4

Secure Communication

Signal, encrypted email, group chats and metadata.

4 quiz questions

Why E2EE matters

End-to-end encryption (E2EE) means only the people in the conversation can read it — not the service provider, not a network attacker, not a regulator with a subpoena to the provider. For NGOs handling sensitive sources, partners or beneficiaries, this is not optional.

Choose tools by default behavior, not features list

Signal: E2EE for one-to-one AND group chats by default. Strong metadata minimization. Good default.
WhatsApp: E2EE for messages; metadata (who talks to whom, when) is visible to the provider and to its parent company.
Telegram: only "Secret Chats" are E2EE, only between two devices, and group chats are NEVER E2EE. Treat Telegram groups as semi-public.
Matrix / Element: E2EE with self-hosting option; great for organizational chat if configured correctly.
Default SMS / regular email: not E2EE.

Email realities

Standard email between two random providers is not end-to-end encrypted. Even with TLS in transit, the providers see content. For sensitive content, prefer Signal attachments, Proton Mail-to-Proton Mail, or encrypted archives with a separately-shared password.

Verification and trust

Once, verify "safety numbers" / fingerprints in Signal or your encrypted email tool with each high-risk contact, ideally in person or via another verified channel. If a contact's safety number changes unexpectedly, ask them why before sending sensitive material.

Metadata is real

E2EE protects content. It does not necessarily protect the fact that two accounts communicated at 22:14 from particular IP addresses. For high-risk work, think about who knows you are talking to whom — not just what you say.

Disappearing messages reduce post-incident exposure.
Separate identities (work account, source-handling account) reduce linkability.
Avoid posting sensitive context in semi-public channels (open Telegram groups, public Discord) "just to coordinate".

The most secure message is the one you decided not to send through the wrong channel.

PreviousNext Module