📋
Operational security for activists
  • Home - Operational security for activists
  • Mobile phone security
  • Secure digital communication
  • Email, online banking, and social media security
  • Running a pseudonymous social media account
  • WiFi security
  • Virtual Private Networks (VPNs) and Tor
  • Editing images for security
  • Laptop security
  • How the government tracks your location
  • Talking to journalists
  • Glossary
  • Further reading
Powered by GitBook
On this page
  • Tools you should use to communicate.
  • Signal for secure instant messaging and phone calls.
  • ProtonMail for secure email
  • Tools you should NOT use to communicate.
  • Telephone calls
  • SMS/text messaging
  • Traditional email
  • Social network direct messaging
  • Snapchat
  • Workplace messaging apps
  • Zoom
  • WhatsApp
  • iMessage

Secure digital communication

You should use Signal and ProtonMail to communicate online.

PreviousMobile phone securityNextEmail, online banking, and social media security

Last updated 4 years ago

Tools you should use to communicate.

The following tools have high security standards and are generally trusted by most independent computer security professionals.

Signal for secure instant messaging and phone calls.

is an instant messenger available on Android, iOS, Mac OSX, Windows, and Linux. Signal is developed by a non-profit foundation that releases the underlying source code and designs for independent computer security professionals to audit and approve.

ProtonMail for secure email

is a provider of end-to-end encrypted email. It has one of the strongest reputations for security in the industry.

Many journalists have a public-facing ProtonMail email address for new sources to contact them. If you want to email someone that had a ProtonMail email address, you should email them from another ProtonMail account. and cannot even be read by ProtonMail employees. Whereas if you send an email to a ProtonMail user from an unencrypted email service like Gmail, then your email provider (and law enforcement) can still read what you sent.

Tools you should NOT use to communicate.

This below list is incomplete. No matter what, you should stick to communicating with Signal and ProtonMail whenever possible.

Telephone calls

You should treat phone calls on telephone networks as unencrypted. Assume the government or someone else is listening. Even if you think that nobody is listening to your phone calls, it is entirely possible that the person you are calling is under surveillance.

You should also assume that your adversary will be able to obtain the metadata of your phone call:

  • Who you called

  • When you called them

  • The cell phone towers connecting you, which provide a rough location of where the callers were.

SMS/text messaging

Traditional email

Traditional email services like Gmail are not end-to-end encrypted. Your browser may have an encrypted connection to Gmail, and Gmail uses encryption to send the email to your recipient, but your email exists unencrypted on their mail servers. Law enforcement can request access to these emails.

Social network direct messaging

The messaging tools from Facebook, Twitter, Instagram, Snapchat, and WeChat are typically not end-to-end encrypted. Employees of these social networks and law enforcement may be able to see what you send.

Snapchat

Snapchat is known for being an easy way to send disappearing messages, but this does not make Snapchat secure for activists.

Workplace messaging apps

Slack, Discord, Google Meet, Microsoft Teams, and other apps are typically not end-to-end encrypted. Employees that make these apps as well as law enforcement may be able to see what you send.

Zoom

You should instead make video calls with Signal. However, as of this time of writing, Signal does not support group calling or screen sharing.

WhatsApp

However, Signal is run by a foundation that publicizes the source code and designs for Signal so they can be independently audited by security researchers. WhatsApp uses some of the same technologies, but WhatsApp itself cannot be audited in the same way. Because of this, nearly all security researchers advise people to use Signal instead.

iMessage

iMessage is a messaging service offered by Apple for users of their devices. Apple has historically had a strong stance on security and they claim that iMessage conversations are end-to-end encrypted, but iMessages has several problems:

  • iMessage is not available for non-Apple phones. iMessage falls back to sending an insecure SMS in this case.

  • iMessage is a proprietary system that is not easily audited by the security community.

Use Signal instead.

SMS is an incredibly insecure protocol, and should not be used for communicating. SMS messages are unencrypted and phone numbers are frequently subject to being stolen via . Popular Mechanics has a .

It is possible to layer on additional encryption with tools like or , but using these tools is typically far more complicated than just using Signal instead.

If you must use email, is an email provider with a reputation for security.

Facebook Messenger's Secret Conversations are an exception. , but it is difficult for independent security professionals to audit this. You should use Signal instead.

Snapchat promised that their messages disappear, but when it came out that they were storing messages after "disappearing." Recently, , but you should still stick to using Signal.

Slack's enterprise plan , but this system should not be considered resilient to law enforcement. Use Signal instead.

As of June 2020, the Zoom video chat app . This is partially to allow law enforcement access to these Zoom calls to cut down on illegal behavior on the Zoom platform.

WhatsApp is significantly more secure than most messengers. Under the hood, as Signal.

Signal
Download Signal for your computer or phone here.
ProtonMail
Emails between ProtonMail users are end-to-end encrypted
SIM-jacking
deep dive into the security issues around SMS
Pretty Good Privacy (PGP)
S/MIME
ProtonMail
Secret Conversations are presumably end-to-end encrypted
they got in trouble with the US Federal Trade Commission
Snapchat claims to have added end-to-end encryption
offers encryption key management
does not intend on offering end-to-end encryption for users on Zoom's free tier
it uses the same security protocols