Sharing sensitive data over the internet is unavoidable. Whether it is a scanned passport, a database credential, or a private contract, you need to move bits from A to B. Here are the golden rules for doing it safely.
1. Never Use Email for Secrets
Email is insecure by design. It travels through multiple relays, is stored in plaintext on mail servers, and is often unencrypted at rest. If you email a password, it sits in your Sent folder, the recipient's Inbox, and every server in between—forever.
Fix: Send a link to the secret, not the secret itself.
2. Use a "Burn After Reading" Tool
Always use a service that supports self-destructing links. This guarantees that if the link is intercepted later, it is useless.
3. Separate the Channel
If you are sending an encrypted file and a password to open it, do not send them in the same message. Send the file link via Email and the password via Signal or SMS. This is called "Out-of-Band" authentication. An attacker would need to compromise both channels to get your data.
4. Verify the Recipient
Before sending a highly sensitive link, confirm the recipient is ready to receive it. "Hey, I'm sending the keys now, are you online?" This ensures they open it immediately, minimizing the window of opportunity for an attacker.
5. Sanitize Your Files
Before uploading a PDF or Word doc, check the metadata. Does it contain your personal address, author name, or edit history? Use tools to scrub metadata before sharing if anonymity is required.