You should use Signal and ProtonMail to communicate online.
Tools you should use to communicate.
The following tools have high security standards and are generally trusted by most independent computer security professionals.
Signal for secure instant messaging and phone calls.
Signal is an instant messenger available on Android, iOS, Mac OSX, Windows, and Linux. Signal is developed by a non-profit foundation that releases the underlying source code and designs for independent computer security professionals to audit and approve.
ProtonMail is a provider of end-to-end encrypted email. It has one of the strongest reputations for security in the industry.
Many journalists have a public-facing ProtonMail email address for new sources to contact them. If you want to email someone that had a ProtonMail email address, you should email them from another ProtonMail account. Emails between ProtonMail users are end-to-end encrypted and cannot even be read by ProtonMail employees. Whereas if you send an email to a ProtonMail user from an unencrypted email service like Gmail, then your email provider (and law enforcement) can still read what you sent.
Tools you should NOT use to communicate.
This below list is incomplete. No matter what, you should stick to communicating with Signal and ProtonMail whenever possible.
You should treat phone calls on telephone networks as unencrypted. Assume the government or someone else is listening. Even if you think that nobody is listening to your phone calls, it is entirely possible that the person you are calling is under surveillance.
You should also assume that your adversary will be able to obtain the metadata of your phone call:
Who you called
When you called them
The cell phone towers connecting you, which provide a rough location of where the callers were.
Traditional email services like Gmail are not end-to-end encrypted. Your browser may have an encrypted connection to Gmail, and Gmail uses encryption to send the email to your recipient, but your email exists unencrypted on their mail servers. Law enforcement can request access to these emails.
It is possible to layer on additional encryption with tools like Pretty Good Privacy (PGP) or S/MIME, but using these tools is typically far more complicated than just using Signal instead.
If you must use email, ProtonMail is an email provider with a reputation for security.
Social network direct messaging
The messaging tools from Facebook, Twitter, Instagram, Snapchat, and WeChat are typically not end-to-end encrypted. Employees of these social networks and law enforcement may be able to see what you send.
However, Signal is run by a foundation that publicizes the source code and designs for Signal so they can be independently audited by security researchers. WhatsApp uses some of the same technologies, but WhatsApp itself cannot be audited in the same way. Because of this, nearly all security researchers advise people to use Signal instead.
iMessage is a messaging service offered by Apple for users of their devices. Apple has historically had a strong stance on security and they claim that iMessage conversations are end-to-end encrypted, but iMessages has several problems:
iMessage is not available for non-Apple phones. iMessage falls back to sending an insecure SMS in this case.
iMessage is a proprietary system that is not easily audited by the security community.