• Trang chủ
• Đánh giá và Lập kế hoạch

Protect the privacy of your online communications

Cập nhật 19 June 2025

Each communication method, digital or otherwise, comes with advantages and disadvantages in terms of convenience, popularity, cost and security, among other considerations. It's up to each of us to weigh the benefits and risks of the methods we use to communicate. When our risks are higher, it is wise to choose our communication tools more deliberately.

This guide illustrates the steps needed to create and implement a communication plan as well as specific best practices aimed at protecting your privacy and sensitive information when communicating with others online.

Map your communications and make a plan to protect them

Assess the sensitivity level of your communications

• Map the current landscape of your communications: who is communicating with whom? What communications channels are you using? What kind of information are you sharing? In what forms? Are you sharing all information over one channel, or are you using different channels for different kinds of communications?
• Ask yourself what would happen if information you need to share was compromised, lost or exposed.
  • Can this information be disclosed to anyone or is it important to keep it restricted to a certain group of people?
  • What would happen if these contents were disclosed to a larger audience?
  • What would happen if the authorities wanted to access your communications? What would happen if they succeded?
  • What would happen if the authorities learned whom you are communicating with?
  • If you are communicating with a group, consider all members will be exposed to the risks of the most at-risk participants - are they all aware of this risk, and is it acceptable for them to be exposed to it?
• Rethink your communications based on their sensitivity level.
  • A tool used to categorize information according to its sensitivity level is the Traffic Light Protocol, which offers a scheme to decide whom each kind of information can be shared with and through which channels it can be shared.
• Decide how you will protect the most sensitive communications.
  • Ask yourself if you can use separate communication channels depending on the sensitivity of the information you need to share and on the level of protection offered by the communication tools you use or will start using.
  • Make a plan with your recipients on what communications tools you should use to exchange this information, how it should be encrypted while it is stored in your devices, how long this information should be kept in your devices and when and how it should be securely deleted.

Reflect on who you need to share sensitive information with

• Decide whether the information you are sharing should be restricted to the people you are writing to or can be shared more widely.
  • If it is restricted to the recipients of your message, or anyway to a small group, consider using an end-to-end encrypted communication tool, as otherwise other people (for example anyone who can access the server) could access this information.
  • If it can be accessed by anyone, you can use any tool to share it, but remember to still protect your identity and your rights as an author, as well as the integrity of your contents. Also make sure to read the terms of service of the platform you use, as your communications could be shared with third parties for commercial reasons.

Analyze your needs and capacities

Ask yourself the following questions to decide what communication channel you should use to share sensitive information with others.

• Should the participants' identity be kept secret from the administrators and other people who may have access to the servers and logs of your communication tool?
  • If you need to protect participants' identity, look for communications tools that can be registered without a phone number and accept registration over anonymous connections.
  • Read more on how to anonymize your connections and communications.
• Do you need to communicate in real time or can you wait a bit before you receive replies?
  • Consider that often real-time communications are more immediate (and not very reflected), while slower communication tools (especially email) make it possible to store and archive communications in a more systematic way.
  • If you need to communicate in real time, you can use messaging apps or video conferencing tools.
  • If you need to organize your communications, consider relying on encrypted email.
• What do you need to send? Do you need to just write text or exchange content in other formats?
  • You may need to attach files to your messages (like images, videos or PDFs, for example). In such case, also reflect on the security implications of attachments, as some file types may be infected with viruses.
  • In some cases it might be a better idea to just communicate through email or secure text messages and upload files to a file storage platform instead. This may be useful, for example, if your files are heavy or if you would like to organize these files by topic so you can find them quickly also at a later stage.
  • You may find voice messages quicker to send and receive, but remember that you cannot go quickly through their content or look for this information through a text search.
• Do you prefer to write or would a call, or a video conference, work better for your current needs?
  • If you need to build trust among participants, or to promote an empathetic conversation, it may be better to organize an audio or video call, but if you need to keep a record of these communications make sure to take notes during the meeting.
• Do you need to access these communications both on computers and phones? What operating systems are you and your interlocutors using?
  • While most communications tools are available for all operating systems, some tools are easier to use on a mobile device while others are more suited for larger screens. Ask yourself whether all people involved will have suitable devices to follow the conversation.
• What kind of communications tools do your interlocutors use? Would they have the capacity to learn how to use a different communications tool?
  • Do your interlocutors have the capacity to secure their devices and communication channels?
  • Do your interlocutors have specific security needs or requirements?
  • Do your interlocutors have access to a reliable and fast internet connection?
• What's your budget for your communication tools? Can you self-host your communication platform/s?
  • If you need to share very sensitive information but cannot use end-to-end encrypted communications tools (for example because you need to share this information in a group video call), consider using a platform that runs on a server managed by your organization or by someone you deeply trust.

Keep in mind some basic security measures

• When choosing between different platforms that can satisfy your needs, if possible include the availability of 2-factor authentication among the factors that will influence your decision.
• Whatever tool you decide to use, always make sure that HTTPS/TLS is enabled.
  • Check that your email provider uses TLS by running a test on checktls.com.
  • If you access your communication platform through a browser, make sure you are accessing the service through HTTPS.
  • If you access your communication tool through an app, check out the documentation of the service you are using to make sure they encrypt your connections through TLS.
• If a communication tool promises to encrypt your communications, check if they actually offer end-to-end encryption and if the encryption technology they use is free and open-source.
  • Note that sometimes platforms promoting encrypted communications are only offering TLS-based client-to-server encryption, not end-to-end encryption.

Define a communication plan

Based on the answers you've given to the above questions and to the basic security measures recommended in this section, you can establish and rehearse a communication plan for yourself and your community, so you are able to keep sharing crucial information and take care of each other in moments of stress or crisis.

• Define your own Traffic Light Protocol (TLP), to decide what sensitive information can be shared with whom, in what forms and over which communication channel. See for example CIRCL's Traffic Light Protocol to understand how this works.
  • When defining your TLP, remember that the easiest way to keep others from learning sensitive information is to not send or say it.
  • For example, plan not to send messages when someone is traveling through border crossings, or in detention.
  • Consider developing code language you can use to avoid openly mentioning names, addresses, specific actions, etc.
• Talk to your contacts. Propose, discuss and agree upon a specific plan for how you are (and are not) going to communicate. Include:
  • known risks,
  • apps and services you will and will not use,
  • steps you will take if something goes wrong.
• Consider informal steps you can take, including:
  • exchanging alternative backup contacts on secure communication tools (e.g. email addresses, other chat services),
  • sharing a list of emergency contacts.
• Consider more formal steps you can take.
  • For example, specify a security policy describing among other things supported communication methods, allowed data storage services and information retention.
• Rehearse your communication plan.

Create multiple identities

Consider creating alternative online identities to separate your communications based on levels of trust.

• Learn why you would want to create multiple online identities, and how to manage and protect them.

Protect and anonymize your connections

• Learn how to browse more securely to protect your online activities from people who want to see what you are doing on services you access through your web browser.
• Learn how to anonymize your connections and communications to achieve a specific goal without leaving any traces, especially if you are in a high-risk situation where a connection between what you do online and your identity may compromise your freedom and wellbeing.
  • If you are thinking of anonymizing your connections, consider that in some countries some anonymity tools are illegal or can be interpreted as a sign that you are doing something wrong. In such cases ask yourself if you could find other ways of reaching your goals, for example by using methods that don't require accessing the internet.

Use email more safely

• Learn how to secure your email communications.

Use messaging apps more safely

• Learn how to use chat apps more securely

Take identifying information out of your photos and other files

• Learn how to remove identifying information out of your photos, videos, PDFs and other files.