Protonmail and Signal are e2e encrypted messaging mediums.
But depending on how paranoid the users need to be these systems might not provide enough guarantees, since you would need to trust the servers not to MITM. Unless you do some sort of in-person key-exchange.
But Iâm definitely not an expert. In general I think there are plenty of experts that know exactly how to handle these things and theyâre pretty easy to contact.
Edit: I agree with acylhalide comment, if you have government-level actors this is potentially not enough.
Probably missing something obvious, but could they either:
PGP encrypt it with the reviewerâs public key, and send it via email?
Use an e2e encrypted messaging medium? (Donât know which are trustworthy, but Iâm sure thereâs an expert consensus)
Or are those not user friendly enough?
I think this is a solved problem in infosec (but am probably missing something)
(+1 to ânot user friendlyâ. Signal would be more user friendly, for example)
Protonmail and Signal are e2e encrypted messaging mediums.
But depending on how paranoid the users need to be these systems might not provide enough guarantees, since you would need to trust the servers not to MITM. Unless you do some sort of in-person key-exchange.
But Iâm definitely not an expert. In general I think there are plenty of experts that know exactly how to handle these things and theyâre pretty easy to contact.
Edit: I agree with acylhalide comment, if you have government-level actors this is potentially not enough.