Security of Data in Transit
Resources for securing the data you exchange with others.
Last updated: APRIL 2019
- BROWSING
- CIRCUMVENTION AND OBFUSCATION SERVICES
- COLLABORATING AND TEAMWORK
- EMAILING
- MESSAGING
- SENDING LARGE FILES
- VIDEO-CONFERENCING
BROWSING
DuckDuckGo
WHAT: Privacy-enhancing search engine and browser for mobile and desktop.
USEFUL FOR: Making private searches and browsing online. Good alternative to Google, Bink and other commercial search engines that harvest user data.
PLATFORM: iOS, Android, website and cross-platform browser add-on.
COST: Free.
DIFFICULTY: Easy.
LIMITS: Using a privacy-enhancing search engine will NOT make you anonymous as it does not protect you against tracking by your internet service provider or some governments.
LEARN MORE: Security Planner’s Advanced Anonymity Guide provides some useful advice on ways to enhance your anonymity online.
Firefox Multi-Account Containers
WHAT: A Firefox extension.
USEFUL FOR: Having greater control over your browsing habit. The extension separates cookies by “container”, allowing you to use the web with multiple identities or accounts simultaneously.
PLATFORM: Works on desktop, across platforms.
COST: Free
DIFFICULTY: Easy
Google Analytics Opt-out
WHAT: Browser extension.
USEFUL FOR: To prevent your data from being used by Google Analytics.
PLATFORM: Works in desktop. Available for Google Chrome, Mozilla Firefox, Apple Safari and Opera.
COST: Free.
DIFFICULTY: Easy.
HTTPS Everywhere
WHAT: Browser extension.
USEFUL FOR: Making sure major websites encrypt your communications, especially when you input sensitive data such as your account password.
PLATFORM: Works in desktop and mobile. Available for Google Chrome, Mozilla Firefox, Opera, and Android.
COST: Free
DIFFICULTY: Easy
Orbot and Orfox
WHAT: Mobile apps.
USEFUL FOR: Channelling your Android mobile’s entire internet connection through the Tor network. Tor provides greater anonymity online.
PLATFORM: Android.
COST: Free.
DIFFICULTY: Medium.
LIMITS: May slow down your internet connection.
LEARN MORE: What’s the Tor network and how it works.
Privacy Badger
WHAT: Browser add-on.
USEFUL FOR: Blocking invisible trackers.
PLATFORM: Available for desktop and mobile: Google Chrome, Mozilla Firefox, Opera and Android.
COST: Free.
DIFFICULTY: Easy.
Site Isolation
WHAT: A Chrome browser setting that protects against known security bugs in browsers. It forces Chrome to load each website in its own process. This stops a site from stealing your data from another website.
USEFUL FOR: Protecting your browsing activity from snooping by websites such as Facebook.
PLATFORM: Works on Chrome.
COST: Free
DIFFICULTY: Medium
LIMITS: Turning on site isolation may slightly slow down your Chrome browser. It may also cause some websites not to function properly.
LEARN MORE about site isolation.
StartPage
WHAT: Privacy-enhancing search engine.
USEFUL FOR: Making private searches and browsing online. Good alternative to Google, Bink and other commercial search engines that harvest user data.
PLATFORM: Website. Cross-platform.
COST: Free
DIFFICULTY: Easy
LIMITS: Using a privacy-enhancing search engine will NOT make you anonymous as it does not protect you against tracking by your internet service provider or some governments.
LEARN MORE: Security Planner’s Advanced Anonymity Guide provides some useful advice on ways to enhance your anonymity online.
Tor Browser
WHAT: Browser.
USEFUL FOR: Browsing the Internet anonymously and protecting your online activity.
PLATFORM: Desktop. Cross-platform.
COST: Free.
DIFFICULTY: Medium.
LIMITS: Use Tor with caution. Entering personal data into a website will reveal your identity even when you are using Tor. Tor will not protect you either against malicious websites or malware.
LEARN MORE about the Tor Project here. Get advice on how to enhance your anonymity online by consulting the Security Planner’s Advanced Anonymity Guide.
CIRCUMVENTION AND OBFUSCATION SERVICES
VIRTUAL PRIVATE NETWORKS
WHAT: A Virtual Private Network, or VPN, is a program that channels your device’s internet connection through an encrypted “tunnel” which helps protect your privacy and security. A VPN can also allow you to access blocked content on your network.
USEFUL FOR: Protecting the privacy and security of your internet activity. Accessing blocked or censored content online.
RECOMMENDED VPN SERVICE PROVIDERS
Choose carefully, depending on your needs, which service offers a better balance of privacy and anonymity (open source, anonymous sign in, no metadata collection, safe jurisdiction), ease of use and availability across platforms.
| Provider | Open source | Metadata collection | Anonymous sign in | Jurisdiction | Paid | Ease of use | Platform |
|---|---|---|---|---|---|---|---|
| Mullvad | Yes | No | Yes | Sweden | Yes | Good | Cross-platform |
| ProtonVPN | No | No | Yes | Switzerland | Freemium | Good | Cross-platform |
| Psiphon | Yes | No | Yes | - | Free | Good | iOS, Android, Windows |
LIMITS: A VPN does NOT make you entirely anonymous. The services you sign on to on the internet can still figure out who you are. The use of a VPN does NOT eliminate the need for making sure that other security measures are in place to protect your devices and accounts.
LEARN MORE: Security Planner’s Advanced Anonymity Guide provides some useful advice on ways to enhance your anonymity online.
COLLABORATING AND TEAMWORK
Hypothes.is
WHAT: Open source annotation plug-in.
USEFUL FOR: Annotate the web with collaborators.
PLATFORM: Add-on for Chrome and other browsers.
COST: Free.
DIFFICULTY: Easy.
LIMITS: Does not work on all web pages.
LEARN MORE: How it works.
Riseup Pad
WHAT: An etherpad (ephemeral, open-source, web-based collaborative real-time text editor) hosted by Riseup.
USEFUL FOR: Real-time group collaboration of text documents.
PLATFORM: Works on all platforms.
COST: Free.
DIFFICULTY: Easy.
LIMITS: Accessing a Riseup Pad does not protect from snooping by internet service providers or governments. For added security, it is recommended to access the Riseup Pad via a VPN connection such as the Riseup VPN or a “Tor hidden service”, a unique, anonymous link only accessible via the Tor Browser.
EMAILING
Hawkpost
WHAT: Secure online form.
USEFUL FOR: Getting encrypted data (email or files) from people who know nothing or little about PGP encryption. You still need, as the recepient, to open PGP encrypted files meant for your eyes only.
PLATFORM: Works on any browser, on a desktop or mobile.
COST: Free.
DIFFICULTY: Easy.
LIMITS: As a recepient, you will have to create a “box” for receiving encrypted data. You are therefore required to be knowledgeable of PGP encryption.
LEARN MORE: How PGP encryption works.
ProtonMail
WHAT: Webmail service provider.
USEFUL FOR: Using an open source and secure alternative to popular webmail service providers such as Gmail. Protonmail uses end-end-encryption and open source cryptography and does not have access to users data.
PLATFORM: Works on mobile and desktop on all platforms.
COST: Freemium.
DIFFICULTY: Easy.
LIMITS: The free plan is limited to 500MB storage and 150 messages per day.
LEARN MORE: ProtonMail offers additional security features such as address verification and PGP integration. Learn more about how to use ProtonMail’s security features here.
ProtonMail + Tor
WHAT: A way to run ProtonMai over the Tor network.
USEFUL FOR: Adding an extra layer of anonymity to your ProtonMail use.
PLATFORM: Works on desktop through the Tor browser. (Users must have the Tor browser already installed.)
COST: Free.
DIFFICULTY: Medium.
LEARN MORE about ProtonMail over Tor setup here.
MESSAGING
When choosing a messaging tool, make sure they meet your security and privacy requirements. Access Now recommends looking at the following features in any messaging tool:
- Whether it is open source: Open source means that the building blocks of the software behind the tool can be vetted by the security community.
- Existence of default end-to-end encryption: The message is transmitted and stored in encrypted format in the servers of the company. This reduces the risk of interception significantly.
- Whether it offers group chat.
- What encryption protocol it uses: Some encryption protocols such as Signal and other ones developped based on it (such as Proteus, OMEMO) are trusted because they have been tested by the security community and proved to be solid.
- Whether it offers an anonymous sign up option: The possibity of anonymous sign up (by signing up directly via the app or via email) can be highly useful to, for instance, establish communication with a source.
- Whether it offers the option of self-destructing messages and remote message deletion.
- Whether it collects metadata: Some of the tools that offer end-to-end encryption can still collect metadata. Metadata can reveal a lot about conversations meant to remain private.
- Whether it is a paid or free service.
- What jurisdiction the company falls under.
- Whether it can be self-hosted: Self-hosting a messaging tool provides greater control over the communication process and eliminates vulnerabilities caused by any third party.
- How easy is it to use (a.k.a. usability).
The following table compiled by Access Now offers an overview of recommended messaging tools based on the requirements listed above:
| Tool | Open source | Default E2E | Group chat | Encryption protocol | Anonymous sign-up | Email sign-up | Phone sign-up | Self-destructing messages | Remote message deletion | Metadata Collection | Paid | Jurisdiction | Self-hosted | Usability |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Signal | Yes | Yes | Yes | Signal | No | No | Yes | Yes | No | No | No | USA | No | Good |
| Wire | Yes | Yes | Yes | Proteus | No | Yes | Yes | Yes | Yes | Yes | Freemium | Switzerland | No | Good |
| Riot | Yes | Yes | Yes | Matrix | Yes | Yes | Yes | No | No | Yes | No | - | Yes | Medium |
| Mattermost | Yes | No | Yes | No encryption | No | Yes | No | No | Yes | No | No | - | Yes | Good |
| Threema | Only encryption protocol | Yes | Yes | NaCl | Yes | No | No | No | No | No | No | Switzerland | No | Good |
| Only encryption protocol | Yes | Yes | Signal | No | No | Yes | Yes | Yes | Yes | No | USA | No | Good | |
| Wickr Me | Only encryption protocol | Yes | Yes | Wickr | Yes | No | No | Yes | Yes | No | No | USA | No | Good |
LEARN MORE: Secure Messaging Apps Comparison.
SENDING LARGE FILES
Firefox Send
WHAT: Open source, end-to-end encrypted file sharing website developed by Mozilla Firefox.
USEFUL FOR: Anonymous sharing of large files with end-to-end encryption via a link that automatically expires. You can choose how long you want your files to remain available online and possibly protect the link with a password.
PLATFORM: Cross platform.
COST: Free.
DIFFICULTY: Easy.
LIMTS: Upload is limited to 2.5 GB and files cannot be stored longer than a week.
LEARN MORE: Send Privacy Notice.
Onion Share
WHAT: Lightweight, open source file sharing program.
USEFUL FOR: Anonymous sharing of large files with colleagues via the Tor network. The program generates a link that you then share securely with recipients. They then proceed to collect the file by opening the link via the Tor browser.
PLATFORM: Compatible for Windows, MacOS and various versions of Linux.
COST: Free.
DIFFICULTY: Medium.
LEARN MORE about the Tor network.
Riseup Share
WHAT: Free file sharing service provided by Riseup, a volunteer-run collective.
USEFUL FOR: Anonymous sharing of large files with colleagues via an end-to-end encrypted channel.
PLATFORM: Works on all browsers.
COST: Free.
DIFFICULTY: Easy.
LIMITS: Upload is limited to 50 mb and files are stored no longer than a week.
LEARN MORE about Riseup.
VIDEO-CONFERENCING
Jitsi Meet
WHAT: A program for conference calls.
USEFUL FOR: Safe alternative to Skype. Allows conducting secure online calls without the need for installing complicated software. Jitsi Meet can be used directly in a browser. It can also be used as a stand-alone mobile application. Users can share a live screen view of their desktop and easily invite new participants by simply sharing a link.
Jitsi is end-to-end encrypted and open source.
PLATFORM: Works on iPhone, Android and desktop, across platforms.
COST: Free
DIFFICULTY: Easy
LEARN MORE: How Jitsi Meet works.