Yeah this would be a good first step. And could be sufficient, depending on your threat model.
Beyond this, people recommend using a dedicated PC for a separate identity (if you can afford to purchase one), installing tails (linux), using Tor, carefully managing your firewall (if you’re self hosting an email or website for instance), and there is a list of such recommendations you can find if you search for it.
With government-level actors it remains an open question if even all these precautions are sufficient, hence I also suggested the option of physical letters. Ofcourse this has the disadvantage of being a very slow form of communication.
Protonmail and Signal are e2e encrypted messaging mediums.
But depending on how paranoid the users need to be these systems might not provide enough guarantees, since you would need to trust the servers not to MITM. Unless you do some sort of in-person key-exchange.
But I’m definitely not an expert. In general I think there are plenty of experts that know exactly how to handle these things and they’re pretty easy to contact.
Edit: I agree with acylhalide comment, if you have government-level actors this is potentially not enough.
Probably missing something obvious, but could they either:
PGP encrypt it with the reviewer’s public key, and send it via email?
Use an e2e encrypted messaging medium? (Don’t know which are trustworthy, but I’m sure there’s an expert consensus)
Or are those not user friendly enough?
I think this is a solved problem in infosec (but am probably missing something)
Yeah this would be a good first step. And could be sufficient, depending on your threat model.
Beyond this, people recommend using a dedicated PC for a separate identity (if you can afford to purchase one), installing tails (linux), using Tor, carefully managing your firewall (if you’re self hosting an email or website for instance), and there is a list of such recommendations you can find if you search for it.
With government-level actors it remains an open question if even all these precautions are sufficient, hence I also suggested the option of physical letters. Ofcourse this has the disadvantage of being a very slow form of communication.
(+1 to “not user friendly”. Signal would be more user friendly, for example)
Protonmail and Signal are e2e encrypted messaging mediums.
But depending on how paranoid the users need to be these systems might not provide enough guarantees, since you would need to trust the servers not to MITM. Unless you do some sort of in-person key-exchange.
But I’m definitely not an expert. In general I think there are plenty of experts that know exactly how to handle these things and they’re pretty easy to contact.
Edit: I agree with acylhalide comment, if you have government-level actors this is potentially not enough.