Đánh giá và Lập kế hoạch › Protect the privacy of your online communications

Protect the privacy of your online communications

Cập nhật 19 June 2025

Mục lục

...Đang tải mục lục...

    Each communication method, digital or otherwise, comes with advantages and disadvantages in terms of convenience, popularity, cost and security, among other considerations. It's up to each of us to weigh the benefits and risks of the methods we use to communicate. When our risks are higher, it is wise to choose our communication tools more deliberately.

    This guide illustrates the steps needed to create and implement a communication plan as well as specific best practices aimed at protecting your privacy and sensitive information when communicating with others online.

    Map your communications and make a plan to protect them

    Assess the sensitivity level of your communications

    • Map the current landscape of your communications: who is communicating with whom? What communications channels are you using? What kind of information are you sharing? In what forms? Are you sharing all information over one channel, or are you using different channels for different kinds of communications?
    • Ask yourself what would happen if information you need to share was compromised, lost or exposed.
      • Can this information be disclosed to anyone or is it important to keep it restricted to a certain group of people?
      • What would happen if these contents were disclosed to a larger audience?
      • What would happen if the authorities wanted to access your communications? What would happen if they succeded?
      • What would happen if the authorities learned whom you are communicating with?
      • If you are communicating with a group, consider all members will be exposed to the risks of the most at-risk participants - are they all aware of this risk, and is it acceptable for them to be exposed to it?
    • Rethink your communications based on their sensitivity level.
      • A tool used to categorize information according to its sensitivity level is the Traffic Light Protocol, which offers a scheme to decide whom each kind of information can be shared with and through which channels it can be shared.
    • Decide how you will protect the most sensitive communications.
      • Ask yourself if you can use separate communication channels depending on the sensitivity of the information you need to share and on the level of protection offered by the communication tools you use or will start using.
      • Make a plan with your recipients on what communications tools you should use to exchange this information, how it should be encrypted while it is stored in your devices, how long this information should be kept in your devices and when and how it should be securely deleted.
    Learn why we recommend this

    Sensitive information is any kind of content (documents, calendar dates, pictures, videos, voice notes, emails, chat messages, etc.) that, if compromised, lost, or exposed, could:

    • disrupt work continuity (for example through the loss of irreplaceable files critical to operations),
    • endanger individuals (colleagues, allies, donors) through identification or contextual details,
    • enable impersonation or reputational harm (for example because login credentials or private communications are accessed by unauthorized third parties),
    • violate laws in specific jurisdictions (for example copyrighted material, explicit content, etc.).

    Sensitive information requires careful protection to mitigate legal, operational and personal risks. Answer the questions in this section to make a plan on how to protect your most sensitive information.

    Reflect on who you need to share sensitive information with

    • Decide whether the information you are sharing should be restricted to the people you are writing to or can be shared more widely.
      • If it is restricted to the recipients of your message, or anyway to a small group, consider using an end-to-end encrypted communication tool, as otherwise other people (for example anyone who can access the server) could access this information.
      • If it can be accessed by anyone, you can use any tool to share it, but remember to still protect your identity and your rights as an author, as well as the integrity of your contents. Also make sure to read the terms of service of the platform you use, as your communications could be shared with third parties for commercial reasons.

    Analyze your needs and capacities

    Ask yourself the following questions to decide what communication channel you should use to share sensitive information with others.

    • Should the participants' identity be kept secret from the administrators and other people who may have access to the servers and logs of your communication tool?
    • Do you need to communicate in real time or can you wait a bit before you receive replies?
      • Consider that often real-time communications are more immediate (and not very reflected), while slower communication tools (especially email) make it possible to store and archive communications in a more systematic way.
      • If you need to communicate in real time, you can use messaging apps or video conferencing tools.
      • If you need to organize your communications, consider relying on encrypted email.
    • What do you need to send? Do you need to just write text or exchange content in other formats?
      • You may need to attach files to your messages (like images, videos or PDFs, for example). In such case, also reflect on the security implications of attachments, as some file types may be infected with viruses.
      • In some cases it might be a better idea to just communicate through email or secure text messages and upload files to a file storage platform instead. This may be useful, for example, if your files are heavy or if you would like to organize these files by topic so you can find them quickly also at a later stage.
      • You may find voice messages quicker to send and receive, but remember that you cannot go quickly through their content or look for this information through a text search.
    • Do you prefer to write or would a call, or a video conference, work better for your current needs?
      • If you need to build trust among participants, or to promote an empathetic conversation, it may be better to organize an audio or video call, but if you need to keep a record of these communications make sure to take notes during the meeting.
    • Do you need to access these communications both on computers and phones? What operating systems are you and your interlocutors using?
      • While most communications tools are available for all operating systems, some tools are easier to use on a mobile device while others are more suited for larger screens. Ask yourself whether all people involved will have suitable devices to follow the conversation.
    • What kind of communications tools do your interlocutors use? Would they have the capacity to learn how to use a different communications tool?
      • Do your interlocutors have the capacity to secure their devices and communication channels?
      • Do your interlocutors have specific security needs or requirements?
      • Do your interlocutors have access to a reliable and fast internet connection?
    • What's your budget for your communication tools? Can you self-host your communication platform/s?
      • If you need to share very sensitive information but cannot use end-to-end encrypted communications tools (for example because you need to share this information in a group video call), consider using a platform that runs on a server managed by your organization or by someone you deeply trust.

    Keep in mind some basic security measures

    • When choosing between different platforms that can satisfy your needs, if possible include the availability of 2-factor authentication among the factors that will influence your decision.
    • Whatever tool you decide to use, always make sure that HTTPS/TLS is enabled.
    • If a communication tool promises to encrypt your communications, check if they actually offer end-to-end encryption and if the encryption technology they use is free and open-source.
      • Note that sometimes platforms promoting encrypted communications are only offering TLS-based client-to-server encryption, not end-to-end encryption.
    Learn why we recommend this

    Most online services, including email providers and chat apps, protect your messages with client-to-server encryption (using HTTPS/TLS) as they go from your device, through your local router and your ISP, to your provider's servers. This stops anyone eavesdropping on your local network or on the wires that lead from your device to the providers and to your recipient's devices from reading your messages. That's why we recommend communication platforms that, among other things, encrypt email in transit through TLS.

    However, your messages remain unencrypted when they are stored on the platform's servers as well as on the recipient's device. This means someone with access to the servers can read your communications. Therefore we strongly recommend you to consider using end-to-end encrypted services, especially if the information you need to share is particularly sensitive.

    In some cases, for example for video conference tools that can be used by larger groups, end-to-end encryption is almost never available. If you cannot find a communication platform that satisfies all your needs and also offers end-to-end encryption, consider using a service hosted by an entity you trust, or self-hosting it on your own server if you can afford that and you have technical expertise to manage a secure server.

    Define a communication plan

    Based on the answers you've given to the above questions and to the basic security measures recommended in this section, you can establish and rehearse a communication plan for yourself and your community, so you are able to keep sharing crucial information and take care of each other in moments of stress or crisis.

    • Define your own Traffic Light Protocol (TLP), to decide what sensitive information can be shared with whom, in what forms and over which communication channel. See for example CIRCL's Traffic Light Protocol to understand how this works.
      • When defining your TLP, remember that the easiest way to keep others from learning sensitive information is to not send or say it.
      • For example, plan not to send messages when someone is traveling through border crossings, or in detention.
      • Consider developing code language you can use to avoid openly mentioning names, addresses, specific actions, etc.
    • Talk to your contacts. Propose, discuss and agree upon a specific plan for how you are (and are not) going to communicate. Include:
      • known risks,
      • apps and services you will and will not use,
      • steps you will take if something goes wrong.
    • Consider informal steps you can take, including:
      • exchanging alternative backup contacts on secure communication tools (e.g. email addresses, other chat services),
      • sharing a list of emergency contacts.
    • Consider more formal steps you can take.
      • For example, specify a security policy describing among other things supported communication methods, allowed data storage services and information retention.
    • Rehearse your communication plan.
    Learn why we recommend this

    In a crisis, we do not think as clearly, and we may have to act fast. We may make decisions that endanger us. Defining a communication plan can help us prevent emergencies and can contribute to our safety even in critical situations.

    Create multiple identities

    Consider creating alternative online identities to separate your communications based on levels of trust.

    Learn why we recommend this

    Using different identities for each of your activities can help mitigate threats like political or economic retribution for what you do online.

    Protect and anonymize your connections

    • Learn how to browse more securely to protect your online activities from people who want to see what you are doing on services you access through your web browser.
    • Learn how to anonymize your connections and communications to achieve a specific goal without leaving any traces, especially if you are in a high-risk situation where a connection between what you do online and your identity may compromise your freedom and wellbeing.
      • If you are thinking of anonymizing your connections, consider that in some countries some anonymity tools are illegal or can be interpreted as a sign that you are doing something wrong. In such cases ask yourself if you could find other ways of reaching your goals, for example by using methods that don't require accessing the internet.
    Learn why we recommend this

    Using the Tor Browser or other anonymity tools allows you to visit websites without disclosing to the website who you are or where you are from. Note that if you log in to a website or service with your usual account while doing so, you will still be sharing your account information (and potentially personal information) with the platform you are using.

    Use email more safely

    Learn why we recommend this

    Although many people use email only rarely, and prefer to use encrypted chat apps or video calls for their everyday communications, we still use email for many different reasons, for example to create other online accounts and to organize our work and conversations.

    By default, email is not the most secure method of online communication, since it is not encrypted, carries a lot of metadata, persists on the providers' servers and can expose you to phishing, malware infections and other attacks. Still, it is a resilient technology that will ensure the continuity of communications even if servers stop functioning for a while, so it's worth learning how to use it in the safest way possible.

    Take identifying information out of your photos and other files

    Learn why we recommend this

    It may seem like simply using a face blur feature or covering sensitive details will protect the people or places in your images. However, there are some ways of saving edited photos which do not stop someone who has the file from seeing what you were trying to hide.

    All files contain invisible information called metadata that can provide details on when they were created, as well as where, by whom, with what device and so on. You can usually get a look at some of this metadata by right-clicking a file and selecting "Properties" or "Get info." Read the guide linked in this section to learn how to visualize and remove sensitive information from the metadata in the files you want to share with others.