We try to make it as easy as possible for you to keep in touch with us, and we offer numerous ways to do so.
In addition to the normal email and phone options, we offer various mechanisms with enhanced security. We cannot (and do not) promise that any option is 100% secure, but hopefully you will find something suitable for your needs / threat model.
If you have different requirements, please let us know.
Most people communicate with us by email. And that's absolutely fine.
We use plain text email.
If you want to get in touch with us for the first time, email is the only option we offer. We're happy to arrange a time to talk with you if, after reading your initial email, it looks as if we might be able to help you.
Our mail server supports — but does not force — TLS for connections with other mail servers. This means that, as long as your mail server supports it, email from your server to ours, and vice versa, will be encrypted in transit.
Please also encrypt it end-to-end, if you can. Here is our PGP/GPG key for our published email address, firstname.lastname@example.org. We also offer PGP for our personal email addresses, and you can find our keys on keys.openpgp.org, and via Web Key Directory.
By default, we digitally sign all email that we send. If your mail server does not like this and you cannot persuade someone to fix it, let us know, and we can try to remember to remove the signature before we email you.
Unencrypted phone calls
We can give you a phone number to call. It'll be a geographic number but it doesn't matter where in the world we are: ring it during a reasonable hour in the UK, and it will ring us.
These calls are carried by SIP, and they are unencrypted between our PBX and our carrier. As such, someone intercepting the Internet connection between us and them could intercept these calls. We do not know what, if any, encryption you might have in place between your phone / phone system / carrier. We suggest that this is suitable only for less sensitive communications.
It is trivial to make a phone call look like it is coming from any number you want. If you receive a call which presents one of our numbers, we cannot guarantee it is from us: if you are even slightly suspicious, please verify the call. You can do this every time we ring you, and we will not get fed up of it.
If you can, please schedule the call with us first. If we can answer an unscheduled call, we will, but scheduled calls are always preferred. There is no voicemail facility, so you cannot leave a message.
If you are based outside the UK and want to use a normal unencrypted PSTN phone call, and you plan on calling us a lot, let us know, as we may be able to set up a phone number from your country's numbering plan, so that your calls to us are cheaper or even free.
We record calls to these numbers.
End-to-end encrypted audio and video
We use the Matrix open standard for end-to-end encrypted communications. This is primarily for audio and video, but you can also use it for end-to-end encrypted instant messaging (please use this sparingly!), and for file transfers.
Our matrix identities are in our email signatures. We use the :decoded.legal namespace.
You will need to have an account on a matrix-compatible system. We don't offer technical support, but let us know if you need pointing in the right direction.
There is no voicemail facility, and we do not record these calls.
We also offer Signal.
Easier to use encrypted video conferencing
We appreciate that the requirement of an account on a matrix-compatible system is not for everyone, and we offer an alternative video conferencing platform, which does not have this requirement. (You can use this for audio-only too, by not switching on your camera.)
You do not need to register for an account, or install any software as long as you have a reasonably modern web browser capable of doing WebRTC.
Our system offers transmission encryption, meaning that the connection between your browser and our server is encrypted by TLS. It is not properly end-to-end encrypted, but it's "sort of" end-to-end encrypted, in the sense that the video server is under our sole control, but traffic is still decrypted by the server and re-encrypted before it is sent onwards.
We can probably use your choice of video conferencing platform too.
(Please don't expect someone wearing a suit and tie. In fact, if someone claims to be from decoded.legal and they are wearing a suit and tie, please treat them with extreme suspicion.)
Encrypted file transfers
If we need to send you (or receive from you) files which are too sensitive for non-PGP'd email or are too big to transfer sensibly by email, we offer a simple, end-to-end encrypted, file transfer tool. You do not need to install any software or register for an account.
If we are sending a file to you, we will use your email address to send you the details of how to download the file, and we will need a second way of communicating with you to send you the passphrase. If we are receiving a file from you, we just need some way of sending you the details — it is still end-to-end encrypted, but we handle the credentials, so this is invisible to you.
We are also happy to use OnionShare for "real time" transfers.
Fax / pigeon / avian carrier / semaphore / post / visits to our office
No. We do have a postal address, but we'd rather you didn't use it. We also have some trees, but we'd rather your pigeons didn't use them either. We do not offer semaphore, as that just raises red flags.