Last updated: March 27, 2024

Occasionally it’s useful to chat in a secure and confidential manner, for example about a security hole in some software or computer system that I’m involved with. If you’d like to contact me privately then you could pick one of the following options:

• We can exchange mobile numbers and then chat on Signal. If you want then we can also exchange safety numbers out-of-band (e.g. in person or in my RP resource record).
• You can send me files using croc. We’ll need to agree a code phrase out-of-band beforehand.
• If you are technically minded and control a server somewhere then you can add one or more of my SSH client keys to an authorized_keys file and point me to a path somewhere on the remote filesystem.
• I can setup an HTTPS form which you can use to submit confidential information securely.
• We can do things the old-fashioned way and exchange correspondence by post. Perhaps enclose an encrypted SD card or URL to an encrypted message on pastebin.com or other similar service of your choice.

It’s worth noting that any of the methods here should protect you, provided that the biggest risk you face is not an angry nation state. I also no longer consider PGP or email to be secure forms of communication and would prefer to communicate via the alternative methods above.