Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
21 comments

Eight Secure Ways to Share Sensitive Information over the Internet

At some point, most of our communications switched from analog to digital: letters and phone calls transitioned to emails, texts, calendar events, and cellular, Internet, or video calls. With analog methods, we expected our secrets to remain largely safe. It was both difficult and illegal (other than for governments) to wiretap a phone line or steam open a letter. We could assume that our private communications would nearly always stay private.

The Internet made exploitation possible on a worldwide basis. No longer did someone need to pull your particular letter out of the mail stream or get physical access to a phone trunk line or switching center. Most experts underestimated how unprotected digital communications were for the longest time. It’s only relatively recently, starting over a decade ago, that the full reckoning began on what sensitive information we were unintentionally sending in the clear or storing at rest without protection, whether on our own hardware or remote server drives.

Activists, journalists, politicians, union organizers, and business executives have borne the brunt of these issues because they have a high risk of exposure revolving around what they say in private, the people with whom they’re communicating, their physical location, and their financial and medical details. Even seemingly banal conversations need to be protected because of what they could reveal, and such people should put significant thought into their communication habits and tools.

But most people and most topics don’t require strict privacy. We prefer it—we don’t want an email thread organizing dinner next week to be published for the world to see or even have it read by someone it wasn’t intended for, no matter how mundane it might be. For everyday communications, existing digital tools already provide sufficient privacy, and the consequences of any of that data being revealed are nil.

Yet, even those of us who are not high-value targets regularly need to share information that could damage our psyches, relationships, careers, or finances if it were to fall into the wrong hands or be publicly posted. Passwords are perhaps the most obvious—the entire point of them is that they’re secret, so if you have to share one, you want to make sure that only the intended recipient can access it. Once someone has a password, they may be able to view, extract, and modify all sorts of information related to you.

Protecting other kinds of data can be more challenging if they cross accounts and systems. Financial information ranks high on the list. You willingly provide your credit card information to e-commerce sites because you know—or at least expect—that they provide secure HTTPS connections and store the information with the care it deserves. But emailing your credit card details to reserve a restaurant for a group dinner feels deeply wrong. It’s probably fine most of the time, but you have no idea who can access the restaurant’s email account or if they’ll delete the message after moving the data to their payment system.

Other scenarios may involve sharing broader financial information such as bank account details, tax preparation materials, retirement planning sheets, etc. You don’t have to be attempting to hide assets to be uncomfortable with people you don’t know examining your assets, knowing your account numbers, and discovering other details. Whatever you think about Hunter Biden, imagine what it would be like to have the contents of your laptop extracted and displayed for all the world to see.

Then there’s health-related information. We might gripe about our aches and pains at a cocktail party but be legitimately concerned about transmitting documents relating to mental health or chronic illness through insecure channels. While it sounds quaint to talk about rivals and enemies, people face challenges in divorce, at work, and in competitive environments where exposure of private health information could be damaging.

Data at Rest and in Transit

What should you do when faced with the need to share sensitive information over the Internet? The answer depends on the nature of the information you’re sharing, the systems available to you, and the technical capabilities of the recipient. Curious about others’ approaches, I started a discussion on TidBITS Talk that generated lots of helpful advice.

Before I delve into the possibilities, consider how the information you’re sending will be protected in transit and when it’s at rest at the source and destination:

  • In transit: To ensure security in transit and prevent eavesdropping, focus on communication channels that are encrypted between you and a destination.
    • Between your app and a server: Nearly all the apps we use to connect to Internet services rely on SSL/TLS to protect connections. Such connections include both any kind of account-based resource (anywhere you maintain files or information of your own) and most information-based services (like a newspaper website). A lock in a Web browser’s address bar before a domain indicates HTTPS. You can also press Command-L in any browser and look for https at the start of the URL.
    • End-to-end encryption: Better yet is end-to-end encryption, which ensures that not even the organization managing the service can decrypt the traffic. Encryption keys are specific to you and often locked away within each of your devices. iMessage (blue-bubble conversations in Apple’s Messages app), WhatsApp (in some configurations), and Signal (in all versions) are end-to-end encrypted. Most or nearly all of your iCloud data is also end-to-end encrypted, depending on whether you’ve enabled Advanced Data Protection (see “Apple’s Advanced Data Protection Gives You More Keys to iCloud Data,” 8 December 2022). Chat systems like Slack are encrypted, but not usually end-to-end encrypted, so your data is protected from eavesdroppers but not from employees of the service or server administrators. SMS messages (green-bubble conversation in Messages) are not encrypted at all.
  • At rest: Data is considered at rest when it’s stored at a destination, like an SSD on your computer, your and your correspondent’s mail servers, or a cloud storage service’s data center. Many services encrypt data at rest, though I don’t believe that’s common with IMAP email. Regardless, if an account is compromised, at-rest encryption is largely irrelevant. There are two ways of dealing with this concern:
    • Per-file or per-message encryption: You could encrypt the data before sending so it can’t be decrypted without a password you set. This prevents someone who hijacks an email account or cloud storage account from gleaning valuable details from its content. To protect data like this, you must send the password to the recipient out-of-band: use a completely different communications channel, like a phone call or end-to-end encrypted chat. That way, someone who could access an encrypted file attachment in Gmail can’t also access the password sent in Messages.
    • Time- or use-expiration: If you’re concerned about a file residing for an extended period somewhere, regardless of the likelihood that might be stolen, you could instead send a link to the information that expires after a short time. That drastically shrinks the window during which a breach could happen. Some services can also send links that can be accessed only a set number of times, rendering them useless afterward.

Solutions for Sharing Information Securely

Combining all this into a specific solution requires that you put thought into four areas:

  • Audience: Who are you sharing with, and what are their technical capabilities? Email doesn’t reliably offer the protection of encryption in transit or at rest unless you require your recipients to opt into a security system (PGP is the most common)—decades of trying haven’t made that happen broadly yet. Yet email is usually the easiest way to communicate with a technically unsophisticated recipient. Messages is easy and secure, but only when you can rely solely on iMessage, which limits its use to those who use Apple devices. WhatsApp and Signal are also fine, but only if both you and your recipient use them.
  • Content: What do you want to share? Sharing a tiny bit of information like a password is different than the overhead of sharing a document, and how you share a document can vary if it can be turned into a PDF versus having to stay in a native format like a spreadsheet.
  • Importance: How problematic would it be if the sensitive information you’re sharing fell into the wrong hands? There’s a world of difference between credentials to your retirement account and the password to an account that lets you edit your community center’s WordPress site.
  • Persistence: How long does your recipient need the data? Do they need to glance at something and then delete it? Do they need to retain a copy permanently? While you can’t delete files from someone else’s devices, you can make sure the data doesn’t remain accessible in places used for transfers.

Here then are my recommendations:

  • Secure service like DocuSign: If you’re working with a doctor, lawyer, accountant, or other professional who needs to receive sensitive information from clients regularly, they’ll often use a secure portal for messages and file transfers. It may be a custom system—many have been developed as solutions for these industries—or they may rely on a broadly available commercial offering, like DocuSign, for uploading confidential documents. Regardless, stick with whatever they require unless you have good reason to believe their IT staff is technically incompetent.
  • iMessage/Signal/WhatsApp: When sharing something sensitive, there’s nothing wrong with using Messages with iMessage or an equivalently secure service like Signal or WhatsApp. (Read up on WhatsApp to ensure you aren’t exposing chat archives.) Still, I prefer to use them to share information that isn’t useful on its own. For instance, if you need to send someone a password, give them the login URL and username in email, along with any necessary instructions, but send the password separately in Messages.
  • 1ty.me or One-Time Secret self-destructing link: For sending someone a username and password to a non-critical site, I often use 1ty.me or One-Time Secret to create an encrypted link containing the text. I then share that link via email and tell the recipient to open it right away. Once they view the encrypted link, the server deletes the data, and the link self-destructs—it’s dead and can’t be used again. An attacker could eavesdrop on the communication or access the email before it was read, but if the recipient is told that the link has already self-destructed, they would know it has been compromised and could alert me. The odds are very low that anyone not in a high-risk category would ever encounter this. A more likely problem would stem from an email system that scans messages and follows links to protect against malware, causing the link to self-destruct prematurely.
    1ty.me self-destructing info service
  • 1Password limited link: When I need to share a password to an account I use, not one created for someone else, I use 1Password’s sharing feature to get a link like what 1ty.me creates. 1Password lets you set an expiration date, limit the link to only those whose email addresses you enter, and cause it to self-destruct after being viewed once. Other password managers may have similar sharing features.
    Sharing a link in 1Password
  • Password-protected PDF: Sharing a sensitive document that could be printed is best done by creating a password-protected PDF. To do that from any app, choose File > Print > PDF > Save As PDF. Click the Security Options button, click “Require password to open document,” and enter a password. Creating a strong password is critical because many online services can remove weak passwords from PDFs. Save the document and share it however you like, but make sure to share the password in a different channel.
    Encrypting a PDF
  • Password-protected disk image: For files that aren’t easily turned into a PDF or to share a collection of files, creating a password-protected disk image can work well with Mac users. (Users of other platforms can open Mac disk images, but it may be difficult or require particular software or settings when creating the disk image.) In Disk Utility, create a new compressed disk image (File > New Image > Image from Folder is easiest), choose one of the two options from the Encryption pop-up menu (use 256-bit for more sensitive information), and enter a strong password when prompted. Again, share the password in a different channel.
    Making an encrypted disk image
  • Password-protected Zip archive: A password-protected Zip archive serves the same purpose as a password-protected disk image and may be easier for someone using Windows or another platform to extract. When downloaded from its website (not the Mac App Store), Keka can create password-protected Zip archives for free; if you make these regularly, look at BetterZip. The fastest approach, however, is to create a password-protected Zip archive on your desktop from the command line. Follow these steps:
      1. Open Terminal.
      2. Type zip -er ~/Desktop/desiredfilename.zip and press the Space bar once.
      3. Drag the file or files you want to share into the Terminal window.
      4. Press Enter.
      5. Enter your desired password and confirm it when prompted. Type carefully; you won’t see the characters you’re entering.
  • Cloud storage link that can be expired: I don’t know how widespread this feature is, but some cloud storage services offer the option of a time-expiring link. That would enable you to share a file with someone else while ensuring the link goes away after a specified time to prevent it from being discovered in a breach and used later. Dropbox supports such links if you have a Dropbox Professional account. (Also, I haven’t used Linkly, which looks like a full-featured link-shortening service, but you could theoretically use it to create a time-expiring link that points to a shared file on a cloud storage service.)
    Dropbox time-expiring link

As you can see, there’s no one-size-fits-all solution when it comes to sharing information securely over the Internet. Whatever your needs are, one of the options above should suffice.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Eight Secure Ways to Share Sensitive Information over the Internet

Notable Replies

  1. 1Password can be used to store documents too. Many times, if I cannot use iMessage because the recipient doesn’t have an iPhone, I’ll send put the document into 1Password and share it that way.

    You’ll be asked if you want to share it with anyone with the link, or only certain people. Select Certain people and enter their email addresses. Then share the link with them not via email. That email address is the out-of-bounds verification system.

  2. some caution is required with iMessage:
    since many of us use the (default?) config of allowing it, if there’s a problem sending via iMessage, to to silently fall back to SMS - thus becoming plaintext. sure; there’s the green color - only after it’s too late. :worried:

  3. Thanks for the article, Adam.

    What you addressed in the article is extremely important.

    I recently had a situation where I explicitly said to someone, “No documents sent via e-mail !”, and still that request/requirement was ignored by the person, who was thinking, “Oh, we do it all the time. It’s no big deal.” But it is a big deal.

  4. I sort of knew this, but it feels odd for a document that you wouldn’t want to keep. Or is there something I’m missing about how you’d use it?

  5. A reader just recommended Wormhole as a service for sharing encrypted documents with time-expiring links. Worth a look, if only for the whizzy graphics!

  6. You can always delete the document after sending it. However, I know very well that there’s a 80% chance that person will ask me to share it again. This is especially true since you can make links time or usage expire.

    The great thing about sharing documents with 1Password is that you already have 1Password. You don’t need to look for another service to do a one time send. Neither of you need a new account for some service just for the share. They have a text account and email, you can securely share the documents.

    It’s like the saying the best camera is the one you have on you when you need to take the picture.

  7. I wish Apple made secure doc exchange simple through iCloud. Imagine if you could right-click any doc/folder on your Mac and the select from the Share menu something like “Secure Transfer”. That would then let you specify an email address (or several) and a password (obviously suggesting strong passwords right there à la Keychain Access), plus options for expiration, number of views, etc.

    This would allow for “the rest of us” to get super simple E2E encrypted transfer with iCloud used for storage/authentication. The recipient(s) gets an email with an iCloud link for download (recipient doesn’t have to have an iCloud account). That webpage then prompts for the password the sender initially chose. Done. Users on the Mac get to change options either in a file/folder’s Get Info window or globally in an iCloud Setting. Done. Make it an iCloud+ feature if necessary. But seems like a no-brainer to me these days.

  8. One non-technical reason Apple hasn’t done this could be that Apple, with its status of an incredibly cash-rich, global company, is a class action suit magnet and does not want to be in a position of guaranteeing the confidentiality of sensitive documents transferred by users.

  9. Is this server-to-server or does it included app-to-server (and server-to-app)? I had assumed that an iCloud mail account using Apple Mail was encrypted from the Mac to the first step in its journey. In particular, I’m wondering about sending (or receiving) email in a hotel using the hotel’s Wi-Fi. Could you devote two or three sentences to this issue? What about other email accounts using Apple Mail? Thanks.

  10. It’s possible for there to be in-transit encryption for email, but it varies by email provider. My guess is that iCloud does provide it based on this chart.

    That said, I see a compromised account as the most likely security problem, not someone eavesdropping on traffic in transit. If an attacker takes over the email account of someone to whom you’ve sent confidential information, that information is just a search away from being revealed. And the recipient’s password practices are completely out of your control.

  11. “How secure” is a non-trivial question, related to how sensitive/secret/top secret/eyes-only/incriminating/embarrassing the information is, and who you are and the recipient is. The only absolutely secure secret is one you share with nobody, ever. Most of us are pretty pedestrian people with pretty pedestrian needs (unlike, say, the military and government, or drug dealers). We might want to encrypt something once in a while, but we’re not likely to be monitored by anyone, so all the ways mentioned here probably suffice. But if you’re still worried, snail mail is probably your safest bet.

  12. In a sense, you can do that with iMessage if both sides have iCloud accounts.

    The problem maybe that iCloud storage is normally encrypted end-to-end. However, when you share the document, the document is stored unencrypted since more than one account must be able to access the file.

  13. The idea I laid out would allow sharing with anybody, no iCloud or iMessage required. It would be so to say an extra perk for those who have iCloud, in that it gives them a one-click simple way to share a file/folder with anybody in an E2E encrypted manner. All the recipient would need is to receive an email, and a browser for downloading the file/folder. All the sender would need is to buy a Mac (and sign up for iCloud). :wink:

  14. gib

    It’s worth noting that BitWarden also provides self-destructing, expiring, count-limited encrypted file transfer. I have the Pro version for $10/year (a sweet deal); not sure whether the free version has the capability or not.

  15. M C

    I don’t know the level of security but, my lawyer recently had me use Verifyle to send a document to her.
    It is a nice web experience on Mac and Safari.
    I don’t know if it is free to use or if she pays for it though.
    I’ve also shared documents via iCloud and sending the folder link to a person that had the document. But it was a PITA to figure out. My memory is that it used to be easier. Apple complicated it.

  16. Yes, this is my preferred way too. You can also use the ‘Notes’ item type to share more freeform formatted info securely. I wrote about this in the original thread:

    Whenever I share an item like this, I give it a shared tag in 1Password so I can easily review previously shared items and delete any that don’t need to be there anymore.

  17. On an iPhone, you click on the Share icon, and select iMessage. Change Send Copy to Collaborate, then select Can Edit and change it to View Only.

    I find it easier to create a shared folder and then put in all documents I want to share in there. The next time I have to share something with that person, I can just put the new document in there, and they have it. I’ve done this with my family members and attorney.

    The problem is that these documents aren’t end to end encrypted. In theory, someone at Apple can read them.

  18. Thanks Adam and everyone for the info about sharing via 1Password. I use 1Password all the time but hadn’t realised how useful and easy the sharing feature is.

    Can anyone advise on a free way to create electronic/digital signatures? I recently had to “sign” a PDF document setting out a contract with a German company (I’m in the UK). They seemed happy with a scanned signature inserted in PDF Expert, and I’ve often used the corresponding function in Preview. But I suspect that kind of signature doesn’t have much legal force, and reading what Wikipedia has to say on electronic and digital signatures has left me even more confused.

    The free tier from Verifyle looks excellent for secure storage, but if I understand their FAQs correctly, on the free service you can only sign documents sent to you by a paying user.

    PGP is one easy and free solution, of course, and it might even underly some of the commercial services. But I’m guessing most businesses would have no idea what to do with a PGP-signed document. For websites we have LetsEncrypt providing free SSL certificates – not the most secure, I’m sure, but fine for many purposes. Is there any equivalent in the world of document signing?

  19. Ray

    I have used Autograph on the Mac to create my signature with the mouse pad, save it as a file, and plop that in if they accept an image with the signature (some systems do). I got it cheap as I own some Ten One Design items, but for $3, it has worked well.

  20. The built-in Mac Preview app provides several ways to create a library of signatures to use for image (as opposed to digital) submission. You can scribble on a trackpad, take a picture, or scribble on a mobile device. If you use iCloud Drive, they will be available in Preview on other Macs linked to you.

Join the discussion in the TidBITS Discourse forum

Participants

Avatar for ace Avatar for Simon Avatar for raykloss Avatar for aforkosh Avatar for charles1 Avatar for jzw Avatar for pmvtutor Avatar for mvgfr1 Avatar for david19 Avatar for gib Avatar for Will_M Avatar for gbdoc Avatar for Halfsmoke Avatar for 04.phenol-kiln