Can we rely on secure providers instead of PGP

Secure email providers are useful, but often require both sides to use the same service and still involve trust in that vendor. A PGP contact tool is vendor neutral and encrypts messages locally in the browser before they ever hit a provider.

Knowledge hub / Security and encryption

Why a PGP contact tool belongs on every serious website

Q: Do we need an in house security team to manage PGP

You do not need a dedicated security team. You need someone who is comfortable following clear instructions and keeping a private key safe, plus written procedures for backup, rotation, and handling decrypted messages.

Q: Does a PGP form replace normal contact channels

No. A PGP contact form should sit alongside your standard contact channels. Most visitors will still use ordinary forms or email. The encrypted route is there for those who need stronger protection for what they are sending.

We are told that future conflicts will be fought on the cyber front as much as in the field. In that climate, every inbox, form, and contact channel is part of the surface that can be breached. A PGP contact tool is one of the simplest ways to shrink the damage when that happens.

What a PGP contact tool actually is

PGP stands for Pretty Good Privacy. A PGP contact tool is a small component on your website that lets someone encrypt a message to you in their browser, using your public key, before anything leaves their device. You then use your private key to decrypt the message your side.

There are no user accounts, no proprietary inbox, and no external relay service. It is open source cryptography wrapped in a very simple form.

The Reasonable Adjustment and TRSA use exactly this approach in their open source whistleblower tool:

This is not abstract crypto theory. It is running right now for real people who need a safer way to speak.

The modern cyber political climate

Talk of cyber warfare used to sound abstract. It is not abstract anymore.

State actors probe public bodies and critical infrastructure. Criminal groups attack local businesses because they are easier targets than central government. Activists, charities, and journalists get swept up when someone wants to know who is talking to whom.

You may not think your organisation is interesting. That does not matter. You are part of someone else’s supply chain, politics, or narrative. That is enough to put you on a list.

In that context, the question is less “will we ever see a breach” and more “how much can be taken or exposed when it happens, and what will it contain”.

Why data minimisation is now central

When an attacker lands on an email account or web server, they do not need long access. They grab what is there and leave.

That usually means:

Contact form submissions stored in a database.
Plain text emails in shared mailboxes.
Internal reports or complaints forwarded between staff.
Whistleblower messages handled like any other email.

Good policies help, but the most powerful control is simple. You cannot leak what you do not store in readable form.

This is the heart of data minimisation. Encrypt the content at the edge so your own systems never see more than they strictly need.

How a PGP contact tool changes the risk equation

With a PGP contact tool, most of the exposure above disappears for that channel. The sequence looks like this:

The visitor loads your whistleblower or secure contact page.
The page includes your public key and a small encryption script.
The message is encrypted in the browser before it is sent.
Your server, logs, and email provider see only ciphertext.
You decrypt locally with your private key on a trusted device.

A mailbox breach at that point reveals nothing useful about the contents of those messages. A hostile insider trawling sent items cannot read them. Even a state level actor with a lawful warrant still has to deal with the fact that you never held clear text on the server.

This is what people mean by end to end encryption. PGP gives you a version that you control on your own terms, instead of waiting for some vendor toggle to appear in a dashboard.

Real world use, not theory

The Reasonable Adjustment platform did not build its whistleblower tool as a thought experiment. It exists because people in awkward or dangerous positions needed a way to send sensitive information without trusting yet another inbox.

The open source tool:

Runs entirely in the browser, with no back end server logic.
Uses your PGP public key, not a central key owned by someone else.
Can be dropped onto any static site in a matter of minutes.
Is open for anyone to inspect, fork, or adapt on GitHub.

In other words, the barrier is no longer technology. The slow step is generating and managing your own key pair properly and agreeing how you will handle decrypted messages.

Who benefits from a PGP contact tool

A PGP contact form is useful anywhere people might send material that would be awkward or harmful to disclose in a breach. For example:

Staff raising concerns about misconduct, safety, or discrimination.
Service users reporting data misuse, abuse, or poor treatment.
Contractors sharing evidence about a failing system or unsafe practice.
Community members passing on sensitive information about risk or harm.

In all of those scenarios, the risk is not just reputational. It is personal. The person writing may be exposing themselves to pressure or retaliation. Encryption does not remove that risk, but it takes one commonly exploited path out of the hands of anyone who gains access to your systems.

How PGP fits into governance and complaints handling

From a governance point of view, a PGP contact tool supports you in several concrete ways.

1. Protecting whistleblowers and reporters

Many policies claim to protect whistleblowers, yet channel their reports into ordinary email. That model relies entirely on trust in every administrator and system between sender and recipient.

A PGP contact channel shows that you have taken a tangible step to protect confidentiality in transit and at rest on the server. It is protective by design, not just by promise.

2. Reducing your exposure in a breach

If you ever need to explain yourself to a regulator, cyber insurer, or ombudsman, it is far easier to show that sensitive reports were encrypted in a way that even you cannot casually read without the private key. That is strong evidence of data minimisation, not just a policy statement.

3. Supporting serious public interest work

For advocacy groups and investigative projects, a PGP tool can be the difference between hearing from a key witness and never receiving the message at all. People are more likely to come forward when they can see that the channel is designed with their risk in mind, not your convenience.

4. Working alongside Cloudflare and logging

PGP contact tools sit nicely alongside Cloudflare rules and evidence grade logs. Cloudflare and logging help you understand what happened and who connected. PGP limits what an attacker can read even if they get that far.

What PGP does not do

It is important not to treat PGP as magic. A PGP contact tool:

Does not verify that the sender is who they claim to be.
Does not stop someone taking screenshots or forwarding decrypted content.
Does not remove the need to act fairly and lawfully when you receive a report.
Does not compensate for weak internal processes or poor decision making.

It does one thing very well. It makes it much harder for third parties or opportunistic attackers to read sensitive messages that were never meant for them.

Starting simple

If you do not currently have any secure channel for sensitive contact, you can start with a very small, practical plan:

Install a PGP tool such as GnuPG on a trusted device and create a key pair.
Publish your public key on your website and in your PGP contact form.
Use an open source browser side tool, such as the one from TRSA and The Reasonable Adjustment, and adapt it to your branding.
Write a short internal note on who holds the private key and how decrypted messages are stored and handled.
Test the full flow with a dummy message so you know the process works end to end.

Over time you can add key rotation, multiple recipient keys for different roles, and more formal procedures. The important step is putting a basic encrypted channel in place rather than waiting for a perfect system.

In plain English

Future conflicts and attacks already play out through cyber channels, not just in physical spaces.
A PGP contact tool lets people send you encrypted messages that your server and email provider cannot read.
That reduces the amount of sensitive material available in a breach or mailbox compromise.
For whistleblowers and vulnerable service users, it is a practical sign that you take their risk seriously.

Common questions about PGP contact tools

Is a PGP contact tool overkill for small organisations

Not if you handle sensitive reports, complaints, or whistleblowing in any form. The cost of adding a browser based PGP form is tiny compared to the reputational and human cost of exposing those messages in a breach.

Do we need an in house security team to manage PGP

No. You need someone who is comfortable following clear instructions and keeping a private key safe. The technical pieces are well documented. The harder work is agreeing who holds the key, how it is backed up, and how decrypted messages are handled.

What happens if we lose the private key

If you lose the private key, you lose the ability to decrypt existing encrypted messages. That is exactly why key backup and rotation need to be written down. You can create a new key pair and update your contact tool, but old encrypted mail will stay locked.

Can we just rely on secure providers like Proton Mail instead

Secure providers are useful, but they still involve trust in a third party and often require both sides to use the same service. A PGP contact tool gives you a vendor neutral option that works for any visitor with a browser, and the encryption happens locally before their message hits any provider.

Does a PGP form replace normal contact channels

No. It should sit alongside your standard contact form, not replace it. Most visitors are fine with ordinary channels. The PGP option is there for people who need a higher level of protection or are sending genuinely sensitive material.

If this article has you rethinking how you handle sensitive contact, the Ki-Ki knowledge hub includes related guides on Cloudflare basics and evidence grade logging.

Next steps if you want help

If you want a PGP contact tool in place but do not have capacity to wire it in yourself, it can be folded into a wider security and foundations review. That usually covers domains, DNS, Cloudflare, logging, and your current complaints or whistleblowing routes.

Request a short security and foundations call See consulting options Check accessible pricing