  2. They’re based in the UK, which has some draconian privacy laws.
  3. They use encryption… but don’t mention what kind. From reading I THINK this is negotiable, along with other safeguards, like physical locks.
  4. They currently claim not to sell, rent, or otherwise share data to 3rd parties… unless those parties are Government entities.
  5. They claim their staff, contractors, etc has access to your data. They also claim that they’re properly trained… but who doesnt.
  6. Data retention details can be found in a pdf document, found on their Legal page. Long story short, they hold your data anywhere from 30 calendar days up to 50 years. Note that every time you use their service, the data retention period can be renewed.

Honestly, this isn’t a privacy product. It’s not even trying to be one. It’s a security product. Would I use where I work? Absolutely not. Without knowing what deal your company has made with them, I wouldn’t say anything you wouldn’t say to a stranger.

Basically what Blurb has already said.

Unfortunately, email and security just don’t go together.

I don’t know the nature of your communication, whether it’s work or personal. It sounds like work since you mention “colleagues”. More work convos dealing with sensitive data should happen over secure protocols imo, but if there is some corporate mandate demanding communication happen over email, I wouldn’t feel guilty since it’s just out of your hands.

If this is personal conversations, maybe try to work out an agreement where they could talk to you on something like Signal, even just say “hey I’m on signal if you’re on it” and see if you get any bites.