Sending login credentials, account information, credit card numbers, and other sensitive information to someone over the Internet, email or a messenger application isn’t the best idea, but sometimes it seems like the only way. That’s why encryption exists. There are actually tons of ways to securely share information and sensitive files, and many of them are straightforward enough that you can use them even without a technical background.
Note: keep in mind, though, that sensitive information is typically most vulnerable when it’s sitting around, not in the few seconds it’s being transmitted. No matter how you send it, make sure it’s deleted or secure afterward.
If what you need to send is text-only, the quickest and simplest way to do it is to use a service that encrypts your message, generates a link, and then deletes the message once it’s been viewed. These services encrypt your message and/or passphrase in your browser, not on their server, meaning they won’t store your message in plaintext or even have the decryption key. Sending and receiving messages using these tools doesn’t require much more technical skill than, say, using a URL shortener.
There are many services that do this, probably because it’s relatively easy to implement. Whichever one you choose should, at minimum, be open source, encrypt your message locally in your browser, and give you options for automatic message deletion.
- Onetimesecret.com (use a passphrase for maximum security)
- privatebin.net (great for sharing code, a lot like PasteBin)
- 1ty.me (OneTimeSecret alternative)
- password.link (some features require login)
Secure file-sending services
Google Drive and Dropbox use encryption and are pretty secure, but your files will just sit there by default, so a secure sending service with an auto-delete feature may be a better idea. Secure cloud storage is also available if needed, though.
- Firefox Send: Very simple to use, and lets you send 1GB without signing in or 2.5GB if you do sign in. All you do is upload the file and send the recipient(s) the download URL. Firefox Send encrypts the file in your browser, puts the key in the download link, and lets you choose how long the file stays up. Very secure, quite private, and easy enough for anyone.
- Tresorit Send: If you’re bumping up against Firefox Send’s 2.5GB limit, Tresorit gives you 5GB, and it’s just as private and secure. It even gives you a few extra tools, like real-time access logs and control over who can see your documents, and, if you pay, it can also act as a secure cloud storage service.
- OnionShare: I personally love OnionShare – there’s no file size limit, and it’s very secure. You and the recipient both need to be running Tor, though only the sender needs the OnionShare program. It encrypts your file, starts an Onion server on your computer, and generates a URL that anyone can use to connect to your computer and download the file directly via the Tor browser. Since both parties need to be techy enough to get Tor, there’s a minor technical barrier, but downloading and installing a few programs really isn’t so bad.
- 7-Zip: The popular file-zipping software 7-zip comes with an option to encrypt and password-protect the ZIP file using AES-256 encryption. You’ll still have to tell the recipient the password to get into the file, but if you just want to email something over (or you want your files double-encrypted!), this is a great option.
If you only need to share a password, a lot of popular password managers like LastPass and Dashlane give you the option to securely send your credentials to someone else with an account on the same password manager. These are good for passwords, and you can even share other text information by putting it in the password field, but it’s generally best if you need to set up login-sharing with someone.
If you and the recipient both use the same secure messaging service, that’s probably the quickest way to exchange text info and small files. It’s best if you can set the data to be auto-deleted after a while to minimize storage risk. The best encrypted messenger is a whole debate in itself, but the two most popular options are:
- Signal: Open source, secure, end-to-end encrypted, and has disappearing messages but requires a phone number.
- Wickr Me: Probably the most popular encrypted messenger after Signal, with its main perk being that it doesn’t require a phone number.
Wire, Telegram, WhatsApp, Threema, and Viber are also all good options.
PGP is the most complex solution on this list, as it requires both you and the person you’re communicating with to put in a fair bit of work. It’s still considered quite strong and overall a good standard, though it has had some issues with vulnerabilities in certain email clients in the past, and plentiful alternatives are making it less popular. It’s still a great option for secure emails and can be used either as a standalone manual encryption tool via an email tool like Enigmail or with a webmail service that uses it, like Protonmail.
Which secure sharing service should I choose?
For text sharing, OneTimeSecret or an encrypted messenger like Signal or Wickr are definitely the fastest and easiest choices. For someone less tech-savvy, the link is probably your best option. If you need to share files, Firefox Send and OnionShare work great depending on how tech-savvy you and your group are, but there are plenty of other options as well. You can always stack on more layers of encryption if you’re nervous – use a password manager to share decryption keys, encrypt messages on your own device before sending them to a service, etc. Pretty much any of the above solutions will keep your personal data away from prying eyes if used properly, though.